Build an AI Use Policy

Written By Kirthi Jayakumar

AI use also brings with it a measure of responsibility and care. As its use produces impacts, it is important to understand that these impacts need not always be positive, or even the same for everyone who might be impacted by its use. Developing an AI Use Policy to define the very nature of the use of AI can be powerful in protecting the interests of those who might be harmed by the choice to and actual use of AI.

Here is a check-list for an AI Use Policy:

  • Define the purpose for the use of AI. It is a good idea to be as specific as you can be in defining the purposes for which you can and cannot use AI.  

  • Identify the scope by naming the systems covered, teams involved, and data sources

  • List out guiding principles for AI use. A good yardstick is to look at common principles across most AI regulations and policies and build forward from there.

  • Define the roles and responsibilities within your organisations, in relation to who builds AI systems (if applicable), who approves deployment, who audits outcomes, and who handles grievances when they emerge.

  • Classify risks around AI use, and specify the criteria for classification so that it can be applied in relation to risks as they emerge.

  • Build a data governance mechanism to handle data sources, consent practices, bias checks, data storage and security. Prioritize data minimization.

  • Build a model governance mechanism by identifying the documentation, testing, performance benchmarks, and explainability standard requirements.

  • Establish a clear approach for human oversight by defining when and where humans intervene, what override mechanisms look like, and clear appeals processes.

  • Build in a monitoring and auditing component, and determine the frequency of audits, the metrics that will be tracked, and frameworks for independent reviews.

  • Create an incident response mechanism by identifying what constitutes harm, how it will be addressed, what timelines will be followed for response, and what accountability measures will be implemented.

  • Review and update your policy regularly: Both, after incidents happen, with the learnings drawn, and on a consistent basis.

Kirthi Jayakumar
Previous

Risk Assessment Checklist
Next

External Audits & Third-Party Evaluation