Dimensions of governance

- [Instructor] We know that AI governance is the need of the hour, but what is stopping us from effectively implementing it? Well, it is not as easy as it sounds. There are several reasons that this is difficult to get started. First, the complexity of AI governance starts with its multidisciplinary nature that requires inputs from experts in various fields. The stakeholders in AI governance include not only the technical teams building AI applications, but also business stakeholders who would be impacted by AI implementation and its outcomes, government bodies responsible for creating and enforcing regulations, and end users who are directly affected by AI systems. Further, building a practical governance framework requires establishing a global structure, starting with international collaboration and standardization. AI is a technology that transcends boundaries. The elements specifically are trained on data from almost all of the internet, making it a governance issue on a global scale. This calls for having globally interoperable rules that are consistent beyond boundaries, establishing common grounds for assessment. The consistency of such rules reduces the scope for regulatory arbitrage, that is, the fear that overregulation would drive away innovation to other nations who are lenient on AI governance. Next, specific sectors such as healthcare and finance carry more risk and impact on individuals and society. Think of the extent of impact an inaccurate, biased AI-powered finance application can have. It can lead to financial losses for individuals or institutions. Yes, these are already heavily regulated sectors. However, integration of AI brings additional challenges that can often manifest in unforeseen ways, and hence, raises a need to govern them more stringently, mainly due to their direct effect on users and their lives in general. Keep in mind though that when we talk about risk, it is important to segregate the risk to check if it is coming from the algorithm or is black box nature or from the data underneath, such as data privacy and bias stemming from misrepresented data. There can be unintended consequences arising from various factors, such as unexpected interactions between different variables or the emergence of patterns that were not apparent during the development phase. Now, compare this with the malicious use of AI systems or bad actors who can sabotage AI applications, exploit systems' vulnerabilities, or extract sensitive information from data sets, violating individuals' privacy. It raises a very valid point that often concerns business executives. How does the regulation segregate between an accidental or unintended outcome from AI applications versus its deliberate misuse? This takes us to our last point, which is based on the premise that risks are of varied severity, and hence, call for a targeted approach to risk management. The EU AI Act divides risk associated with AI applications into four categories, minimal, limited, high, and unacceptable. As you have already sensed by now, there are many ways risk can manifest throughout an AI life cycle, from development and deployment to monitoring. It soon becomes a challenge for organizations to prioritize the resources, efforts, and attention to the most critical risk. By categorizing risk based on their potential impact, organizations can focus on addressing high priority risk that significantly impact users, stakeholders, and the overall system. Moreover, grading applications based on their degree of risk helps bring in the necessary accountability and list the repercussions and hefty penalties in case of violations. Having discussed some multifaceted challenges to govern AI, I would still say we have barely scratched the surface. AI governance is an evolving field, with ongoing developments and challenges. Drawing from your experience, what are the key challenges you have faced in operationalizing effective AI governance in your organization? Lastly, as promised, let us see what it takes to embed ethics by design.