Designing AI-Assisted Compliance

at OneTrust

The Company

OneTrust is the leading AI-ready governance platform, used by over half the Fortune 500 to manage privacy, data governance, and compliance. As AI adoption accelerates, organizations face a growing tension: move fast with AI, or govern it responsibly. OneTrust's platform is built to do both.

I joined as a Senior UX Designer and worked across three product areas: AI Governance, Privacy Automation, and Regulatory Technology. Each was at a different stage of maturity and each required a different design approach.

01 AI Governance: Research that Changed the Roadmap

The Challenge

OneTrust was developing the AI Program Center, a centralized hub where governance teams could monitor and manage their organization's AI risk posture. The team was preparing to release it to customers.

What I Did

I led evaluative research with customers ahead of the planned release. The goal was to validate whether the AI Program Center delivered on its promise of giving governance teams actionable visibility into AI risk.

What I Found

The metrics and analytics displayed on the page weren't what customers needed. Users weren't looking for a dashboard to observe. They needed a starting point to act. The information shown didn't map to their real workflows, and the page didn't give them a clear path to take action on the risks surfaced.

The Outcome

Based on these findings, the team made the decision to hold the release. That's a significant call on a high-visibility feature. My research became the foundation for a redesign. While I was on parental leave, the designer covering my work incorporated the feedback into a new version that became the foundation for OneTrust's AI Governance product as it exists today.

Why this matters: In a fast-moving product org, it's easy to ship and iterate. This was a case where slowing down, grounded in real user evidence, prevented a poor first impression and set a stronger foundation for the product's future.

02 Regulatory Technology: AI-Powered Control Recommendations

The Problem

In governance, risk, and compliance (GRC), organizations identify risks and then map controls to mitigate them. Controls are the specific policies, processes, or technical safeguards that reduce exposure. Think encryption requirements, access reviews, or audit procedures.

The problem: a single organization might have thousands of controls across multiple regulatory frameworks. Manually mapping the right controls to each risk is slow, tedious, and error-prone. Compliance teams were spending hours sifting through massive control libraries to find the right match.

My Approach

I had three weeks to design a solution that used AI to recommend relevant controls when a user was viewing a risk. Since this introduced a new AI-driven pattern into the product, I needed to be intentional about scope.

Workback schedule:

  • Week 1: Understand the domain, audit existing patterns, define the interaction model for AI recommendations within the risk detail view

  • Week 2: Design the end-to-end flow, including how recommendations surface, how users evaluate and accept or reject them, and how the AI's confidence is communicated

  • Week 3: Refine with engineering, document edge cases, and prepare for handoff

My focus was on reducing the time to add a control to a risk, turning what was a multi-step, search-heavy process into a guided, AI-assisted action. Key design decisions included how to present AI confidence levels transparently, how to let users efficiently review and bulk-accept recommendations, and how to gracefully handle cases where the AI's suggestions weren't relevant.

The Outcome

The feature is currently being implemented. It represents one of the first AI-powered interactions in the Regulatory Technology product area and sets a pattern for how AI assistance can be introduced across OneTrust's compliance tools.

03 Privacy Automation: Research Contribution

Between my AI Governance and Reg Tech work, I spent a few weeks embedded with the Privacy Automation team, contributing research that helped the team better understand how customers were using privacy workflows. This gave me cross-platform exposure and a broader understanding of how OneTrust's product areas connect.

Reflection

My time at OneTrust spanned three product areas in a complex B2B SaaS environment where the stakes are high. These tools help organizations stay compliant with evolving global regulations around AI, data privacy, and security.

Two themes defined my work here:

  1. Research as a strategic tool. On AI Governance, my research didn't just surface usability issues. It changed the product roadmap. Knowing when to slow down and advocate for users is as valuable as shipping fast.

  2. Designing for AI in high-trust environments. On the controls recommendation project, I learned that introducing AI into compliance tools requires extra care around transparency and user control. Users need to trust the AI's suggestions, and that trust is earned through clear communication of confidence, easy override paths, and respect for the user's expertise.

Previous

Transforming Freight Forwarding at Wayfair: The Journey of NaviOS
Next

Verizon Business Maker - Website Builder Guide