Could an AI ethics audit end up like GDPR?

In continuing my trend for AI ethics from the last post, Spinoza: Building an AI Ethics Framework From First Principles, I found some early research about AI ethics audit. So, the proposal is to audit the behavior of the organization as a structured process by which an entity's behavior is assessed for consistency with relevant principles or norms. However, defining the norms is the challenge. In a nutshell, the audits focus on the rationale behind the decision, code audits entail reviewing the source code, and impact audits investigate the effects of an algorithm's outputs. The process of ethics-based auditing should be continuous, holistic, dialectic, strategic and design-driven.