I’ve just completed the Oxford AI, Ethics, Regulation and Compliance Programme at Saïd Business School, University of Oxford. I’m looking to use this training to help individuals and organisations navigate complex ethical and legal issues in real-world AI projects.
Give me a shout if you’d like to know more. In the meantime, here are some things I’ve learned:
🤖 The EU AI Act matters well beyond Europe. Even if you are not based in the EU, its market size and regulatory influence mean that organisations elsewhere will still need to pay attention if they work with EU customers, partners, or institutions.
🤖For anyone building or using generative AI products, it is important to understand how the EU AI Act and the EU GDPR Act intersect. The former focuses on AI systems and risk, the latter on personal data and data rights, and in practice many tools will need to be understood through both!
🤖In the EU context, one of the first governance questions is how a system is classified as either prohibited, high risk, limited risk, or minimal risk. High risk means a significant level of legal obligation, scrutiny, and administrative burden.
🤖AI ethics should not be thought of abtract, or separate from compliance. Designing around human rights, privacy, fairness, transparency, accountability, and safety is both the right thing to do, and a practical way to future-proof an AI tool for rapidly developing regulation and policy (and reputational risk). There is good guidance and ethical frameworks from the OECD and UNESCO on this.
🤖AI literacy is not just a CPD priority; it’s also becoming a governance issue (and is named in the EU AI Act). All individuals in an organisation need people who can understand what AI systems do, their ethical risks, and how to oversee them responsibly.
🤖Transparency remains a live legal and ethical question. It is easy to demand “transparent AI” in principle, but much harder to decide what kind of explanation is meaningful, and usable in practice – especially as LLMs are still a ‘black box’. As I’ve mentioned elsewhere, I’d like to see more critical engagement with this beyond the EU Act.
🤖Human oversight only works if it is substantive, with people able to understand, question, and intervene in AI processes (whether autonomous, human-in-the-loop, or ‘human-on-the-loop’), and with AI systems designed from the outset with ethics at their centre.
🤖 Things are only going to get *more* complicated with the rapid development of agentic AI!
As part of this training I also learned how to use the oxethica AI governance platform to manage and audit an organisation’s AI compliance and ethical stance. Let me know if you want a free assessment for your organisation