AI Inventory: Foundation for Governing AI Usage
In today's digital age, understanding where your AI operates is almost as crucial as knowing your customers’ wants and needs—both are drivers of success.
In the past decade, we have seen Artificial Intelligence (AI) revolutionize businesses by driving data-driven decision-making, automating tasks, personalizing customer interactions, and unlocking many other innovative opportunities. To maintain competitiveness, businesses are compelled to leverage AI to advance their operations. Whether internally developed, integrated into Software-as-a-Service (SaaS) solutions, or procured as customizable tools, AI impacts almost every facet of an organization. Unfortunately, AI often infiltrates organizations through various channels, and awareness of its presence is not always guaranteed. For example, when licensing a SaaS platform for customer helpdesk management tasks, AI functionalities are likely embedded within the software. Similarly, employees may utilize AI tools such as ChatGPT, an open-source AI tool accessible through web browsers, for drafting customer communications. Regardless of the entry point of AI into business processes, ensuring its trustworthiness and governance throughout its lifecycle is imperative to build trust with stakeholders, customers, and employees, and to shield the company against potential consequences. This starts with conducting and maintaining an inventory of the AI use cases.
Why the Heightened Focus on Trustworthy AI?
AI has existed for decades, but recent developments have propelled it into the spotlight. Advancements in AI technology, including breakthroughs in machine learning, neural networks, and natural language processing, have led to the development of more powerful AI models. These models are now widely deployed and embedded in critical systems such as healthcare, finance, and autonomous vehicles, with the potential to significantly impact lives. Furthermore, AI solutions have become targets for cyberattacks, which are augmented by deepfakes and misinformation that allow cyber criminals in. The heightened scrutiny from the public regarding AI's ethical implications underscores the importance of ensuring trustworthy AI. Any misstep by an AI system can have far-reaching consequences, prompting governments to intervene swiftly.
The Rapid Emergence of AI Laws and Regulations Mandating AI Inventories
Organizations should govern their use of AI to mitigate risks and ensure compliance with laws and regulations. With AI laws and regulations evolving rapidly, organizations need to stay informed of the latest developments and have the ability to determine if a new law or regulation impacts a currently deployed AI solution.
Where are Laws Heading?
Let’s discuss where the requirements are heading. The United States Executive Order 13960, Section 5, mandates government agencies inventory AI use cases, promoting the use of trustworthy AI in the federal government. President Biden's Executive Order 14110, signed in 2023, further emphasized the importance of safe, secure, and trustworthy AI development, requiring federal agencies to make their AI use cases publicly available. Even though Executive Orders 13960 and 14110 apply to Federal government agencies, organizations can anticipate it will likely be coming to the private sector soon.
Similarly, the recent adapted EU AI Act imposes obligations on AI systems based on their potential risks and level of impact, likely supported by maintaining inventories of AI use cases.
States like Colorado have passed AI Acts. Colorado’s AI Regulation 10-1-1, mandates documented up-to-date AI inventories for the life insurance industry, with plans to expand to other sectors in the future. Several more states are working on AI governance bills.
To view a consolidated list of what countries are working at it relates to AI governance, check out the Global AI Law and Policy Tracker that the IAPP organization maintains.Â
An AI Inventory is The Foundation of Governing and Complying with Laws and Regulations
Organizations may be well served by requiring that all AI use cases be inventoried or identified and reported to a central entity within the company before implementation. Inventorying AI use cases offers numerous benefits and serves as the foundational step in effectively mitigating risks and governing their use. It provides organizations with a comprehensive understanding of their AI landscape, including the types of AI technologies deployed, their respective functionalities, and their integration into various business processes. This knowledge enables companies to identify potential vulnerabilities, assess risks, and implement targeted risk mitigation strategies. Additionally, by maintaining an inventory of AI systems or use cases, organizations can monitor compliance with evolving regulatory requirements and industry standards. This proactive approach not only minimizes liabilities but also enhances trust and credibility with stakeholders and the public. Furthermore, an AI inventory facilitates transparency and accountability in AI governance, as it enables organizations to track the performance, usage, and impact of AI systems over time. By establishing clear oversight mechanisms and protocols for developing, implementing, monitoring, and evaluating AI deployments, companies can effectively govern their use, promote responsible AI practices, and uphold ethical standards. And it can be anticipated that more laws and regulations will require an inventory.
What Should be Considered as Part of the Inventory
Key information about the AI use case should be collected as part of the inventory, including details such as the responsible business unit or department, contact information for technical and business contacts, a description of its use, whether private or involving certain classes of information, the status of the use case (i.e., development, pilot, production, retired), the type of AI technology used (i.e., ML, NLP, etc.), attributes about the training data and source code, third-party involvement, and other pertinent data that would help determine the initial risk level of the AI use case and ongoing governance requirements. Additionally, this inventory can be utilized to support litigation, audits, and investigations, as well as provide a quality check for other compliance programs such as privacy, security, records management and retention, and third-party risk management.
Conclusion
In conclusion, the convergence of technological progress, societal impact, and ethical considerations has propelled AI trustworthiness to the forefront of discussions. Responsible development and robust safeguards are essential to navigate this new era of AI, beginning with understanding the AI use cases within your company. An AI inventory is not merely a compliance exercise; it is a business benefit. Companies that proactively inventory their AI use cases may gain competitive advantages, mitigate risks, and build public trust. As the private sector follows the lead of governments in investing in AI inventories, it becomes a smart business decision to protect your company.
No matter the direction of the law, there are significant business and legal benefits to knowing how you are using AI in your company.