Compliance and data leaders in regulated businesses need to take proactive transparency steps to prepare for the intensive scrutiny AI provokes
Artificial intelligence (AI) is being busily deployed across regulated businesses, driving innovation and efficiency. However, using AI raises concerns about transparency, especially among shareholders, customers, and regulators. These people want clarity about how AI systems operate, particularly the data they use and the ethical implications of their decisions - tough questions to answer when these systems use data at inhuman rates and when the inventors of the models that power AI don’t always know how they work.
Technologies like blockchain and Microsoft Sentinel offer powerful solutions to address these transparency challenges.
The expectations of shareholders, customers and regulators stem from societal concerns about AI ethics, privacy, and accountability.
Shareholders are increasingly aware of the ethical and financial risks associated with AI. They expect businesses to use AI responsibly by ensuring that algorithms are free from bias and that data is handled ethically. Activist investors are already applying pressure on businesses to open up.
Customers want to trust that personal information about them is safe and that AI-driven decisions are fair and transparent.
Regulators worldwide are already imposing rules designed to ensure that AI systems comply with legal standards. Transparency is a critical aspect of associated regulatory compliance.
|
AI regulation around the world - same same but different Regulatory requirements for AI transparency vary by region and industry but generally include guidelines for data protection, algorithmic accountability, and ethical AI usage. For instance, their new AI Act may be grabbing headlines, but the European Union’s GDPR already mandates transparency in automated decision-making processes, which means any business active in the EU needs to be able to explain how AI systems make decisions that impact individuals and companies. In finance, the SEC in the US requires firms to disclose the use of AI in trading algorithms to prevent market manipulation. |
Blockchain technology already provides an immutable and decentralised ledger that records every transaction. Businesses like Atos and IBM deploy this solution when they want to create tamper-proof, immutable, and auditable records of data transactions. Why? Transparency and tamper-proof immutability were baked-in features of the very first blockchain ledger. Features that are even more essential today.
This blockchain-based approach can readily be redeployed to the information, the data and the decisions used and made by AI systems. After all, a tamper-proof record will ensure that all AI-related activities are transparently documented and can be audited anytime.
Blockchain-based approaches are already being used for data and transactions in regulated sectors like finance. For example, ANZ Bank, JPMorgan Chase, and Royal Bank of Canada use blockchain in their Interbank Information Network to enhance the transparency and efficiency of cross-border payments.
This ability to enhance transparency is behind the increased interest in using blockchain. Put simply, should questions be asked about how your AI system operates, you need to know that the data is there and that it can be efficiently reviewed.
Although primarily considered a security tool, Microsoft Sentinel can easily be repurposed for compliance by creating logs of how regulated data has been accessed and used—whether by people or AI machines.
Microsoft Sentinel is a cloud-based Security Information and Event Management (SIEM) and Security Orchestration Automated Response (SOAR) solution. It provides advanced threat detection, automated incident response, and continuous monitoring capabilities. Customising Sentinel for compliance is simple—it can be achieved by copying existing queries and using logic-based apps to store queries, logs, and associated data.
An added bonus is that using Sentinel for compliance allows you to leverage existing skills and queries, making it a simple out-of-the-box solution.
For instance, US-based healthcare providers could use Sentinel to monitor how sensitive data is accessed and used by AI systems, ensuring compliance with HIPAA regulations (a national standard for protecting sensitive patient health information).
|
The importance of log retention Logs provide a record of activities, essential for demonstrating compliance during audits, providing evidence for investigations, and identifying historical trends that can inform future security and compliance strategies. Maintaining comprehensive log data is, therefore, critical for compliance and security analysis. Cost-effective, long-term log retention ensures that businesses can meet regulatory requirements for record-keeping and perform thorough, data-informed forensic investigations when needed. |
Consider again a healthcare provider that uses Microsoft Sentinel to monitor its AI systems. To safeguard patient privacy, they must comply with data protection regulations.
Microsoft Sentinel KQL queries can be used to create logs about how and when people access private data about patients. A great start, but not enough on its own.
Due to cost considerations, Sentinel logs are typically stored in an Azure-based service for no more than 90 days. They are then transferred to more traditional archive services for long-term preservation.
Once AI operations ramp up, providers will face challenges with both the 90-day storage quota and long-term preservation because AI is a double-edged sword when it comes to data.
Short-term log storage and longer-term archive databases will be overloaded when an AI system can continuously and rapidly access patient data, with commensurate output information and data increases. This creates risks of data complexity and cost. Complexity is a problem because it makes transparency virtually impossible. Cost is another significant risk—businesses already ditch data due to cost, even if they suspect they may be asked about it.
Together, Microsoft Sentinel and blockchain apps have the power to solve the challenge.
Microsoft Sentinel queries can be quickly copied and adapted for compliance purposes, meaning that only high-risk activity logs are stored. This filtering makes data storage less complex. Then, using an app like LogLocker, businesses can simply and securely store logs for the long term in a format that makes them easy to locate and for a fraction of the cost of traditional archive databases.
|
About LogLocker - the archiving app for logs Thanks to a private enterprise blockchain, LogLocker is a robust log management platform designed to securely store, manage, and analyse log data. It ensures all required log data is centralised and easily accessible, supporting compliance efforts and enhancing security visibility. By integrating with SIEM solutions like Microsoft Sentinel, LogLocker helps institutions maintain comprehensive log records and streamline compliance processes. When the regulator asks, LogLocker makes it easy to search for, retrieve, and securely share logs and data. |
As AI transforms regulated industries, transparency will remain a top priority for shareholders, customers, and regulators. Technologies like blockchain and Microsoft Sentinel provide powerful solutions to ensure AI transparency, helping businesses build trust and comply with regulatory requirements. However, the path to achieving transparency has challenges - most of them human.
It is our nature to rely on familiar tools and practices, even when newer approaches offer a better way forward. Many people continue to use outdated systems for managing compliance and transparency, often due to the perceived complexity and cost of upgrading to the new generation of advanced technologies like blockchain and AI-driven tools. This reluctance is a bit like the common tendency to avoid paying for insurance until something serious happens - leading to regret and severe consequences when something goes wrong.
To benefit from AI transparency, leaders must overcome the inertia in their business.
In the context of AI, embracing modern solutions like blockchain and Microsoft Sentinel is not an optional upgrade but an essential evolution to meet the growing demands of transparency and compliance. By investing in new technologies, businesses will safeguard their operations, enhance stakeholder trust, and be properly prepared for future regulatory challenges.
In a rapidly changing regulatory and technology landscape, those who fail to develop the means to adapt to new risks face significant financial penalties, reputational damage, and operational disruptions. This makes it essential for compliance and data leaders in regulated businesses to take proactive steps now so they are not left unprepared when regulatory scrutiny intensifies.
The cost of inaction will be far greater than the investment required to implement new tools.
By leveraging the power of blockchain for immutable record-keeping based on logs created by Microsoft Sentinel for AI systems and compliance monitoring, businesses can create a robust framework for AI transparency.
This is a strategic investment that will not only meet current regulatory requirements but also position businesses for long-term success in an increasingly complex and demanding environment.
The time to act is now before the consequences of relying on outdated tools become too costly.
Understand why the terms “immutable” and “tamper-proof” are central to data-informed compliance and you'll understand why blockchain-based solutions...
This article explores the challenge of tackling the cybersecurity threats posed by people inside your organisation.
Explore the importance of transparency in eDiscovery's presentation stage and how to use technology to shape outcomes, ensure compliance, and build...