From an operational standpoint, companies may need to modify their processes to gather and report the required data, potentially leading to changes in AI governance, data management practices, cybersecurity measures, and internal reporting protocols, Dai added.
The extent of BIS’ actions based on the reporting remains uncertain, but the agency has previously played a key role in preventing software vulnerabilities from entering the US and restricting the export of critical semiconductor hardware, according to Suseel Menon, practice director at Everest Group.
“Determining the impact of such reporting will take time and further clarity on the extent of reporting required,” Menon said. “But given most large enterprises are still in the early stages of implementing AI into their operations and products, the effects in the near to mid-term are minimal.”