Governance for responsible AI: The easy things and the hard ones

By Charna Parkey and Steven Tiell, DataStax.

Companies developing and deploying AI solutions need robust governance to ensure they’re used responsibly. But what exactly should they focus on? Based on a recent DataStax panel discussion, “Enterprise Governance in a Responsible AI World,” there are a few hard and easy things organizations should pay attention to when designing governance to ensure the responsible use of AI.

The easy things: A clear understanding of AI terminology and risks

There’s a host of things that can be established with relative ease early in an organization’s AI journey. Simply establishing shared terminology and a common background of understanding throughout the organization is an important foundational step toward inclusion. From developers to the C-suite, an organization that understands core AI concepts and terminology is in a better position to discuss it and innovate with AI.

Arriving at this shared understanding might require AI and/or digital literacy training. During this training, it’s also important to explain the limitations of AI. What is this model good at and what should be the boundaries on how and where it’s applied? Understanding limitations helps to prevent misuse down the line.

This clarity in communication should extend outside of the company as well. Companies, especially startups, should hone skills in explaining their technology in plain language, even with small teams. Not only does this help to ground assumptions about what is and isn’t possible, but it also prepares companies to have conversations with and potentially even educate stakeholder groups such as customers and even future board members.

As part of this process, it’s important to consider the context of each individual or group being engaged. Ethical considerations differ across industries like healthcare, banking, and education. For instance, it might be helpful for students to share work to achieve learning outcomes, but it’s illegal for a bank to share stock transactions from one customer to other groups. This context is important not just to meet your audience where they are, but also to understand risks that are specific to the context of your AI application.

The harder stuff: Security and external side effects

From here, things start to get harder. The risks present when the AI was deployed may not be the same risks a year later. It’s important to constantly evaluate new potential threats and be ready to update governance processes as a result. In addition to the existing potential for AI to cause harm, generative AI introduces new vectors for harm that require special attention, such as prompt engineering attacks, model poisoning, and more.

Once an organization has established routine monitoring and governance of deployed models, it becomes possible to consider expanded and indirect ethical impacts such as environmental damage and societal cohesion. Already with generative AI, compute needs and energy use have radically increased. Unmanaged, society-scale risks become more abundant in a generative AI world.

This attention to potential harm can also be a double-edged sword. Making models open source increases access, but open models can be weaponized by bad actors. Open access must be balanced with the likelihood for harm. This extends from training data to model outputs, and any feature stores or inference engines between those. These capabilities can improve model performance to adapt to a changing context in real time—but they’re also yet another vector for attack. Companies must weigh these tradeoffs carefully.

Broader externalities also need to be managed appropriately. Social and environmental side effects often get discounted, but these issues become business problems when supply chains falter or public/customer trust erodes. The fragility of these systems cannot be understated, particularly in light of recent disruptions to supply chains from COVID-19 and increasingly catastrophic natural disasters.

In light of these societal-level risks, governments have AI in their regulatory crosshairs. Every company working with AI, small and large, should be preparing for impending AI regulations, even if they seem far off. Building governance and ethics practices now prepares companies for compliance with forthcoming regulations.

Responsibly governing AI requires constantly evolving frameworks that are attuned to new capabilities and risks. Following the straightforward—and sometimes challenging—practices above will put organizations on the right path as they shape how they can benefit from AI, and how it can benefit society.

Learn how DataStax powers generative AI applications.

About Charna Parkey, Real-Time AI product and strategy leader, DataStax


Charna Parkey is the Real-Time AI product and strategy leader at DataStax and member of the WEF AI Governance Alliance’s Sustainable Applications and Transformation working group championing responsible global design and release of transparent and inclusive AI systems. She has worked with more than 90% of the Fortune 100, to implement AI products at scale.

About Steven Tiell, VP Strategy, DataStax


Steven Tiell is VP Strategy at DataStax and serves as Nonresident Senior Fellow at the Atlantic Council GeoTech Center. In 2016, Steven founded Accenture’s Data Ethics and Responsible Innovation practice, which he led until joining DataStax last year. Steven has catalyzed dozens of AI transformations and was a Fellow at the World Economic Forum, leading Digital Trust and Metaverse Governance initiatives.

Artificial Intelligence, Machine Learning