New York City Local Law 144 requires annual independent bias audits of automated employment decision tools (AEDTs) for employers and employment agencies using them to evaluate candidates for employment or employees for promotion in NYC. The law also imposes transparency and notification requirements. AEDTs are defined as computation processes derived from machine learning, statistical modeling, data analytics, or artificial intelligence that issue a simplified output to assist or replace discretionary decision-making. A bias audit assesses if the AEDT results in disparate impact against individuals based on race/ethnicity and/or sex/gender. Auditors must be independent and impartial, and employers/employment agencies must disclose certain data and provide notice to candidates and employees at least ten working days before using an AEDT. Penalties for non-compliance range from $500 to $1500 per violation. Holistic AI offers independent AI Bias Audits to help employers comply with the law.

The Digital Services Act (DSA) sets out a comprehensive accountability and transparency regime for digital services and platforms operating in the European Union (EU), including very large online platforms (VLOPs) and search engines (VLOSEs) with over 45 million monthly active users. A key provision of the DSA is independent auditing, which mandates VLOPs and VLOSEs to commission external auditors to test and validate their compliance efforts annually. The European Commission released a Delegated Regulation in May 2023 to provide procedural guidance on conducting these audits, which include risk assessments, opt-outs from personalized recommendations, algorithm transparency, data access for researchers, and audit reports. Holistic AI provides services to conduct these independent audits.

New York City Mayor Eric Adams and Chief Technology Officer Matthew Fraser have released an AI Action Plan for responsible AI in city government, which defines AI as an umbrella term for a range of technologies that make predictions, inferences, recommendations, rankings, or other decisions with data. The plan sets out seven key initiatives, including designing a governance framework, educating and empowering the public, and supporting AI implementation within city agencies while ensuring due diligence in procurement. The publication of the plan follows previous efforts in the city to manage the risks of AI, such as developing a framework for identifying algorithmic tools and enforcing independent bias audits of automated employment decision tools.

Colorado has passed a law prohibiting unfair discrimination in insurance practices, targeting external customer information sources, algorithms, and predictive models. The law prohibits discrimination based on race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression. The Colorado Commissioner of Insurance is tasked with developing specific requirements for different types of insurance and insurance practices. Life insurers must carry out quantitative testing using cumulative data collected up until 31 December of the previous year and all years prior to determine whether there is a statistically different disapproval rate or difference in premium rate per $1000 face value amount of policies for Hispanic, Black, and Asian Pacific Islanders compared to White insureds. Noncompliance with the regulation can result in sanctions.

The EU AI Act is expected to pass European legislative procedures by the end of 2023, with a grace period of two to three years before it comes into force. The Act is focused on consumer protection rather than product safety legislation and relies heavily on standards and implementing acts. While there have been agreements made on some provisions of the Act, controversial elements such as definitions remain uncertain. The EU and the US have adopted different approaches to AI regulation, and the world's first comprehensive AI regulation is still being discussed. The uncertainty surrounding the Act has created industry interest in risk assessment, compliance tools, and protective measures.