Quasi Regulation

Quasi regulation is a governance mechanism positioned between 'hard law' (legally binding) and 'soft law' (purely voluntary guidance). While not legally mandatory, it creates strong compliance incentives through government endorsement, industry consensus, or market pressure. In rapidly evolving fields like AI, where legislation lags behind technology, it serves as a critical proactive governance tool. For instance, Singapore's AI Verify framework, though voluntary, is becoming a de facto standard for demonstrating AI trustworthiness. Its principles align with international standards like the NIST AI Risk Management Framework (AI RMF) concerning testability and transparency, and the requirements of ISO/IEC 42001 for an AI Management System. Adhering to quasi regulation helps enterprises prepare for future mandatory laws and build a responsible brand image.

Enterprises can integrate quasi regulation into AI risk management through three steps: 1. **Gap Analysis**: Select a credible framework like Singapore's AI Verify or the NIST AI RMF. Conduct a comprehensive assessment of existing AI applications and governance policies against the framework's requirements to identify gaps in fairness, explainability, and security. 2. **Control Implementation**: Based on the analysis, establish or revise internal controls and policies, such as implementing a model risk management process and creating model cards. Document all procedures to ensure auditability, aligning with ISO/IEC 42001 documentation standards. 3. **Voluntary Verification**: Use official toolkits like AI Verify for internal testing or engage third-party auditors to produce a compliance report. This report serves as objective evidence for stakeholders. Establishing continuous monitoring ensures ongoing compliance. This proactive approach can increase future regulatory audit pass rates by over 30%.

Taiwanese enterprises face three main challenges: 1. **Resource Uncertainty**: Justifying investment in non-mandatory compliance is difficult. Solution: Frame it as a competitive advantage and proactive risk mitigation, starting with a high-impact pilot project to demonstrate value and potential ROI. 2. **Lack of Localization**: Directly applying international frameworks like NIST's may conflict with local laws such as Taiwan's Personal Data Protection Act. Solution: Form a cross-functional team to adapt the framework to the local context, integrating specific legal requirements. 3. **Talent and Technology Gaps**: There is a shortage of professionals skilled in AI ethics, explainability (XAI), and fairness testing. Solution: Collaborate with external experts for initial implementation and training, while developing a long-term internal talent roadmap. This phased approach builds sustainable, in-house AI governance capabilities.

Winners Consulting specializes in quasi regulation for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact