Future-proofing trust and safety compliance

Technology is evolving rapidly, and so are the various global regulations governing it. Online platforms must evolve their measures to ensure compliance and enhance the trust of users and other stakeholders on their platforms. Not doing so could end in loss of users and markets, not to mention hefty fines.

Regulators and tech companies both need a collaborative, multistakeholder ecosystem to ensure they stay abreast of technology developments when designing and complying with policies and regulations, respectively.

Tech companies and platforms that don't comply with existing regulations are already being asked to pay billions of dollars in penalties for breaches. Some platforms are large enough to withstand such fines, but for others, these sums could seriously impact their ability to continue operations.

Numerous new global regulations and standards now go beyond data collection and storage into areas such as content, platform responsibilities with regard to harm, and competition, with more proposed and on the way to being enforced.

These new regulations will impact platforms of varying sectors/industries and sizes differently, so companies need to stay on top of requirements to scale or diversify. With a proactive global compliance framework in place, platforms can ensure that every user touch point is safe across each jurisdiction they operate in.

Generative artificial intelligence is advancing at speed, creating new regulatory conundrums for governments and organizations that want to use it. Many industries are exploring gen AI and its use for various applications, but what are its implications for meeting trust and safety regulatory requirements? Do governments fully understand the long-term implications as use cases evolve? And do platforms fully appreciate the impact on their ecosystem?

Sam Altman, CEO of ChatGPT and DALL·E's parent company, OpenAI, attended a congressional hearing to discuss how best to protect humanity from the existential threats the technology could pose. The company has since suggested the need for an international watchdog agency similar to the International Atomic Energy Agency.

Meanwhile, Google delayed the release of Bard AI in the European Union due to data privacy concerns. "We've proactively engaged with experts, policymakers, and privacy regulators on this expansion," Bard product lead Jack Krawczyk and VP of engineering Amarnag Subramanya wrote in a blog post when it was finally released in July.

New regulations are already on the horizon. The EU passed the AI Act in the EU parliament in June. The AI Act is a draft legal framework that aims to balance consumer protection with continued innovation. It uses a classification system to determine an AI technology's risk level to the health and safety or fundamental rights of a person.

China has also released a proposal for regulating generative AI, which includes requiring companies to register new products with the country's cyberspace agency and undergo a security assessment before public release. Violations face fines of up to ¥100,000 (about $14K) and potential criminal investigations.

Generative AI introduces unique risks and challenges for trust and safety. However, with integrated compliance measures in place, organizations can evolve in step with technological and regulatory changes.

• EU Digital Services Act (DSA) and EU Digital Markets Act (DMA): According to the EU, the DSA and DMA offer a single set of rules with the "aim to create a safer digital space where the fundamental rights of users are protected and to establish a level playing field for businesses." Both will be enforced through steep penalties. Fines for "gatekeeper" companies that don't comply with the DMA, for example, are 10% of total worldwide annual turnover, or up to 20% in the event of repeated infringements
• UK Online Safety Bill: Aims to ensure that online platforms take responsibility for the safety of their users, particularly in relation to harmful content and activities
• The California Age-Appropriate Design Code: Requires online service providers to implement measures that take into account the best interests of children when designing and developing their platforms
• Code of Practice for Interactive Computer Service Platforms/Internet Intermediaries: Nigeria's National Information Technology Development Agency's code sets forth a number of guidelines and requirements for platforms. It requires 24-hour takedowns of content, annual filing of compliance reports, and complete risk assessments and compulsory disclosures
• Model AI Governance Framework: The Singapore government recently introduced AI Verify, an AI governance testing framework. It provides detailed and readily implementable guidance to address key ethical and governance issues when deploying AI solutions
• eSafety: Australia's independent regulator for online safety is a government agency with legal powers relating to cyberbullying, image-based abuse, and illegal and harmful online content. It aims to safeguard at-risk citizens and "promote safer, more positive online experiences"

This is not an exhaustive list. In addition, there are proposals to reform section 230 of the US Communications Decency Act (CDA), which provides legal immunity to online platforms for the content posted by their users. Reformers argue that it provides too much protection to platforms, enabling them to neglect their responsibility to address harmful content and allowing for the spread of misinformation, hate speech, and other harmful online behavior. If the law changes, it could have significant impacts on individual platforms and the internet as it operates today.

For companies with any online presence, there are many challenges in meeting new regulatory requirements. These include:

• Tracking and implementing global regulations: For companies operating in multiple jurisdictions, navigating the complexities of different regulatory frameworks is daunting and has the potential to impact operations, user experience, and profits
• Adhering to regulations while operating in a global environment: Legislation may have extraterritorial implications, meaning it could apply to platforms based outside their respective jurisdictions. Platforms need compliance strategies that address the unique aspects of each market while ensuring alignment with global standards and values
• Operational challenges:
  • Resource and capacity planning: Regulations will alter current operating models and team structures, so a new capacity plan will be essential for compliance
  • Change management: Companies need to effectively manage and adapt to regulatory changes by staying updated, communicating changes across the organization, and implementing necessary adjustments to policies, processes, and technologies
  • Building consistent, scalable processes: Clear policies, procedures, and guidelines that align with regulatory obligations should be developed and communicated
  • Measuring and tracking: Robust systems and processes for data collection, analysis, and reporting are required to effectively and continually measure and track compliance efforts
  • Aligning product and operational compliance: Ensuring coordination and alignment between these two aspects of compliance requires cross-functional collaboration, effective communication, and integrating compliance considerations into product development and operational workflows
  • Ensuring timeliness: Redesigning product, data, and operations to compliance activities, milestones, and deadlines is essential to avoid noncompliance and to demonstrate ongoing adherence to regulatory requirements
  • Embedding robust analytics: Predictive analytics are needed to ensure all compliance touch points are tracked, risks are monitored, reports are more accurate, and decisions can be made faster

So how can companies overcome these challenges?

Companies must build a deep awareness of compliance across their workforces, making trust and safety an integral part of employee training and providing resources to help them understand their roles and responsibilities in adhering to relevant regulations.

The best way to do this is by establishing a regulatory center of excellence (CoE) dedicated to overseeing and managing regulatory compliance. This promotes collaboration across all stakeholders and enables seamlessly integrated operations that drive compliance by default.

A regulatory CoE embeds:

• Expertise and specialization by bringing together and collaborating with a team of experts with a deep knowledge of technology systems, trust and safety, and regulations
• Consistency and standardization through agile blueprints that drive compliance from development to trust and safety operations. They can create guidelines and best practices to improve compliance processes
• Centralized coordination through the elimination of silos, collaborative execution, and faster decision-making and response times to identify emerging risks earlier and improve cross-functional alignment
• Risk mitigation through the identification and assessment of risks related to all aspects of regulatory compliance, such as accurate transparency reporting, protecting and safeguarding minors, responding and clarifying on appeals, robust trusted-flagger programs, and responding accurately to law enforcement requests
• Agility through evolving systems that maintain compliance in line with changing regulations and policies while minimizing the impact on product health
• Operational effectiveness through proactive resource and capacity planning, strong operational management, and robust process engineering
• Continuous improvement and innovation by serving as a hub for knowledge sharing, data analysis, and continuous improvement initiatives
• External partnerships and industry collaboration through active engagement with external stakeholders, such as industry peers, regulatory bodies, and legal experts
• Brand reputation and user trust by demonstrating commitment to user safety, privacy, and responsible online behavior

As technologies evolve, regulators will continue to evolve current regulations and implement new ones.

Upholding online safety is now paramount to platforms across industries, not only to reduce risk and improve experiences but also to meet regulatory requirements. As technology continues to advance at unprecedented rates, regulations will only evolve and increase in complexity.

Operationalizing these regulations globally is no easy task. However, by putting the right people and frameworks in place today, companies will be able to maintain compliance and protect their users and their brands.