The White House Just Issued an AI Executive Order. What It Means for Your Firm

The Biden administration issued a comprehensive executive order on AI this week. If you've been waiting for the regulatory other shoe to drop, this is it—or at least a significant portion of it.

The executive order doesn't create immediate binding regulations (that takes time and Congressional action), but it signals what's coming and establishes standards that federal agencies will follow. That means it's effectively policy for any firm that does business with the federal government or is regulated by federal agencies.

Professional services firms should pay attention now, not later.

What the Order Says

The executive order covers several areas relevant to professional services:

AI Safety and Security: Federal agencies need to establish standards for "AI safety." This likely means testing, transparency, and risk management requirements for high-impact AI systems.

Privacy Protection: Agencies are directed to strengthen privacy safeguards for AI systems that handle sensitive data.

Transparency and Disclosure: There's emphasis on transparency—letting people know when they're interacting with AI and how their data is being used.

Bias and Discrimination: Agencies will focus on preventing AI from perpetuating discrimination, especially in hiring, lending, and benefits determination.

AI and Workforce: There's concern about AI displacement of workers and a focus on retraining and support.

What This Means for Professional Services

If you work with government agencies: You'll need to demonstrate that your AI systems meet federal safety standards. This means documentation, testing, and potentially third-party audits. If you're a contractor or vendor to federal agencies, this becomes a compliance requirement.

If you use AI for hiring or benefits decisions: Expect increased scrutiny on bias and discrimination. If you're using AI to screen resumes or evaluate candidates, be prepared to prove it's not biased against protected classes.

If you handle sensitive client data: Privacy standards will tighten. The tools you use and how you use them will matter more. This reinforces the need for contracts and governance.

If you're in a regulated industry: Your regulator (SEC, FDIC, state bar, etc.) will interpret and enforce the executive order's principles within your industry. Expect guidance from your regulator within the next 6-12 months.

The Realistic Timeline

An executive order isn't law, so don't panic about immediate compliance. But don't ignore it either. Here's the realistic timeline:

Now through Q1 2024: Federal agencies will develop implementation plans and guidance. Professional services firms in regulated industries should watch for guidance from their regulators.

Q2-Q4 2024: Regulated industries will receive specific guidance on what compliance looks like. Firms in healthcare, finance, law, and other regulated sectors will need to adjust their practices.

2025+: Congressional action is possible, converting executive order principles into binding law. State regulations may follow.

What You Should Do Now

1. Map your AI use to the order's principles. Where are you using AI? Does it handle sensitive data? Does it affect hiring or financial decisions? Categorize your AI by risk level.

2. Check your regulator's initial guidance. If you're in healthcare, finance, law, or insurance, your regulator has probably already commented on AI. Read their guidance and understand what they're concerned about.

3. Document everything. Build a process for documenting: what AI you use, what data it handles, how it was tested, what safeguards are in place. This documentation will be valuable whether regulators ask for it or not.

4. Prioritize bias and discrimination testing. If you're using AI for any decisions that affect people (hiring, staffing allocation, client eligibility), test it for bias now. Better to find it yourself than have a regulator find it.

5. Review your data handling practices. The executive order emphasizes privacy. Make sure your AI tools have appropriate contracts, your data retention is appropriate, and you can explain your choices.

The Bigger Picture

This executive order is not the regulation that kills AI. It's the regulation that normalizes AI while establishing guardrails.

Professional services firms that build compliance and safety into their AI strategy now will barely notice when actual regulations come. Firms that haven't thought about this will scramble.

Start thinking about it now. The timeline is shorter than you might think.