General-Purpose Technology

A general-purpose technology (GPT) is a technology that has a long-term, pervasive impact on economic growth. Its core definition includes three characteristics: pervasiveness across many industries, inherent potential for continuous technical improvement, and innovation complementarities that spur innovations in other sectors. Prime examples include the steam engine, electricity, and modern artificial intelligence (AI). Within enterprise risk management, GPTs are considered significant strategic risks and opportunities. When adopting a GPT like AI, organizations must adhere to governance frameworks such as the NIST AI Risk Management Framework (AI RMF 100-1) and can establish a system compliant with ISO/IEC 42001:2023 (Artificial Intelligence Management System). This allows for the systematic management of unique risks like algorithmic bias, data privacy, and model reliability, distinguishing it from risk assessments for specific, narrow applications.

Applying a general-purpose technology like AI in enterprise risk management requires a structured process to maximize its benefits while controlling risks. Key implementation steps include: 1. **Risk Identification & Context Setting**: Following ISO 31000:2018 guidelines, identify strategic, operational, and compliance risks associated with AI adoption, such as ensuring compliance with GDPR and local data protection laws. 2. **Risk Analysis & Evaluation**: Use the NIST AI Risk Management Framework (AI RMF) to systematically assess AI model fairness, explainability, reliability, and security. For example, a financial firm can use the framework to quantify the risk of bias in an AI credit scoring model. 3. **Risk Treatment & Monitoring**: Implement controls based on standards like ISO/IEC 42001 for AI governance and ISO/IEC 27001 for information security. A global manufacturer using AI for supply chain forecasting successfully reduced disruption risks by 20% and achieved a 99% audit pass rate by implementing continuous monitoring mechanisms.

Taiwanese enterprises face three primary challenges when implementing general-purpose technologies like AI: 1. **Regulatory Adaptation & Data Governance**: Discrepancies between Taiwan's Personal Data Protection Act and international regulations like GDPR create compliance risks for cross-border data transfer and algorithmic decision-making. 2. **Talent and Integration Gaps**: Many SMEs lack the specialized talent and data infrastructure required for AI implementation, making it difficult to integrate new technologies with legacy systems. 3. **Uncertain Return on Investment**: The high upfront investment in GPTs, combined with a long-term payoff horizon, often leads to hesitation from senior management. **Solutions**: To overcome these, enterprises should implement an ISO/IEC 27701-based data governance framework, partner with external experts like Winners Consulting for phased rollouts starting with low-risk applications, and adopt agile methodologies with clear, short-term KPIs to demonstrate value and secure ongoing investment.

Winners Consulting specializes in general-purpose technology for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact