Compliance

Compliance (regulatory compliance) is an organization’s adherence to the laws, regulations, and industry standards applicable to its activity. In the AI context, it includes GDPR, banking regulations (SOX, PCI-DSS), healthcare regulations, and internal policies on data usage.

How it works #

Compliance is verified through audits, document reviews, and continuous monitoring. For AI projects, it requires traceability of data used for training, documentation of automated decisions, and the ability to explain how the model arrived at a given output (explainability).

What it’s for #

It ensures the organization operates within legal and regulatory boundaries. In an AI project, compliance is not optional — it is a design constraint. A model trained on GDPR-subject data without consent is not just a technical risk, it is a violation.

Why it matters #

In the Governance-Compliance-Automation triangle, compliance is the vertex that can never be sacrificed. The AI Manager must ensure every automation respects regulatory constraints — and this requires deep understanding of both the technology and the regulatory context. It is not enough for AI to work: it must work within the rules.