Top-Down vs. Bottom-Up AI Governance
As AI continues to expand its footprint in economic life, enterprises are becoming more concerned about AI Governance.
On the one hand this can be viewed through the lens of compliance with regulations, in a similar way to how Data Privacy is thought of. The issue here is that there is not a lot of specifics with the AI regulations that exist. True, the EU AI Act has specifics, but these are mostly about “high risk AI”.
On the other hand, there is a growing awareness that AI within an enterprise needs to be under some kind of control. From this viewpoint there are many concerning questions, such as: are staff using openAI to compromise confidential information;
what AI agents are currently running and what do they do; what AI solutions could be impacted by particular data issues; is AI leading to high Cloud consumption costs; and so on. Governance is needed to answer all of these questions.
Top-Down AI Governance
Centralized Data Governance units have been around for a long time, so it seems a reasonable idea to have centralized AI Governance also. Because data and AI are so closely intertwined, it makes sense to have the two functions in a single unit.
This means Data Governance units get expanded to cover AI. Which is fine – assuming the staff in them can do the job. Policies, standards, communications and training all need centralized organization. Metadata tools like data catalogs, and data observability platforms, also need centralized administration. The case for top-down AI Governance is very solid.
Bottom-Up AI Governance
However, teams developing AI solutions represent a significant additional need. These teams are composed of technical staff whose skills do not include governance. AI solution development is difficult enough, so these staff cannot be expected to also be governance experts. Yet, there are many governance questions that have to be answered, including: is the data being used licensed such that it cannot be used for AI; what API’s are being accessed by the AI solution; is the best source of data being used; how will the AI solution be integrated into the processes run by the workforce of the enterprise; etc. There are very many of these detail-level questions, and they seem to growing over time.
The only real solution to this need is to embed AI Governance Analysts in the project. These are individuals who understand all the AI Governance needs of the development project and actively work to address them. Embedded AI Governance Analysts do not have to be full-time, although in some cases they may need to be. They would ideally be from a pool within the centralized AI/Data Governance unit, although this is not necessary, and they could even be consultants.
What is unreasonable is to only have a centralized governance unit without any support for AI development projects. Unfortunately, that is often the case today, and it is likely to lead to poor results in the long run.