AI-Driven Compliance Capabilities: The Impact and Risks of Artificial Intelligence in RegTech and SupTech Solutions
AI-Driven Compliance Capabilities: The Impact and Risks of Artificial Intelligence in RegTech and SupTech Solutions
(CCRS-AI)
The multidisciplinary research project CCRS-AI explores how artificial intelligence is reshaping compliance. The project investigates the opportunities and risks of AI-driven RegTech and SupTech solutions, and develops new theory on organisational capabilities to help companies and authorities navigate Europe’s rapidly evolving regulatory landscape.
Over the past decade, digitalization and sustainability demands have driven a sharp increase in European Union (EU) legislation. This surge has created an unprecedented regulatory burden for both companies and supervisory authorities, stretching their capacity to adapt and ensure compliance.
At the same time, technological advancements are introducing solutions to manage these requirements. Regulatory technology (RegTech) for companies and supervisory technology (SupTech) for authorities provide tools to streamline compliance processes and regulatory oversight. Among these, artificial intelligence (AI) technologies and applications — including machine learning, generative artificial intelligence (GenAI), natural language processing (NLP), federated learning and AI agents — stand out for their potential to transform compliance practices.
However, AI-driven tools also carry risks. These include algorithmic bias, threats to trade secrets and data protection, lack of explainability, and hallucinations. In addition, the solutions can create vulnerabilities in accountability and trust. To address the risks, companies and authorities must develop hybrid compliance capabilities that combine the efficiency of AI-powered tools with the critical judgment of human expertise.
The project aims to advance understanding of compliance capabilities for both companies and supervisory authorities. It will also contribute to the broader development of organizational capability theory.
The project focuses on four main areas:
· Understanding the compliance capabilities companies need to meet digitalisation-related legislation, and how AI-driven RegTech solutions can support them.
· Exploring how AI-enabled RegTech can enhance corporate sustainability compliance, particularly in relation to ESG reporting and due diligence.
· Examining the evolving compliance capabilities of supervisory authorities and how AI-enabled SupTech tools can strengthen oversight.
· Advancing organisational capability theory by introducing compliance capabilities as a distinct category for both companies and authorities.
CCRS-AI will run from 2025 to 2028 and is funded by the Research Council of Finland.
Team
Robin Gustafsson Associate Professor of Strategic Management, Aalto University robin.gustafsson@aalto.fi | +358503160981
Dr. Nomi Byström Staff Scientist, Aalto University nomi.bystrom@aalto.fi | +358504778040
Anita Golzarjannat Doctoral Researcher, Aalto University
Dr. Ã…ke Freij Senior Researcher, Stockholm School of Economics
International partners
Professor Sirkka L. Jarvenpaa McCombs School of Business, University of Texas at Austin
Professor Karl Wennberg Stockholm School of Economics