I’m at a conference where they’re discussing AI ‘standards,’ like IEEE 7000, CertifAIed, ethics, etc., but I’ve never seen any real-world consequences for not following these standards in tech companies. Has anyone here become certified in NIST standards or seen a tangible benefit for their business or career by doing so? This feels like it could be a massive waste of time and effort, but I’d love to hear others’ thoughts.
I’ve never heard of any company actually using these. Most companies develop their own internal guidelines for AI/ML.
Short answer: No. Longer answer: Big companies may be aware of NIST standards and have some governance that partially aligns with them, but I haven’t seen anyone fully implement them. It’s worth noting that some governments may eventually adopt laws based on these standards, especially in states like NY or California. But right now, private companies just follow what’s legally required, and that’s not NIST.
I’ve had to write manuals on NIST standards for a state government project. It was pointless from a business perspective, but necessary for compliance. I doubt you’d need certification for this type of thing though—just lots of documentation.
It depends on your industry. If you’re in a regulated market like healthcare, insurance, or banking, you might need to show regulators that you have a process and get audited for compliance. Check out assurance labs like chai.org for examples.
We’re in healthcare, and I’ve worked in finance where the regulations are real (FCRA, Reg B, Reg Z). But NIST doesn’t create regulations. I looked into CHAI this week, and while it’s expensive to join, I don’t see any fines or consequences for not meeting their criteria. Neither NIST nor CHAI are regulatory bodies like OSHA.
True, but that could change if a state AG decides to sue you.
It’s a waste of money from a business standpoint unless a regulator is explicitly requiring it. Otherwise, don’t bother.