Far from being a roadblock, standards like GDPR and the EU AI Act create clarity and enable confidence in AI.
Regulatory compliance is often perceived as a headache — expensive, restrictive, innovation-killing red tape. But for fast-moving technologies like AI, the reality is the opposite.
Not just new regulations such as the EU AI Act, but also existing (and perhaps seemingly unrelated) regulations such as GDPR and CCPA create frameworks for building trustworthy AI systems and protecting both the data they are built upon and the people who use them. Further, these laws don’t just protect consumers; they also unlock the confidence needed for widespread adoption. Responsible AI doesn’t happen by accident. The rise in AI-related incidents and the fall in AI trust makes that clear.
- AI incidents increased 66% in 2024 vs. 2023. If the current pace of incidents in Q1-Q2 2025 continues, they could increase again by 42% this year.
- 69% of leaders cited concerns about AI data privacy in Q2 2025, leaping from 43% just two quarters before.
- Public trust in AI companies to protect personal data fell from 50% in 2023 to 47% in 2024.
Rather, responsible AI emerges when organizations embrace clear rules that protect both people and data, define accountability, and set shared expectations.
Forward-thinking companies that embrace compliance and a proactive governance-by-design stance — and that demand this same commitment from their AI supply chain partners — gain strategic advantages. Compliance becomes strategic and foundational, rather than a checkbox to be marked off, making it easier to adapt to future regulations, minimize risk, and demonstrate transparency and ethical AI standards.
In a world where trust is paramount, proactive compliance is a powerful green flag.
Regulations on the rise
At Interactions, we practice what we preach by welcoming regulatory guidance. Every new layer of clarity, accountability, and consumer protection makes it easier to not only innovate responsibly but also convey our strategy and corporate intent. We believe the future of AI won’t be built in spite of regulations, but because of them.
And more regulations are coming. Many are regional: In 2024, 131 state-level AI-related bills were passed in the U.S. One of the most impactful may be Colorado’s Artificial Intelligence Act (CAIA), set to become effective on June 30, 2026. The CAIA is the first US regulation to focus on high-risk AI systems, just as the EU AI Act does, which further codifies responsible AI use for any organization serving customers in EU member states. Like GDPR, it’s set to standardize best practices across the world.
While it’s still being phased in, the EU AI Act is the first multi-national, comprehensive AI framework. It requires transparency for limited-risk and general-purpose AI, such as intelligent virtual assistants, while imposing stricter obligations on high-risk systems (e.g., product safety, healthcare, and law enforcement) and outright prohibiting “unacceptable” systems, such as social scoring and biometrics that reinforce bias and discrimination.
Looking back to look ahead
To consider how the EU AI Act can revolutionize AI use, let’s look back at the impact of GDPR.
The General Data Protection Regulation (GDPR), along with the similar California Consumer Privacy Act (CCPA), is one of the best things that ever happened to Interactions. These specific, stringent frameworks empower us to protect our customers’ data with the highest standards and transparency. Let me explain:
GDPR established the idea of Controller and Processor. CCPA defines the analogous roles of Business and Service Provider. The Controller (or Business) is the organization that makes decisions about how to process the data. The Processor (or Service Provider) follows the Controller’s written instructions on what to do with their data and is not allowed to deviate from those instructions. In our case, our customers are the Controllers, and Interactions is the Processor.
Since Interactions abides GDPR, CCPA, and a myriad of supporting legal agreements, we are contractually bound to do what we’re told with your data. For example, if a customer prefers for Interactions to not use their PII-scrubbed call data to train our general models that may benefit our other customers, we won’t do that. When a customer requires their non-PII data, such as call recordings, to be immediately deleted after processing or 30 days later, we comply. We have no choice — and we like it that way.
Instead of attempting to navigate a fragmented web of regional and customer-specific security requirements, we adopt the highest global standards as our baseline, which simplifies operations and future-proofs our technology. This baseline includes:
- Handling customer data according to our legal agreements, applicable regulations, and ethical commitments
- Isolating model training environments per customer requirements
- Deleting training data and making it impossible to reverse-engineer, or invert, the data from the model
- Automatically redacting PII from all interaction records
This stance also protects our customers, simplifies compliance and audits, and ensures that we can meet your needs wherever you operate — and wherever they may grow next. For example, a recognizable global retailer piloted Interactions within a single country. Success led them to expand their use of Interactions across 28 countries, providing a unified global customer experience. Regulatory compliance with standards like GDPR and CCPA eased this expansion.
The future of AI trust and compliance
Ultimately, no single company will shape the future of AI trust and accountability alone. As businesses’ technology supply chains increase in complexity, it’s imperative that every link — every vendor — follows secure and principled AI and data practices.
Regulations like GDPR and the AI Act codify these principles as guardrails, enabling companies to adopt AI with less risk and more confidence. Rather than limiting innovation, these clear, safe, and principled frameworks allow companies to innovate with greater speed and focus. This foundational confidence then empowers businesses to pass on trust to their own consumers.
Join Interactions in our quest to shape the future of responsible AI by visiting our AI Trust Council site.
