Artificial Intelligence
Leading with Values in the Age of AI Regulation
Smart organizations are beating the regulatory clock by building AI safeguards rooted in human values.
Sydney Scott
Editorial Strategist, AI
Workday
Audio also available on Apple Podcasts and Spotify.
A real gap is emerging between organizations building AI safeguards now and those waiting for the regulatory dust to settle. At Workday, Chief Responsible AI Officer Kelly Trindel and Chief Legal Officer Rich Sauer argue that waiting for perfect regulatory clarity is a losing game. Compliance deadlines arrive quickly, even as the technology moves too fast for lawmakers to stay ahead.
On the latest episode of the Future of Work podcast, Trindel and Sauer discussed what it takes to build, operate, and continuously improve an enterprise-wide responsible AI program as regulations evolve. They explore Workday’s ongoing effort to prepare for the EU AI Act, including both horizontal and vertical alignment efforts across the organization. But they also make clear that durable AI can’t depend on regulatory compliance alone. It must be rooted in human values that help organizations stay ahead of shifting legal requirements while earning and maintaining trust over time.
Guide
Choosing Skills Technology: a Buyer’s Guide
Navigating the Shifting Regulatory Landscape
Maintaining a comprehensive and enduring responsible AI framework requires moving beyond reactive compliance and toward a proactive plan that involves the entire enterprise. In sharing their own experiences, Trindel and Sauer pointed to six areas where organizations can focus to understand their AI landscape, make values-based decisions, and adapt as regulations evolve. These focus areas offer a look into how they bridge the gap between today’s fast-moving technology and a complex, still developing regulatory environment.
"For leaders out there who are deploying AI within their organizations, its important to take stock of these new regulations, understand how you're using this new technology, and put some governance in place."
Rich Sauer
Chief Legal Officer, Workday
1. Use Human Values As A North Star
Laws and regulations are meant to represent how a society should go about its business and operate ethically. However, there is always a lag between the speed of technological development and the legal requirements to effectively govern it. To bridge this gap, organizations must look to their own values, the way that Workday looks to our values of integrity and innovation. "Regardless of what the laws require us to do, we go above and beyond," says Trindel. This approach turns AI into a tool that helps people manage work, finances, and HR systems safely.
"Legal requirements are the baseline, but we are aligning to a higher set of principles and values."
Kelly Trindel
Chief Responsible AI Officer, Workday
2. Inventory Current AI Usage And Governance Assets
After determining the legal requirements, as well as the principles and values to guide the work, organizations must get very practical in their responsible AI efforts. At this stage, the first move is to get a clear picture of what AI tools are already in use. Many companies adopted the technology long before they ever thought about a governance program. This often happens because employees use consumer-grade tools for business tasks without official approval.
"I would just say get your arms around what’s in your company today,” says Sauer. “Here's the Al we're using. Where did this come from? What's the integrity of the people providing it? It felt like everybody was racing to embrace and adopt Al. But it may be that people are using Al, procuring Al, and taking content and using consumer access to Al to do things for the enterprise."
Many organizations likely also have important pieces of the AI governance framework they need already in place. Look to existing privacy and data governance programs as well as enterprise risk management frameworks and cybersecurity safeguards. There is no need to waste time building governance assets and controls that already exist.
3. Create A Clear Decision Process
Many companies fall into the trap of setting up an ethics committee that never actually makes a move. Things get lost in committee, which frustrates the people trying to use the technology. AI governance only works when decision rights are clear. Committees can be useful for surfacing risks and bringing the right perspectives into the room, but they can’t become a place where hard calls go to stall. A durable responsible AI framework needs a clear escalation path, defined decision-makers, and agreed-upon accountability for who can approve, pause, or require changes to an AI use case. That is where a dedicated responsible AI leader or function can add real value: not by making every decision alone, but by driving the process, clarifying ownership, and ensuring decisions are made at the right level.
4. Assemble A Socio-Technical Team
Building a durable program is a company-wide effort. Because AI systems are sociotechnical by nature, governing their development and use requires expertise across technology, science, law, human behavior, organizational change, and risk. Most modern org charts don’t put all of that expertise in one place, which is why responsible AI requires coordinated, cross-functional teams rather than isolated compliance silos.
At Workday, that effort is led by Trindel and the dedicated Responsible AI team she built. The team brings together scientists, governance experts, and training and enablement specialists to evaluate AI systems, develop and manage scalable processes, and build organizational literacy around responsible AI across the company.
5. Define Risk Levels And Human Oversight Requirements
Not every AI use case requires the same level of scrutiny. A tool that detects errors in an expense report is much lower risk than one used in hiring or or other consequential decision making. Organizations must decide where a human in the loop is mandatory to mitigate risk and support better, more accountable decision making. A smart approach would be to risk rate AI use cases and understand that in the case of moderate to high risk AI, human oversight of the system is a requirement. "Anything that has a consequential impact on people's lives, you want to do that perfectly," Sauer says. As AI capabilities improve, organizations will need to continually reassess the line between what can be automated and what requires human oversight, especially where decisions may have a meaningful impact on people’s lives.
“Anything that has a consequential impact on people's lives, you want to do that perfectly."
Rich Sauer
Chief Legal Officer, Workday
6. Stress Test Against Existing Standards
Even if specific regulations like the EU AI Act are not accompanied by final technical standards yet, smart companies use existing global benchmarks. For example, the International Organization for Standardization (ISO) 42001 standard can be used to help organizations establish, operate, and continuously improve AI governance practices; it provides a valuable benchmark for assessing readiness. . Trindel notes that Workday actively brought in a third party to audit and certify its AI management system against this standard. Stress-testing a program ensures that the internal machinery works flawlessly long before official government regulations land.
Success Means Responsible AI By Design
Responsible AI is currently following a path similar to the privacy journey of a decade ago. In the early days, privacy was a niche area with few consequences for mistakes. After laws like the General Data Protection Regulation (GDPR) arrived, privacy became a mainstream part of building every product. Workday is ahead of the curve with responsible AI, much as it was with privacy. AI is heading toward a future where safeguards are not added at the end but are built into the platform itself.
"I think in five years, it will be very much a mainstream core program, a seat at the table, for sure, not just within tech companies but across all companies" Sauer predicts. When responsibility is part of the design, engineers do not get stopped at the door right before they launch a new tool. Instead, the values of the company and the requirements of the law are already working in the background.
The organizations that succeed with AI will not be the ones that wait for perfect clarity. They will be the ones that build responsibly from the start, using regulation as a guide and human values as the foundation.
Guide
Choosing Skills Technology: a Buyer’s Guide
A gap between effort and impact is the real ROI problem. Discover the solution.