RAI Risk Committee

Summary: An RAI risk committee is a group of individuals who are responsible for reviewing and approving proposals of AI projects to ensure the adoption of AI is done in a responsible manner.

Type of pattern: Governance pattern

Type of objective: Trustworthiness

Target users: Management teams

Impacted stakeholders: Employees, AI users, AI impacted subjects, AI consumers

Lifecycle stages: All stages

Relevant AI ethics principles: Human, societal and environmental wellbeing, human-centered values, fairness, privacy protection and security, reliability and safety, transparency and explainability, contestability, accountability

Mapping to AI regulations/standards: EU AI Act, ISO/IEC 42001:2023 Standard.

Context: The RAI considerations surrounding the development and use of AI are complex and constantly evolving. Simply adhering to legal requirements is not enough to effectively manage the RAI risks and maintain public trust in AI. Additionally, legislation often lags behind technology advances, making it difficult for organizations to stay up to date.

Problem: What are ways to implement a risk-based approach within an organization?

Solution: An RAI risk committee is a governance body that is responsible for establishing standard processes for decision-making and for approving and monitoring AI projects within an organization. Review by an RAI risk committee is typically required for all the AI projects within an organization and can be regulated by governments. The committee should be composed of individuals with diverse areas of expertise, such as ethics, law, AI, software engineering, and domain-specific knowledge. It is important to consider potential conflicts of interest or biases within the committee. To avoid such situations, organizations can either include at least one external member on the RAI risk committee or establish an independent, external RAI risk committee.

Benefits:

• Enforced internal governance: An RAI risk committee can establish governance standards at the organization level.
• Feedback and guidance: The committee can provide feedback and guidance to the project team after reviewing proposals.

Drawbacks:

• Limited capability and capacity: Due to a lack of internal expertise in the area of RAI, organizations may have to rely on traditional risk management professionals to assess the potential risks associated with RAI.
• Bias: A limited range of expertise within an organization can potentially lead to biases or conflicts of interest in decision-making processes.

Related patterns:

• Leadership commitment for RAI: An RAI risk committee is a component of the RAI governance structure established by the management team.
• RAI risk assessment: An RAI risk committee is a group of individuals who are responsible for perform the RAI risk assessment process and making decisions based on the results of the RAI risk assessment.

Known uses:

• Accenture released a research report on how to build data and AI ethics committees.
• Adobe has created an AI ethics committee which includes experts around the world with different background and experience.
• Sony has established AI ethics committee since 2019 to ensure the development and use of AI is socially and ethically appropriate according to the Sony Group AI Ethics Guidelines.