BSI – AI Cloud Service Compliance Criteria Catalogue (AIC4) Date 2021.02.02

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CloudComputing/AIC4/AI-Cloud-Service-Compliance-Criteria-Catalogue_AIC4.html

“The AI Cloud Service Compliance Criteria Catalogue provides AI-specific criteria, which enable an evaluation of the security of an AI service across its lifecycle. The criteria set a baseline level of security, which can be reliably assessed through independent auditors. The catalogue has been developed for AI services that are based on standard machine learning methods and iteratively improve their performance by utilizing training data.”

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CloudComputing/AIC4/AI-Cloud-Service-Compliance-Criteria-Catalogue_AIC4.pdf;jsessionid=447A6D97340ED8665553CEA5B96A0A22.internet482?__blob=publicationFile&v=4

A Day in the Life of an AI project (privacy design and AI phases)

Great presentation that breaks down what needs to be considered from a privacy point of view in the different phases of an AI project.

My hope is to turn these into a “checklist” for new AI experiments that are run on pre-assessed AI platforms. (I’m very interested in comments).

Full slides from DPC19 :

https://iapp.my.salesforce.com/sfc/p/#1a000000HSGV/a/1P000000XeTO/7xOqxD1UampJRpDFr37qKWaLBKb9Ge2ZHgUUFBoiP6g

Phases of an AI project

  • Scoping
    • Problem identification
    • Impact of the AI?
    • Purpose limitation
    • Planning of solution & resources
  • Identify Data Sources
    • Getting access, data transfer
    • Compliance requirements for the data
    • Data minimization & pseudonymization
  • Data Pre-Processing
    • Exploratory Data Analysis
    • Feature selection (data minimization)
    • Feature engineering
    • Anonymization/pseudonymization
  • Modeling
    • Training, validation, testing
    • Does the model generalize well? (Test for bias/variance)
    • Support explanation
  • Deployment
    • Re-identification risk: Will the analysis or model be published?
    • Explanation to domain experts and/or data subjects
    • Incremental learning
    • Human-in-the-loop
  • Request of data subjects
    • Rights to get an explanation
    • Right to be forgotten