Content:
- What is AI governance?
- Why is AI governance necessary?
- The 5 biggest misconceptions about AI governance
- What are important aspects within AI governance?
- Is AI governance mandatory?
- AI governance laws and regulations
- What are the benefits of AI governance?
- What are the biggest challenges of AI governance?
- How do I introduce AI governance in our company?
- The Oracle of AI governance: the WoodWing Scienta AI Handbook
What is AI governance?
AI governance is about the rules and guidelines that organizations use to ensure that artificial intelligence (AI) is used in a safe, fair and responsible manner. This means that AI systems are designed and used in such a way that they do no harm, are fair to everyone, and respect our privacy and other important values. AI governance helps companies ensure that AI works well and takes into account the interests of people and society.
Why is AI governance necessary?
Without regulation, AI systems can cause significant harm at the individual, organizational and societal levels. Governance allows you to use AI in the way that suits your organization.
- AI systems can reinforce existing biases, leading to unjust decisions in hiring, lending and justice, for example.
- Everyone knows by now that you can use AI applications to create your own news. With deep fakes, for example, you can basically make any conceivable person say whatever you want. An explosion of fake news, moreover, spread at the speed of light, can undermine democratic processes and erode trust in the media and in each other as fellow human beings.
- AI systems can make mistakes, which can have serious consequences in sectors such as healthcare (misdiagnoses), transportation (accidents), and finance (wrong transactions).
- Without adequate regulation, AI systems can misuse personal data, leading to invasions of people's privacy.
These are just a few examples that show the importance of developing clear rules that ensure we use AI in a responsible, transparent and ethical way – an AI governance framework.
The 5 biggest misconceptions about AI governance
AI governance is a broad and sometimes complicated concept, which sometimes results in claims about it that are simply not true. Here are the 5 biggest misconceptions about AI governance:
- AI Governance is only for large companies.
AI governance is relevant to any organization using AI systems, regardless of size. Small companies can just as easily have risks and responsibilities that need to be managed. - AI Governance is (only) about implementing technical safeguards.
AI governance is about much more than technical safeguards. It is about making ethical trade-offs, thinking about legal compliance, societal impact, and how to ensure the preservation of human values. - AI Governance is a one-time effort.
Like continuous improvement, risk management, cybersecurity, and many other initiatives, AI governance is certainly not a one-time exercise, but an ongoing process. This is the only way to ensure that rules and guidelines are regularly reviewed and adapted to new technologies, insights and changing societal expectations. - AI Governance guarantees that AI systems always function perfectly.
While AI governance helps minimize risks and ensure responsible use, it certainly does not guarantee that AI systems will always function without errors or problems. - AI Governance can be left to the IT department.
Impactful, ongoing initiatives are only successful if you undertake them together. Getting AI right and applying the right rules and a bit of common sense requires broader involvement within an organization. From management and legal teams to ethics committees and the ‘regular employee’.
An important new aspect within the EU AI Act is that not only the person who creates software using AI is responsible, but also the person who uses it. And that means we all become at least partially responsible for the proper use of AI.
What are important aspects within AI governance?
AI has infinite applications, but in each application, one or more of the AI governance aspects below play an important role (in alphabetical order):
- Monitoring and evaluation: conduct regular audits and reviews to monitor the performance and compliance of AI systems.
- Ethics: ensuring that AI systems are ethical and free from harmful bias or discrimination.
- Inclusiveness: promote inclusiveness and accessibility in the design and implementation of AI systems so that they are widely usable and fair.
- Regulatory compliance: comply with relevant laws, regulations and industry standards related to using AI.
- Privacy: protecting personal data and complying with privacy laws and standards when using AI.
- Transparency: ensuring that AI systems are understandable and transparent so that users and stakeholders can understand the operation and decision-making of the AI.
- Security: ensuring the security of AI systems against cyber threats and misuse.
- Accountability: establishing clear responsibilities and accountabilities for the consequences of AI systems.
Is AI governance mandatory?
AI governance is not currently mandatory worldwide, but compliance is becoming increasingly important with the introduction of new laws and regulations in various regions. Whether AI governance is mandatory depends on the jurisdiction and the specific context in which people use AI. You have to deal with, among other things:
International guidelines and standards
Not legally binding, but increasingly recognized and followed as best practices.
Examples: OECD Principles on Artificial Intelligence, UNESCO AI Ethics Guidelines.
National and regional policies
Varies by country and region. Some countries have specific laws and guidelines for AI, while others rely on broader regulations such as data protection laws.
Examples: the AVG in the Netherlands, the AIA (Artificial Intelligence Act) in the EU and possible future laws such as the Algorithmic Accountability Act in the US.
Industry-specific regulations
Certain industries may have specific regulations that apply to the use of AI, such as healthcare, financial services and transportation.
Examples: the HIPAA (Health Insurance Portability and Accountability Act) in the US that applies to health data.
Company policies and self-regulation
Companies can voluntarily implement AI governance rules and guidelines to ensure that employees use AI in an ethical and responsible manner, even if there is no legal requirement.
Although AI governance is not mandatory everywhere (yet), the pressure is increasing due to:
- new laws and regulations
- international guidelines
- the need for ethical and responsible AI practices
AI governance laws and regulations
There are several laws and regulations related to AI governance. These range from specific AI laws to broader data protection, ethics, and accountability regulations. Below are some key frameworks for laws and regulations.
AI Ethics Guidelines from UNESCO
- Status: best practice, guideline
- Content: these guidelines focus on promoting transparency, accountability and inclusiveness in the use of AI. They include recommendations for ethical principles and values in AI development.
- Purpose: to promote global agreement on ethical standards and values for AI.
General Data Protection Regulation (AVG)
- Status: mandatory in the Netherlands
- Content: the AVG is the Dutch application of the GDPR. It regulates the processing of personal data and sets requirements for organizations using AI for data processing.
- Purpose: to protect personal data and ensure the privacy of Dutch citizens.
Algorithmic Accountability Act
- Status: legislative proposal
- Content: this bill requires companies to be transparent and accountable when using automated decision-making systems, including AI. Companies must conduct impact assessments to identify and mitigate biases and risks.
- Purpose: to protect consumers and promote fair and transparent AI systems in the United States.
Ethics Guidelines for Trustworthy AI (EU)
- Status: best practice, guideline
- Content: these guidelines, developed by the European Commission, describe the requirements for trustworthy AI: legality, ethics and robustness. They provide practical recommendations for design, development and implementation of AI systems.
- Purpose: to promote ethical and responsible AI practices in Europe.
EU AI Act
- Status: this act is not yet in force, but if passed, compliance will be mandatory for companies within the European Union that develop, implement, or use AI systems.
- Content: the EU AI Act is a proposed European Union regulation aimed at regulating AI systems. It classifies AI applications based on their risks (unacceptable, high, limited, and minimal risk) and sets specific requirements for AI systems where there is high risk.
- The goal: to ensure the safety and fundamental rights of citizens and to promote ethical and trustworthy development and use of AI in the EU.
General Data Protection Regulation (GDPR)
- Status: mandatory in the EU
- Content: the GDPR is a broad data protection regulation in the EU that applies to the processing of personal data by AI systems. It includes provisions on data minimization, consent, transparency, and the rights of data subjects, such as the right to an explanation for automated decision-making.
- Purpose: to protect the privacy and personal data of individuals within the EU.
National Institute of Standards and Technology (NIST) AI Risk Management Framework (US).
- Status: best practice, guideline
- Content: this framework provides guidance for managing risk in developing and implementing AI systems. It focuses on identifying, assessing, managing, and mitigating AI-related risks.
- Purpose: to promote safe and reliable AI systems in the United States.
OECD Principles on Artificial Intelligence
- Status: best practice, guideline
- Content: the Organization for Economic Cooperation and Development (OECD) has established guidelines that advocate inclusive growth, sustainable development, well-being, respect for the rule of law, democracy and human rights where AI development is concerned.
- Purpose: to promote the responsible development and use of AI through international cooperation and policy guidelines.
What are the benefits of AI governance?
As long as it is not mandatory (everywhere) to implement AI governance, you can choose to put it on the back burner. But a longer-term obligation seems inevitable, so why not get started with AI governance right away?
Like the applications of AI itself, AI governance has many different facets. It takes time to discover them. If you get started proactively with AI governance, you will at least be better prepared for future legal requirements. But in addition, it has other benefits.
Implementing AI governance immediately will in the short term ensure improved risk management, enhanced trust and reputation, increased efficiency and quality, ethical and responsible deployment of AI applications, promotion of innovation and growth, and stronger internal awareness on the subject. In short, AI governance is more than complying with future regulations. It helps you operate competitively and sustainably today.
- Efficiency and quality
Well-managed AI systems lead to better, more reliable and transparent decision-making. In addition, AI governance helps ensure the quality and safety of AI systems and applications, which increases the effectiveness of the technology. - Internal culture and compliance
Making AI properly part of your corporate culture doesn't happen overnight. Therefore, it is an advantage if you get started on AI governance now and work together to create a culture of awareness and accountability around the use of AI within your organization. Early AI governance will also make it easier to meet future internal and external audits and compliance requirements. - Proactive risk management
If you don't wait for AI governance laws and regulations, but get to work on them right away, you immediately reduce the risk of legal problems, data breaches, ethical slips and reputational damage. - Responsible innovation and growth
Clear guidelines and ditto invested responsibilities promote innovation with clear frameworks within which new ideas can be safely developed. Using AI responsibly contributes to sustainable growth and development.
What are the biggest challenges of AI governance?
We all know that eventually we won't escape it and yet much of the business community is busy with everything but AI governance. What is it that makes us so hesitant? What makes us seize every opportunity to put off a (proactive) approach for a while longer? And what could we do in return to take action?
Costs and resources
“How much will this cost and what resources do we need? Can I get this within our budget?” Stress and anxiety about finances and getting the necessary resources and board approval can be overcome in several ways. AI governance may require extensive measures and resources, but not everything is a top priority. That means investments will be spread out over a longer period of time. The cost of the risks and the consequences if things don't go well can also be very persuasive in discussions with budget managers.
Internal resistance
“What if my colleagues don't want to follow these new rules? How do I get everyone on board? How will we work together across departments to successfully introduce AI governance into our organization?” Worrying about employee resistance and struggling to get everyone on the same page; it's only a logical first reaction. Understand the negative consequences of using AI the wrong way for each function and contrast that with the benefits AI governance offers in that regard. In other words, make AI governance personal, then you will get people moving faster and in the right way.
Disruptions in processes
“How does AI governance affect our existing processes? Are there going to be a lot of disruptions? What are the consequences going to be?” If you don't know what to expect, fear of operational disruptions and how to ensure a smooth transition is well explained. So you will need to understand the potential impact of AI laws and regulations on the processes present in your organization and your process management in general. Then you can see where possible bottlenecks are and work out an appropriate solution for them.
Complexity and changeability of AI
“AI technology is quite complicated. How am I, as a non-techie, going to set up the rules and guidelines for that?” Uncertainty about how deep to dive into technical details and how to translate them into understandable guidelines can be overcome by using already developed blueprints such as the WoodWing Scienta AI Handbook. This is an expert-developed, detailed AI governance plan with practical guides, process descriptions, and sample forms.
As an integral part of the WoodWing Scienta quality and knowledge management system, it is so much more than a checklist that will be outdated again within a month. The AI Handbook is practical, 100% customizable, and always up to date. Find out how it can help you.
How do I introduce AI Governance into our business?
- Gain insight into the AI environment
- What: Start by mapping all AI systems and processes within your organization. This includes identifying the AI technologies you use, the data they process and the purposes they serve.
- Why: This gives you insight into where you stand in terms of AI systems and what risks and opportunities exist. It provides a basis for developing specific guidelines and rules.
- How: conduct a comprehensive audit of existing AI applications, speak with relevant teams, and gather documentation on current AI projects and systems.
- Develop policies, guidelines and standards
- What: Establish clear policy guidelines and standards for the use of AI. This should include guidelines on ethics, privacy, data security and regulatory compliance.
- Why: Policy guidelines help ensure that AI systems are managed and used in a consistent and responsible manner. This minimizes risk and ensures compliance with generally applicable laws and regulations.
- How: Work with legal, ethical and technical experts to develop a policy document. Make sure the guidelines are specific to your organization and easily understood by all stakeholders.
- Educate and engage employees
- What: Start by training employees on the new AI guidelines and standards. One way you do this is by explaining the ethical and legal aspects of AI and showing employees how to recognize potential risks and where to report them.
- Why: Employees are crucial to successfully managing AI. By training them properly, you ensure that everyone is aware of the rules and responsibilities, which promotes compliance and reduces the risk of mistakes.
- How: Organize workshops, webinars, and training sessions. Develop support materials and create a culture of open communication where employees can ask questions and share concerns.
With these first 3 steps, you will lay a good foundation for effective AI governance and ensure that your AI systems are managed ethically, legally, and responsibly.
The Oracle of AI governance: the WoodWing Scienta AI Handbook
Is your company properly leveraging the benefits of AI? Do you know what current laws and regulations say about its responsible use? Do you understand the (potential) strategic impact of AI on your business? How do you ensure that your employees have the information and resources to apply AI in their daily work according to all regulations?
So many questions, so few answers – at least, it sometimes seems that way. But in our AI Handbook, we have neatly listed issues around AI governance for you and make them practically applicable at strategic, tactical and operational levels.
Too good to be true? Try it yourself and convince yourself of the possibilities!