Both the European Parliament (the EU’s law-making body) and the U.S. National Institute of Standards and Technology (NIST) were represented on a CES panel on “AI Rules and Tools,” moderated by CTA vice president of emerging technology policy Doug Johnson. Also on the panel were executives from Facebook parent Meta Platforms and insurance provider Elevance Health, for a robust discussion on how to arrive at standards and regulations for the powerful — but often industry-based — AI technologies that will also be accepted by countries around the world and industries with competing interests.

European Parliament senior policy advisor Laura Caroli described “the complex legislative process” in Europe to arrive at agreed-upon solutions. Currently, a vote is expected by March on a proposal put forward by the European Commission that went through Parliament and the Council to transform the draft into a “common text.” If approved, its regulations will be applied in 2026, she said.

Elham Tabassi, chief of staff in NIST’s Information Technology Laboratory (ITL), noted that the non-regulatory agency under Congress aims to drive U.S. innovation and promote standards and measurements.

We created “an open transparent collaborative process to create a framework for AI risk management,” she stated. “The first thing we need to do is understand the risks and the context in which it’s being deployed. We want it to be fair and non-biased.” The result, she said, must be “flexible but measurable.”

With AI applications in healthcare, Elevance Health director of digital health technology policy Stephanie Fiore recommended that the application of policy should be realized “in sector-specific ways.” Noting that healthcare in the U.S. is already highly regulated, she added that “as states propose AI policies we want to make sure there is alignment” with already existing rules.

Meta AI policy & governance manager Farzana Dudhwala reported that her company initiated the global program Open Loop to “think about effective laws and rulemaking.” “These laws can sound brilliant but when a lot of players actively implement them, you can find many things that don’t work,” she stated.

Caroli revealed that, for the EU, “requirements such as transparency, accuracy, cybersecurity and quality management are for the provider who develop and market the system.”

Tabassi agreed that “the risk-based approach is very powerful,” since it includes context and outcome based on human-centric approaches. Dudhwala described that efforts to achieve that fairness is “tricky … to get right,” due to the structural inequality of existing datasets. She concluded that, “standards are incredibly important but … it’s a minefield.”