You're not the only one. It's something that I think is quite complicated.
One note that came in the amendments was related to the role of auditing within the commissioner's office. Something I'd like to see is more proactive use of auditing to ensure compliance, as opposed to the powers of the commissioner to require an audit when there is something that percolates that's problematic enough. It would be good to see that. That is done typically like a financial audit. You require those proactively every year with companies.
In this case, one thing we need to understand better is the scope of an AI system and, based on that, what those harms are and how you comply with that. What does that “good” look like, again, doing that through a public process? From there, you would require third party audits in a similar way that we have professional auditors in financial services to do the same thing.