RAI Governance via APIs

Summary: To restrict the way AI systems are used, developers can provide AI services in the cloud and control the interactions with these services via APIs.

Type of pattern: Process pattern

Type of objective: Trustworthiness

Target users: Developers

Impacted stakeholders: AI technology procurers, AI solution procurers, AI users, AI consumers

Lifecycle stages: Implementation

Relevant AI ethics principles: Human, societal and environmental wellbeing, human-centered values, fairness, privacy protection and security, reliability and safety, transparency and explainability, contestability, accountability

Mapping to AI regulations/standards: EU AI Act, ISO/IEC 42001:2023 Standard.

Context: Some AI systems may possess high-risk capabilities, which can be used or modified to perform harmful tasks. These capabilities may include natural language processing, speech and facial recognition, and decision-making abilities. It is crucial for developers to be aware of these high-risk capabilities and implement strict access controls to prevent any suspicious activity.

Problem: How can developers limit the use of AI systems?

Solution: To prevent harmful dual use of AI systems, developers should carefully consider both the intended and unintended uses of their AI systems. This includes being aware of ways the systems may be adapted or modified. To limit the use of AI systems, developers should implement restrictions on the way AI systems are used and prevent the users from getting around restrictions by unauthorized reverse-engineering or modification of the system design. One way to do this is by providing AI services on cloud platforms and managing interactions through API controls, rather than allowing AI systems to run locally with unrestricted access.


  • Compliance with regulations: Providing AI services on cloud platforms and controlling interactions through API controls can help developers comply with RAI regulatory requirements.
  • Protection against malicious use: By restricting access to AI systems and preventing unauthorized modifications, developers can reduce the risk of their systems being used for harmful purposes.


  • Dependence on cloud providers: By hosting AI services on cloud platforms, developers may become dependent on the platform providers and their policies.
  • Limited access to certain users: Some users may be prevented from accessing the AI services if they do not have much knowledge on how to use APIs.
  • Limited performance: Offering AI services on cloud platforms may result in longer response time compared to local deployment.

Related patterns:

  • AI regulation: The design of APIs must be compliant with RAI regulations.

Known uses: