Last time talking about shadow AI, we ended not exactly on a cliff-hanger but in the middle of a vicious circle – yet I pleaded with you to hang in there! And if you're reading this, you've made it! Congratulations. Now, let's get you out of this mess.
How did we end up there? It started with good intentions – from sporadic and on-the-sly usage of AI solutions under the radar. Such an approach helps you in the short term to pluck some low-hanging fruit. Yet, instead of building a ladder to fully enjoy the abundant harvest and reach the highest branches of this tree, we dash away and rather promptly find ourselves in a situation where shadow IT has institutionalized itself. Now we have much larger problems on our hands than the ones the solutions were used to resolve in the first place. We face increased threats to IT and data security, internal organizational dynamics create barely controllable divergencies, and trust in management is undermined.
In this dark setting, it is reassuring that help and support will come from the direction you probably least expect – the EU AI Regulation. The EU AI Regulation (AI Act) is the world's first law to regulate artificial intelligence. You might not realize it at first glance, but you and this act have something in common: you share a very noble goal. That is, the integration of AI solutions into your organization. The AI Act aims to ensure the safety, transparency, and trustworthiness of AI applications. And what a coincidence – this is exactly what your organization needs to exit the downward spiral and start integrating AI technology in a constructive and sustainable way. The beauty of the AI Act is that it is a must: it forces companies to engage with the subject and establish sustainable processes.
Moreover, the EU Act provides not just the motivation but also the tools: it gives you internal structure and a timeframe. In terms of structure, it makes the first step of distinguishing between different risk profiles of AI technology and matching them to the requirements your organization has to fulfill, depending on the role you are playing. It also provides a clear time perspective. Between August 2024 and August 2026, your organization will have the opportunity to implement the outlined requirements in a structured manner. This includes key milestones such as forming interdisciplinary teams, creating an inventory of existing AI technologies, and gradually introducing AI governance and Plan-Do-Check-Act, PDCA, cycles. In the end of the day, The AI Act ensures that your AI systems are safe, reliable, and compliant – giving your organization a competitive edge and building trust with customers, employees and stakeholders.
However, to make the most out of this opportunity, it is necessary to have an eye on the bigger picture of your organizational context when integrating AI into your strategy:
In a nutshell, the AI Act can help you create a structured timeline and framework for the implementation of the regulation and, with that, the integration of the technology into your strategy and operations.
On a closing note: There’s no way around the implementation of the AI Act (as Marcus Aurelius would say, 'the obstacle is the way'). The key is how you approach it. Will you make it a tedious and unnecessarily painful exercise, or an exciting and even fun journey for your organization? For that, you must breathe life and energy into it. Is this something you are struggling with and where you need help? Worry not! I would be delighted to support you on this journey and make it exciting!