AI regulations in software development

AI is rapidly changing the software development field, making clear regulations essential to prevent risks like data breaches and ensure ethical practices. These regulations are also key to reshaping developer roles while preserving the need for human expertise.

AI regulations in software development

The implementation of formal AI policies within companies is critical, especially as organizations navigate the complexities of global regulations. Thoughtful guidelines are necessary to support innovation and balance the evolving landscape of AI in development.

ADM: What are a few benefits of implementing AI regulations for developers?

Sius: The advent of AI changed software development forever, and the role of the software developer will never be the same. While AI will not replace the role of a software engineer, it will look different. This is not a negative sentiment but a reality due to the scale of AI’s impact on the world.

The rise of the internet and social media changed the world (changing how we build relationships, see the world, etc.), but think about how long that took compared to what we’ve seen with AI. The rate of social change is much faster, which is why it needs to be regulated. AI regulation is required so that developers can adopt and implement AI. Without practical and legal regulatory measures, companies would ban (or have their organizations ‘skip’) its adoption, holding back innovation and the emergence of the new hybrid AI developer role.

ADM: What are some of the potential risks for software developers if we fail to regulate AI?

Sius: Currently, AI-code assistants lack contextual understanding, can’t train and produce secure code, make suggestions to ensure code security, and may pose challenges to integration due to compatibility. These challenges increase the risk of compromised data, malicious code inserted into AI models, copyright infringement, and more. With broader adoption, AI solutions increase the risk of data vulnerability. Thus, organizations will need to emphasize ensuring AI-assisted code generation is thoroughly tested for security vulnerabilities. The importance of data privacy and protection has surpassed the technological prowess of newer AI coding assistants because of the lack of guaranteed protection.   

ADM: Will there be any substantial changes to intellectual property ownership, security vulnerabilities, etc.?

Sius: AI-code assistants will be instrumental in expediting the code development, implementation, and auditing processes to increase developers’ productivity and efficiency. A key functionality of AI coding assistants is their ability to summarize and organize various sources that would be too difficult for an individual to manage. The primary benefit of these assistants is their capacity to manage complex coding scenarios – especially within a cloud infrastructure environment – to enable stronger infrastructure resiliency.

ADM: Will AI regulations play a major role in whether developers adopt AI practices in the future? Why or why not?

Sius: Yes. One of the biggest concerns about implementing AI is the industry’s heavy reliance on AI service providers and how they protect consumers’ data. Without regulations guaranteeing security to consumers, customers, and the public, they will not want to engage with companies that use AI. The downsides here revolve around a central question worth asking for any emerging technology: can I trust this technology and the companies that enable it? The answer to that question decides if it’s worth implementing and what will be fed into it.

ADM: Will AI regulations harm the potential for innovation among developers?

Sius: No, there is no danger that AI regulations will harm the potential for innovation from developers. There has been a lot of fear-mongering that companies will have their hands tied by regulations. This fear seems premature as AI-code assistants are already available and have been successfully deployed at the enterprise level. In terms of current use cases, developers and software engineers are already leveraging AI-code assistants for: 

• Software development – the writing, reviewing, and maintaining code in an organization’s IT infrastructure. 
• Code documentation and security – assistants can help develop and manage code documentation and help identify potential security vulnerabilities during the coding review and integration process. 
• Machine learning and data science support – AI assistants can support model building and result analysis.
   

There is undoubtedly more to come since not all AI applications for software development have been determined. Still, based on the success of what has been adopted, there is little reason to worry that developers will be held back from using AI due to regulations.

ADM: Is a formal company AI policy necessary, applicable, or possibly helpful for software developers?

Sius: Yes, an AI policy is essential to provide clarity for all employees across all roles. The informal piecemeal adoption of AI by a specific department or group of individuals invites too much risk. Without a clearly stated policy, employees may experiment or accidentally overstep a boundary, putting the company in danger. Establishing a company AI policy that delineates best practices and guidelines around AI use limits room for confusion, misunderstanding, or miscommunication. 

ADM: What kinds of guardrails will be implemented? What can software developers expect these processes to look like?

Sius: AI-driven processes should always be malleable, especially for large-scale organizations that use AI for various purposes. This allows organizations to adapt quickly to evolving global regulations like the EU AI Act. Organizations should establish processes enabling all employees to raise their hands and modify or provide feedback on AI use cases. Changing course or adding more parameters will give the company more flexibility. Company goals, stakeholders, and current processes should be considered when determining the use cases that will and won’t use AI.

ADM: What kinds of compliance training(s) are needed for developers using AI, if any?

Sius: Beyond the upskilling required for the coding assistants and the other appropriate AI tools, developers should also undergo compliance training covering AI’s regulatory aspects. These should be rolled out as part of the company’s overall AI strategy and AI policy. Developers will need to have a clear understanding of their work in relation to AI so that there is no room for error.

ADM: Will AI ultimately change the role of the software developer? If so, how? If not, why not? 

Sius: As mentioned above, AI will definitively change the role of the software engineer. Thanks to AI, developers will have tooling that will reduce some of the manual toil of their work, which is great, but you’ll always need the human aspect of creating software. Therefore, AI should be viewed as a tool that can assist developers rather than as a replacement for an expert. Some of the manual-intensive tasks most engineers just don’t want to do will be delegated to AI assistants. With AI, developers can think about more important things rather than just getting the project started. For example, they will have improved production times because they can rely on GPT tooling to assist them. Engineers may not be hired at the same rate but will be replaced when they leave. Ultimately, the role may look a little bit different. However, thinking that companies can replace the human workforce with AI is far from reality as AI is not yet there.

ADM: How do developers for global companies balance varying regulations (i.e., EU AI regulations vs. those in the U.S.)?

Sius: Europe set a benchmark for the rest of the world with its landmark AI laws last month. The rules on AI will go into effect this month and are more comprehensive than those of other countries, including the US. The AI Act, “imposes strict transparency obligations on high-risk AI systems while such requirements for general-purpose AI models will be lighter”. All indications suggest that the EU regulations will likely set a precedent that the US will have to meet or match. Since developers work for global companies with different partnerships, products, and teams across the two continents, having to toggle between two sets of AI regulations for the US and Europe would be a problem. Instead, they must be identical or have a joint policy. Europe has led the way with regulation, so I anticipate the US will follow.  

About Jemiah Sius

Jemiah Sius is the Director of Developer Relations at New Relic where he focuses on building a successful community of developers. Jemiah holds several years of experience in both the software development and marketing fields, including designing and developing user interfaces, addressing customer/client pain points, creating marketing campaigns, and developing data-driven marketing strategies. As a self-taught engineer, Jemiah is passionate about inspiring others to pursue a career in technology and has spent time building developer communities across the nation and teaching classes to aspiring software engineers. With his unique software and marketing background, Jemiah aims to work with clients to help them convey their styles and bring their visions to life.