As we approach the end of the year, here are the Top 11 Artificial Intelligence (“AI”) posts on the Debevoise Data Blog in 2024 by page views. If you are not already a Blog subscriber, click here to sign up.

  1. Good AI Vendor Risk Management Is Hard, But Doable (September 26, 2024)

As companies slowly ramp up the depth and breadth of their AI adoption, one of the most difficult challenges they face is managing third-party risk. Companies often struggle when deciding how to mitigate – through diligence, contractual conditions, or other means – the risks presented by these third parties. This post surveys key challenges associated with AI vendor risk management and provides tips for designing an effective AI vendor risk management program.

  1. Defining AI for Internal Policies – A Few Considerations and Tips (July 29, 2024)

Companies developing internal AI policies often face challenges deciding how to define AI and, relatedly, deciding when AI governance and compliance programs should apply to models outside their chosen definition. In this post, we discuss risks of borrowing ambiguous definitions directly from regulations and outline four alternative approaches that companies may find useful.

  1. DOJ Updates Guidance on Corporate Compliance Programs to Include AI Risk Management (September 25, 2024)

On September 23, 2024, the U.S. Department of Justice updated its “Evaluation of Corporate Compliance Programs” guidance to federal prosecutors (the “ECCP”) in order to address AI risk management, among other subjects. In this post, we discuss how the DOJ’s guidance differs from prior corporate compliance guidelines and how companies may want to consider those differences.

  1. Risk of AI Abuse by Corporate Insiders Presents Challenges for Compliance Departments (February 21, 2024)

As companies adopt AI tools in their everyday business practices, the risk of misuse and abuse by employees rises. In this post, we discuss scenarios in which employees may abuse AI technology – such as insider use of deepfakes, information barrier evasion, and model manipulation – and make recommendations for mitigating the risks presented by those scenarios.

  1. In 2024, the Biggest Legal Risk for Generative AI May Be Hype (January 9, 2024)

Since at least 2023, the FTC and SEC have been actively investigating and enforcing against deceptive AI marketing claims, focusing on those that exaggerate AI system abilities, unsupported claims, and misleading comparisons to non-AI alternatives. Thus, companies face legal risks when overselling AI capabilities, a practice termed “AI washing.” This post discusses regulatory and litigation risks of inaccurately representing AI and provides practical steps for companies to avoid them.

  1. NYDFS Adopts Final Circular on Use of AI or External Data by Insurers (July 15, 2024)

In July 2024, the NYDFS released guidance for AI and external data use in insurance underwriting and pricing, which modified prior proposed language on the topic. In this post, we discuss the NYDFS guidance, consider how it differs from earlier proposed language, and compare its scope to recently enacted Colorado insurance regulations.

  1. Mitigating AI Risks for Customer Service Chatbots (April 16, 2024)

While chatbots are a longstanding feature of the customer service landscape, companies’ use of generative AI to support their chatbots is a potential new source of risk. Generative AI chatbots can present risks under existing UDAP and anti-discrimination laws, as well as novel risk based on new legislation, such as the March 2024 Utah Artificial Intelligence Policy Act. This post explores some of these potential sources of legal liability and recommends risk mitigation practices when deploying AI to support customer service chatbots.

  1. Recently Enacted AI Law in Colorado: Yet Another Reason to Implement an AI Governance Program (June 11, 2024)

As AI usage grows, so does regulatory focus on AI governance. Colorado’s passage of Senate Bill 24-205 (the “Colorado AI Law”) is a prime example of the new legal obligations companies should consider when implementing and improving their own AI governance programs. This post explains the scope of the Colorado AI Law, including its focus on so-called “high-risk” AI systems, and considers obligations that it imposes alongside comparable requirements under the EU AI Act. The discussion is important even for firms outside Colorado because, while Colorado was the first state to enact such AI regulation, it is already clear that it will not be the last.

  1. Preparing for AI Whistleblowers (April 24, 2024)

This post describes an emerging new risk for companies in the form of AI whistleblowers. Increased regulatory scrutiny around AI use from agencies coupled with record-breaking whistleblower activity have set the stage for increased AI enforcement from agencies such as the SEC and the DOJ. Amid this changing landscape, companies should consider how to update relevant AI policies to account for and address potential risks related to AI whistleblowers and regulatory enforcement.

  1. Guidelines on the Use of Generative AI Tools by Professionals from the American Bar Association (August 5, 2024)

At the end of July, the American Bar Association (the “ABA”) released guidance for ethical use of generative AI by lawyers through its Formal Opinion 512 (the “Opinion”). The Opinion interprets existing ethical considerations and applies them to the context of AI use, covering areas such as improving lawyer training on AI, updating engagement letters, disclosing AI involvement to clients and courts, and developing billing models for AI-assisted legal services. After summarizing the ABA guidelines, this post recommends specific actions to consider that may help support compliance.

  1. The EU AI Act Is Officially Passed – What We Know and What’s Still Unclear (July 12, 2024)

After initial predictions of sweeping regulation, a narrowed EU AI Act officially came into effect August 1, 2024, with the majority of its substantive requirements coming into force two years later, in August 2026. This post outlines the scope and high-level requirements for different kinds of AI systems under the Act, while also cautioning that ongoing uncertainty around the details should inform companies’ current preparations for compliance.

****

To subscribe to the Data Blog, please click here.

The cover art used in this blog post was generated by ChatGPT.

 

Author

Helen V. Cantwell is Co-Chair of the White Collar & Regulatory Defense Group at Debevoise and a litigation partner with extensive trial experience. She can be reached at hcantwell@debevoise.com.

Author

Charu A. Chandrasekhar is a litigation partner based in the New York office and a member of the firm’s White Collar & Regulatory Defense and Data Strategy & Security Groups. Her practice focuses on securities enforcement and government investigations defense and cybersecurity regulatory counseling and defense.

Author

Eric R. Dinallo is Chair of the Debevoise insurance regulatory practice and a member of its Financial Institutions and White Collar & Regulatory Defense Groups in New York. He can be reached at edinallo@debevoise.com.

Author

Avi Gesser is Co-Chair of the Debevoise Data Strategy & Security Group. His practice focuses on advising major companies on a wide range of cybersecurity, privacy and artificial intelligence matters. He can be reached at agesser@debevoise.com.

Author

Arian June is a litigation partner at Debevoise based in the firm’s Washington, D.C. office and is a member of the White Collar & Regulatory Defense Group.

Author

Andrew Levine is a litigation partner who focuses his practice on white collar and regulatory defense, internal investigations and a broad range of complex commercial litigation. He regularly defends companies in criminal, civil and regulatory enforcement matters and has conducted numerous investigations throughout the world. Mr. Levine frequently advises companies on compliance matters, including with respect to the U.S. Foreign Corrupt Practices Act, and the assessment and management of risks presented by potential mergers, acquisitions and other transactions. In 2014, Mr. Levine was named to Global Investigations Review’s inaugural “40 Under 40” list of the world’s leading investigations lawyers, and he was recognized in 2013 as a Rising Star by the New York Law Journal. Mr. Levine is recommended for international litigation in The Legal 500 US (2022), where clients have described him as “smart, responsive, collaborative and sharp in his advice.” He is ranked as a leading lawyer for FCPA by Chambers USA (2022), where clients say “he is focused on pragmatic solutions.” Sources have also said that “his breadth of knowledge is unparalleled,” he is “exceptionally able and capable,” and “very pragmatic and hands-on. He’s able to conceptualize and simplify quite quickly complex considerations and situations.” In Chambers Global (2023) and Chambers Latin America (2023), where Mr. Levine is recommended as a top-tier lawyer, clients note that “he stands out for his client service and attention to detail,” describing him as “a lawyer that turns complexity into simplicity.” They also note that he is “extremely professional and technical” and he has “a deep experience in Latin America.” In previous editions of the guides, he has been lauded as “an impressive and tireless thought leader,” “an extremely well-known figure globally,” “a very thoughtful and service-oriented lawyer,” “a reassuring presence in tumultuous times,” “a calm, competent and thorough practitioner” and “brilliant, hard-working and thoughtful.” Clients are said to value his “encyclopedic knowledge” and his “ability to condense a complex situation into something understandable and manageable.” Mr. Levine is also ranked as a leading lawyer by The Legal 500 Latin America (2023), where clients describe him as “an amazing lawyer” and “the US lawyer that knows the Latin America compliance and investigation market the best.” In previous editions of the guide, he is described as a “superstar,” with clients noting that “he has a wealth of experience,” is “extremely articulate” and “he has an amazing analytical ability.” Latin Lawyer notes Mr. Levine’s “substantial work in Latin America,” recognizing him as one of the top lawyers active on anti-corruption matters in the region.

Author

Erez is a litigation partner and a member of the Debevoise Data Strategy & Security Group. His practice focuses on advising major businesses on a wide range of complex, high-impact cyber-incident response matters and on data-related regulatory requirements. Erez can be reached at eliebermann@debevoise.com

Author

David A. O’Neil is a litigation partner and member of the firm’s White Collar & Regulatory Defense Group. Recommended by Chambers USA (2021) and The Legal 500 US (2021) as a leading lawyer in White Collar Crime & Government Investigations and International Litigation, his practice focuses on white collar criminal defense, internal investigations, anti-corruption and FCPA defense and congressional investigations. In both 2018 and 2020, Mr. O’Neil was recognized as a Litigation Trailblazer by the National Law Journal and he was named a White Collar MVP by Law 360 in 2018. In Chambers USA (2020), clients report that he is “driven, practical and offers a level of common sense and solutions focus that few bring.” He has also been described as “responsive and sharp, he spots the key issues straightaway and is able to quickly analyze and break them down in a manner to be tackled.” Mr. O’Neil is also recommended for compliance and investigations by The Legal 500 Latin America (2021).

Author

Winston M. Paes is a litigation partner and a member of the White Collar & Regulatory Defense Group at Debevoise. He can be reached at wmpaes@debevoise.com.

Author

Jim Pastore is a Debevoise litigation partner and a member of the firm’s Data Strategy & Security practice and Intellectual Property Litigation Group. He can be reached at jjpastore@debevoise.com.

Author

Paul D. Rubin is a corporate partner based in the Washington, D.C. office and is the Co-Chair of the firm’s Healthcare & Life Sciences Group and the Chair of the FDA Regulatory practice. His practice focuses on FDA/FTC regulatory matters. He can be reached at pdrubin@debevoise.com.

Author

Jane Shvets is a Debevoise partner in the firm’s White Collar & Regulatory Defense Group, focusing on white collar defense and internal investigations, in particular regarding compliance with corrupt practices legislation, as well as compliance assessments. Ms. Shvets also advises multinational clients on data protection and cybersecurity matters as well as a wide range of sanctions issues. She can be reached at jshvets@debevoise.com.

Author

Kristin Snyder is a litigation partner and member of the firm’s White Collar & Regulatory Defense Group. Her practice focuses on securities-related regulatory and enforcement matters, particularly for private investment firms and other asset managers.

Author

Douglas S. Zolkind is a litigation partner based in the New York office and a member of the firm’s White Collar & Regulatory Defense Group. He has extensive trial experience and focuses his practice on white collar criminal defense, government investigations, and internal investigations. He defends corporate and individual clients in criminal and regulatory enforcement matters around the world.

Author

Marshal Bozzo is a regulatory counsel based in the New York office and a member of the Debevoise Insurance Regulatory practice. He can be reached at mlbozzo@debevoise.com.

Author

Tigist Kassahun is a corporate counsel in the Intellectual Property and Technology Transactions Group, as well as a frequent collaborator with the firm’s Data Strategy & Security practice. She can be reached at tkassahu@debevoise.com.

Author

Matthew Kelly is a litigation counsel based in the firm’s New York office and a member of the Data Strategy & Security Group. His practice focuses on advising the firm’s growing number of clients on matters related to AI governance, compliance and risk management, and on data privacy. He can be reached at makelly@debevoise.com

Author

Robert Maddox is International Counsel and a member of Debevoise & Plimpton LLP’s Data Strategy & Security practice and White Collar & Regulatory Defense Group in London. His work focuses on cybersecurity incident preparation and response, data protection and strategy, internal investigations, compliance reviews, and regulatory defense. In 2021, Robert was named to Global Data Review’s “40 Under 40”. He is described as “a rising star” in cyber law by The Legal 500 US (2022). He can be reached at rmaddox@debevoise.com.

Author

Johanna Skrzypczyk (pronounced “Scrip-zik”) is a counsel in the Data Strategy and Security practice of Debevoise & Plimpton LLP. Her practice focuses on advising AI matters and privacy-oriented work, particularly related to the California Consumer Privacy Act. She can be reached at jnskrzypczyk@debevoise.com.

Author

Erich Grosz is a member of the firm's Litigation Department who focuses his practice on white collar and regulatory defense, internal investigations, compliance advice and complex commercial litigation. He has represented companies and individuals in criminal, civil and SEC investigations and enforcement proceedings involving allegations, among others, of violations of the U.S. Foreign Corrupt Practices Act, securities and accounting fraud and employee misconduct. He also regularly advises companies on compliance matters as well as risk mitigation in connection with potential transactions. Mr. Grosz is also the co-executive editor of the FCPA Update, the firm's monthly newsletter addressing developments in anti-corruption law enforcement and related compliance topics. He can be reached at eogrosz@debevoise.com

Author

Sarah Wolf is litigation Counsel in the Debevoise White Collar & Regulatory Defense Group. She can be reached at swolf@debevoise.com.

Author

Samuel J. Allaman is a litigation associate. Mr. Allaman joined Debevoise in 2020. He received a J.D. from Rutgers Law School and graduated Valedictorian in 2020. During his time at Rutgers Law School, he was an articles editor of the Rutgers Law Review and a Saul Tischler Scholar. Mr. Allaman received a B.A. from Rutgers University in 2017. He can be reached at sjallaman@debevoise.com.

Author

Melyssa Eigen is an associate in the Litigation Department. She can be reached at meigen@debevoise.com.

Author

Josh Goland is an associate in the Litigation Department.

Author

Martha Hirst is an associate in Debevoise's Litigation Department based in the London office. She is a member of the firm’s White Collar & Regulatory Defense Group, and the Data Strategy & Security practice. She can be reached at mhirst@debevoise.com.

Author

Gabriel Kohan is a litigation associate at Debevoise and can be reached at gakohan@debevoise.com.

Author

Jarrett Lewis is an associate and a member of the Data Strategy and Security Group. He can be reached at jxlewis@debevoise.com.

Author

Andreas Constantine Pavlou is an associate in the Litigation Department.

Author

Melissa Runsten is a corporate associate and a member of the Healthcare & Life Sciences Group. Her practice focuses on FDA/FTC regulatory matters and includes the representation of drug, device, food, cosmetic and other consumer product companies. She can be reached at mrunsten@debevoise.com.

Author

Sharon Shaji is a law clerk in the Litigation Department. Sharon can be reached at sshaji@debevoise.com.

Author

Cameron Sharp is a law clerk in the Debevoise New York Office.

Author

Ned Terrace is an associate in the Litigation Department. He can be reached at jkterrac@debevoise.com.

Author

Annabella Waszkiewicz is a law clerk in the Litigation Department.

Author

Cooper Yoo is an associate in the Litigation Department. He can be reached at chyoo@debevoise.com

Author

Laura Hallas is a law clerk in the Litigation Department. She can be reached at lahallas@debevoise.com.

Author

Michelle Shen is a law clerk in the Litigation Department. She can be reached at mcshen@debevoise.com.