Trust will no longer be defined by breach avoidance alone, but instead, driven by ‘algorithmic integrity’ – the ability to prove that your AI-driven processes are transparent, accountable, and compliant, it’s suggested.
“As the EU AI Act becomes fully enforceable, the era of opaque algorithmic decision-making is ending. What was once considered as theoretical guidance without major consequences, is now a legal obligation with fines that can reach significant percentages,” said Mark Appleton, Group Lead Vendor Ecosystem Development at the IT services firm ALSO.
“Regulators now expect evidence in the form of audit logs, model documentation, and human oversight frameworks. With identity threats accelerating, organisations must move beyond perimeter security and embed verifiable transparency at the core of their technology stacks. Businesses that don’t risk an erosion of customer confidence and ecosystem exclusion.”
Appleton suggests security and AI governance must be treated as part of a single digital confidence framework.
“AI-generated phishing can now mimic writing style and deepfake video impersonation that undermines remote onboarding. Traditional identity verification such as passwords, OTPs, and document upload checks are increasingly insufficient. Cybercriminals will also use stolen credentials, phishing, and AI-enhanced social engineering to gain unauthorised access to sensitive accounts.”
Appleton argues for standards-based infrastructure alongside real-time validation and dynamic risk assessments.
“The use of AI systems without management frameworks is not an option anymore. Too often, users often place blind trust in AI, even when the security and compliance guardrails are missing. Businesses must treat this as an ongoing commitment, adapting to technological shifts, regulatory developments, and user expectations. Transparency in data usage will be a core tenant of this trust.
“Clarity on how information is processed by these tools must be communicated including consent and how your organisation adheres to international data standards. Compliance must also evolve past a documentation exercise and embedded directly into infrastructure, so governance becomes native to the stack rather than retrofitted through policy.
“Cybersecurity is also a fundamental mechanism of digital trust. Implementing strong certificate-based authentication, time-stamping, and secure digital signatures are crucial. This calls for a Zero Trust architecture where trust is continuously validated, not assumed. Businesses can then further enforce continuous verification, behavioural biometrics, and data provenance tracking for greater effects.
“Partners in the cloud marketplace can deploy compliance-ready cloud and security stacks from leading vendors and specialised security providers. These partners can manage deployment and migration support while the vendor stacks provide the necessary solutions like native auditing, model documentation automation, and secure data pipelines. Rather than building compliance frameworks from scratch, organisations can adopt pre-certified, governance-enabled architectures.
“In a privacy-conscious market, trust is increasingly a purchasing differentiator. Businesses that simplify and secure user experiences, while clearly communicating how data is used, will capture loyalty. This requires granular consent management, data minimisation by design, and transparent model governance disclosures. The strategic question for board rooms is can your organisation demonstrate algorithmic integrity or are you still operating on assumption-based trust?”
