Achieving compliance

13 September 2022

Assigning responsibilities and documenting the processing.

Respecting standards, certifications and codes of conduct as proof of compliance

Numerous standards and certification processes, some of which are based on self-assessment, have been published to enable AI providers to prove that their system achieves a certain level of compliance.

 

Does the AI system comply with certain standards (IEEE, ISO, etc.)?

Specify:

Has the AI system been certified by a third-party organisation (French National Laboratory of Metrology and Testing (LNE), research bureau, etc.) or by an authority (e.g. French National Authority for Health (HAS), French National Agency for the Safety of Medicines and Health Products (ANSM), French Financial Markets Authority (AMF), etc.)?

Specify:

Does the AI system comply with certain codes of conduct or best practices?

Specify:

Conducting and assessing a DPIA

Where processing involves personal data, certain steps must be taken to ensure compliance.

 

Has a data protection impact assessment (DPIA) been carried out?

Has a tool been used to assess the impact of the AI system?

Documenting for reliability

Keeping up-to-date documentation can enable the provider, user, individual and supervisory authorities to identify the risks associated with the processing and thus help to control them. 

 

Is there documentation on how the training and production data used is collected and managed, on the algorithm, the quality of the system’s outputs, the tools used, the logging and the security measures?

Is this documentation shared with all those who need to know about it to ensure effective analysis and control of the risks (users of the AI system, ethics committee, quality and risk management department, data subjects, etc.)?

Has an open source approach been adopted in order to involve a community of third parties in the design and improvement of the system?

 

No information is collected by the CNIL.


Would you like to contribute?

Write to ia[@]cnil.fr