Is there a security/compliance concern with using custom AI models (like open-source models from Hugging Face) to review tax returns, given US regulatory requirements like WISP plans and SOC 2 compliance?
One participant raised concern that in the US, tax preparation firms are regulated entities that must have a WISP (Written Information Security Plan) and use software that is SOC 2 Type 2 compliant, because they handle PII (social security numbers, addresses, phone numbers, etc.). A leak of this information could be devastating to a firm. Another participant countered that reviewing a tax return with an LLM is conceptually similar to reviewing the tax code itself, and questioned whether this actually implicates PII in a different way than normal practice. It was noted that regulatory frameworks differ between the US and other jurisdictions (e.g., Europe), and that this is a real consideration when adopting custom or open-source models such as those from Hugging Face for firm use.
The full answer is members-only
Membership is free. Apply and get this answer, the recording, and the rest of the library.
Apply to joinAlready a member? Sign in