Trust doesn’t come from ads reiterating your commitment to “doing the right thing.” It comes from the processes you put in place to ensure that you are doing the right thing. To earn trust, businesses need to shift from abstract principles to concrete commitments and actions; from oversight bodies that are primarily advisory to those that are accountable and can stop processes; and from high-level, aspirational goals to measurable, achievable strategic initiatives. Here are five ways to put that shift into practice.
Build a management system, not just a mission statement
Most companies have it in writing that their AI will never be biased or unsafe. Few have operational guardrails to ensure that’s the case.
Without a management system to enforce responsible AI use, how do you know the guarantees and promises that are removed from the development team are still being represented in the final model? How do you guard against misalignment between the product team’s intent and the deployed model?
Make transparency a design requirement
Many companies think they’re already transparent because they are legally required to inform users if an automated system uses their data. But that kind of disclosure is not enough. People should also have a direct path to recourse if they feel they’ve been wronged.
This principle can be hard for leaders of AI projects. It often feels easier to ask for forgiveness than permission, especially when the tech is complicated and new and your competitors aren’t being transparent either. But that stance can be ruinous if your models propagate bias or infringe on privacy, and it will jeopardize all the projects you could be working on that don’t have these problems.
“Move fast and break things” was once effective for tech products, but that mentality isn’t justifiable for AI. If a model doesn’t perform well enough to give ethical assurance, it shouldn’t be released. And if the only way you can solve a problem with AI is to abuse or deceive your users, don’t build that project.
Govern risk before deployment, not after
Different AI tools pose different levels of risk. For example, a chatbot suggesting music playlists and a tool used to screen job candidates present varied risks in terms of potential malfunctions or unintended consequences.
A risk-based approach involves sorting AI tools according to the amount of risk they pose before they are taken into use. High-risk applications – such as those used in HR recruitment, systems that determine credit ratings, or clinical support software – call for stringent rules, third-party checks, and documented testing specifically for bias. Lower-risk tools still need checks and balances but the level of monitoring applied should be adjusted.
Organizations can implement a cross-disciplinary AI ethics committee to help with this. This isn’t a formality committee; it is comprised of legal advisors, technical professionals as well as diversity and inclusion specialists who can predict the effects of a biased algorithm on certain groups of users even before the model is put into practice.
Companies can also adopt a red team. It’s not just a technical process but a culture of stress-testing a system of AI models to detect harmful or inadequate results or usages on purpose rather than assuming that everything works perfectly.
Let third parties verify what you claim internally
Internal governance is a must. But it’s not enough. Independent audits and third-party verification turn internal safety claims into something outside stakeholders can trust. This is where the formal standards come in. Constructs like the NIST AI Risk Management Framework can provide detailed guidelines on how to enhance trustworthiness through the full AI lifecycle. And for those organizations that want to achieve internationally recognized verification that the right practices are in place, iso 42001 certification can provide the globally recognized benchmark that others in the ecosystem – regulators, partners, and customers – can point to without taking the organization’s word for it. Here AI safety compliance stops becoming a compliance game and starts seeding a competitive signal. Certification isn’t something you tick a box for. You wave it as a flag in the marketplace that says that these practices have been externally reviewed against a documented practice standard and found to be good.
Monitor what you’ve already deployed
Trust is not something we can consider final, only after a product is out. We have seen tons of companies who overestimate their models’ capabilities. A fraud detection model is truly only as good as the data it’s been trained on, and the second it’s deployed the data goes out of date. Labor markets can also shift, invalidating a hiring model, and external factors can shift too, making a recommendation system spew out poor suggestions.
