A Practical Guide for Delivering Responsible AI

Artificial intelligence (AI) deployments are scaling beyond early pilot phases to becoming fully integrated solutions, driving production and enterprise-wide transformation. Against this, executives face a challenging task: moving AI from proof of concept to the core of daily operations. This shift requires them to answer new questions, ranging from how to develop, deploy, and use AI responsibly to build a trustworthy foundation upon which to scale.

Responsible AI is about making sure AI is helpful without being harmful to people, organizations, and society. While the perception may be that it can slow down the developmental lifecycle, in practice, it can make innovation stronger. Rolling out Responsible AI can help decrease the number of costly failures, allow faster adoption and trust, provide regulation-ready systems, and improve sustainability.

However, understanding how organizations can develop, deploy and adopt Responsible AI is key to ensuring its foundational practice and full integration. Here we provide a practical guide on how companies can do this, ensuring human oversight from the earliest design stages through deployment, monitoring, risk assessment, and eventual decommissioning.

Those who treat Responsible AI as an afterthought will risk regulatory exposure, reputational damage, and erosion of client trust. In contrast, those who embed it from the start are better positioned to scale AI sustainably.

Identifying the five tenets for Integrating Responsible AI

At the heart of any Responsible AI strategy lies a set of core principles that should guide development, deployment, evaluation, and governance. The impact of these principles will shape practical governance, risk management, and compliance practices that safeguard people and protect brand value.

For large organizations, they must work across teams and with external partners to ensure its integration. As such, there are five key principles that businesses can adopt to steer their AI initiatives toward trust, compliance, and ethical outcomes.

First is accountability.  Someone must own the outcome for each important AI system and there should be a person or team responsible from start to finish. Start with a simple inventory, automate to scale and begin listing AI systems, their purposes, data sources and owners. It is also important to have a plan for when things go wrong. It is essential to know how to pause and how to investigate and mitigate issues.

Secondly, assessing AI’s fairness and its potential impact on people is important. Do not rely solely on technical metrics and be aware that AI results could differ across groups and unintentionally disadvantage someone. This is critical for high-risk use cases in areas such as hiring, lending, or healthcare. Use data tests whenever possible and include human review and reasons for output.

Thirdly, security is crucial.  Threats to AI systems continue to evolve, now including prompt or agent-based attacks. It is crucial to address these risks and work with security teams to model these potential attacks. Build security into the design, limit AI’s access to other systems and data, and conduct ongoing testing even after launch.

The fourth factor is privacy.  This concern goes beyond initial training data, and privacy should be protected at every stage. Consider privacy in user prompts, conversation logs and AI-generated outputs, as they all can contain private information. Design systems to collect only the data that is necessary, set strict rules for access and retention, and conduct privacy reviews for higher-risk applications.

Lastly, transparency and providing controls that adapt to stakeholders is essential. What customers need to know differs from AI developers. Alternatively, users should know when they are interacting with AI and understand its limits. Internal teams need clear documentation on how the AI was built and how it performs. AI system transparency fuels shared oversight and trust in the system’s capabilities.

Knowing the differences: Responsible AI vs. AI Governance

While Responsible AI and AI Governance are often used interchangeably, there are key differences. Responsible AI is a set of holistic practices and principles for making trustworthy decisions throughout the development, deployment, and use of AI. It focuses on enabling capabilities such as the five tenets above to minimize the risks and maximize the benefits of AI.

AI Governance, on the other hand, is a set of policies, procedures, and practices that aim to enable positive outcomes and reduce the likelihood of harm.  It focuses on putting in place the appropriate organizational and technical controls to enable responsible and ethical AI, often with an emphasis on accountability and compliance with laws and organizational policies.

Organizations are better positioned to scale AI responsibly while maintaining trust and regulatory readiness when they understand that these two are distinct but connected. Additionally, while some actions on responsibility and governance are required by law, some aren’t. For instance, laws that impose restrictions on jobs women can hold in certain countries. Therefore, both are necessary for a comprehensive, balanced approach to Responsible AI.

The importance of flexible governance

As AI proliferates, regulators are stepping in with governance frameworks that go beyond voluntary guidelines. Regulations like the European Union’s Artificial Intelligence Act puts risk-based regulation at the center of AI governance. Rather than regulating the technology uniformly, the Act classifies AI systems into multiple risk levels which recognize the potential harm based on various use cases. For instance, an AI hiring screener versus a shopping recommendation engine. This implies that governance, documentation, and safeguards should align with the context and application of AI.

Other jurisdictions have also defined frameworks for governing AI.  According to this IAPP report, Singapore promotes a flexible approach with tools like its Model AI Governance Framework, emphasizing testing and transparency over strict mandates. South Korea’s AI Basic Act also blends oversight with space for innovation. And within industries, this differs. Financial services have long faced strict safety and fairness standards, while healthcare AI has medical device regulations to meet. Consumer tech products also fall under privacy and consumer protection laws, with each domain demanding regulations tailored to its risk profile and societal expectations.

Therefore, a one-size-fits-all approach to AI Governance doesn’t work as industries and country domains differ in the types of harms, the stakeholders affected, and the legal frameworks they operate under. As such, there needs to be flexibility.

How to Manage Autonomous AI

As AI heads into a new era, shifting from narrow prediction engines to agentic AI, systems capable of planning, adapting, and taking autonomous actions, this comes with new risks.

For instance, consider an agentic AI that autonomously executes a financial transaction or an HR decision. If it misclassifies a transaction or makes a hiring recommendation that embeds bias, the business consequences are severe, from financial loss to reputational damage, regulatory penalties, and legal exposure.

Research presented in Economic and Systemic Considerations in Agentic Web Systems also explains new challenges brought on by the emerging agentic web concept, which acts in multi-agent, cross-border, machine-speed markets. It outlines some preliminary, directional governance levers including guardian/oversight agents and machine-readable policy, with an emphasis on inclusive adoption under uneven resource constraints.

Against this, governance systems will need to set limits and controls on how much an AI system can autonomously handle without human approval. They need to establish clear guardrails, limit access to tools and authorization functions as well as allow for specific design points for mandatory human review. All components of the workflow should be tested including connections and interactions between agents, where errors often occur.  Every action should be logged for traceability and controls put in place to deactivate the system when required to manage this risk.

The future of Responsible AI

AI offers unprecedented opportunities to transform how businesses operate, innovate, deliver value, and Responsible AI supports this. Integrating Responsible AI in design, development and deployment isn’t just a legal risk and risk mitigation tactic, it protects and enhances brand reputation, earns customer and client trust, as well as unlocks market advantage by demonstrating commitment to ethical innovation.

However, to unlock its benefits, companies must embed key responsible practices throughout its AI system, starting from the beginning and extending to the very end of its lifecycle. This includes integrating ethical and governance considerations into data strategy, privacy and collection, system designs, development, transparency and fairness, deployment and monitoring as well as post-deployment and decommissioning.

For everyone involved in AI development and deployment, the mandate is clear: build responsibly, govern proactively, anticipate the risks of today, tomorrow and onwards to ensure the successful evolution of AI in a changing world.