At Meta, we’re seeing AI advancements transform every segment of our work. From our security and privacy efforts to empowering businesses and user support, AI is helping us ensure that everything we do aligns with our commitment to mitigate and minimize risk. This translates to  better, safer products for the billions of people who use our services every day.

We’re committed to building app and product experiences that offer the trust and safety standards people expect and deserve. With the rapid advancements in AI, we’re fundamentally rethinking our approach to meeting this commitment and we’re transforming our product Privacy Review into a broader, cross-company Risk Review program with AI at its core. And the results are clear. Our AI-powered Risk Review program is enabling us to identify risks earlier, apply safeguards more consistently during a product’s development stage, and monitor continuously. This equips our teams to build safer products and services and deliver dramatically better outcomes.

What’s Risk Review?

Before a new product or feature even pops up on your smartphone, computer or wearable device, teams at Meta complete a robust risk review, a process that identifies and mitigates potential privacy, safety, and security concerns, and helps ensure the product complies with  applicable legal requirements. For example, this process can help determine if a new product feature might require specific safeguards to protect sensitive user data or how to best build in tools for people to manage their information. 

Implementing AI Solutions

For years, risk review required a lot of manual, repetitive work. For example, experts often spent hours gathering information and completing standardized intake forms just to get a review started. At Meta, we conduct tens of thousands of risk and compliance reviews each year, and we needed a solution fit for our scale.

Our AI-powered Risk Review program has helped automate and optimize essential parts of the risk review process. It can pre-fill key documentation and surface relevant product requirements upfront, reducing time spent on intake and helping reviews move faster and more consistently. It also helps our teams proactively and quickly scan product proposals during the product development phase, catching potential issues or coding gaps, and suggest solutions before product development even reaches the testing stage. 

In this way, our AI-powered Risk Review program is like an always-on risk detection tool that assists our teams at every stage of the risk review process, helping us catch potential issues and surface recommend mitigations for expert review while code is written, not afterward. The goal is to build a compliance culture where manual processes are the fallback — not the default — so we can apply safeguards and standards reliably at scale.

What this means in practice:

• Earlier signals during product development; 
• More consistent application of standards and safeguards;
• Increased expert focus on novel and high-impact cases;
• Ongoing monitoring to ensure protections keep working as products evolve; and 
• Helping teams apply new requirements to changing regulations faster and more accurately.  

This work isn’t just about moving faster, it’s about consistently driving better outcomes for people. It’s also about using the depth and precision of AI to help us analyze massive volumes of data and cross check new products and features against a global library of policies and regulations. There are hundreds of data protection laws around the world that change and evolve as technology changes and evolves. With AI, we’re able to continuously monitor these changes and update our products accordingly. 

Strengthening Human Expertise With AI

Importantly, this AI evolution within Risk Review doesn’t replace human judgement — it strengthens it. Now, with the help of AI, people can spot patterns sooner and identify things that may otherwise slip through the cracks. By pairing the efficiency and scalability of AI with the nuance and expertise of humans, we’re delivering better protections for the billions of people who use our products and services every day. 

In most cases, this means AI is doing a first pass. Meanwhile, our experts are double checking for accuracy, conducting ongoing oversight and doing what they do best: focusing on the most novel and high-impact challenges facing the company; the thorny, complex issues that require human judgment and human strategic thinking.

Humans remain the architects of our risk review systems — they make the rules for how we use and oversee AI for the long-term. While technology handles the scale, people drive its direction. And we’re seeing this broader shift across the industry, as companies build on privacy programs to develop more integrated, multi-domain risk management approaches — a topic that Data Protection Officers across the industry will discuss at the IAPP Global Summit.

For the public, this new era of AI-powered risk review and compliance means greater trust in the products and services they use every day. For every company, it means the freedom to innovate with even more confidence. In the age of advanced AI, creating new things isn’t just about building something better — it’s about building a system that enables a safer, more reliable digital world for everyone.