RAI Governance of APIs

Summary: An RAI knowledge base can be built to support the compliance checking for APIs.

Type of pattern: Process pattern

Type of objective: Trustworthiness

Target users: Developers

Impacted stakeholders: Testers, AI users, AI consumers

Lifecycle stages: Implementation

Relevant AI ethics principles: Human, societal and environmental wellbeing, human-centered values, fairness, privacy protection and security, reliability and safety, transparency and explainability, contestability, accountability

Mapping to AI regulations/standards: EU AI Act, ISO/IEC 42001:2023 Standard.

Context: AI libraries or services offer reusable functionality APIs that developers can utilize during the development of AI systems. APIs can increase efficiency and significantly reduce the development cost and time associated with developing AI systems. However, it is important to consider potential ethical concerns, such as data privacy breaches or fairness issues, when utilizing APIs.

Problem: What are the ways to ensure that the design of APIs adheres to RAI regulations?

Solution: RAI compliance checking is necessary to detect whether any potential violation exists in the design of APIs. A knowledge-driven approach can be adopted to detect ethics issues using an RAI knowledge base. The RAI knowledge base provides a structured representation of meaningful entities, concepts, and their relationships in the development of AI systems. The rich relationships between entities are made explicit and traceable across various high-level documents and AI system artifacts. The RAI knowledge base can be constructed based on ethical principles and guidelines, such as the General Data Protection Regulation (GDPR), and technical documents like API documentation to support the RAI compliance checking for APIs.

Benefits: 

• Compliance-checking: The RAI knowledge base, derived from the RAI regulatory documents and principles, provides structured data to support the creation of RAI compliance checking solutions for API design.
• Reduced verification cost: The RAI knowledge base can greatly reduce the labor cost associated with compliance checking.

Drawbacks: 

• Increased development cost: Building an RAI knowledge base using natural language processing techniques can be time consuming and error prone.
• Lack of expertise: It may require expertise in RAI regulations, as well as the technical knowledge of API design.

Related patterns:

• RAI knowledge base: Ethical issues of APIs can be detected by ethical knowledge base.

Known uses:

• Pandit et. al. create a knowledge-based systems for GDPR compliance checking.
• Libal design a tool named the NAI suite that annotates GDPR article 13 and checks the process of data collection and processing.
• Hussain et. al. present the effects of API security mechanisms on GDPR.