AI Regulatory Compliance Strategy

Burke advises clients on which particular legal and regulatory regimes may apply to the client’s anticipated use of AI, including:

• Global regulation (e.g. EU AI Act, Canada’s proposed AIDA, China’s sector-specific regulations)

• U.S. federal regulation and enforcement (e.g. the FTC Act)

• U.S. state AI law (e.g. CA, CO, NY, Utah)

• Privacy and security laws and regulations, based on the nature of the data, including consumer personal or sensitive information

• Contractual requirements, including with insurers, key clients and other business partners. Some will require compliance with industry-specific standards or certification programs (e.g. ISO 42001).

After studying the use of the AI technology and dataflows, Burke provides a custom AI compliance program, including policies, procedures, protocols and employee training.

In the event of audit or regulatory investigation, Burke’s experience as a former fintech regulator often facilitates communication and understanding.

Generative AI Risk Management

Generative AI offers unprecedented capabilities — but introduces novel risks. Burke is experienced in assessing generative AI tools under tight timeframes.

Burke guides clients on development and implementation of generative AI in compliance with legal, ethical and operational considerations. As with Privacy-by-Design, generative AI compliance begins at the design and engineering stage. Burke works closely with design and engineering teams to reduce risks such as unintended data leakage.

Privacy, Security, and Cross-Functional Training

AI systems often process highly sensitive data. We develop data protection measures to safeguard personal information while maintaining system functionality, and advise on the deployment of privacy-enhancing technologies (PETs). We also bridge the gap between legal and technical teams through cross-functional training — educating lawyers on AI fundamentals and developers on legal requirements — to foster collaboration and align compliance with business strategy.

AI Governance Frameworks and Technical Controls

While AI laws have been slow in coming globally, but they are now arriving and one common denominator is a regulatory balance between innovation and responsible governance.

Governance framework requirements begin at product development and/or implementation, and Burke develops technical guidelines for development teams incorporating best practices and appropriate controls when building and operating new AI systems.

Burke provides custom policies for compliant AI governance and oversight. Policies and procedures call for:

• Technical controls for identified legal risks (e.g. consumer opt-out/opt-in)

• Defined roles and responsibilities and AI decision-making escalation paths

• Risk, readiness and compliance assessments

• Vendor risk management processes

• Playbook of AI-related contractual terms

• Employee compliance training

Data Strategy, Risk Assessments, and Compliance Reviews

AI is only as good as the data behind it. Burke conducts readiness assessments, audits, due diligence responses and compliance reviews to ensure alignment with legal standards. He helps organizations embed ethical principles into their AI programs, promoting fairness, accountability, and equitable outcomes.

His assessments identify risks — from bias to misuse — and his mitigation strategies include everything from data minimization and deletion protocols to bias-reduction practices.

AI Contracts, Licensing, and Global Perspective

From licensing and development agreements to SaaS and data supply contracts, we draft and negotiate the documents that define AI partnerships and allocate risk. Our global outlook ensures clients stay ahead of emerging international regulations and evolving technology and industry standards, while our proactive approach builds legal frameworks before issues arise — saving time, cost, and reputational damage.