Soft Law

Soft law refers to non-legally binding instruments such as guidelines, principles, and codes of conduct that, while not enforceable by law, influence the behavior of actors. In rapidly evolving fields like artificial intelligence, where formal legislation (hard law) often lags behind technological progress, soft law plays a crucial complementary role. For example, the European Commission's Assessment List for Trustworthy AI (ALTAI) is a quintessential soft law tool. It provides a concrete checklist for developers and deployers to self-assess their AI systems against seven key requirements for trustworthy AI. In contrast to hard law like the EU AI Act, which imposes mandatory obligations and penalties, soft law relies on reputational incentives, market pressure, and voluntary commitments to drive compliance. It serves as a proactive governance mechanism for enterprises to manage ethical and societal risks before formal regulations are fully established.

Enterprises can systematically integrate soft law into their AI risk management frameworks through a structured approach. Step 1 is 'Benchmarking and Gap Analysis,' where the organization selects an authoritative soft law framework, such as the NIST AI Risk Management Framework (AI RMF) or the OECD AI Principles, to assess its current AI processes and identify gaps. Step 2 is 'Governance Integration,' translating these principles into concrete internal policies, procedures, and technical controls, such as establishing an AI model inventory and embedding ethical review checkpoints into the development lifecycle. Step 3 is 'Documentation and Continuous Monitoring,' which involves recording all assessments, decisions, and mitigation measures to create an audit trail. This documentation serves as evidence of due diligence for regulators and partners. Implementing such frameworks has helped organizations reduce AI-related customer complaints by over 15% and improve their success rate in regulatory audits.

Taiwanese enterprises face three primary challenges when implementing AI governance soft law. First, 'Resource and Expertise Constraints,' as SMEs often lack dedicated legal or ethics teams to interpret and apply complex frameworks like the NIST AI RMF. The solution is a phased adoption, prioritizing high-risk applications and seeking external expertise. Second, 'Lack of Immediate Business Incentives,' as the upfront investment in compliance is difficult to translate into immediate financial returns. To overcome this, link compliance to business opportunities, such as market access to the EU or attracting ESG investors. Third, 'Localization of International Frameworks,' as directly applying Western-centric principles may conflict with Taiwan's Personal Data Protection Act or cultural norms. The solution is to form a cross-functional team to adapt global principles into locally relevant guidelines, prioritizing a Data Protection Impact Assessment (DPIA).

Winners Consulting specializes in soft law for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact