Use of Artificial Intelligence Calls for Transparency

– Open Source AI Enabling Companies to Achieve Regulatory Compliance

AI accelerates business, yet requires governance

The recent emergence of artificial intelligence (AI) systems has enabled companies to boost their efficiency. AI tools may be used for a wide variety of purposes, from simpler, administrative tasks to complex tasks such as core business purposes like planning business strategies and compiling analytical action plans for projects. The rise of AI systems has impacted how companies conduct their day-to-day business as they provide easy-to-use tools for making daily business more efficient. While AI systems are given increasing emphasis in businesses, companies may not disregard establishing control and governance mechanisms for understanding their obligations and mitigating the compliance-related risks.

Challenges related to the use of commercial, proprietary AI systems

Many AI systems are available under proprietary licensing models that provide users with limited rights and information on the key control points of the AI system. There may not be any transparency allowing users to see what type of data has been used in training the AI system, what code and algorithms the AI system runs on, and how the parameters of the AI system have been configured. The same uncertainty follows with the output of the AI system: no or limited information on the training data and operation of the AI system generates ambiguous work products. Companies are also faced with limited options for modifying the AI systems as the applicable proprietary licenses do not generally give access or grant the right to modify the AI system’s source code in any way. As all businesses have their own specific needs and wants while sharing the common need for transparency, proprietary off-the-shelf AI systems may not provide the best value for them.

Today, regulation drives the development of technology and drafting of the related contracts.

Development of own AI systems to bridge the gap for greater transparency

Those technology companies that have the means and capability may want to consider developing their own AI solutions from the ground up in order to get better transparency, control and flexibility on the use of their AI system, especially when the question concerns a critical solution. This allows for tailoring the AI system to their specific needs, and provides for full transparency in the training data as well as functioning of the system. However, developing an AI system from scratch requires an extensive investment in the development work in terms of both time and resources. Also, access to the training data may not be wide enough if only internal pools are used. Regardless of the effort put into developing a customised AI system, there is always uncertainty concerning the results and performance of the system. Therefore, companies with limited resources or no interest in fully developing their own systems must rely on other, more readily available solutions.

Open source AI as an alternative solution

After the release of the most commonly known AI systems, an increasing number of open source AI systems have begun to emerge. The concept of open source AI systems introduces licensing models and information sharing practices that provide users with more freedom, transparency and control. By definition, the open source AI systems’ licensing model provides full access, and thereby full transparency, to the key control points: companies can study how the AI system works, what training data is used and what weight parameters the AI system relies on when generating output. This enables companies to understand the data used for training the systems and makes it possible for them to tailor the systems themselves to their own specific needs without developing the whole system independently. Consequently, companies and other users of open source AI will also understand how the output is generated.

While the Open Source Initiative (OSI) is currently engaged in drafting a definition* of open source AI, there is still no uniform concept of what constitutes an open source AI system. Certain AI systems may provide transparency and modifiability, but their license terms could include restrictions on by whom and for what purposes the systems may be used. This emphasises the importance of understanding the rights and obligations governing the use of any software in general. In order to mitigate the associated risks, companies must establish efficient governance mechanisms for ensuring compliance. (By the way, there are also open source compliance certifications available, such as the OpenChain ISO/IEC 5230 standard.)

Today, regulation drives the development of technology and drafting of the related contracts.

Open source AI as a response to the requirements of the current and upcoming EU regulations

In recent years, the European Union has introduced several regulations that have set increasingly strict requirements for companies either developing or deploying certain technologies. It is evident that innovative companies may not ignore the constantly evolving regulatory landscape. Today, regulation drives the development of technology and drafting of the related contracts. This also applies to AI systems, as they are impacted by various complex requirements governing their training data, permitted use cases, robustness and cyber security. As open source AI systems allow visibility to training data as well as the right to access and modify the source code and other structural elements of the system, companies may independently audit and adjust AI systems to accommodate the requirements of the constantly tightening EU regulations.

AI systems may be offered for use subject to different licensing models. In global business, various territorial regulations impose a number of obligations on developers and deployers alike. The freedom and transparency offered by open source AI may be a part of the solution to ensure regulatory and contractual compliance. Therefore, in addition to seeking different alternatives for AI systems, it is essential that companies identify and adequately respond to the requirements imposed upon them. Simply put, companies must put effort into developing and implementing the necessary governance and compliance processes and mechanisms in their business to meet both license and regulatory requirements. Software development and deployment functions are no longer an exception.

* The Open Source AI Definition – draft v. 0.0.9 – Open Source Initiative

More by the same author

AI, Free and Open Source Software and IPRs in the Context of Software Development

Artificial intelligence is speeding up software development Artificial intelligence (AI) has taken the world by storm and is becoming a common accelerator also in software development. Although AI in general is not something entirely new, with its roots reaching to the 1950s, generative AI has been soaring since the first commonly known large language models (LLMs) were launched a few years back. Generative AI tools are trained with content often referred to as training data (input) and they generate new content (output), such as software code, based on the user’s command, a prompt. The output may resemble human-generated text, pictures, sounds, videos – or software, for that matter.

Implementing the Data Act without Clashing with the GDPR?

The Data Act will largely apply as of 12 September 2025, imposing new obligations and rights in relation to personal and non-personal data in the context of, e.g., connected products and related services. As rules governing data expand, it is increasingly important to map what data sets are processed by an organisation and how they are managed in the upcoming regulatory framework. For data sets including personal data (which is often the case!), it is vital to align the implementation of the Data Act with existing GDPR compliance.

The Big 5 – Status of National Preparation in Finland

The so-called Big 5 acts – the Data Governance Act, Digital Markets Act, Digital Services Act, Data Act, and Artificial Intelligence Act – have been a key part of the European Data Strategy in recent years. Once approved, the Big 5 acts are directly applicable throughout the EU, but many of them require Member States to enact legislation to support their enforcement and supervision, e.g., to designate nationally competent authorities and assign them new powers.

Latest insights

The Ministry of Finance Proposes a New Tax Credit for Large Industrial Investments

Article / 7 Oct 2024
Reading time 2 minutes

Q&A: Exploring the Future of Legal Work with AI

Article / 1 Oct 2024
Reading time 2 minutes