AI Generated Works

AI generated works are outputs such as text, images, or code created by an AI system with minimal to no substantive human creative intervention. This concept is distinct from 'AI-assisted works,' where humans use AI as a tool to realize their own creative vision. Under many legal frameworks, such as Taiwan's Copyright Act, copyright protection is anthropocentric, extending only to human authors, leaving the legal status of purely AI-generated content ambiguous. In contrast, emerging regulations like the EU AI Act (Article 52) impose transparency obligations, requiring that AI-generated content be disclosed as such. Within enterprise risk management, these works represent a new class of digital asset and potential liability. Frameworks like the NIST AI Risk Management Framework and ISO/IEC 42001 guide organizations to govern, map, and manage the risks associated with these assets, treating them as critical components of a trustworthy AI ecosystem.

Enterprises can manage risks from AI-generated works through a structured, three-step process. Step 1: Inventory and Classification. Establish a corporate policy requiring employees to log all AI-generated content and classify it based on its intended use and risk level (e.g., internal documentation, public marketing materials, R&D). Step 2: Policy and Control Implementation. Develop an Acceptable Use Policy, guided by principles from the NIST AI RMF, that explicitly prohibits inputting trade secrets or personal data into public AI models and mandates a human-in-the-loop review for high-risk outputs. Step 3: Monitoring and Auditing. Implement technical solutions to create an audit trail for AI usage (model, prompts, timestamp) and conduct regular compliance checks. A multinational tech firm implemented this process, reducing its exposure to copyright infringement lawsuits by 90% and ensuring its marketing content did not inadvertently leak proprietary information.

Taiwan enterprises face three primary challenges. First, legal ambiguity, as Taiwan's Copyright Act does not explicitly define the legal status or ownership of AI-generated content, creating uncertainty. Second, the risk of trade secret leakage is high when employees use confidential data as prompts in public AI tools, potentially incorporating sensitive information into the model's training data. Third, output unreliability, as AI can produce factually incorrect 'hallucinations,' biased content, or plagiarized material, posing significant reputational and legal risks. To mitigate these, the first priority is to establish a clear internal usage policy and conduct employee training (within 30 days). The next step is to explore private or enterprise-grade AI solutions and enforce a mandatory human verification workflow for all external-facing content. Finally, companies must continuously monitor regulatory developments to adapt their governance strategies.

Winners Consulting specializes in AI generated works for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact