Your business may want to jump on the generative artificial intelligence (GAI) bandwagon and discover how you may become more productive and competitive, reduce costs, and make the most of new technology. There are many intriguing and effective GAI programs available for use. However, there are important considerations your business should evaluate before adopting a GAI program. GAI can create many new risks for your business, employees, and consumers, so you should ensure you are aware of them and take steps to mitigate them before launching a GAI program.
Principles for GAI in the Workplace
The Organisation for Economic Co-operation and Development’s (OECD) AI principles are one of many available sets of overall considerations you should weigh before launching GAI in the workplace. The principles generally include the following:
Inclusive growth, sustainable development, and well-being. Include relevant stakeholders in evaluating whether to implement GAI, including executives, legal, data privacy, subject matter experts, human resources, marketing/customer support, etc.
Consider the potential beneficial and negative outcomes of the GAI on users and the people whose information will be processed by the GAI.
GAI uses an immense amount of power, and it shouldn’t be used without considering the carbon footprint it creates.
Human rights and democratic values, including fairness and privacy. Ensure compliance with applicable laws, including existing laws in intellectual property—e.g., copyright law and data protection laws. This includes making sure the GAI is nondiscriminatory, ensures the autonomy of individuals, honors privacy and data protection rights, and is fair to individuals.
Make sure GAI isn’t subject to distortion from misinformation and disinformation.
Implement and ensure there are mechanisms and safeguards in the GAI, including oversight and control of humans and the ability to quickly stop GAI from functioning, if needed.
Have policies and procedures governing the use of GAI in your business.
Transparency and explainability. Be transparent with users that GAI is being used. Obtain their consent where required by applicable laws.
Provide meaningful information to users for a general understanding of AI systems, their capabilities, and limitations.
Provide plain and easy-to-understand information on the sources of data/input of GAI training and the logic that leads to the prediction, content, recommendation, or decision of the GAI output.
Robustness, security, and safety. All AI systems should be robust, safe, and secure throughout their lifecycles so that conditions of normal use, foreseeable use or misuse, or other adverse conditions don’t pose an unreasonable threat to safety or pose security risks.
Have an AI incident response plan in place.
Mechanisms should be in place to ensure that, if GAI is causing undue harm or undesired behavior, it can be overridden, repaired, or decommissioned safely, as needed.
Accountability. Identify person(s) or departments who are responsible for the proper functioning and oversight of the AI systems.
These persons should maintain documentation of the data set used to train the GAI, processes and decisions made during the AI system lifecycle, and snapshots of the algorithm’s functionality at particular times, in the event the company needs to refer back to these snapshots if the AI begins to work improperly.
Conduct periodic risk assessments of the GAI’s functionality and outputs.
Takeaway
In addition to published sources of AI use principles, there are also many AI frameworks available for companies to consider when evaluating and implementing AI in their business. For example, the National Institute of Standards and Technology’s (NIST) AI Risk Management Framework can be helpful for a variety of U.S. companies.
Elizabeth Shirley is an attorney with Burr & Forman LLP and can be reached at bshirley@burr.com.