Insight:

China and AI: How to Manage Twin Emerging Sources of Enterprise Risk

Strategic Context: The two most important strategic questions facing multinational firms in the next 1-2 years will be: 1) how to “de-risk” from China amid geoeconomic and tech war, and 2) how to safely and effectively integrate emerging AI capabilities into enterprise operations. Many KSG clients have spun up strategic initiatives to address these risks separately—KSG assesses that these will become increasingly coupled and will require coordinated risk management approaches and solutions.

Considerations to Manage Conjoined Risks from AI and Geopolitics

The fractured AI regulatory landscape, geopolitically fraught digital supply chains, and rapidly changing enterprise technology paradigm make for a wicked brew. Two critical considerations stand out to us, demonstrating a need for senior executives to:

1. Integrate Intelligence-Driven AI Risk Management: As your company leverages AI, the handling of data, training and tuning of models, integration of APIs and deployment of applications across borders, particularly between the G7 and China, becomes a significant concern. An already difficult enterprise cybersecurity environment will become even more challenging. Further, the EU’s proposed AI Act (which looks set to become law alongside GDPR), China’s CAC-issued AI regulations (partnered with existing data and national security laws), and coordinated US-UK regulatory catch-up are leading to a complex landscape that is guaranteed to lag rapid AI progress.

   • As a result, firms need to build regulatory and technology intelligence functions and integrated security and compliance solutions to dynamically drive and inform enterprise AI risk management. These should span and coordinate legal, infosec, R&D, operations, and government relations areas of responsibility. One-off project teams with different members and reporting structures will not be well-positioned to navigate this environment.

2. Build Enterprise Resilience to Global Digital Splintering: We're seeing a shift from globally interconnected digital supply chains and computing infrastructure to a more regionally concentrated one driven by geopolitical considerations. For example, US export rules on advanced chip tech to China presage a potential broader regime of “Know Your Customer” rules on Cloud Service Providers to restrict Chinese firms’ access to advanced computing off-shore. Leading policy think tanks—whose alumni are setting White House policy—are already proposing such rules in Washington. What were formerly neutral enterprise technology decisions will become increasingly geopolitically tinged (especially on AI integration and deployment). The prospect for negative spillovers to multinationals from geopolitical bargaining and conflict is exceptionally high in the coming years.

   • As a result, firms need to prepare for both this structural shift in global digital infrastructure and proactively plan for disruptive ruptures—strategic cyber risk assessments, enterprise network architecture reviews, and executive-level crisis simulations are essential to build resilience and seize competitive advantage.

For more information or assistance on these issues, please reach out to intel@ks.group.

Forwarded this ExecBrief by a friend? Click below to sign up for our weekly dispatch.

Global Scan

Geopolitics

1. Germany’s First National Security Strategy Released: Berlin deemed Russia a threat to European security, while China is characterized as “a partner, competitor and systemic rival.” Analysts view the document as a signal of sea-change in Berlin’s strategic culture.

2. U.S., France, Japan Edge China Out of Subsea Cables: The physical infrastructure supporting the global internet is increasingly splintered along geopolitical lines, as industry insiders suggest a de facto ban on working with Chinese suppliers.

3. U.S. Cyber Command Conducts First “Hunt-Forward” Operation in Latin America: Maj. Gen. William Hartman, commander of the mission force, last month noted that adversaries often use “spaces outside the U.S. as a test bed for cyber tactics.”

Cybersecurity

1. MOVEit File Transfer Vulnerability Racks Up Victims: Organizations affected by the Russian-speaking Clop ransomware group numbered in the dozens this week, including “a small number” of US government agencies, Shell Oil, Johns Hopkins University, and Ernst and Young. The hackers, meanwhile, claim hundreds of victims.

2. Cyber insurance premiums in the U.S. have tripled over the past three years: The scourge of ransomware events largely drove the cost of direct premiums up by 50 percent in 2022, totaling $7.2 billion according to AM Best market research.

3. FBI: Business Email Compromise (BEC) Costs Total $50 Billion Since 2013: Law enforcement agency logged over a quarter-million complaints globally during that period, with costs escalating more recently. The advisory notes the real estate sector is a growing target of social engineering scams.

Strategic and Emerging Technology

1. Chinese Firm Claims 8-Minute Charge, 600 Mile EV Battery: Greater Bay Technology this week announced the Phoenix battery, the product of a decade of development on ultra-fast charging systems. The company plans mass production by 2024.

2. Chinese Purchases of Semiconductor Equipment Slow: Sales to China-based chipmakers were down nearly a quarter year-on-year, and 8 percent since the previous quarter, according to market analysts—citing trade restrictions and major new investments in the West for the drawdown. Sales in North America, meanwhile, are up 50 percent.

3. Green-Tech Super-Cluster Takes Shape in Western Europe: A consortium of over 3,000 start-ups and scale-ups worth over $1 trillion aims to ease the path to market for founders, investors, and researchers. Analytics firm Liminal will partner with UK, French, Dutch, and Belgian universities on the networking hub.

Policy/Regulation

1. European Union Takes Major Step toward AI Regulation: The bloc’s parliament adopted the AI Act, which adopts a risk-based approach to artificial intelligence applications. The bill would curtail surveillance and impose transparency requirements on the data used to train models. A final version of the law is expected by the end of the year.

2. European Union Directs Break-Up of Google’s Ad Tech Arm: The bloc’s competition commission accused the tech giant of monopolistic behavior in favoring its own ad exchange during auctions and bidding on its own tools and exchanges. The company, which draws over a quarter of global online ad revenue, is also under UK anti-trust review.

Bookmarks

1. Carnegie Endowment for International Peace: Cloud Reassurance Project: Interim Report

2. Center for Democracy and Technology: Lost in Translation: Large Language Models in Non-English Content Analysis

3. Center for Security and Emerging Technology: What We're Reading on AI Regulation