Regulatory Roundup: From the desk of Dynamo's Head of AI Compliance Strategy

Stay Informed: Regulatory and Compliance Updates - February 2025

The first set of the EU AI Act's provisions have entered into force as of February 2nd. This includes the prohibited acts practices as well as requirements for AI literacy. The Dynamo AI team is tracking the impact on industry partners, and potential fallout to key questions including the following points:

• A supervisory authority hasn't been established to enforce these provisions, so we are looking for signs from the private sector and the EU government as to how enforcement, including evaluations and fines, are administered. This will provide valuable insight into controls, testing, monitoring, and records retention expectations.
• The advancement of AI literacy as policy may be a huge boom for integrating AI across departments. AI information campaigns have already been released (in addition to the European Commission) by a variety of trade associations, and we are tracking how this will impacts product development, regulatory guidance, and operational change across lines of business and operational teams.

US states continue to take charge in defining AI policy in the absence of federal regulation. Hundreds of bills have been introduced in 2025, and the states to list off would be too many, but the Dynamo AI team is watching a few key themes evolve:

• The trend to ban or highly regulate industry-specific AI automated decision making targeting specific uses (potentially following the precedent of focusing on 'consequential decision making') may take flight.
• Chatbots may require more explicit guardrails, requiring users be notified regarding engagement with AI, along with clarity on liability expectations.
• Consumer notices on the use of synthetic data or the risks of inaccurate or harmful information may become an operating standard.
• AI and consumer protection expectations may lead to standards around consumer AI rights (an AI consumer 'bill of rights' or similar).

FINRA (Financial Industry Regulatory Authority) released its annual regulatory oversight report and AI is a big component.

• Beyond guidance for establishing AI governance and aligning on an AI taxonomy, vendor assessment and expectations around comprehensive risk evaluations takes the headline.

For our friends in the UK (and global financial institutions), the UK House of Commons Treasury Committee published a call for evidence on AI use.

• Similar to what the US Treasury executed in 2024, we expect this to be both a good read and influence the UK's regulatory trajectory (which may differ from both EU and US).

IN CASE YOU MISSED IT: Singapore's Monetary Authority (MAS) released its report on AI model risk management in December.

• A great read that covers how firms are applying MRM best practice to AI, providing insights into the potential evolution of peer industry-specific MRM guidance (including SR 11 - 7).

See you in March!

‍

‍