INT2: Three - Industry Knowledge Flashcards
How do you keep on top of the news in your sector?
- News
— Biweekly ‘Everything in Moderation’ Newsletter
— Monitoring articles on Online Safety, notable coverage recently including The Spectator (Gab), Guardian (U.S foreign policy) and NYT (com groups) - Podcasts
— OII
— Deloitte Regulated Radio
— Safety is Sexy - LinkedIn Influencers
— Jeff Dunn
— Ruby Y - Technology Policy Organisations
— DRCF publications
— TechPolicyUK
What are Ofcom’s current Enforcement programmes?
Ofcom’s regime is oriented around ensuring implementation of its recommended measures for reducing risks. All Enforcement programmes center on this: assessing whether services have effectively complied with duties to implement specific measures.
(i) FSS implementation of measures to address risks of CSAM
— Assessing risks of CSAM on FSS, SBRs
— Inadequate measures to prevent risk of illegal CSAM proliferation; particular measures required such as hash matching
(ii) Services compliance with measures to conduct RA and following associated record-keeping duties
— Currently reviewing RFI returns for quality of evidence and judgement (assessing risk in terms of severity and likelihood)
— Enforcement action recently announced into a suicide forum
(Iii) To assess Part 5 Services’ implementation of HEAA Standards to prevent children from encountering pornographic content
Upcoming Enft for additional priorities… can’t disclose, but known.
What would you advise a service on how to comply effectively with the far-ranging obligations in OSA?
- Get the basics right: 3 phases
— Focus on the phased deliverables - Focus on Ofcom’s priorities
— Focus on Ofcom’s 8 x priorities: Governance/Accountability (suitable/sufficient RAs, nominating accountable individuals), ConMod for illegal content, CSAM/Grooming, Hate Terror, VAWG, Fraud, PoC (incl. HEAA and measures to prevent PC/PPC), additional duties for Categorised Services - Don’t take your eye off the ball of new/emerging policy obligations e.g., additional measures, thresholds for categorisation
- Be proactive
— Use Ofcom’s resources
— Risk Assessment Tool
— Guidance documentation
— Leverage Supervisory relationships for advice
AI Act - What can services do?
- AI Literacy
— Services must comply with active obligations to deploy AI Literacy programmes for employees
— Help employees understand how to use AI ethically
— Familiarise employees with concepts such as AI Governance, Policy, Inventories, Risk Assessment, Audit - AI Policy/Decision-making Framework
— Going beyond compliance with regulation, set a broad policy aimed at ensuring AI deployments conform to ethical principles
— Focus on the most common principles, e.g., transparency, redress, safety, fairness, governance - Implement AI Governance Basics
— Establish accountabilities at Board level
— Prepare for transparency reporting obligations
— Establish processes required for RAs - Conduct AI System Inventory
— What risk level are the deployments?
— Supply chain due-diligence
— Decommission prohibited use cases
— Assess risks against the AIA framework - AI Audit
— Identify trusted partners for AI Audit
— Define standards and expectations to ensure this is done robustly
DSA - What’s your knowledge on this?
What’s the most challenging part of OSA compliance?
- Breadth of risk assessments - need to scale up compliance operations and deploy effective processes
- Upcoming policy changes - complying and keeping an eye on what’s next at the same time
- Cultural change - embedding compliance culture, persuading/influencing senior decision makers
- Public scrutiny - firms are under the spotlight, awareness is increasing about safety implications of services; proactive compliance is important to not only do ‘good enough’, but to showcase best practice instead
