Elements of an AI policy

A good AI policy should be a living document that evolves as your company adapts to AI use.

As AI tools advance, so should the policy surrounding them. It should provide clear guidance and frameworks for developing, deploying, and using AI systems in a responsible and ethical manner. Having a policy in place that is well communicated can provide an extra level of security for your organization and employees.

Disclaimer: The thoughts and ideas presented in this course are not to be substituted for legal or ethical advice and are only meant to give you a starting point for gathering information about AI policy and regulations to consider.

When writing an AI policy, you might consider whether asynchronous collaboration versus synchronous collaboration is right for you. With an asynchronous approach, people write their individual sections of a document by a deadline, after which the full policy is polished and edited. With a synchronous approach, an organization might convene a set of meetings with experts over a length or time to work on the document together. There are benefits and drawbacks to both approaches, and you will know which best fits your organization’s needs.

In general, a policy might have sections devoted to the following topics:

  1. Purpose and Scope. In this section, you might define what your organization’s goals and plans for AI use, as well as what types of AI systems the policy will cover. This section might also contain definitions of specific terms, like what your organization considers AI or generative AI. A purpose and scope section can ensure everyone is aligned and avoid ambiguity.

  2. Values and Principles. This section states how your organization’s core values and principles will guide your use and development of AI tools. Some possible principles might be fairness, transparency, accountability, safety, or privacy.

  3. Governance and Oversight. You may want to establish a clear governance strategy for overseeing AI initiatives. This includes the roles of those involved in decision-making, as well as their responsibilities.

  4. Data Management and Privacy. This section outlines data governance practices that ensure data quality, security, and responsible use in AI systems. You should make sure your guidelines are compliant with relevant data privacy regulations like GDPR, CCPA, and other industry-specific regulations.

  5. Fairness and Non-discrimination. In this section, you can lay out how you might monitor and audit AI systems for possible bias. This section can also include guidelines for developing or deploying AI in ways to avoid perpetuating or exacerbating bias or discrimination based on protected characteristics.

  6. Risk Management, Safety, and Oversight. A section like this might lay out robust testing procedures to monitor, identify, and mitigate potential risks associated with AI systems, including security vulnerabilities, safety hazards, and unintended consequences. It can also identify ways to ensure oversight and accountability for AI systems, ensuring humans remain ultimately responsible for AI-driven decisions.

  7. Education and Training. This section describes how your organization will provide training and education programs on AI systems on responsible AI development, deployment, and use. You can also detail how these training modules will be created and what topics are necessary for different groups of employees.

  8. Feedback and Review. In this section, you can establish a mechanism for regularly reviewing and updating the AI policy as technology and best practices evolve. You may also want to implement procedures for employees to give feedback about AI issues or concerns within your organization.

All illustrations CC-BY.
All other materials CC-BY unless noted otherwise.