Products
Edge AI
AI Training
GPU Cloud
GPU CloudBoost AI/ML training with servers powered by NVIDIA
AI Inference
Inference at the Edge
Inference at the EdgeAccelerate your ML model inference for fast global performance
AI Applications
Image Generator
Image GeneratorCreate realistic and stunning images with ease
Speech-to-Text Translator
Speech-to-Text TranslatorTranslate from English to Luxembourgish seamlessly
Edge Cloud
Compute
Basic VMs
Basic VMsManage workloads on affordable shared virtual servers
Virtual Machines
Virtual MachinesRun apps on customizable dedicated virtual servers
Bare Metal
Bare MetalDeploy apps on powerful dedicated physical servers
Containers
Managed Kubernetes
Managed KubernetesDeploy, manage, and scale Kubernetes clusters easily
Container as a Service
Container as a ServiceRun containerized apps without server provisioning
Container Registry
Container RegistrySecurely store, manage, and deploy container images.
Function as a Service
Function as a ServiceExecute serverless code functions efficiently
Networking
Load Balancer
Load BalancerRoute traffic optimally to improve app performance
5G Network
5G NetworkDeploy apps and securely connect mobile devices via 5G
Virtual Private Cloud
Virtual Private CloudManage resources in a secure isolated private cloud
Hosting
Virtual Servers
Virtual ServersHost on virtual servers with no traffic restrictions
Dedicated Servers
Dedicated ServersHost on physical servers with worldwide availability
Storage
Object Storage
Object StorageStore data in fast and scalable S3-compatible storage
File Shares
File SharesShare files across servers easily using NFS protocol
Databases
Managed PostgreSQL
Managed PostgreSQLProvision fully managed PostgreSQL databases with ease
Monitoring
Managed Logging
Managed LoggingCollect, store, and analyze application logs
About Edge Cloud
Edge Network
Application Performance
CDN
CDNAccelerate dynamic and static content delivery
FastEdge
FastEdgeDeploy serverless apps with low-latency edge computing
Media Delivery
Video Streaming
Video StreamingDeliver high-quality live and on-demand video at scale
DNS
Managed DNS
Managed DNSEnsure application availability with authoritative DNS
Public DNS
Public DNSProtect online privacy with a free DNS resolver
About Edge Network
Edge Security
Network Security
DDoS Protection
DDoS ProtectionProtect your infrastructure from evolving DDoS attacks
Application Security
WAAP
WAAPSecure apps and APIs from DDoS, bots and OWASP attacks
Solutions
By Industry
Gaming
CDN for Gaming
Game Server Protection
Game Development
Retail
CDN for E-commerce
Media & Entertainment
CDN for Video
Metaverse Streaming
TV & Online Broadcasters
Sport Broadcasting
Online Events
Financial Services
Cloud for Financial Services
Technology
Image Optimization
Web Acceleration
Wordpress CDN
Education
Online Education
By Need
Web Acceleration
Web Acceleration
Image Optimization
Wordpress CDN
Security
Game Server Protection
Video Streaming
CDN for Video
Video Hosting
Live Streaming
Availability
Multi-CDN
Cloud
Web Service
Game Development
Online Store
Migration to the Cloud
ERP in the Cloud
Pricing
Resources
Resources
Blog
Case Studies
Ebooks
Reports
White Papers
Events
Documentation
Docs
API
Product Roadmap
Help Center
Gcore Status
Tools
Looking Glass
Speed Test
Developer Tools
Partners
Partners
Intel
Intel | New CPU Generation
Intel | Ice Lakes
Hesp
Equinix
InData Labs
Ampere
Unum
Programs
White Label Solutions
Referral Program
Why Gcore
Company
About Gcore
Press
Awards
Careers
Legal Information
Platform
Network
Infrastructure
Internet Peering Points
Compliance
Under attack?Under attack?
en
Contact usContact us
Contact us

Select the Gcore Platform

Recommended
Gcore Edge Solutions Go to Gcore Platform → Go to Gcore Platform →

Products:

  • Edge Delivery (CDN)
  • DNS with failover
  • Virtual Machines
  • Bare Metal
  • Cloud Load Balancers
  • Managed Kubernetes
  • AI Infrastructure
  • Edge Security (DDOS+WAF)
  • FaaS
  • Streaming
  • Object Storage
  • ImageStack (Optimize and Resize)
  • Edge Compute (Coming soon)
Show full list
Gcore Hosting Go to Gcore Hosting →
  1. Home
  2. Insights
  3. Navigating AI regulations in North America: balancing innovation and data sovereignty

Navigating AI regulations in North America: balancing innovation and data sovereignty

November 19, 2024 7 min read
Navigating AI regulations in North America: balancing innovation and data sovereignty

AI is rapidly becoming non-optional and irreplaceable in business operations across industries. But as more and more companies harness the power of AI, governments are stepping in and imposing regulations on how such powerful technology should be used. In North America, the regulatory environment is moving fast, particularly on AI ethics and data sovereignty. How will businesses navigate this landscape while continuing to embrace innovation?

In this article, we discuss the regulatory landscape in US and Canada, examining how companies can innovate in AI while remaining compliant with the letter of the law. Stay tuned for future articles looking at different regions.

The US: A fragmented approach to AI regulation

The United States is gradually building a regulatory structure around AI, but it’s still fragmented: While some efforts are happening at the federal level, many AI-related laws are driven by state governments. The lack of uniformity means businesses have to navigate a patchwork of rules, especially when operating across state lines.

The AI Bill of Rights

In 2022, the Biden administration introduced the Blueprint for an AI Bill of Rights, better known as the AI Bill of Rights. While not legally binding, this document sets out ethical guidelines for AI usage and lays the groundwork for what AI regulation might look like in the future. The bill emphasizes five key principles.

1. Safe and effective systems

First and foremost, AI systems must be safe and reliable. Whether diagnosing medical conditions or making financial predictions, these systems need to be tested rigorously and designed with input from diverse communities and experts to identify potential risks and impacts, making sure they perform as intended and don’t cause harm. Additionally, AI mustn’t be used in a way that could potentially put users or their communities at risk. The design process must guard against inappropriate data usage and minimize any harm that could arise from reusing data. Independent assessments should verify that the systems are safe and effective, and the findings should be shared publicly to promote transparency and accountability.

For example, suppose an AI tool in the healthcare industry makes an incorrect diagnosis because it wasn’t trained on diverse datasets. That’s a serious risk for both the business and the patients involved. Businesses using AI in sensitive areas, like healthcare or finance, should prioritize regular audits and continuous monitoring to keep their systems safe and minimize end-user risk.

2. Algorithmic discrimination protections

AI has a known problem with bias, and regulators are taking notice. From hiring tools that unfairly disadvantage minority candidates to financial systems that discriminate against certain demographics, algorithmic discrimination is a real issue. The US is focusing heavily on making sure AI doesn’t perpetuate or create new forms of discrimination.

A study by the Pew Research Center revealed that 62% of respondents believe that AI will have a significant effect on jobholders in the next twenty years, with approximately 71% opposing its use in hiring decisions. At the beginning of 2023, the Equal Employment Opportunity Commission (EEOC) began an initiative to investigate AI-driven hiring practices and provide guidelines to minimize the risk that they could lead to biased outcomes. Businesses using AI need to regularly check their systems for unintended biases and implement transparency measures to avoid potential discrimination.

3. Data privacy

Data privacy is a hot topic, and the AI Bill of Rights emphasizes that users need to be informed about how their data is being collected, stored, and used by AI systems. It’s not just a matter of keeping data safe; it’s about giving users control over their own information. This principle also means unchecked continuous surveillance mustn’t be used without consent, particularly in the areas of work, housing, education, or any context in which continuous surveillance is likely to impinge on rights, opportunities, or access.

Individual states have supplemented this principle with individual privacy regulations that help ensure citizens’ rights to data privacy are protected. For example, The California Consumer Privacy Act (CCPA) has some of the strictest rules in the US when it comes to consumer data privacy, and companies that fail to comply face serious penalties. Businesses using AI to process personal data should invest in strong data governance practices to safeguard compliance with state and federal laws.

4. Notice and explanation

AI systems can be hard to comprehend, and even the people running them don’t fully understand how they work. The AI Bill of Rights pushes for transparency, requiring businesses to provide notice and explanations that communicate both when an AI system is in use and how it makes decisions.

This is particularly vital in areas like health or finance, where the stakes are high. Companies should be sure their AI tools give clear explanations for their decisions to meet both regulatory requirements and maintain consumer trust.

5. Human alternatives and fallbacks

Regardless of how sophisticated AI becomes, it’s important to have human oversight in critical situations. The AI Bill of Rights encourages giving people the option to appeal or override AI decisions, especially when those decisions could have a major impact on their lives.

For example, in financial services, if an AI system denies a loan application, the applicant should have the right to ask for a human to review the decision. This kind of human oversight not only builds trust but also helps businesses stay compliant with regulations.

Updates to the AI Bill of Rights

In October 2023, the White House issued an executive order that updated the AI Bill of Rights and reinforced several of its major points. The order tightens safety and security protocols for AI, requiring companies to report their safety test results to the federal government. It also tasks the National Institute of Standards and Technology with creating strict testing standards to verify that AI systems are reliable before they are released.

Privacy remains a priority, with the order introducing measures to safeguard personal data and reduce the risk of AI misusing sensitive information. The Bill’s update urges Congress to pass bipartisan data privacy laws and supports the development of advanced privacy-preserving technologies like cryptographic tools. In addition, the order focuses on promoting fairness, aiming to stop AI from contributing to discrimination, especially in areas like housing, healthcare, and criminal justice.

Beyond consumer and worker protections, the executive order seeks to boost innovation by providing smaller developers with resources and increasing funding for AI research across the country.

State-level regulations: California leading the charge

While federal guidelines shape AI governance on a large scale, specific states have rapidly scaled up their version of legislation, greatly influencing how AI is implemented. Leading the charge is California.

Since 2018, California has been enforcing the California Consumer Privacy Act (CCPA). This law greatly amplifies consumer privacy protections while imposing rigid rules of data handling on businesses. The fines for failure to follow these rules can rise to $7,500 for each intentional violation, making compliance essential for any business operating within or even just serving California’s market. These penalties are more than just a slap on the wrist. In addition to fines, companies can face serious reputational and financial consequences for non-compliance.

The CCPA doesn’t just offer vague promises to protect personal data. It lays down concrete rights for California residents. They can ask companies exactly what personal information they’ve collected, how it’s used, and even request its deletion. That’s a big deal. And if someone doesn’t want their data sold or shared? They have the right to opt out. Businesses, in turn, can’t refuse these requests or discriminate against anyone exercising their rights. This goes beyond surface-level protections—people can request that their data be corrected if it’s wrong and limit how sensitive data like financial info or precise geolocation is used. These rights aren’t limited to just big companies either; if a business collects data from California residents, it’s bound by the CCPA’s rules.

Beyond California

But California’s not alone. Seventeen states have passed a combined total of 29 bills regulating AI systems, mostly focused on data privacy and accountability. For instance, Virginia and Colorado have rolled out the Virginia Consumer Data Protection Act (VCDPA) and the Colorado Privacy Act (CPA), respectively. These efforts reflect a growing trend of state-level governance filling in the gaps left by slow-moving federal legislation.

States such as Texas and Vermont have even set up advisory councils or task forces to study the impact of AI and propose further regulations. By enacting these laws, states aim to ensure that AI systems not only protect data privacy but also promote fairness and prevent algorithmic discrimination.

These state initiatives, while beneficial to AI regulation, create a complex web of regulations that businesses must keep up with, especially those operating across state lines. Each state’s take on privacy and AI governance varies, making the legal landscape difficult to map. But one thing’s clear: businesses that overlook these rules are setting themselves up for more than just a compliance headache; they’re facing potential lawsuits, fines, and a serious hit to customer trust.

The National AI Initiative Act

While states focus on data privacy, the federal government is investing in AI innovation through the National AI Initiative Act of 2020. This law aims to keep the US competitive in AI development while also addressing ethical issues like data privacy and bias.

Although the focus here is on fostering innovation, it emphasizes that companies need to stay compliant with regulations in highly regulated sectors like healthcare while working on new AI applications. For example, HIPAA (Health Insurance Portability and Accountability Act) sets strict rules for how medical data can be used, which directly impacts AI systems operating in the healthcare space.

Canada: A more unified approach

Canada has taken a more unified approach to AI regulation compared to the US, with a focus on creating a national framework. The proposed Artificial Intelligence and Data Act (AIDA) requires that AI systems are safe, transparent, and fair. It also requires companies to use reliable, unbiased data in their AI models to avoid discrimination and other harmful outcomes. Under AIDA, businesses must conduct thorough risk assessments and ensure their AI systems don’t pose a threat to individuals or society.

Alongside AIDA, Canada also proposes a reform of the Personal Information Protection and Electronic Documents Act (PIPEDA) which governs how businesses handle personal information. When it comes to AI, PIPEDA places strict rules on how data is collected, stored, and used. Under PIPEDA, individuals have the right to know how their personal data is being used, which presents a challenge for companies developing AI models. Businesses need to check that their AI systems are transparent, and that means being able to explain how the system makes decisions and how personal data is involved in those processes.

In June 2022, Canada introduced Bill C-27, which includes three key parts: the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act. If passed, the CPPA would replace PIPEDA as the main privacy law for businesses. In September 2023, Minister François-Philippe Champagne announced a voluntary code to guide companies in the responsible development of generative AI systems. This code offers a temporary framework for companies to follow until official regulations are put in place, helping to build public trust in AI technologies.

Gcore: supporting compliance and innovation

Keeping artificial intelligence in step with innovation and compliance is tricky in a continuously shifting regulatory environment. Businesses must keep up to date by monitoring the changes in regulations across states, at the federal level, and even across borders. This means not just understanding these laws but embedding them into every process.

In an environment where the rules are changing from day to day, Gcore supports global AI compliance by offering localized data storage and edge AI inference. This means your data is automatically handled in full accordance with rules specific to any region or field, whether it’s healthcare, finance, or any other highly regulated industry. We understand that compliance and innovation are not mutually exclusive, and can empower your company to excel in both. Get in touch to learn how.

Discover Gcore Inference at the Edge

Table of contents

Try Gcore Edge & Cloud Platform

Navigating AI regulations in North America: balancing innovation and data sovereignty

Related articles

AI’s Impact on the Future of Lazy Loading
AI’s Impact on the Future of Lazy Loading
Lazy loading was a game-changer when it was first introduced as a way of improving website performance in the early 2000s. Now, with the use of AI, it can enhance the user experience even further. By making websites intuitive and adaptive, AI brings a new level of sophistication to performance […]
October 21, 2024 5 min read
Trends and Directions in the CDN Industry: Expert Insights from Gcore’s Tucker Preston
Trends and Directions in the CDN Industry: Expert Insights from Gcore’s Tucker Preston
Content delivery networks (CDNs) have been around since the 1990s, and have undergone major changes to meet user expectations and the uptake of the internet in years since. The pace of change hasn’t slowed, and the CDN provider market today is characterized by innovation and competition. To explore these changes, […]
October 10, 2024 5 min read
The Business Economics of Sovereign Cloud Adoption
The Business Economics of Sovereign Cloud Adoption
Countries worldwide are tightening their data protection regulations, pushing organizations to rethink their data storage strategies. In July 2021, the Luxembourg National Commission for Data Protection (CNPD) fined Amazon a record €746 million for violating the European Union’s General Data Protection Regulation (GDPR). The fine stemmed from issues related to how Amazon […]
October 9, 2024 4 min read
How WAAP Stops Common Web Application Threats
How WAAP Stops Common Web Application Threats
When you hear the phrase “common web application threats,” you might assume they’re easy to stop. After all, if they’re so well-known, shouldn’t they be straightforward to defend against? Unfortunately, that’s not the case. The reality is that even the most widespread threats—like SQL injection, cross-site scripting (XSS), and credential […]
October 7, 2024 4 min read
AI Regulations are Changing; Sovereign Cloud Helps Businesses Comply
AI Regulations are Changing; Sovereign Cloud Helps Businesses Comply
AI has taken the world by storm, moving so fast in recent years that regulators simply couldn’t keep up. Concerns about how training data was being sourced and whether inference data was being stored raised major ethical concerns, with critics sounding concerns about AI becoming the technological Wild West. Fortunately, […]
October 3, 2024 4 min read
3 Reasons Organizations are Using Kubernetes for AI
3 Reasons Organizations are Using Kubernetes for AI
AI is becoming increasingly ingrained in every facet of business. But how can organizations unlock its full potential? How can they confidently rely on AI for key business operations? Behind the buzz, a range of strong and silent workhorse technologies, such as Kubernetes, operate in the background to secure AI’s […]
October 1, 2024 3 min read
Cybersecurity Without WAAP: The Devastating Reality of Web Attacks
Cybersecurity Without WAAP: The Devastating Reality of Web Attacks
The consequences of not implementing digital security are clear: data theft, downtime, lost revenue, and reputational damage. But what may be less clear at first glance is that the consequences of inadequate security are just as severe. Although organizations may be reluctant to embrace the latest innovations of an already […]
September 23, 2024 3 min read
How WAAP Enhances Risk Management
How WAAP Enhances Risk Management
Cyberattacks happen with alarming frequency, with over 2,200 incidents occurring every day—that’s one every 39 seconds. Hackers are increasingly targeting web applications and APIs, as seen in a recent breach involving Twilio. Hackers exploited a flaw in an unsecured API endpoint to access millions of phone numbers from Twilio’s Authy app, exposing […]
September 19, 2024 4 min read

Subscribe
to our newsletter

Get the latest industry trends, exclusive insights, and Gcore
updates delivered straight to your inbox.
Subscribe