How to get started in AI governance and ethics - part 2: how to define and catalogue AI

3-minute read – this is the second in a 3-part series of short articles written for Privacy professionals, that will help you get to grips with AI Governance. In this article, you will read about how to define AI as part of your cataloguing process. Click to review the Part 1, covering the EU AI Act and setting out Nine Guiding Principles to govern the use of AI.

Your AI catalogue starts with an understanding of what AI is – and isn’t

AI can be difficult to define clearly. The recent surge in interest towards Generative AI (GenAI) among the public and regulatory bodies has highlighted the inconsistencies, emphasizing the need for clarity. The interchangeable use of AI concepts, processes and types is exacerbated by differing industry definitions among technology vendors, regulators and academia. The Organisation for Economic Co-operation and Development (OECD) dissects AI into distinct elements, each contributing to the broader understanding of the role and capabilities of AI in the modern world.

1.?????? Machine-based system: This element forms the backbone of AI, emphasizing its reliance on advanced machine technology.

2.?????? Explicit or implicit objectives: AI systems operate based on objectives that can be direct and clearly stated or inferred from their programming and learning processes. This dual nature of objectives is evident in systems ranging from autonomous vehicles to advanced language models.

3.?????? Inferring from received input: Central to the operation of AI is its ability to infer or deduce outputs from inputs. This process is a testament to its logical and analytical prowess where it processes and interprets inputs, be they from humans or machines, to generate meaningful outcomes.

4.?????? Generating outputs: Expanding AI's scope, this aspect includes the creation of content such as text, video or images, alongside making predictions, recommendations and decisions. This broadens AI's role from a mere decision-making tool to a creator of diverse digital content.

5.?????? Influencing physical or virtual environments: AI's impact transcends the physical world and extends into virtual realms. This distinction underscores the technology's pervasive influence, whether in tangible, real-world scenarios or within digital landscapes.

6.?????? Varying levels of autonomy and adaptiveness post-deployment: Highlighting AI's dynamic nature, this point reflects the technology's ability to evolve and adapt over time. Such adaptiveness is seen in systems that tailor their responses based on user preferences or specific interactions.

At the beginning of your AI Governance programme, you will probably need to catalogue and risk assess in parallel

You can use this definition at the outset, as you create the scope for you catalogue/inventory of AI applications across your organisation. Your definition will also act as a key entry check and reference point in your AI risk assessment. If you've been deploying AI before implementing your AI Governance programme, you will need to search for existing applications, as well as carry out risk assessments on proposed use-cases. This is very similar to the early days of GDPR, and the lessons learned from that period can be applied here.

Link your risk assessment and catalogue together. You should aim, over time, to create your catalogue as an automatic output of your risk assessment.

Check back in next week to read about risk assessments, and 6 areas of focus for your questionnaire.