What are the AI compliance trends leaders can’t ignore in 2026?

Episode topics

0:00 - Introduction

1:17 - How is the regulatory landscape around AI shifting?

3:03 - What's the difference between AI regulation, compliance and governance?

4:33 - Why is global AI regulation so fragmented?

5:25 - How should companies approach different regulations across borders?

6:02 - Does the EU AI Act apply to companies outside Europe?

7:33 - What are the penalties for EU AI Act violations?

9:04 - Should companies wait for regulatory clarity before acting?

9:26 - What are the EU AI Act's transparency requirements?

11:52 - How are bad actors exploiting AI?

12:38 - Why are regulators playing checkers while fraudsters play chess?

14:47 - Is AI compliance keeping pace with AI-powered fraud?

16:53 - How can you assess your fraud prevention program?

17:22 - What's at stake if companies don't keep up with AI compliance?

20:21 - Can AI compliance become a competitive advantage?

21:40 - Why does AI compliance matter to CX leaders specifically?

22:50 - What's the tension between innovation and responsible AI?

24:11 - Who should own AI governance in an organization?

25:06 - What does cross-functional AI governance look like?

27:43 - What's the first action CX leaders should take?

29:23 - How do you conduct an AI inventory?

31:12 - Conclusion

Transcript

[00:00:00] Robert Zirk: ​The era of "light touch" AI oversight is over.

[00:00:04] Jeff Brown: We can't treat it as an optional compliance matter or an aspirational goal. You will now be facing serious consequences if you don't comply.

[00:00:13] Robert Zirk: And at the same time that lawmakers are codifying regulatory frameworks, the threats are multiplying at an unprecedented rate.

[00:00:21] Natalia Fritzen: The competitive edge in AI will soon no longer exclusively be who launches what first, but who launches what in the more responsible manner as well.

[00:00:33] Robert Zirk: AI compliance will affect your brand in 2026. As a CX leader, are you ready?

[00:00:39] Today on Questions for now, I'm joined by Jeff Brown, general counsel and global privacy officer at TELUS Digital, and Natália Fritzen, head of AI compliance at Sumsub, as we ask: What are the AI compliance trends leaders can't ignore in 2026?

[00:01:06] Welcome to Questions for now, a podcast from TELUS Digital where we ask today's big questions in digital customer experience. I'm Robert Zirk.

[00:01:17] Robert Zirk: If you're a customer experience leader, AI feels like it's everywhere. It's analyzing customer sentiment. It's assisting agents by offering up real-time recommendations. And it's powering chatbots. By now, AI is permeating virtually every aspect of CX.

[00:01:35] But here's what might not be on your radar: the regulatory landscape around AI is shifting — and it directly impacts every AI-powered customer interaction.

[00:01:47] Jeff Brown: For years, it's been a relatively permissive environment for AI development: voluntary guidelines, soft frameworks, industry self-regulation...

[00:01:56] Robert Zirk: That's Jeff Brown. He's general counsel and global privacy officer at TELUS Digital, where he also leads the company's AI governance committee, a cross-functional team that oversees the operationalization of responsible AI at scale.

[00:02:11] He pointed out a fundamental shift in the regulatory environment for AI in the United States.

[00:02:16] Jeff Brown: This isn't sign on to a voluntary directive anymore and say, "we're gonna be responsible in the way we use AI." We can't treat it as an optional compliance matter or an aspirational goal. You will now be facing serious consequences if you don't comply.

[00:02:31] Robert Zirk: Across borders and jurisdictions, regulations on AI are being put into place and enforced.

[00:02:38] Jeff Brown: With the EU AI Act now fully enforceable, we've got an act here in Colorado where I live, the AI Act, that's fully enforceable. China's regulations have now been published. We waited for those for a while. India just published regulations as well, and more and more jurisdictions are implementing binding rules. So we've really entered into the era of hard law.

[00:02:58] Robert Zirk: Meaning an era of legal requirements with serious consequences.

[00:03:03] Before we dive deeper, I asked Jeff to clarify the difference between AI regulation, compliance and governance.

[00:03:11] Jeff Brown: AI regulations are the laws and binding rules that governments create. A great example is the EU AI Act. AI compliance is meeting those legal requirements, but governance is really broader. It's the whole set of internal frameworks, policies, practices that companies establish just to make sure AI is developed and deployed responsibly, even beyond what's legally required.

[00:03:33] So I think of it as compliance is really the floor. You have to stay outta trouble. You have to keep the data protection authorities and the AI authorities away from your door. Governance is the ceiling or the aspiration. I don't know that you ever hit it completely, but that's the Sistine Chapel ceiling we're looking at when we're trying to think about AI and how to control it but also use it.

[00:03:54] Robert Zirk: In early 2025, TELUS Digital commissioned a global survey conducted by Ryan Strategic Advisory that posed questions to more than 800 enterprise CX decision-makers across North America, Europe and Asia-Pacific. The findings, published in TELUS Digital's Safety in Numbers report, revealed that 44% cited compliance with government regulations and industry standards as their top concern in maintaining safe and secure digital environments.

[00:04:24] And according to Gartner, 70% of organizations consider regulatory compliance a major challenge in implementing GenAI tools.

[00:04:33] So we've established that the regulatory environment has shifted from voluntary to mandatory, but here's where it gets complicated: there's no single set of rules. Instead, companies face what Jeff describes as a fragmented patchwork of regulations.

[00:04:50] Imagine you're operating an AI-powered customer service platform globally. In Europe, you're dealing with the EU AI Act's risk classifications and conformity assessments. In the United States, on top of federal regulations, you're navigating state-by-state laws — for example, Colorado has algorithmic discrimination rules, while California enacted a series of new regulations in late 2025, including the Transparency in Frontier Artificial Intelligence Act. And in China, you're also meeting different definitions and risk thresholds.

[00:05:25] Jeff Brown: It is genuinely complex. Cross a border and you've got a whole new set of rules, but you've just got the one AI system, so what do you do? The way we've attacked it is let's go to the highest standard. And we'll take the chance that we may have a toe foul in some other jurisdiction, but if we're picking, for example, the EU AI Act, it's the toughest. So let's do that, but let's do it everywhere.

[00:05:48] Robert Zirk: Natália Fritzen is the head of AI compliance at Sumsub, a full-cycle verification platform enabling scalable compliance from identity and business verification to fraud prevention and ongoing monitoring.

[00:06:02] She envisions many companies will adopt a similar approach to what Jeff described — tailoring governance to the most stringent regulations — and noted that some regulations can have an effect on your business regardless of whether or not you have a physical presence there.

[00:06:17] Natalia Fritzen: The EU AI Act, even though it carries the name EU in its title, it has a wide scope of applicability and it is a regulation with an extraterritorial scope, right? I believe what it says is that if you are, let's say, an AI developer in Canada, but the AI system that you manufacture has an effect on the residents in the European Union, that AI system should abide by the stipulations of the EU AI Act.

[00:06:45] Robert Zirk: Jeff mentioned earlier that TELUS Digital's approach is to build to the highest standard — essentially, if you comply with the EU AI Act, you'll likely be compliant everywhere else. But he also acknowledges that any sound strategy requires nuance.

[00:07:01] Jeff Brown: I was a little cavalier and said, "Listen, just go to the toughest law and do that one, and you'll be fine everywhere."

[00:07:07] But what's the reality of the situation? And I think, if you did that, it might cut off some opportunities, frankly, for development.

[00:07:13] I would say, sure, build to the highest standard. Be aspirational. But smart companies will create modular governance frameworks that can flex really based on the jurisdiction, while maintaining those core principles around transparency, explainability. So it's really about finding the balance between global consistency and local compliance.

[00:07:33] Robert Zirk: The EU AI Act lists potential fines of up to 35 million Euros, or 7% of global annual revenue, for serious violations. But, as companies look to ensure their compliance, Natália pointed out that the act's implementation timeline is uneven. Some sections are already being enforced, while the enforcement timelines for other sections remain unclear.

[00:07:57] Natalia Fritzen: Provisions relating to AI literacy or prohibited AI practices or general purpose AI models? Yes, those are enforced since the beginning of this year, but what I believe should be the heaviest of the regulatory burdens imposed by the act, meaning the regulatory requirements applicable to providers of high-risk AI systems, those requirements should kick in only in August 2026.

[00:08:25] But currently, the EU AI Act is going through a potential revamp. The European Commission presented a omnibus package in which they propose a postponing of the act entering into force, which is conditioned to when we are going to have standards, guidelines, so on and so forth to help providers figure out the act.

[00:08:48] So what the European Commission is saying: "Yeah, we're not going to enforce it until we have this guidance." But at the same time, it says that if we don't have this guidance until December of 2027, then it will become enforceable, the act. So right now, this is, in my opinion, the most confusing and the biggest challenge.

[00:09:04] Robert Zirk: But uncertainties like these aren't reasons for companies to put off the work that needs to be done in AI governance.

[00:09:11] Natalia Fritzen: I believe companies should work under the assumption that it'll be eventually enforced. So this is not for companies to give up on their AI compliance frameworks and they should work towards that, but there is a legal uncertainty there that is not negligible.

[00:09:26] Robert Zirk: One of the most talked about aspects of the EU AI Act is its transparency requirements for AI-generated content.

[00:09:34] This has implications far beyond fraud prevention. It affects every customer interaction where AI is involved.

[00:09:41] Natalia Fritzen: The transparency requirements prescribed by the EU AI Act under Article 50 are meant basically to ensure some type of transparency and traceability. The main idea being that users should know when they're dealing with an AI system and when a content is synthetic or manipulated. So what the act does is to impose some key obligations on the deployers and providers of such AI systems, such as the need to inform people when they are interacting with an AI system.

[00:10:13] So if an AI system is designed to interact directly with natural people, these people should be informed about it in most cases. Same when, you are disseminating a content that is AI generated, you should disclose that. For providers who need to input watermarks into the AI-generated content of their systems, how those watermarks should be operationalized, we don't know that yet.

[00:10:37] The EU AI Act does foresee that the European Commission or the AI office will provide guidelines to clarify how this obligation should be implemented. And in fact, a couple of months ago, European Commission released a public consultation. So different stakeholders could opinionate on how this transparency requirement should be implemented. The period for contribution has closed now, but we are waiting to see what they come up with.

[00:11:04] My suggestion would be to, of course, wait and see what will be the recommended approach. Keep an eye on what the AI office has published. But also do not just sit and wait for these guidelines to be released. I think for one, if producing synthetic content is something that your company really does, you should start mapping which AI projects those are.

[00:11:26] That would be my advice for any company who is considering to start an AI governance program. Map your AI projects in a company-wide level. I know this might sound daunting, especially for tech companies, but building this type of inventory is a way that you get to know which are your AI technologies, and then you can see which one of those are covered by which AI regulation or which dispositions of the EU AI Act.

[00:11:52] Robert Zirk: There's another dimension to the challenge of keeping pace with AI regulation and adoption that goes beyond just navigating different regulatory frameworks. While regulators work to create rules, bad actors are already exploiting AI in increasingly sophisticated ways.

[00:12:09] Natalia Fritzen: At Sumsub, we publish an identity fraud report once a year based on our internal statistics that we see in terms of fraud trends. And in 2025, the share of these complex attacks, among all fraud attempts detected globally within Sumsub's platform, have risen from 10% in 2024 to 28% this year, which shows us a growth rate of 180%. 180

[00:12:38] Robert Zirk: Natália described the current fraud prevention landscape with an analogy: that regulators are playing checkers while fraudsters play chess.

[00:12:47] Natalia Fritzen: What I mean is that with the sophistication of frauds, AI technologies are increasingly better at impersonation, increasingly better at falsifying documents, so on and so forth. With this sophistication, while regulators are using simpler reactive methods, like the straightforward, usually short-sighted moves seen in the game of checkers, fraudsters, on the other hand, they operate using far more complex, strategic and forward looking techniques as seen in the game of chess.

[00:13:18] So, if you take the EU AI Act, for example, if you consider that one of the biggest fraud threats that businesses face nowadays concern deepfakes, the EU AI Act, which is new and one of the most comprehensive AI regulations that we have up to date, the EU AI Act itself says very little when it comes to deep fakes.

[00:13:39] It imposes certain transparency requirements on the deployers and providers of technologies that can generate deepfakes. But it offers, for example, little protection to victims of deepfakes. Of course, in all fairness, the EU AI Act is not a regulation aimed at fraud prevention, but I'm just bringing it up to say that there is this mismatch between what fraudsters are doing, the harms that people are suffering as a result of AI-perpetrated fraud, and the protections that regulations offer to these victims or the requirements when it comes to fraud prevention.

[00:14:15] Robert Zirk: According to Deloitte's Center for Financial Services, generative AI-enabled fraud is predicted to increase by a compound annual growth rate of 32%, potentially reaching losses of $40 billion in the United States by 2027.

[00:14:30] And TELUS Digital's Safety in numbers report highlights that two thirds of enterprise CX decision makers plan to increase their fraud detection investment in the coming year.

[00:14:40] I asked Natália if AI use for compliance is keeping pace with the speed of AI-powered fraud.

[00:14:47] Natalia Fritzen: It's trying. It is trying Companies like Sumsub try hard to keep in pace with the fraudsters because this is a simultaneous trend, right? So this AI, sophisticated power technology, is available for legitimate companies, including those companies that develop solutions to fight fraud. But these technologies are also available to scammers.

[00:15:09] Robert Zirk: Sumsub publishes an annual identity fraud report that identifies trends based on internal statistics. Natália pointed out the increase in sophistication of fraud as one of the major trends of 2025.

[00:15:22] Natalia Fritzen: We see fraudsters moving from high-volume, low-effort scams to highly targeted, multi-step, often AI-driven operations. When interviewing people to make our fraud report, 75% of respondents are highly convinced that fraud is becoming more and more sophisticated and AI-driven and that's why we say here in Sumsub, year after year, we see how AI is helping fraudsters more and more and that's why we say that we should fight AI with AI. So only equally accurate, equally high-performing AI technologies produced on our end are enough to defeat the AI technologies that scammers also have very easy access to.

[00:16:06] Robert Zirk: To underscore why it's important to leverage AI in your compliance strategies, Natália pointed out an example of how fraudsters are using deepfakes to try to get around security measures.

[00:16:17] Natalia Fritzen: Coming back again to the EU AI Act that I was mentioning before, one of the few things that requires in terms of deepfakes is that once a deepfake is being created or further disseminated, the provider or the deployer of the AI system that created the deepfake should disclose somehow that content is AI generated.

[00:16:37] And this is an expectation that we can just not afford to have of fraudsters. They will, of course, not let us know that when they're trying to bypass our KYC with deepfakes that is AI-generated content. So there comes the importance of, again, fighting AI with AI.

[00:16:53] Robert Zirk: If you're wondering how your organization's fraud prevention and compliance measures stack up, TELUS Digital just published a downloadable financial crime and compliance maturity assessment. It's a self-assessment tool that can help you to benchmark your AML controls, fraud detection practices and compliance maturity against industry standards. You can find the link in our show notes.

[00:17:17] We've established that the regulatory landscape is complex and evolving. So what happens if companies don't keep up? What's actually at stake in 2026? Jeff warned that the consequences of inaction are too serious to ignore.

[00:17:33] Jeff Brown: The stakes are really significant. I think this is the time to act. We talked a bit about these potential fines, up to 35 million euro or 7% of your global annual turnover, or as we call it, revenue, here in the U.S., for those serious violations.

[00:17:47] But beyond the fines, there's reputational risk. Your product could get banned. You could certainly lose competitive advantage in the market. Given the level of anxiety in the public around AI, and I think it's dropped dramatically over the last year and a half, but companies that haven't started should begin immediately with a risk classification exercise.

[00:18:04] So understand which of your AI systems fall into the prohibited range or the high-risk range, or the limited risk category and what you need to do when you've done that inventory. I think that's really step one.

[00:18:16] Robert Zirk: Jeff breaks the consequences of compliance inaction down into three categories. First, there are the direct regulatory penalties.

[00:18:24] Jeff Brown: They are increasing, they're proliferating around the globe. And I think if you're a data protection authority or an AI authority, you don't mind the revenue when you catch people not following the laws and not being properly respectful of people's personal data, which belongs to them. And, in some parts of the globe and in a lot of these directives, it's really a human right to control your personal information.

[00:18:44] Robert Zirk: The second consequence of compliance inaction is the erosion of customer trust.

[00:18:49] Jeff Brown: If an AI system behaves unexpectedly or unfairly, customers will notice and they will disengage.

[00:18:56] Robert Zirk: And lastly, Jeff cited operational disruption as the third repercussion of compliance inaction.

[00:19:02] Jeff Brown: If you have to pull an AI system offline mid-deployment because compliance wasn't built in from the beginning, that's tremendously expensive. It's tremendously disruptive to your revenue and profit stream.

[00:19:13] And the hidden cost is opportunity. Near and dear to me as an attorney, a great quote from one of the leaders of one of our outside counsel said, "AI is not likely to replace lawyers, but the lawyers who use AI are certainly gonna replace the ones who don't use it."

[00:19:26] It's one of those things. You gotta be in the game, but you gotta do it thoughtfully and carefully.

[00:19:29] Robert Zirk: Jeff just outlined three categories of costs: direct regulatory penalties, customer trust, erosion and operational disruption.

[00:19:39] Brands can't afford to treat AI compliance as optional. Natália emphasized that regulatory demands aren't going away.

[00:19:47] Natalia Fritzen: I believe these regulations are here. They're here to stay with many more to come. And therefore, my advice for companies that are not looking to that now because they perhaps underplay the role that these regulations will play — my advice would be to start having a look, because I believe that part of the competitive edge in AI will soon no longer exclusively be who launches what first, but rather, to an extent, who launches what in the more responsible manner as well.

[00:20:21] Robert Zirk: For companies that prioritize responsible AI, compliance can become an asset that builds digital trust with customers.

[00:20:29] Natalia Fritzen: And parallel I would trace to that is with privacy frameworks, right? So most due diligence procedures that companies now have in place when hiring a vendor will have questions related to data protection, to information security. All of these, which by the way, are, let's say, adjacent areas to AI, right?

[00:20:51] When we talk about AI compliance, we are to an extent talking about privacy, information security, not exclusively, but also talking about these things. So to the same way that privacy, in many different markets by many different companies, became a non-negotiable in the last years, I do believe that AI compliance will grow into that as well, especially when these AI regulations start to become fully enforceable.

[00:21:18] Robert Zirk: Jeff made a similar point about how transparency and robust governance can become competitive differentiators.

[00:21:25] Jeff Brown: Customers increasingly wanna know that AI's being used responsibly and, frankly, because of its efficiency gains, they wanna know you're using it.

[00:21:32] They wouldn't want you to not use it, but they wanna make sure you're using it responsibly. And so compliance, when it's done right, isn't just risk mitigation. I think it's competitive advantage, trust building.

[00:21:40] Robert Zirk: This is particularly relevant for CX leaders, because AI compliance isn't just an issue for the legal department. It directly impacts the customer experience right down to each customer interaction.

[00:21:53] Jeff Brown: If you're obligated to be transparent or you're motivated as a company to be transparent, that affects how you communicate with your customer.

[00:22:00] It gets into your QBR, it gets into your day-to-day language on how the floor operates. Bias mitigation, so that would affect whether your AI treats all customers fairly. I suspect every customer we have in the CX space wants their customers to be treated fairly. So we better know how our AI works as it's interacting with those customers.

[00:22:19] And then human oversight requirements, not just the aspirational governance frameworks, but also from the laws themselves. They affect that operational workflow in CX. I can't just let the AI run. I have to have a person who steps in at important points in the decision making and the operations process and exercises that human oversight.

[00:22:38] So CX leaders who ignore compliance will find that their AI initiatives are delayed, constrained or will create customer trust issues that damage the very experience we are seeking to improve.

[00:22:50] Robert Zirk: Leaders are increasingly recognizing that responsible AI goes beyond ethics. It's crucial for building trust and ensuring safety.

[00:22:59] Earlier, we alluded to the tension between rapid AI innovation and the need for responsible AI development. I asked Natália to identify the main points of friction between these two approaches.

[00:23:11] Natalia Fritzen: Technical teams tend to move faster of a sudden, they need to take into account all these regulatory ethical requirements and their processes, most of the times are managed by people from compliance, legal team, philosophers now in the case of AI, who tend to think things the slowest to an extent. So I think there is this timing that ultimately speaks to a bigger issue, which I think is just culture, right?

[00:23:37] Technical teams and teams of compliance, legal, need to sit together and talk and understand that we are all in the same boat, right? A solution that works best for everybody depends on the technical expertise, but also these new concerns on ethics regulation, so on and so forth.

[00:23:59] The more multifaceted people you have engaging in it, the more you'll make sure that you have no blind spots and you will build a governance framework that is sustainable and you can operationalize it.

[00:24:11] Robert Zirk: In many organizations, it's not clear who owns responsible AI governance.

[00:24:16] Natalia Fritzen: I believe that it varies a lot from company culture to company culture. Perhaps if you are in an extremely regulated environment already — payment institutions, banks — compliance matters perhaps come more naturally to you. Companies that operate sometimes in less regulated environments, but that now all of a sudden because of these AI regulations need to think into this as well. It might not come as natural to them and then they need to rethink, a little bit, their organizational structure.

[00:24:47] This is a question that should be answered relatively soon when a company starts to think about its AI compliance frameworks because the success of the framework will largely depend on who can be held accountable for it and for the actions that you intend to execute.

[00:25:06] Robert Zirk: To implement responsible AI effectively, Jeff leads TELUS Digital's AI Governance Committee, which brings together experts from legal, data science, ethics, security, risk management and operations.

[00:25:20] This cross-functional approach ensures that AI opportunities and challenges are evaluated from multiple perspectives.

[00:25:28] Jeff Brown: We wanna make sure everybody knows this is not about saying no to AI. That's not what the AI Governance Committee's about. It's really about saying yes and how to do it right in a way that builds trust.

[00:25:37] That feedback loop is just essential. If you're designing AI to help improve the customer experience, you'd better know how it's coming out on the floor. What kind of feedback are you getting? We just can't improve without honest feedback, both positive and negative.

[00:25:50] Robert Zirk: Jeff emphasized that to truly understand AI's potential and risks, leaders need to have experience using it firsthand. He described how his own direct experience with AI reframed his team's perspective.

[00:26:04] Jeff Brown: What lawyers do, sometimes too well, is they assess risk. And in a dynamic environment around AI, that risk is constantly morphing. So you just can't govern what you don't understand. You gotta play with it. You have to use it. When you do that, if it's anything like my experience, you instantaneously see the benefit of it.

[00:26:23] So I use AI in my practice every day. When you just go from theoretical understanding to practical insight and then you're much better at what you're supposed to be doing, which is assessing risk and providing more useful guidance to product teams to identify compliance gaps that we would never have spotted if we were just looking at a dry document.

[00:26:40] It's just much more tangible. And with our team, it's really transformed us from gatekeepers to enablers. We are very pro AI. And having gone through it ourselves, it really helps us understand the technology.

[00:26:52] Robert Zirk: Likewise, to better understand AI, it's important for CX leaders to use AI as their customers would. AI can't just be deployed from a distance. You've got to understand it and be thoughtful about the ways in which you deploy it, which demands direct experience and collaboration.

[00:27:10] That's the idea behind one of TELUS Digital's Humanity-in-the-Loop principles, Design for humans: that the best experiences are created and refined by humans and mapped to improved human outcomes.

[00:27:24] By this point in the episode, we've covered why AI compliance matters for customer experience leaders and why it can't be siloed in legal departments. Given the potential impacts to customer trust, operational workflows and brand reputation, everyone has a stake in getting it right.

[00:27:43] So as a CX leader, what's the first action you need to take?

[00:27:48] Natália recommends that CX leaders start by connecting with the person in their organization who has the best grasp of AI use cases — whether that's an engineer, a product manager or someone else — and further their own understanding of how AI is used within their organization, especially as it pertains to the customer journey.

[00:28:08] Natalia Fritzen: So in which products are your AI systems located? Did you develop these AI systems yourself? How did you do it? So we start with basic questions just to try and get to know your AI systems, because like I said, it is not all AI systems that are regulated, for example, by the EU AI Act. So ask yourself those questions and those will naturally help you to do these type of assessments. And then you're going to see which AI systems are, let's say, riskier ones, and therefore it should be prioritized because again, the smart governance framework for AI is not the one that governs all AI. You need to be smart about it.

[00:28:45] And don't forget AI regulations are a new phenomenon, but it builds upon many regulations that already exist, right? For example, check the data governance aspects of your AI systems. A huge part of requirements in the EU AI Act regards the data management protocols that you follow, which data governance you have in place. So you can start by already those things that are not new regulations in any way and that also applies to AI. Check the information security procedures that you have in place. Do you have any protocols on how to handle incidents, so on and so forth?

[00:29:23] Robert Zirk: And Jeff echoes Natália's recommendation to conduct an AI inventory.

[00:29:28] Jeff Brown: It is mind boggling with almost every piece of software we buy, every tool we invest in and then the internal development work we're doing. Everything's getting an AI front end on it. So conduct that inventory, because you can't manage what you can't see and can't measure, and then identify each one of those systems that you're developing or buying and classify them by risk level and just do that to that first pass assessment.

[00:29:53] It's either high, medium, low or prohibited. And then you can take that inventory, risk ranked, and apply it against the 2026 landscape of regulation out there. And again, I'm talking about the floor, not the ceiling. What must you do in each one of those places? And then that's your roadmap for where to focus your efforts.

[00:30:11] And then the second step would be get that AI committee formed, get the right people on it, and then take that roadmap for compliance to your AI committee, get it promulgated and then start preaching about it through any channel you can find.

[00:30:23] Robert Zirk: In other words, make it official and share it widely.

[00:30:27] And to ensure you're ready for the next wave of AI regulations in 2026, Jeff's closing piece of advice is to not sit on the sidelines.

[00:30:36] Jeff Brown: Just as a practical matter, get involved, right? Get involved in a group. I try to get involved in as many of those as schedule permits. It's just about exposure. This will be a lot less scary once you've seen it multiple times, and then when you see some of the amazing outputs, it's just incredibly motivating to see where the future of technology and the future of customer service is headed. I think it's just a super exciting time to be in this business. But don't sit on the sideline. Get in, be a player, is the short answer.

[00:31:12] Robert Zirk: Thank you so much to Jeff Brown and Natália Fritzen for joining me and sharing insights today. And thank you for listening to Questions for now — a TELUS Digital podcast.

[00:31:23] If this episode challenged how you think about AI compliance, share it with someone who needs to hear it — maybe your legal team, your CX leadership, or anyone responsible for AI deployment in your organization.

[00:31:36] And for more insights on today's big questions in digital customer experience, follow Questions for now on your podcast player of choice.

[00:31:44] I'm Robert Zirk, and until next time, that's all... for now.