ISO’s guidance on AI risk management introduces a common framework relating to the implementation and use of AI systems. Risk management allows organisations to identify and evaluate risks using resources. The guidance applies to organisations that produce, develop, use, or deploy systems that use AI. Its purpose is to encourage and assist organisations to integrate risk management into their AI-related functions and activities using principles, frameworks and processes.
Why should I care?
AI allows organisations to make better decisions and improve business processes, but it can also be harmful. It’s important for AI to be responsible and ethical. Having a seamless risk management strategy ensures that your organisation can control the probability or impact of unfortunate events or maximise opportunities. The guidance provided by ISO describes processes for the effective implementation and integration of AI risk management.
Risk management principles
The document considers the inclusivity of all stakeholders when using AI, and communicating its risks and benefits. Incorporating feedback and raising awareness are important elements in the risk management process. Human behaviour and culture significantly influence aspects of risk management. Organisations should monitor cultural changes, with a particular focus on how AI systems affect privacy, freedom of expression, fairness, safety and security.
Risk management framework
These are some elements organisations can consider:
- Guidelines for the ethical use and design of AI issued by government-related groups.
- Use of AI improving the quality of handling data.
- Societal and political implications of the deployment of AI systems, including guidance from social sciences.
- The effect that an AI system can have on an organisation’s culture by shifting and introducing new responsibilities, roles and tasks.
- Use of AI, especially AI systems using continuous learning, and how it can affect the ability of the organisation to meet contractual obligations and guarantees.
Risk management processes
As part of the risk management process, organisations are encouraged to consider their stakeholders’ environment (are they customers, suppliers or regulators?). They can also consistently evaluate the effectiveness of AI systems. Lastly, organisations can consider their capacity to mitigate AI risks.
I want ISO/IEC 23894:2023
If you want to explore the document more, you could buy it from ISO. Otherwise, here’s an English preview of the document.
How we can help you
- Move towards trustworthy AI by consulting with our specialists or attending our public or private workshops.
- Determine how AI impacts your organisation by asking us for an AI risk assessment.
- Protect your commercial interests by asking us to draft your AI contracts.
- Stay updated with the latest AI law news by subscribing to our newsletter.
- Discover more about AI by reading our AI law page.