Click to learn more about author Anne Hardy.

Artificial intelligence (AI) is no longer the future – it’s already in our homes, cars, and pockets. As technology expands its role in our lives, an important question has emerged: What level of trust can – and should – we place in these AI systems? 

Trust is the very question the European Union (EU) Commission has set out to answer under its newly proposed EU Artificial Intelligence Act. Margrethe Vestager, Executive Vice President of the European Commission for A Europe Fit for the Digital Age, stated that trust is a must with AI. These proposed AI regulations will spearhead the development of global standards to ensure trust in AI. 

While we can all agree that trust in AI is imperative, the new regulation will not entirely solve the problem. For any law to have absolute power, durability, and resilience to challenges, it takes a team of trustworthy people to enforce the rules and drive greater awareness of the issues the law aims to correct. The new ambassador leading this necessary enforcement and education is the chief information security officer (CISO). As governing bodies introduce more regulations related to Data Management, collection, and privacy, CISOs’ roles will transition from simply leading security to overseeing data and establishing trust. 

The Evolving Role of the CISO

A CISO traditionally evaluates business opportunities against security risks that could compromise long-term financial rewards. With the introduction of new technology, cross-industry-wide trends of mass data collection, and their subsequent regulations, the role of the CISO has expanded to ensure company compliance with data regulations like GDPR and educate employees on personal data requirements to keep everyone safe. 

The role of the CISO is transforming at a faster pace than ever before. New regulations are constantly changing and challenging the way business is executed. Twenty years ago, CISOs were responsible for managing the firewall and securing the perimeter. You didn’t have to know much about what was under your protection if you knew which technology solutions would do the best job of keeping the bad guys out. The world today is drastically different. Digital technologies that infuse every part of business and decision-making processes elevated the CISO role. Consider the latest and unexpected couplings, like CISO and legal, because both positions intersect on Data Governance. Today’s CISOs are responsible for supporting business growth and ensuring operations and data are secure.

CISOs will become guides positioned to herald their organization through rapid transformations and continuous marketplace disruption. As we look for the most meaningful ways to make data-based business decisions, AI, machine learning, and robotic-process automation will inevitably be a part of this process. The EU Artificial Intelligence Act is laying the foundation for a sustainable digital economy. CISOs will lead the charge to ensure a data-driven future built on trust. 

The Impact on CISOs Globally

At first glance, a regulation in the EU may not seemingly impact CISOs globally, but its new standards will ripple and affect companies worldwide. With concerns rising from consumers and citizens alike about how their data is collected and leveraged, companies need to recognize the public desire for limits to ensure sound and fair use of AI technologies. The new EU Artificial Intelligence Act is beneficial because it will dictate the rules and force companies to examine the societal implications of rapid technology adoption in the EU and create a standard for global companies going forward. 

Following the EU’s announcement of the new AI regulations, U.S. publications reported reactions from large tech policy think tanks apprehensive and supportive of the new rules. The opposition believes it will hamstring tech companies with new over-complicated regulations, while those in favor think it’s a step towards ethical responsibility. It’s likely many global companies will end up adjusting their algorithms and systems for compliance. Creating new market-specific algorithms for data collection and surveillance would be costly and time-consuming. For the sake of efficiency, and more importantly, maintaining consumer trust, most CISOs will likely toe the line, regardless of arguments from policymakers. 

The CISO of the Future

The EU’s new AI regulation represents a recent shift in priorities regarding data collection and governance. While adopting strategies to comply with the new law may be met with initial friction, it will also encourage companies to find a balance between the risk and benefit of new technologies – shifting the role of the CISO. 

To find this balance, organizations should take a 360° approach to using any technology. To leverage AI with privacy in mind, CISOs will need to adjust their roles to consider security protocols and the infrastructure in place, the quality of the data available, and who has access. Their new approach to security must include greater transparency on the data used and accessible education for anyone impacted by the technology. Whether the focus is new technologies, new working methods, or any other type of significant change, the story is always the same. But now, the burden of creating this trust falls – surprisingly to some – on the CISO. It takes time and commitment; however, in the end, building trust is the only way to launch and sustain a successful digital transformation.