AI governance platform
The environment of global AI governance is complicated and changing quickly. Important themes and issues are starting to surface, but government organizations should be proactive and assess their priorities and procedures in-house. The last step is only to ensure that official policies are followed using auditing tools and other techniques. The foundation for successfully operationalizing governance is human-centered and consists of creating centers of excellence and agency-wide AI literacy, identifying responsible leaders, obtaining funded mandates, and combining knowledge from the public, nonprofit, and commercial sectors.
The environment of global governance
The OECD Policy Observatory now maintains a list of 668 national AI governance projects from 69 nations, territories, and the European Union. These include national agendas, goals, and strategies; agencies tasked with coordinating or overseeing AI; stakeholder or expert public consultations; and projects aimed at implementing AI in the public sector. Furthermore, the OECD classifies legally binding AI standards and rules apart from the previously stated projects, including an additional 337 initiatives in this category.
It might be challenging to define the word governance. When referring to AI, it can mean government-mandated regulations, policies governing data access and model usage, or the safety and ethical boundaries of AI tools and systems themselves. As a result, observe that different national and international recommendations approach these overlapping and crossing meanings. Because of all these factors, AI governance ought to start at the conceptual stage and go on throughout the AI solution’s lifecycle.
Common issues, themes
As demonstrated by the recent White House directive establishing AI governance committees in U.S. federal agencies, government agencies generally aim for governance that supports and strikes a balance between societal concerns of economic success, national security, and political dynamics. In the meantime, a lot of private businesses appear to place a higher priority on economic prosperity, emphasising productivity and efficiency as the keys to both business success and shareholder value. Some businesses, like IBM, place particular emphasis on incorporating guardrails into AI workflows.
Academics, non-governmental organisations, and other specialists are also issuing guidelines that are helpful to public sector institutions. The Presidio AI Framework (PDF) was released this year by the AI Governance Alliance of the World Economic Forum. It “provides a secure way to create, apply, and use generative AI.” The framework highlights safety problem-solving opportunities and gaps. from the viewpoints of four main actors: consumers of AI applications, authors of AI models, adapters of AI models, and users of AI models.
Certain regulatory themes are emerging that are common to many businesses and sectors. For example, it is becoming more and more prudent to inform end users about the existence and purpose of any AI they are using. Leaders need to guarantee consistency in output, defence against criticism, and a practical dedication to social responsibility. Fairness and objectivity in training data and output should be prioritised, environmental effect should be kept to a minimum, and accountability should be raised through organization-wide education and the designation of accountable persons.
Policies alone are insufficient
Regardless of whether they are drafted with rigour or comprehensiveness, governance policies are merely guidelines regardless of whether they are enforced formally or through soft law. What matters is how organisations implement them. As an illustration, New York City formalised its AI principles in March 2024 and released its own AI Action plan in October 2023. These guidelines supported the aforementioned themes, such as the idea that AI technologies “should be tested before deployment,” but they also encouraged people to disobey the law. This was the case with the AI-powered chatbot the city implemented to respond to inquiries regarding opening and running a business. Where did the execution go wrong?
A participative, responsible, and human-centered approach is necessary for operationalizing government. Let’s examine the three crucial steps that organizations need to do:
Name responsible leaders and provide the resources they need to carry out their duties
Accountability is necessary for trust to exist. Government agencies need accountable executives who are mandated by funding to operationalize governance structures. To provide just one example of a knowledge gap, we’ve spoken with a number of senior technology professionals who are unaware of the possibility of data bias. Data is a product of the human experience and can solidify injustice and worldviews. AI might be thought of as a mirror reflecting back to us their own prejudices. They must find responsible leaders who grasp this and who can be held accountable for making sure their AI is run ethically and in line with the values of the community it serves, in addition to providing them with financial support.
Offer instruction in applied governance
Numerous organisations are hosting hackathons and AI “innovation days” with the goal of increasing operational efficiencies (i.e., cutting expenses, involving citizens or staff, and other KPIs). They suggest expanding the scope of these hackathons to tackle the difficulties associated with AI governance by taking the following actions:
Step 1
Have a prospective governance leader give a keynote address on AI ethics to hackathon attendees three months prior to the pilots’ presentation.
Step 2
Assign the role of event judge to the government agency creating the policy. Give criteria for evaluating pilot projects that take into account the functional and non-functional needs of the model being used, as well as AI governance artefacts (documentation outputs) such as factsheets, audit reports, and layers-of-effect analyses (intended, unintended, primary, and secondary impacts).
Step 3
Provide the teams with applicable training on creating these artefacts through workshops based on their individual use cases for six to eight weeks prior to the presentation date. Encourage diversified, multidisciplinary teams to participate in these workshops with development teams to help them evaluate ethics and predict risk.
Step 4
Have each team present their work holistically on the day of the event, showing how they have evaluated and would reduce different risks related to their use cases. Each team’s work should be questioned and assessed by judges with credentials in cybersecurity, regulation, and domain expertise.
Based on ibm expertise providing practitioners with applicable training related to highly specific use cases, these timetables have been developed. It places team members in the position of astute governance judges while allowing aspiring leaders the opportunity to carry out the actual task of governance under the supervision of a coach.
However, hackathons are insufficient. In three months, one cannot learn everything. Agencies should make the investment to create an AI literacy education culture that encourages lifelong learning, including the occasional rejection of preconceived notions.
Assess inventory using methods other than algorithmic impact analyses
Algorithmic impact assessment forms are widely used by organisations that create a large number of AI models as their main tool for collecting pertinent inventory metadata and evaluating and reducing the risks associated with AI models prior to deployment. These forms merely ask about the AI model’s goal, training data and methodology, responsible parties, and concerns over uneven impact. They do not ask questions about AI model owners or procurers.
The employment of these forms in isolation without rigorous education, communication, and cultural considerations raises a number of concerns. Among them are:
Rewards
Are people encouraged or discouraged from carefully completing these forms? discover that most are under pressure to reach quotas, which disincentivizes them.
Acceptance of risk
These documents may suggest that because a model was obtained from a third party or that they utilised a specific technology or cloud host, the model owners will be released from liability.
Relevant AI definitions
It’s possible that model owners are unaware that what they are installing or acquiring fits the regulatory definition of intelligent automation, or AI.
Ignorance of the varying effects
One could argue that an accurate assessment of differential impact is intentionally removed by placing the burden of completion and submission of an algorithmic assessment form on a single individual.
Ibm have seen alarming form submissions from AI practitioners who claim to have read the published policy and comprehend its ideas, as well as those from a variety of educational backgrounds and geographic locations. These entries include things like “There are no risks for disparate impact as I have the best of intentions,” and “How could my AI model be unfair if I am not gathering PII.” These highlight the pressing need for practical training and a corporate culture that regularly compares model conduct to well-defined ethical standards.
Fostering a collaborative and accountable culture
As organisations struggle to manage a technology that has such a broad influence, a participatory and inclusive culture is crucial. Diversity is a mathematical factor, not a political one, as ibm have previously discussed. Multidisciplinary centres of excellence play a crucial role in ensuring that staff members are knowledgeable, accountable AI users who are aware of the dangers and varying effects. Organisations should emphasise that everyone bears accountability, not only model owners, and integrate governance into collaborative innovation initiatives. They need to find really responsible leaders who address governance problems from a socio-technical standpoint and who are open to new ideas for reducing the risk associated with AI, whether they come from governmental, non-governmental, or academic sources.
