SlideShare a Scribd company logo

Generative AI for Regulatory Analysis

Nimonik, profile picture
Nimonik

Nimonik is an integrated compliance management solution founded in 2008, serving over 700 customers globally, particularly in managing regulatory compliance across various sectors. The document discusses Nimonik's use of generative AI technology for tasks such as summarizing regulatory documents, extracting obligations, and automating workflows, while emphasizing the challenges of content processing, data security, and quality control. Overall, Nimonik aims to enhance compliance resilience by leveraging AI to streamline regulatory adherence and improve operational efficiency.

Engineering
1 of 43
Downloaded 23 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Most read
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Most read
33
34
35
36
37
38
39
40
41
42
43
Generative AI for Regulatory Analysis
Agenda About Nimonik About Generative AI 1 2 AI at Nimonik 3
About Us Founded in 2008 with offices in Montréal, Calgary, Toronto, and Shanghai. Nimonik services over 700 customers around the world, especially mid-size international companies.
Canadian Integrations Companies you may have worked with: ● ConformanceCheck (Toronto) ● MediaLogic (Calgary) ● Templegate (Toronto) They are all now part of Nimonik! Nimonik will soon be offering access to standards from CSA and other standard development organizations.
We are not EHS management software or just a content provider or simply an audit tool. Nimonik is an integrated compliance solution for regulations, standards and internal requirements.
Minimal Management Supervisor led Integrated Team based compliance Inconsistent 1 Piecemeal approach Road to Compliance Maturity 2 Proactive 3 Forward thinking Reactive 4 Focus on putting out fires 5
Surprises abound Most organisations do not know all of their obligations, leading to “surprises”... Across various topics (EHS, Quality, HR, safety,...) a typical factory 3,000+ obligations and 200+ changes per year. Each non-compliance costs $5,000+ in internal costs.
Frequency of change 3x Regulatory change has increased 3x in five years. Organizations have not increased staff or updated processes to manage regulatory change.
The Four Pillars of Compliance 2 3 4 1 Prevention Risk profile Historicals Monitoring Detection Early detection Self-reporting Internal Audits Response Fast response Data analysis Action plans Correction Actions Corrective Effectiveness IMPACT
Comprehensive Obligations Comprehensive Assurance Business Outcomes • 360° Coverage • Obligations mapped to systems • Audit ready • Actions tracked • Increased trust • Fewer surprises Resilience
The main hurdle to identifying requirements is understanding: what a document regulates, how it regulates and who it applies to.
V Traditional Approaches • Hiring, training, support • Good knowledge of operations In-house • Robust knowledge Consultants • Consistent across organization • Corporate control Enterprise Software Time Cost & inconsistent More cost and complexity
...and Sources: Quality Environmental Safety CyberSecurity HR, OHS, product... Regulatory + standards + ECAs, permits, stakeholders, customers,... A Comprehensive Compliance program captures all of your Obligations across your areas of compliance:
Nimonik Inc. offers an integrated compliance management program for organizations to better manage their obligations across quality, environmental, safety, privacy, human resources, and other regulated areas. Nimonik helps you achieve compliance across your operations and increase your organization’s resilience. Nimonik software workflow Identify documents Extract obligations Identify risks Create actions Conduct audits 1 2 3 4 5 Identify applicable regulations, industry standards and internal documents Extract obligations from applicable documents Risk rank and link obligations to controls Create actions to stay in compliance Conduct internal audits to ensure continuous improvement
The challenge of the decentralized approach is that most organizations delegate this work to various parts of the business - who each take their own approach.
Agenda About Nimonik About Generative AI 1 2 AI at Nimonik 3
Definition Generative AI is a type of Artificial Intelligence that can create unique, original content automatically - from text to images and video. Modern generative AI uses machine learning algorithms that are trained on large amounts of data, usually Large Language Models (LLM). Includes a random component. The same inputs can lead to different variations of the output.
About technology
Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility Application
Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
1. Open source libraries and data sets make this technology widely available. 2. Much of the regulatory analyst job will be automated. Consulting work may be affected as well. 3. Limited “moat” to offer services that are solely analysis. The “human” factor will become more important along with workflows and tools to manage data. Ownership
Agenda About Nimonik About Generative AI 1 2 AI at Nimonik 3
Why Nimonik leverages AI? Nimonik collects 2,000 - 3,000 new regulatory documents per month AI tools becoming more and more essential to ensure quality and timely content delivery Number of new documents is constantly growing due to the expansion of Nimonik’s coverage and increasing regulatory activity
Generation of summaries Identification of obligations Detection of relevance • Nimonik offers short summaries for essential documents • This allows you to understand if a document is relevant for you • AI analyzes and produces summaries almost instantly • Nimonik extracts obligations from essential documents • This allows you to focus on and track only the provisions relevant for you • AI almost instantly extracts obligations with 90%+ accuracy • Nimonik classifies documents based on their industry sectors and topics • This allow you to subscribe and see only the documents relevant for you • Nimonik works on use of AI to streamline the classification process How Nimonik leverages AI? AI chatbot • Nimonik works on implementing an AI solution to securely chat about document • This will allow you to receive instant answers to your questions about the document • AI agent serves as your personal consultant
Key takeaway about generative AI tools While personal use is really simple and can deliver great value with almost zero effort, business integration and use requires careful planning, testing and overcoming numerous challenges. Pros and cons of AI deployment need to be carefully considered.
Challenge What Nimonik does? • AI is smart but it cannot take new content to process by itself. • For example, OpenAI’s GPTs are not able to open the links with documents and process their text without additional plugins or tools. • Nimonik covers hundreds of jurisdictions that are differ in their content delivery approaches, content quality and accessibility. • Nimonik makes sure that in each case content can be correctly extracted and easily fed to the AI for summary generation and other tasks. • To achieve this, Nimonik uses various internal and external content processing tools and techniques tailored to each jurisdiction to ensure quality content. • … and deals with such websites :) Key challenges: Content to be processed by AI
Challenge What Nimonik does? • All generative AI models have their limits in terms of maximum content to be processed. • Even the most capable models are still capped at around 200 pages of content, while a lot of documents are much larger. • Cost is also a factor for large-scale application. • Currently, Nimonik uses various proprietary solutions to achieve the best efficiency to cost ratio. • Nimonik also develops own internal solution to process text larger than 150 pages based on advanced text processing techniques. • In terms of cost, Nimonik’s internal solution will be based on one of the open source LLM models that deliver results comparable to ChatGPT. Key challenges: Content size and cost ≈ 200 pages ≈ 40 pages ≈ 20 pages ≈ 5 pages
Challenge What Nimonik does? • Third-party solutions cannot guarantee privacy of your data. • Additionally, there might be intellectual property concerns while using copyrighted content in publicly available AI tools. • Currently, Nimonik does not process in third-party AI tools any sensitive or copyrighted data. • Nimonik’s own internal solution will be deployed according to the best available practices to ensure data security. Key challenges: Security of data ≈ 150 pages
Challenge What Nimonik does? • Nimonik has high standards for documents’ summaries quality that should be met by AI. • While some prompt engineering makes the results better, they are still not always consistent in their quality and format. • While Nimonik already generates majority of summaries using AI tools, the results are still being reviewed by our analysts. • Nimonik’s goal is to achieve consistent and quality results by “fine-tuning” the AI model that we will use for our purposes. • In other words, Nimonik will train AI on large number of summaries created by analysts to produce the results following the same approach. Key challenges: Quality of results ≈ 150 pages
ChatGPT Solution used by Nimonik • No meaningful result for the link • Result produced by inputting the text: The Energy Conservation Equipment Exemption Regulations prescribe various equipment, articles, and materials as energy conservation equipment for the purposes of section 9 of Part XVIII of Schedule III to the Excise Tax Act. This includes thermal insulation, wood-burning stoves (excluding fireplaces or those burning oil/gas), wind deflectors for vehicles, waterwheels and related generators/pumps, loading dock door seals/shelters, and power factor correction capacitors. This document outlines the equipment, articles, and materials prescribed as energy conservation equipment for the purposes of the Excise Tax Act (particularly, Section 9 of Part XVIII of Schedule III to the Excise Tax Act). These include: (a) Thermal insulation designed for pipes, ducts, boilers, tanks, and wrapping materials exclusively for use with such insulation; (b) Wood-burning stoves, wood-burning stove kits, wood-burning furnaces, and wood-burning space heaters, excluding fireplaces and oil or gas-burning stoves, furnaces, or space heaters; (d) Wind deflectors designed to reduce fuel consumption and for installation on motor vehicles and trailers; (e) Waterwheels for converting water power to mechanical or electrical energy, and pumps and generators specifically designed for use with such waterwheels; (f) Loading dock door seals and shelters designed to conserve heated or refrigerated air during loading and unloading; (g) Power factor correction capacitors. Example 1: Energy Conservation Equipment Exemption Regulations Input: https://laws-lois.justice.gc.ca/eng/regulations/C.R.C.,_c._590/page-1.html Bottom line: Both solutions provide good results but ChatGPT is not really able to access and summarize contents under the links
ChatGPT Solution used by Nimonik • No meaningful result for the link • No result produced by inputting the text as text size exceeds ChatGPT’s capacity for processing This document outlines the requirements for conducting onshore and offshore geophysical operations. Notable provisions of this document include the following: 1. Operators must apply for authorization by submitting a completed application form to the Chief Conservation Officer. Applications must be submitted at least 30 days before the planned commencement date for onshore operations and 30-90 days for offshore operations, depending on the seismic energy source. 2. Operators are required to take reasonable safeguards against property damage, control and extinguish fires, and handle refuse responsibly. Offshore operations must adhere to specific guidelines for air gun systems, gas exploders, and electrical seismic energy sources. Onshore operations must consider survey monuments, seismic energy sources, and drilling shot holes for charges. 3. Occupational safety and health regulations mandate radio communication, safe working practices, and training for geophysical crew members. Operators must submit status reports to the Chief Conservation Officer at the commencement, termination, and weekly during the operation. They must also retain data and report accidents or incidents causing injury, loss of life, property damage, or environmental threats. 4. Investigations may be conducted by the Chief Conservation Officer and Chief Safety Officer for accidents or incidents involving death, injury, equipment damage, or environmental damage. Example 2: Canada Oil and Gas Geophysical Operations Regulations Input: https://www.canlii.org/en/ca/laws/regu/sor-96-117/latest/sor-96-117.html Bottom line: Our solution and ChatPDF provide good results but ChatPDF requires extra steps to get the summary ChatPDF • Result obtained by converting html page in PDF: The Canada Oil and Gas Geophysical Operations Regulations document outlines the regulations for geophysical operations in relation to oil and gas exploration in Canada. The regulations cover a range of topics, including the application process for geophysical operations, safety requirements, reporting requirements, and data retention requirements. The document also outlines the specific information that must be included in a geophysical operation authorization application, as well as the information that must be included in a final report. Overall, the regulations aim to ensure that geophysical operations are conducted safely and responsibly, and that the resulting data is properly recorded and retained.
Initial summary Problems to tackle The Oil and Gas Spills and Debris Liability Regulations (SOR/87-331) fall under the Canada Oil and Gas Operations Act. These regulations were registered on June 11, 1987, and pertain to the limits of liability for spills, authorized discharges, and debris related to the exploration or production of oil and gas. The regulations were published in the Canada Gazette Part I on January 3, 1987, allowing interested persons to make representations. No representations were made to the Minister of Energy, Mines and Resources or the Minister of Indian Affairs and Northern Development. Consequently, the Governor General in Council, on the recommendation of the aforementioned ministers, made the annexed regulations. The Oil and Gas Production and Conservation Act is referred to as the ""Act"" within these regulations. The limits of liability are outlined in section 3 of the regulations and are as follows: a) For areas referred to in paragraph 6(1)(a) of the Arctic Waters Pollution Prevention Act, the limit is the amount by which $40 million exceeds the amount prescribed under section 9 of that Act. b) For submarine areas north of the sixtieth parallel of north latitude not covered by paragraph (a), the limit is $40 million. c) For areas within the Yukon Territory or Northwest Territories covered by or located within 200 meters of any inland water body not covered by paragraph (a), the limit is $25 million. d) For areas within the Yukon Territory or Northwest Territories not covered by paragraphs (a) or (c), the limit is $10 million. e) For any area to which the Act applies and for which no other limit is prescribed by these regulations, the limit is $30 million. 1. Summarizer picks information from webpage irrelevant for understanding of the document 2. Summarizer includes some technical document information that is not relevant 3. Summarizer decides to include the full list in simplified version but omits certain information that affects the meaning of the items on the list Example 3: Oil and Gas Spills and Debris Liability Regulations Input: https://www.canlii.org/en/ca/laws/regu/sor-87-331/latest/sor-87-331.html Adjusted summary This document outlines the limits of liability for spills, authorized discharges, and debris related to the exploration or production of oil and gas. The limits of liability are outlined in section 3 of the document and range from $10 million to $40 million depending on the area.
Initial summary Problems to tackle The European Commission's Implementing Regulation (EU) 2018/151 outlines rules for digital service providers to manage risks to network and information systems security and determine the impact of incidents. Digital service providers must adopt a systematic, risk-based approach to information security, including risk analysis, human resources, security of operations, and security architecture. They should also perform assessment and analysis procedures to ensure the security of systems and facilities. The regulation specifies that digital service providers should have policies on human resources, security architecture, physical and environmental security, and the security of supplies. They must also establish and maintain policies on incident handling, business continuity management, and monitoring, auditing, and testing. International standards, including existing national standards, may be used for the security of network and information systems. Digital service providers must be able to estimate the number of users affected by an incident, the duration of the incident, and the geographical spread of the affected area. They should also measure the extent of disruption to the functioning of the service and the impact on economic and societal activities. An incident is considered to have a substantial impact if it meets at least one of the specified criteria, such as affecting a large number of users or causing significant material or non-material losses. The regulation is binding in its entirety and directly applicable in all EU Member States. It entered into force on the twentieth day following its publication in the Official Journal of the European Union and has been in effect since May 10, 2018. The summary is overall good but it might create an impression that it includes all relevant obligations contained in the document. Example 4: EU Commission Implementing Regulation 2018/151 of 30 January 2018 Input: https://eur-lex.europa.eu/eli/reg/2018/151 Adjusted summary The European Commission's Implementing Regulation (EU) 2018/151 outlines rules for digital service providers to manage risks to network and information systems security and determine the impact of incidents. Notable provisions of this document include the following: 1. Digital service providers must adopt a systematic, risk-based approach to information security, including risk analysis, human resources, security of operations, and security architecture. They should also perform assessment and analysis procedures to ensure the security of systems and facilities. 2. The regulation specifies that digital service providers should have policies on human resources, security architecture, physical and environmental security, and the security of supplies. They must also establish and maintain policies on incident handling, business continuity management, and monitoring, auditing, and testing. International standards, including existing national standards, may be used for the security of network and information systems. 3. Digital service providers must be able to estimate the number of users affected by an incident, the duration of the incident, and the geographical spread of the affected area. They should also measure the extent of disruption to the functioning of the service and the impact on economic and societal activities. An incident is considered to have a substantial impact if it meets at least one of the specified criteria, such as affecting a large number of users or causing significant material or non-material losses. The regulation is binding in its entirety and directly applicable in all EU Member States. It entered into force on the twentieth day following its publication in the Official Journal of the European Union and has been in effect since May 10, 2018.
Summary and comments The document outlines the Regulation respecting occupational health and safety in Quebec, which applies to all establishments and construction sites. The regulation aims to establish standards for air quality, temperature, humidity, heat stress, lighting, noise, contaminants, sanitary facilities, ventilation, hygiene, sanitation, cleanliness, area conditions, storage and handling of dangerous substances, machine and tool safety, high-risk tasks, individual protective equipment, and worker transportation. Looks like a selection of the Divisions in the OHS Regulation S-2.1, r.13 but missing key topics (Hot Work, respiratory Protection, Asbestos) and focussing, in my opinion, on lesser important issues (lighting, sanitary facilities, cleanliness, heat stress). Employers are obligated to comply with these standards, and equipment used for maintaining these conditions must be in optimal operational condition. The regulation covers various aspects of workplace safety, including access routes, passageways, yards, vertical openings, guardrails, floors, walkways, workstations, cleaning, refuse containers, machine locations, and transportation of workers. GOOD Specific requirements are provided for service stairs, ramps, permanent ladders, portable ladders, and stepladders. The use of ladders is subject to certain conditions and restrictions, including inspection, placement, and prohibited usages. Workers must follow safety precautions while using ladders, such as maintaining three points of contact and facing the ladder at all times. The regulation also addresses the safety of gangways, stationary platforms, and suspended scaffolding, with specific requirements for load capacity, guardrails, and fall protection. Suspended scaffolding must comply with CAN/CSA standards and be used in accordance with the Health and Safety Code for Suspended Equipment Operations. In summary, the Regulation respecting occupational health and safety in Quebec aims to ensure a safe and healthy work environment for workers by establishing comprehensive standards and requirements for various aspects of workplace safety. Employers must comply with these standards, and workers must follow safety precautions to minimize risks and hazards. That’s taken from section 49 and 51 of the OHS Act... pretty cool! That’s a good summary. However, there is no word on risk assessment which, as you know, is key in OHS management. A lot of emphasis on Fall Protection in 3rd and 4th paragraph but nothing on Machine Safety, Lifting Equipment and LOTO although equally important risks. The regulation covers an array of different topics. The first paragraph should highlight the key risks (ref. see Glencore Fatal Hazard denomination). Then, depending on amount of word you want to use in the text, stay general or dig deeper for each key hazards. The closing paragraph is good. Example 5: Regulation respecting occupational health and safety Input: https://canlii.ca/t/1128
Summary and comments The Clean Air Regulation (CQLR c Q-2, r 4.1) aims to protect the environment by setting standards and limits for emissions from various industrial and commercial activities. The regulation covers particle emissions, volatile organic compounds, and emissions from stationary internal combustion engines, fuel burning equipment, and incinerators. It also addresses specific industries such as cement plants, steel mills, and petroleum refineries. It would be best to say the regulation applies to all industries including cement plant…. The regulation requires that any device, system, or equipment used for emissions control must be maintained in good working order and operate optimally during production hours. It sets limits for particle emissions from industrial processes and facilities, as well as emission limits for volatile organic compounds from certain industrial or commercial facilities or activities. The regulation also sets standards for emissions from stationary internal combustion engines, fuel burning equipment, and incinerators. It addresses the use of wood, wood waste, and pulp and paper mill residual materials as fuel in fuel burning equipment and industrial furnaces. Repetitive from paragraph 1 ??? Operators of facilities must maintain records of emissions and comply with monitoring and reporting requirements. Monetary administrative penalties and fines may be imposed for non-compliance with the regulation. That’s a given! The Clean Air Regulation replaces the Regulation respecting the quality of the atmosphere (chapter Q-2, r. 38), except for certain provisions. It applies to facilities in operation on or after 30 June 2011, with some transitional provisions for existing facilities." Agreed but somewhat trivial. Appendix E present important emission factors while Appendix H show modeling requirement instructions which are the key added values of the regulation over the preceding one. Everything else in the appendices is captured by the “limit for emissions” reference in paragraph 1, so well done. Example 6: Clean Air Regulation Input: https://canlii.ca/t/8pm7
Key challenges with AI • Ability of AI to process various types of data • Volumes of data that can be processed by AI • Format of data generated by AI
Nimonik offices Solution Partners Nimonik.com - info@nimonik.com - 1-888-608-7511 - +86 021 51720468 Thank you! Shanghai Montréal HQ Calgary

More Related Content

PPTX
Future of AI Smart Networks
Melanie Swan
 
PPTX
A Comprehensive Review of Large Language Models for.pptx
SaiPragnaKancheti
 
PDF
Leveraging Knowledge Graphs in your Enterprise Knowledge Management System
Semantic Web Company
 
PDF
Recommending for the World
Yves Raimond
 
PPT
Data Architecture for Data Governance
DATAVERSITY
 
PDF
The State of Global AI Adoption in 2023
InData Labs
 
PDF
Large Language Models Bootcamp
Data Science Dojo
 
PDF
Deloitte Digital Benchmark
Thierry Raizer
 
Future of AI Smart Networks
Melanie Swan
 
A Comprehensive Review of Large Language Models for.pptx
SaiPragnaKancheti
 
Leveraging Knowledge Graphs in your Enterprise Knowledge Management System
Semantic Web Company
 
Recommending for the World
Yves Raimond
 
Data Architecture for Data Governance
DATAVERSITY
 
The State of Global AI Adoption in 2023
InData Labs
 
Large Language Models Bootcamp
Data Science Dojo
 
Deloitte Digital Benchmark
Thierry Raizer
 

What's hot (20)

PPTX
Regulating Generative AI - LLMOps pipelines with Transparency
Debmalya Biswas
 
PDF
8 Steps to Creating a Data Strategy
Silicon Valley Data Science
 
PDF
Active Governance Across the Delta Lake with Alation
Databricks
 
PDF
Kaggle presentation
HJ van Veen
 
PPT
Business Intelligence - A Management Perspective
vinaya.hs
 
PDF
Leveraging Generative AI & Best practices
DianaGray10
 
PDF
AI 2023.pdf
DavidCieslak4
 
PDF
Consumer privacy in retail
Deloitte United States
 
PDF
Data Quality Best Practices
DATAVERSITY
 
PPTX
Data Visualization & Data Storytelling
彭其捷 Jack
 
PDF
Devoxx Morocco 2024 - The Future Beyond LLMs: Exploring Agentic AI
Raphaël Semeteys
 
PDF
An Introduction to Generative AI - May 18, 2023
CoriFaklaris1
 
PDF
Databricks: A Tool That Empowers You To Do More With Data
Databricks
 
PDF
Customizing LLMs
Jim Steele
 
PDF
Stanford AI Report 2023
Kapil Khandelwal (KK)
 
PDF
MEET GENERATIVE AI
Andre Muscat
 
PDF
AI and machine learning
ITU
 
PDF
LLMs in Production: Tooling, Process, and Team Structure
Aggregage
 
PDF
AI and ML Series - Introduction to Generative AI and LLMs - Session 1
DianaGray10
 
PDF
Passo a Passo para implementar DataOps em projetos de Big Data
Eduardo Hahn
 
Regulating Generative AI - LLMOps pipelines with Transparency
Debmalya Biswas
 
8 Steps to Creating a Data Strategy
Silicon Valley Data Science
 
Active Governance Across the Delta Lake with Alation
Databricks
 
Kaggle presentation
HJ van Veen
 
Business Intelligence - A Management Perspective
vinaya.hs
 
Leveraging Generative AI & Best practices
DianaGray10
 
AI 2023.pdf
DavidCieslak4
 
Consumer privacy in retail
Deloitte United States
 
Data Quality Best Practices
DATAVERSITY
 
Data Visualization & Data Storytelling
彭其捷 Jack
 
Devoxx Morocco 2024 - The Future Beyond LLMs: Exploring Agentic AI
Raphaël Semeteys
 
An Introduction to Generative AI - May 18, 2023
CoriFaklaris1
 
Databricks: A Tool That Empowers You To Do More With Data
Databricks
 
Customizing LLMs
Jim Steele
 
Stanford AI Report 2023
Kapil Khandelwal (KK)
 
MEET GENERATIVE AI
Andre Muscat
 
AI and machine learning
ITU
 
LLMs in Production: Tooling, Process, and Team Structure
Aggregage
 
AI and ML Series - Introduction to Generative AI and LLMs - Session 1
DianaGray10
 
Passo a Passo para implementar DataOps em projetos de Big Data
Eduardo Hahn
 
Ad

Similar to Generative AI for Regulatory Analysis (20)

DOCX
IT Risk assessment and Audit Planning
goreankush1
 
PPTX
Software Industry
polipellyyashaswi
 
PPTX
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
PDF
ManageEngine Overview 2023.pdf
Phuong Nghiem Sy Tam
 
PPTX
Owasp Summit - Wednesday evening briefing master
Dinis Cruz
 
PPTX
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
AIIM International
 
PDF
infox technologies
fidharash
 
PPTX
Software Quality Management in Wipro and case tools ,Wipro Introduction and c...
Preethi T G
 
PPTX
AI Microservices APIs and Business Automation as a Service Denis Gagne
Denis Gagné
 
PPTX
Build an Application Integration Strategy
Info-Tech Research Group
 
PPTX
Curiosity Software, Infuse and Kumoco present: The Democratisation of Testing
Curiosity Software Ireland
 
PDF
Cost of Custom AI Solution Development.pdf
Aivada
 
PPT
DevOps for Enterprise Systems - Rosalind Radcliffe
DevOps for Enterprise Systems
 
PDF
What are the Best Practices for Enterprise Software Applications?
BoTree Technologies
 
PDF
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
PPTX
Why Use Add ins with SharePoint and SharePoint Online? Webinar
Concept Searching, Inc
 
PDF
Build enterprise-grade AI agents with Azure AI Agent Service
Naoki (Neo) SATO
 
PPTX
final oracle presentation
Priyesh Patel
 
PDF
MBT Webinar: Does the security of your business data keep you up at night?
Jorge García
 
PDF
IBM Innovate - Uderstanding DevOps
Sanjeev Sharma
 
IT Risk assessment and Audit Planning
goreankush1
 
Software Industry
polipellyyashaswi
 
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
ManageEngine Overview 2023.pdf
Phuong Nghiem Sy Tam
 
Owasp Summit - Wednesday evening briefing master
Dinis Cruz
 
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
AIIM International
 
infox technologies
fidharash
 
Software Quality Management in Wipro and case tools ,Wipro Introduction and c...
Preethi T G
 
AI Microservices APIs and Business Automation as a Service Denis Gagne
Denis Gagné
 
Build an Application Integration Strategy
Info-Tech Research Group
 
Curiosity Software, Infuse and Kumoco present: The Democratisation of Testing
Curiosity Software Ireland
 
Cost of Custom AI Solution Development.pdf
Aivada
 
DevOps for Enterprise Systems - Rosalind Radcliffe
DevOps for Enterprise Systems
 
What are the Best Practices for Enterprise Software Applications?
BoTree Technologies
 
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
Why Use Add ins with SharePoint and SharePoint Online? Webinar
Concept Searching, Inc
 
Build enterprise-grade AI agents with Azure AI Agent Service
Naoki (Neo) SATO
 
final oracle presentation
Priyesh Patel
 
MBT Webinar: Does the security of your business data keep you up at night?
Jorge García
 
IBM Innovate - Uderstanding DevOps
Sanjeev Sharma
 
Ad

More from Nimonik (20)

PDF
Engineering Industry Standards Buyer's Guide For Organizations
Nimonik
 
PDF
Nimonik Brochure
Nimonik
 
PPTX
Calgary Oil & Gas Regulatory and Standards Day January 18th 2023
Nimonik
 
PDF
Best Practices for Regulatory Change Management
Nimonik
 
PDF
Build a business case for compliance March 2022
Nimonik
 
PDF
ESG and Compliance: Where do we go from here?
Nimonik
 
PDF
State of Compliance 2021 at Mid-Market Firms - Nimonik
Nimonik
 
PDF
ISO 19600 Section 4.5 - Know your Obligations
Nimonik
 
PDF
COVID-19 Biological Risk Assessment Webinar
Nimonik
 
PDF
Preparing for a Post Covid World
Nimonik
 
PDF
Identify Applicable EHS Regulatory Documents
Nimonik
 
PPTX
19600 Compliance Management System Guidelines
Nimonik
 
PPTX
19600 compliance management system guidelines
Nimonik
 
PPTX
Survey results - Centrally vs Locally managed compliance
Nimonik
 
PPTX
Continous compliance october 2019 webinar (2)
Nimonik
 
PPTX
The not so hidden costs of non-compliance
Nimonik
 
PPTX
The 4 key types of regulations and how to comply (3)
Nimonik
 
PDF
Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...
Nimonik
 
PPT
Process Area Site Assessments techniques for the Management
Nimonik
 
PPTX
Air monitoring presentation
Nimonik
 
Engineering Industry Standards Buyer's Guide For Organizations
Nimonik
 
Nimonik Brochure
Nimonik
 
Calgary Oil & Gas Regulatory and Standards Day January 18th 2023
Nimonik
 
Best Practices for Regulatory Change Management
Nimonik
 
Build a business case for compliance March 2022
Nimonik
 
ESG and Compliance: Where do we go from here?
Nimonik
 
State of Compliance 2021 at Mid-Market Firms - Nimonik
Nimonik
 
ISO 19600 Section 4.5 - Know your Obligations
Nimonik
 
COVID-19 Biological Risk Assessment Webinar
Nimonik
 
Preparing for a Post Covid World
Nimonik
 
Identify Applicable EHS Regulatory Documents
Nimonik
 
19600 Compliance Management System Guidelines
Nimonik
 
19600 compliance management system guidelines
Nimonik
 
Survey results - Centrally vs Locally managed compliance
Nimonik
 
Continous compliance october 2019 webinar (2)
Nimonik
 
The not so hidden costs of non-compliance
Nimonik
 
The 4 key types of regulations and how to comply (3)
Nimonik
 
Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...
Nimonik
 
Process Area Site Assessments techniques for the Management
Nimonik
 
Air monitoring presentation
Nimonik
 

Recently uploaded (20)

PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PPTX
Welding lecture in detail for understanding
sahilpoonia10
 
PPTX
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PDF
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
Welding lecture in detail for understanding
sahilpoonia10
 
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PPT on Performance Review to get promotions
prashant593122
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 

Generative AI for Regulatory Analysis

  • 2. Agenda About Nimonik About Generative AI 1 2 AI at Nimonik 3
  • 3. About Us Founded in 2008 with offices in Montréal, Calgary, Toronto, and Shanghai. Nimonik services over 700 customers around the world, especially mid-size international companies.
  • 4. Canadian Integrations Companies you may have worked with: ● ConformanceCheck (Toronto) ● MediaLogic (Calgary) ● Templegate (Toronto) They are all now part of Nimonik! Nimonik will soon be offering access to standards from CSA and other standard development organizations.
  • 5. We are not EHS management software or just a content provider or simply an audit tool. Nimonik is an integrated compliance solution for regulations, standards and internal requirements.
  • 6. Minimal Management Supervisor led Integrated Team based compliance Inconsistent 1 Piecemeal approach Road to Compliance Maturity 2 Proactive 3 Forward thinking Reactive 4 Focus on putting out fires 5
  • 7. Surprises abound Most organisations do not know all of their obligations, leading to “surprises”... Across various topics (EHS, Quality, HR, safety,...) a typical factory 3,000+ obligations and 200+ changes per year. Each non-compliance costs $5,000+ in internal costs.
  • 8. Frequency of change 3x Regulatory change has increased 3x in five years. Organizations have not increased staff or updated processes to manage regulatory change.
  • 9. The Four Pillars of Compliance 2 3 4 1 Prevention Risk profile Historicals Monitoring Detection Early detection Self-reporting Internal Audits Response Fast response Data analysis Action plans Correction Actions Corrective Effectiveness IMPACT
  • 10. Comprehensive Obligations Comprehensive Assurance Business Outcomes • 360° Coverage • Obligations mapped to systems • Audit ready • Actions tracked • Increased trust • Fewer surprises Resilience
  • 11. The main hurdle to identifying requirements is understanding: what a document regulates, how it regulates and who it applies to.
  • 12. V Traditional Approaches • Hiring, training, support • Good knowledge of operations In-house • Robust knowledge Consultants • Consistent across organization • Corporate control Enterprise Software Time Cost & inconsistent More cost and complexity
  • 13. ...and Sources: Quality Environmental Safety CyberSecurity HR, OHS, product... Regulatory + standards + ECAs, permits, stakeholders, customers,... A Comprehensive Compliance program captures all of your Obligations across your areas of compliance:
  • 14. Nimonik Inc. offers an integrated compliance management program for organizations to better manage their obligations across quality, environmental, safety, privacy, human resources, and other regulated areas. Nimonik helps you achieve compliance across your operations and increase your organization’s resilience. Nimonik software workflow Identify documents Extract obligations Identify risks Create actions Conduct audits 1 2 3 4 5 Identify applicable regulations, industry standards and internal documents Extract obligations from applicable documents Risk rank and link obligations to controls Create actions to stay in compliance Conduct internal audits to ensure continuous improvement
  • 15. The challenge of the decentralized approach is that most organizations delegate this work to various parts of the business - who each take their own approach.
  • 16. Agenda About Nimonik About Generative AI 1 2 AI at Nimonik 3
  • 17. Definition Generative AI is a type of Artificial Intelligence that can create unique, original content automatically - from text to images and video. Modern generative AI uses machine learning algorithms that are trained on large amounts of data, usually Large Language Models (LLM). Includes a random component. The same inputs can lead to different variations of the output.
  • 19. Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility Application
  • 20. Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
  • 21. Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
  • 22. Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
  • 23. Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
  • 24. Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
  • 25. Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
  • 26. Identify your physical operations and outline Obligations, Actions and Audits for each location Control access by business unit, region or facility
  • 27. 1. Open source libraries and data sets make this technology widely available. 2. Much of the regulatory analyst job will be automated. Consulting work may be affected as well. 3. Limited “moat” to offer services that are solely analysis. The “human” factor will become more important along with workflows and tools to manage data. Ownership
  • 28. Agenda About Nimonik About Generative AI 1 2 AI at Nimonik 3
  • 29. Why Nimonik leverages AI? Nimonik collects 2,000 - 3,000 new regulatory documents per month AI tools becoming more and more essential to ensure quality and timely content delivery Number of new documents is constantly growing due to the expansion of Nimonik’s coverage and increasing regulatory activity
  • 30. Generation of summaries Identification of obligations Detection of relevance • Nimonik offers short summaries for essential documents • This allows you to understand if a document is relevant for you • AI analyzes and produces summaries almost instantly • Nimonik extracts obligations from essential documents • This allows you to focus on and track only the provisions relevant for you • AI almost instantly extracts obligations with 90%+ accuracy • Nimonik classifies documents based on their industry sectors and topics • This allow you to subscribe and see only the documents relevant for you • Nimonik works on use of AI to streamline the classification process How Nimonik leverages AI? AI chatbot • Nimonik works on implementing an AI solution to securely chat about document • This will allow you to receive instant answers to your questions about the document • AI agent serves as your personal consultant
  • 31. Key takeaway about generative AI tools While personal use is really simple and can deliver great value with almost zero effort, business integration and use requires careful planning, testing and overcoming numerous challenges. Pros and cons of AI deployment need to be carefully considered.
  • 32. Challenge What Nimonik does? • AI is smart but it cannot take new content to process by itself. • For example, OpenAI’s GPTs are not able to open the links with documents and process their text without additional plugins or tools. • Nimonik covers hundreds of jurisdictions that are differ in their content delivery approaches, content quality and accessibility. • Nimonik makes sure that in each case content can be correctly extracted and easily fed to the AI for summary generation and other tasks. • To achieve this, Nimonik uses various internal and external content processing tools and techniques tailored to each jurisdiction to ensure quality content. • … and deals with such websites :) Key challenges: Content to be processed by AI
  • 33. Challenge What Nimonik does? • All generative AI models have their limits in terms of maximum content to be processed. • Even the most capable models are still capped at around 200 pages of content, while a lot of documents are much larger. • Cost is also a factor for large-scale application. • Currently, Nimonik uses various proprietary solutions to achieve the best efficiency to cost ratio. • Nimonik also develops own internal solution to process text larger than 150 pages based on advanced text processing techniques. • In terms of cost, Nimonik’s internal solution will be based on one of the open source LLM models that deliver results comparable to ChatGPT. Key challenges: Content size and cost ≈ 200 pages ≈ 40 pages ≈ 20 pages ≈ 5 pages
  • 34. Challenge What Nimonik does? • Third-party solutions cannot guarantee privacy of your data. • Additionally, there might be intellectual property concerns while using copyrighted content in publicly available AI tools. • Currently, Nimonik does not process in third-party AI tools any sensitive or copyrighted data. • Nimonik’s own internal solution will be deployed according to the best available practices to ensure data security. Key challenges: Security of data ≈ 150 pages
  • 35. Challenge What Nimonik does? • Nimonik has high standards for documents’ summaries quality that should be met by AI. • While some prompt engineering makes the results better, they are still not always consistent in their quality and format. • While Nimonik already generates majority of summaries using AI tools, the results are still being reviewed by our analysts. • Nimonik’s goal is to achieve consistent and quality results by “fine-tuning” the AI model that we will use for our purposes. • In other words, Nimonik will train AI on large number of summaries created by analysts to produce the results following the same approach. Key challenges: Quality of results ≈ 150 pages
  • 36. ChatGPT Solution used by Nimonik • No meaningful result for the link • Result produced by inputting the text: The Energy Conservation Equipment Exemption Regulations prescribe various equipment, articles, and materials as energy conservation equipment for the purposes of section 9 of Part XVIII of Schedule III to the Excise Tax Act. This includes thermal insulation, wood-burning stoves (excluding fireplaces or those burning oil/gas), wind deflectors for vehicles, waterwheels and related generators/pumps, loading dock door seals/shelters, and power factor correction capacitors. This document outlines the equipment, articles, and materials prescribed as energy conservation equipment for the purposes of the Excise Tax Act (particularly, Section 9 of Part XVIII of Schedule III to the Excise Tax Act). These include: (a) Thermal insulation designed for pipes, ducts, boilers, tanks, and wrapping materials exclusively for use with such insulation; (b) Wood-burning stoves, wood-burning stove kits, wood-burning furnaces, and wood-burning space heaters, excluding fireplaces and oil or gas-burning stoves, furnaces, or space heaters; (d) Wind deflectors designed to reduce fuel consumption and for installation on motor vehicles and trailers; (e) Waterwheels for converting water power to mechanical or electrical energy, and pumps and generators specifically designed for use with such waterwheels; (f) Loading dock door seals and shelters designed to conserve heated or refrigerated air during loading and unloading; (g) Power factor correction capacitors. Example 1: Energy Conservation Equipment Exemption Regulations Input: https://laws-lois.justice.gc.ca/eng/regulations/C.R.C.,_c._590/page-1.html Bottom line: Both solutions provide good results but ChatGPT is not really able to access and summarize contents under the links
  • 37. ChatGPT Solution used by Nimonik • No meaningful result for the link • No result produced by inputting the text as text size exceeds ChatGPT’s capacity for processing This document outlines the requirements for conducting onshore and offshore geophysical operations. Notable provisions of this document include the following: 1. Operators must apply for authorization by submitting a completed application form to the Chief Conservation Officer. Applications must be submitted at least 30 days before the planned commencement date for onshore operations and 30-90 days for offshore operations, depending on the seismic energy source. 2. Operators are required to take reasonable safeguards against property damage, control and extinguish fires, and handle refuse responsibly. Offshore operations must adhere to specific guidelines for air gun systems, gas exploders, and electrical seismic energy sources. Onshore operations must consider survey monuments, seismic energy sources, and drilling shot holes for charges. 3. Occupational safety and health regulations mandate radio communication, safe working practices, and training for geophysical crew members. Operators must submit status reports to the Chief Conservation Officer at the commencement, termination, and weekly during the operation. They must also retain data and report accidents or incidents causing injury, loss of life, property damage, or environmental threats. 4. Investigations may be conducted by the Chief Conservation Officer and Chief Safety Officer for accidents or incidents involving death, injury, equipment damage, or environmental damage. Example 2: Canada Oil and Gas Geophysical Operations Regulations Input: https://www.canlii.org/en/ca/laws/regu/sor-96-117/latest/sor-96-117.html Bottom line: Our solution and ChatPDF provide good results but ChatPDF requires extra steps to get the summary ChatPDF • Result obtained by converting html page in PDF: The Canada Oil and Gas Geophysical Operations Regulations document outlines the regulations for geophysical operations in relation to oil and gas exploration in Canada. The regulations cover a range of topics, including the application process for geophysical operations, safety requirements, reporting requirements, and data retention requirements. The document also outlines the specific information that must be included in a geophysical operation authorization application, as well as the information that must be included in a final report. Overall, the regulations aim to ensure that geophysical operations are conducted safely and responsibly, and that the resulting data is properly recorded and retained.
  • 38. Initial summary Problems to tackle The Oil and Gas Spills and Debris Liability Regulations (SOR/87-331) fall under the Canada Oil and Gas Operations Act. These regulations were registered on June 11, 1987, and pertain to the limits of liability for spills, authorized discharges, and debris related to the exploration or production of oil and gas. The regulations were published in the Canada Gazette Part I on January 3, 1987, allowing interested persons to make representations. No representations were made to the Minister of Energy, Mines and Resources or the Minister of Indian Affairs and Northern Development. Consequently, the Governor General in Council, on the recommendation of the aforementioned ministers, made the annexed regulations. The Oil and Gas Production and Conservation Act is referred to as the ""Act"" within these regulations. The limits of liability are outlined in section 3 of the regulations and are as follows: a) For areas referred to in paragraph 6(1)(a) of the Arctic Waters Pollution Prevention Act, the limit is the amount by which $40 million exceeds the amount prescribed under section 9 of that Act. b) For submarine areas north of the sixtieth parallel of north latitude not covered by paragraph (a), the limit is $40 million. c) For areas within the Yukon Territory or Northwest Territories covered by or located within 200 meters of any inland water body not covered by paragraph (a), the limit is $25 million. d) For areas within the Yukon Territory or Northwest Territories not covered by paragraphs (a) or (c), the limit is $10 million. e) For any area to which the Act applies and for which no other limit is prescribed by these regulations, the limit is $30 million. 1. Summarizer picks information from webpage irrelevant for understanding of the document 2. Summarizer includes some technical document information that is not relevant 3. Summarizer decides to include the full list in simplified version but omits certain information that affects the meaning of the items on the list Example 3: Oil and Gas Spills and Debris Liability Regulations Input: https://www.canlii.org/en/ca/laws/regu/sor-87-331/latest/sor-87-331.html Adjusted summary This document outlines the limits of liability for spills, authorized discharges, and debris related to the exploration or production of oil and gas. The limits of liability are outlined in section 3 of the document and range from $10 million to $40 million depending on the area.
  • 39. Initial summary Problems to tackle The European Commission's Implementing Regulation (EU) 2018/151 outlines rules for digital service providers to manage risks to network and information systems security and determine the impact of incidents. Digital service providers must adopt a systematic, risk-based approach to information security, including risk analysis, human resources, security of operations, and security architecture. They should also perform assessment and analysis procedures to ensure the security of systems and facilities. The regulation specifies that digital service providers should have policies on human resources, security architecture, physical and environmental security, and the security of supplies. They must also establish and maintain policies on incident handling, business continuity management, and monitoring, auditing, and testing. International standards, including existing national standards, may be used for the security of network and information systems. Digital service providers must be able to estimate the number of users affected by an incident, the duration of the incident, and the geographical spread of the affected area. They should also measure the extent of disruption to the functioning of the service and the impact on economic and societal activities. An incident is considered to have a substantial impact if it meets at least one of the specified criteria, such as affecting a large number of users or causing significant material or non-material losses. The regulation is binding in its entirety and directly applicable in all EU Member States. It entered into force on the twentieth day following its publication in the Official Journal of the European Union and has been in effect since May 10, 2018. The summary is overall good but it might create an impression that it includes all relevant obligations contained in the document. Example 4: EU Commission Implementing Regulation 2018/151 of 30 January 2018 Input: https://eur-lex.europa.eu/eli/reg/2018/151 Adjusted summary The European Commission's Implementing Regulation (EU) 2018/151 outlines rules for digital service providers to manage risks to network and information systems security and determine the impact of incidents. Notable provisions of this document include the following: 1. Digital service providers must adopt a systematic, risk-based approach to information security, including risk analysis, human resources, security of operations, and security architecture. They should also perform assessment and analysis procedures to ensure the security of systems and facilities. 2. The regulation specifies that digital service providers should have policies on human resources, security architecture, physical and environmental security, and the security of supplies. They must also establish and maintain policies on incident handling, business continuity management, and monitoring, auditing, and testing. International standards, including existing national standards, may be used for the security of network and information systems. 3. Digital service providers must be able to estimate the number of users affected by an incident, the duration of the incident, and the geographical spread of the affected area. They should also measure the extent of disruption to the functioning of the service and the impact on economic and societal activities. An incident is considered to have a substantial impact if it meets at least one of the specified criteria, such as affecting a large number of users or causing significant material or non-material losses. The regulation is binding in its entirety and directly applicable in all EU Member States. It entered into force on the twentieth day following its publication in the Official Journal of the European Union and has been in effect since May 10, 2018.
  • 40. Summary and comments The document outlines the Regulation respecting occupational health and safety in Quebec, which applies to all establishments and construction sites. The regulation aims to establish standards for air quality, temperature, humidity, heat stress, lighting, noise, contaminants, sanitary facilities, ventilation, hygiene, sanitation, cleanliness, area conditions, storage and handling of dangerous substances, machine and tool safety, high-risk tasks, individual protective equipment, and worker transportation. Looks like a selection of the Divisions in the OHS Regulation S-2.1, r.13 but missing key topics (Hot Work, respiratory Protection, Asbestos) and focussing, in my opinion, on lesser important issues (lighting, sanitary facilities, cleanliness, heat stress). Employers are obligated to comply with these standards, and equipment used for maintaining these conditions must be in optimal operational condition. The regulation covers various aspects of workplace safety, including access routes, passageways, yards, vertical openings, guardrails, floors, walkways, workstations, cleaning, refuse containers, machine locations, and transportation of workers. GOOD Specific requirements are provided for service stairs, ramps, permanent ladders, portable ladders, and stepladders. The use of ladders is subject to certain conditions and restrictions, including inspection, placement, and prohibited usages. Workers must follow safety precautions while using ladders, such as maintaining three points of contact and facing the ladder at all times. The regulation also addresses the safety of gangways, stationary platforms, and suspended scaffolding, with specific requirements for load capacity, guardrails, and fall protection. Suspended scaffolding must comply with CAN/CSA standards and be used in accordance with the Health and Safety Code for Suspended Equipment Operations. In summary, the Regulation respecting occupational health and safety in Quebec aims to ensure a safe and healthy work environment for workers by establishing comprehensive standards and requirements for various aspects of workplace safety. Employers must comply with these standards, and workers must follow safety precautions to minimize risks and hazards. That’s taken from section 49 and 51 of the OHS Act... pretty cool! That’s a good summary. However, there is no word on risk assessment which, as you know, is key in OHS management. A lot of emphasis on Fall Protection in 3rd and 4th paragraph but nothing on Machine Safety, Lifting Equipment and LOTO although equally important risks. The regulation covers an array of different topics. The first paragraph should highlight the key risks (ref. see Glencore Fatal Hazard denomination). Then, depending on amount of word you want to use in the text, stay general or dig deeper for each key hazards. The closing paragraph is good. Example 5: Regulation respecting occupational health and safety Input: https://canlii.ca/t/1128
  • 41. Summary and comments The Clean Air Regulation (CQLR c Q-2, r 4.1) aims to protect the environment by setting standards and limits for emissions from various industrial and commercial activities. The regulation covers particle emissions, volatile organic compounds, and emissions from stationary internal combustion engines, fuel burning equipment, and incinerators. It also addresses specific industries such as cement plants, steel mills, and petroleum refineries. It would be best to say the regulation applies to all industries including cement plant…. The regulation requires that any device, system, or equipment used for emissions control must be maintained in good working order and operate optimally during production hours. It sets limits for particle emissions from industrial processes and facilities, as well as emission limits for volatile organic compounds from certain industrial or commercial facilities or activities. The regulation also sets standards for emissions from stationary internal combustion engines, fuel burning equipment, and incinerators. It addresses the use of wood, wood waste, and pulp and paper mill residual materials as fuel in fuel burning equipment and industrial furnaces. Repetitive from paragraph 1 ??? Operators of facilities must maintain records of emissions and comply with monitoring and reporting requirements. Monetary administrative penalties and fines may be imposed for non-compliance with the regulation. That’s a given! The Clean Air Regulation replaces the Regulation respecting the quality of the atmosphere (chapter Q-2, r. 38), except for certain provisions. It applies to facilities in operation on or after 30 June 2011, with some transitional provisions for existing facilities." Agreed but somewhat trivial. Appendix E present important emission factors while Appendix H show modeling requirement instructions which are the key added values of the regulation over the preceding one. Everything else in the appendices is captured by the “limit for emissions” reference in paragraph 1, so well done. Example 6: Clean Air Regulation Input: https://canlii.ca/t/8pm7
  • 42. Key challenges with AI • Ability of AI to process various types of data • Volumes of data that can be processed by AI • Format of data generated by AI
  • 43. Nimonik offices Solution Partners Nimonik.com - info@nimonik.com - 1-888-608-7511 - +86 021 51720468 Thank you! Shanghai Montréal HQ Calgary