Updated pursuant to the release of the proposed EU Artificial Intelligence Act April 2021
A new study shows that more than 70% of business leaders are taking steps to ensure ethical use and deployment of AI within their business operations.
Some business leaders even establish ethics committees to review the use of AI to ensure that everything is above board prior to implementation of the technology. From this, it is clear that business leaders are starting to take ethical concerns of AI seriously and are taking the necessary steps to ensure that the technology does not harm the organisation or its stakeholders (Accenture, 2018).
Let’s think about Isaac Asimov’s three laws of robotics:
- A robot may not injure a human being, or through inaction, allow a human being to come to harm.
- A robot must obey the orders given to it by human beings except where such order would conflict with the First Law.
- A robot must protect its own existence as long as such protection does not conflict with the First or Second Laws.
(Barthelmess & Furbach, 2014)
Asimov’s laws are not practical, as many scenarios could be constructed where they would fail. Instead, organisations should develop their own prescriptive and specific ethical guidelines to ensure transparency and accountability for the way AI is deployed internally, and the way it interacts with stakeholders externally (Accenture, 2018).
Ethical principles framework
Anekanta Consulting has created an ethical framework which makes provision for the prevention of bias in the AI applications as well. The purpose of this set of principles is to ensure ethical AI practices throughout the organisation. It is clear that AI needs to be on the Board agenda and considered seriously as part of the CSR requirements. AI should not be confined within the realms of IT, although the CIO may take responsibility for implementation and management.
We recommend the following framework which serves as a blueprint for any organisation in any sector, planning their AI strategy.
1. Board accountability
The Board is accountable both legally and ethically for the positive use of AI within the organisation. Ethical principles, policies checks and measures must be in place and rigorously monitored. This is to ensure that the AI is safe, transparent, does not have a negative effect on the well being of employees and stakeholders, and prevents the introduction of bias into automated processes and decisions. The Board holds the final veto on the implementation and use of AI in the organisation.
2. Audit and measure
The ethical principles must be audit-able and measurable; they should be embodied in the ISO 9001:2015 quality system to ensure a consistent approach to the evaluation and use of AI by the organisation.
3. Ethics committee
The ethics committee which includes employee representatives should be formed to oversee AI proposals and implementations. Proposals should include a risk assessment, impact assessment and evaluation of the transparency of the AI’s decision making process. The committee must recommend to the Board whether the AI implementation may have a beneficial effect without negative impact. The ethics committee must examine the risk of bias becoming embodied in the AI and propose measures to prevent and remove bias.
4. Set high level goals
High level goals for the use of AI in the organisation must be created in line with its vision, mission and values. The AI must be to the benefit of the organisation, its employees and customers. Examples of the goals of AI include a) augmenting human tasks b) enabling better faster human decisions c) preventing bias d) not causing harm to any employee or stakeholder.
5. Data sources
In the definition of the purpose of the specific AI implementation the sources of data must be identified and documented. There must be a method of detecting and reporting bias. If bias is discovered, action must be taken to identify the source, discover why it is there and remove it from the AI. The data sources must be preserved and any adjustments documented for traceability. KPIs must be implemented to keep the bias out of the organisation and out of its data sets.
6. Impact assessments
Impact assessments must be undertaken which consider the possible negative effects and outcomes for employees whom interact with the AI or whose jobs may be affected. The approach to the change of any job purpose must be in line with the organisation’s policy and compliant with the relevant employment, privacy and equality laws. The employees must be given sufficient information about the potential use of the AI and the opportunity to provide feedback to the Board via the ethics committee. The employees must be advised so they are aware of what processes are being undertaken by AI even if they do not directly interact with it e.g. they must be informed and aware when they are interacting with an HR chatbot.
The training needs of the employees must be taken into account and programmes must be implemented in order to explain the purpose of the AI, to train on its use and to inform them of the ethical framework created and implemented in the company in order to prevent bias. The employees must be trained on the system used to monitor and report bias.
8. Privacy and compliance
The AI must be designed for privacy and audited to ensure compliance with data privacy legislation such as GDPR and organisation policies. The technical teams responsible for implementation must be trained on the ethics framework and to challenge the AI developers to ensure that the transparency of the AI decision making is understood and whether any human final decision is needed or not. The AI technical teams must report their findings to the ethics committee as part of the AI proposal process.
9. High Risk – New EU AI Regulation
On 21st April 2021, The European Commission published their proposal for the regulation of Artificial Intelligence. The new regulations set out a risk based approach to the implementation of AI horizontally across sectors, also vertically, providing sector specific guidance for AI in law enforcement, education, safety systems and so on. The impacts are going to be wide reaching. The responsibility and accountability is clearly defined through the entire supply chain. The developer, provider and user are all accountable for the safe implementation of AI. Before AI is developed or deployed, a risk assessment must be carried out to determine what level of transparency and ex. ante, CE Marking and post market monitoring is required. We recommend that you contact Anekanta Consulting for further information and to discuss design and development considerations in anticipation of the proposal becoming ratified into EU Law in the next 2 years.
10. Secure by design
The AI must be secure by design and stand the scrutiny of external test and certification processes such as Cyber Essentials Plus. This may include penetration testing which may be used to ensure that the data sets used in the AI cannot be breached.
The AI must be tested prior to any organisation wide implementation to ensure compliance with the ethics framework and the scope of the implementation. The ethics committee makes recommendations to the Board to proceed with full implementation, adjust the scope, or to veto if conditions are not met. The decision to implement rests with the Board.
12. Review cycle
Regular reviews must be undertaken to monitor the decisions of the AI and audit them against the intended use and ethical framework. If the AI deviates from the purpose and ethics in any way, the deviations must be documented, reported to the ethics committee and corrective actions implemented within a reasonable period since discovery depending on the severity of the issue based on the risk and impact assessment.
If you would like to learn more about the effective and ethical use of AI in business, and the steps you need to consider to become compliant with the new EU AI Act please contact us at firstname.lastname@example.org
Anekanta Consulting. Copyright 2020.