The National Institute of Standards and Technology (NIST) recently released updated guidance on “Safe, Secure, and Trustworthy AI,” and we’re excited to share how Duality’s Confidential AI solution aligns with these requirements.
One key criterion NIST emphasizes for trustworthy AI is that it must be “Privacy Enhanced.” This implies that AI ecosystems need to incorporate Privacy-Enhancing Technologies (PETs) into their workflows to meet the necessary standards.
Duality remains the only multi-PET solution available on the market today, which is critical because often, it’s the combination of PETs that ensures technical, regulatory, and business outcomes are met simultaneously.
Let’s dive into how Duality satisfies specific categories outlined in NIST’s AI Governance Framework:
NIST Requirement: “Legal and regulatory requirements involving AI are understood, managed, and documented.”
Action ID: GV-1.1-001: “Align AI development and use with applicable laws and regulations, including those related to data privacy, copyright, and intellectual property law.”
Duality’s Solution: Duality fully supports compliance with data privacy regulations and other legal frameworks throughout the AI development lifecycle. By integrating multiple PETs, we ensure that sensitive data is protected during training, testing, and deployment, which minimizes legal and regulatory risks.
NIST Requirement: “Organizational practices are in place to enable AI testing, identification of incidents, and information sharing.”
Duality’s Solution: Duality’s platform facilitates secure information sharing while preserving privacy—an essential feature when handling sensitive data. With PETs in place, even sensitive or regulated datasets can be shared without exposing private information, thus supporting AI testing and incident detection without breaching confidentiality.
NIST Requirement: “Approaches for mapping AI technology and legal risks, including the use of third-party data or software, are in place, followed, and documented.”
Action ID: MP-4.1.001: “Conduct periodic monitoring of AI-generated content for privacy risks and address any PII or sensitive data exposure.”
Duality’s Solution: Duality ensures that personally identifiable information (PII) and other sensitive data are never exposed during the AI development process, whether for training, tuning, or serving models. This is achieved by using PETs to protect both the underlying data and the AI models themselves, ensuring full regulatory compliance.
NIST Requirement: “Evaluations involving human subjects meet applicable requirements (including human subject protection) and are representative of the relevant population.”
Action ID: MS-2.2-002: “Document how content provenance data is tracked and how that data interacts with privacy and security. Consider anonymizing data to protect the privacy of human subjects.”
Duality’s Solution: Duality’s PETs provide robust privacy protection without sacrificing the accuracy or precision of analysis, unlike approaches like data anonymization or pseudonymization, which often reduce data quality. PETs allow for the use of full-context data safely, ensuring high-quality insights without exposing human subjects to unnecessary risks.
Action ID: MS-2.2-004: “Use techniques such as anonymization, differential privacy, or other privacy-enhancing technologies to minimize the risks associated with linking AI-generated content back to individual human subjects.”
Duality’s Solution: By employing PETs, Duality minimizes risks related to data linkage and identity exposure. Our platform inherently anonymizes data, ensuring that sensitive information cannot be traced back to individuals. Regulatory bodies like the ICO (UK) and IMDA (Singapore) have recognized this feature, validating that our solution meets stringent privacy standards.
NIST Requirement: “Mechanisms are in place and applied to sustain the value of deployed AI systems.”
Action ID: MG-2.2-009: “Consider opportunities to responsibly use synthetic data and other privacy-enhancing techniques in AI development where appropriate, matching the statistical properties of real-world data without disclosing PII.”
Duality’s Solution: Duality goes beyond the limitations of synthetic or de-identified data by using PETs that allow for the use of real, full-context data in AI development. This ensures that the statistical properties and data quality required for high-performing models are preserved without compromising privacy, unlike synthetic datasets, which can introduce bias or reduce accuracy.
The National Institute of Standards and Technology (NIST) is a U.S. federal agency that develops standards, guidelines, and frameworks to promote innovation and ensure security and trust in various technologies. NIST plays a key role in shaping regulatory practices around AI and emerging technologies, with its latest AI Risk Management Framework providing detailed guidance for “Safe, Secure, and Trustworthy AI.” This framework is designed to help organizations develop and manage AI systems responsibly, focusing on principles like transparency, fairness, accountability, and privacy.
NIST’s framework provides a comprehensive approach to governing AI ecosystems, with a strong emphasis on privacy-enhancing technologies (PETs) and data protection, ensuring that AI models align with legal, regulatory, and ethical standards. Given the increasing global scrutiny around AI, NIST’s guidance is becoming a cornerstone for businesses looking to deploy AI responsibly.
By design, Duality’s platform not only meets but exceeds the requirements laid out by NIST in its latest framework.To learn more about Duality’s platform, reach out to our team.
