Using AI Securely

SAP implements several security measures for its Business AI solutions: 

1. Embedded security in all functional areas, including human resources, finance, procurement, and supply chain management. 
2. Focus on ethics, security, and compliance in AI development, guided by SAP's AI Ethics Policy, AI Ethics Steering Committee, and AI Ethics Advisory Panel. 
3. Adherence to the "3 R's" principle: 
   • Relevant: AI used to enhance business performance 
   • Reliable: AI operates with integrated data from the organization 
   • Responsible: Highest ethics, security, and privacy standards applied 
4. Implementation of explainable AI (XAI) and Large Language Models (LLM) technologies to ensure transparency in how self-learning algorithms operate. 
5. Automated compliance monitoring and customer dashboards to demonstrate the security of cloud environments and data. 
6. Use of AI capabilities to maintain knowledge base and Digital Library for managing document inventory, versions, and metadata. 
7. Provision of detailed security protocols and services through the SAP Trust Center site, including: 
   • Data protection and security procedures 
   • Internal compliance audits and assessments 
   • Access to cloud services 
8. Technical and organizational measures (TOMs) implemented by SAP, documented and available through My Trust Center. 
9. Content Security Policy (CSP) to provide an additional layer of protection against cross-site scripting, clickjacking, and other code injection attacks. 
10. For Generative AI features, SAP implements: 
    • Output verification to ensure manual validation of generated content 
    • Personal data handling measures, including personal identifiable information (PII) removal features when necessary 
11. Logging and change tracking for efficient troubleshooting, performance optimization, real-time monitoring, compliance auditing, and security analysis. 

These measures demonstrate SAP's commitment to maintaining high standards of security and data protection in its Business AI solutions. 

The figure lists the principles of AI Ethics.

SAP Global AI Ethics policy covers several important topics related to the ethical development and use of artificial intelligence: 

1. Trustworthy AI: This is one of the three key pillars of SAP's AI strategy. 
2. Responsible development and deployment: The handbook provides guidance on the sustainable and safe development of AI systems. 
3. Ethical principles: It outlines a clear, ethical set of rules governing the development, deployment, use, and sale of AI systems at SAP. 
4. Human-centric approach: The handbook emphasizes that AI should primarily serve humans and augment human capabilities rather than replace them. 
5. Transparency: It stresses the importance of transparent processes and explainable AI to build user trust. 
6. Bias management: The handbook addresses the need to manage bias in AI systems and prevent potential misuse. 
7. Compliance: It covers legal compliance topics, including data privacy and adherence to company policies. 
8. Security: The handbook addresses potential security breaches and the need for safeguards against intentional misuse or incorrect teaching of AI systems. 
9. Long-term impact assessment: It encourages consideration of the potential long-term effects of AI on society and human capabilities. 
10. Regular review and updates: The handbook emphasizes the importance of regularly reviewing and updating ethical guidelines as AI technology advances. 

By covering these topics, SAP Global AI Ethics policy aims to ensure that AI development at SAP is conducted responsibly, ethically, and in alignment with human values. 

The figure shows a list of AI Regulations.

SAP Business AI is subject to various regulations and guidelines to ensure ethical and responsible use of artificial intelligence. Here are some of the key regulations and standards that apply: 

1. European Union AI Act: SAP complies with the EU AI Act which regulates artificial intelligence systems and addresses potential risks associated with AI use. 
2. GDPR (General Data Protection Regulation): SAP goes beyond GDPR requirements to ensure personal data privacy and removal during AI model training and inference. 
3. SAP Global AI Ethics Policy: This internal policy governs the development, deployment, use, and sale of AI systems at SAP, providing a clear ethical framework. 
4. AI Ethics Guidelines: SAP has published AI ethics guidelines to steer its teams in AI development and contributes to the European Commission expert group defining ethics guidelines for trustworthy AI. 
5. Technical and Organizational Measures (TOMs): SAP implements TOMs to ensure data protection and security, which are documented and available through My Trust Center. 
6. Content Security Policy (CSP): This policy provides an additional layer of protection against various code injection attacks for SAP's AI systems. 
7. Internal Compliance Audits: SAP conducts regular internal compliance audits and assessments to maintain high security standards for its cloud services and AI solutions. 

These regulations and policies demonstrate SAP's commitment to developing and implementing AI technologies in a responsible, ethical, and compliant manner, prioritizing data protection, security, and user trust.