Organisations are increasingly looking into the development of comprehensive AI governance programs to manage both the benefits and the risks from the use of AI – recognising that AI solutions should be trusted, meet ethical and assurance standards, remain clearly focussed on delivering benefits, while at the same time managing potential risks.
To do this, AI governance frameworks should be grounded in a set of ethical principles.
In 2021, we published a post on Australia’s AI Ethics Principles and considered them in the broader context of global movements towards. Since then, there has been significant development in AI ethical principles in Australia and internationally, such as the European Union, and industry and non-government organisations.
This post reviews some of the more important sets of AI principles currently available and how they can be used in development of your organisation’s AI Governance Framework, including:
Collectively, the literature emphasise that the principles required for developing ethical AI centre on responsible design that benefits humanity. This benefit is achieved through protecting privacy and human rights, addressing bias, and providing transparency around the workings of machines.
The Australian Government has developed eight (8) voluntary AI ethical principles to guide businesses and governments in the responsible design, development and implementation of AI, to ensure AI is safe, secure and reliable. In addition, they are aimed to help:
| Australia’s AI Ethical Standards | ||
| 1 | Human, societal and environmental wellbeing | AI systems should benefit individuals, society and the environment. |
| 2 | Human-centred values | AI systems should respect human rights, diversity, and the autonomy of individuals. |
| 3 | Fairness | AI systems should be inclusive and accessible, and should not involve or result in unfair discrimination against individuals, communities or groups. |
| 4 | Privacy protection and security | AI systems should respect and uphold privacy rights and data protection, and ensure the security of data. |
| 5 | Reliability and safety | AI systems should reliably operate in accordance with their intended purpose. |
| 6 | Transparency and explainability | There should be transparency and responsible disclosure so people can understand when they are being significantly impacted by AI, and can find out when an AI system is engaging with them. |
| 7 | Contestability | When an AI system significantly impacts a person, community, group or environment, there should be a timely process to allow people to challenge the use or outcomes of the AI system. |
| 8 | Accountability | People responsible for the different phases of the AI system lifecycle should be identifiable and accountable for the outcomes of the AI systems, and human oversight of AI systems should be enabled. |
The NSW AI Assessment Framework, mandated since March 2022, has been introduced to guide responsible and safe AI usage in the NSW Government. It assists project teams and solution owners to analyse AI system risks, implement mitigation controls, and establish accountabilities.
A set of Mandatory AI Ethics Principles is defined in the NSW Ethics Policy, and are a key part of the NSW AI Assessment Framework. Those principles are:
| NSW AI ETHICS PRINCIPLES | ||
| 1 | Community benefit | AI should deliver the best outcome for the citizen, and key insights into decision-making. AI must be the most appropriate solution for a service delivery or policy problem. It should always be considered against other analysis and policy tools. AI should be the best solution that maximises the benefit for the customer and for government. |
| 2 | Fairness | The best use of AI will depend on data quality and relevant data. It will also rely on careful data management to ensure potential data biases are identified and appropriately managed. AI solutions that rely on sub-optimal quality data may result in sub-optimal project outcomes and recommendations. Algorithms that contain systemic and repeatable errors may lead to prejudiced decisions or outcomes. |
| 3 | Privacy and security | AI will include the highest levels of assurance. Citizens must have confidence that data used for AI projects is used safely and securely, and in a way that is consistent with privacy, data sharing and information access requirements. Any project outcome will be undermined by lack of public trust if there is any risk of a data breach or that personal data could be compromised. |
| 4 | Transparency | Not only must the people of NSW have high levels of assurance that data is being used safely and in accordance with relevant legislation, they must also have access to an efficient and transparent review mechanism if there are questions about the use of data or AI-informed outcomes. The development of AI solutions must be robust technically, legally and ethically. The community should be engaged on the objectives of AI projects and insights into data use and methodology should be made publicly available unless there is an overriding public interest in not doing so. |
| 5 | Accountability | AI is a powerful tool for analysing and looking for patterns in large quantities of data, undertaking high-volume routine process work, or making recommendations based on complex information. However, AI-based functions and decisions must always be subject to human review and intervention. |
Both the NSW Ethics Policy and framework are mandatory for all NSW Government Agencies using AI.
Internationally, the EU has developed Ethics Guidelines for Trustworthy AI, that mandate that AI systems be lawful, ethical, and robust.
The framework centres on seven key requirements that AI systems should meet in order to be deemed trustworthy. These form the foundation for the EU AI Act, which regulates AI based on risk level.
| EU Ethics Guidelines for Trustworthy AI | ||
| 1 | Human agency and oversight | AI systems should empower human beings, allowing them to make informed decisions and fostering their fundamental rights. At the same time, proper oversight mechanisms need to be ensured, which can be achieved through human-in-the-loop, human-on-the-loop, and human-in-command approaches. |
| 2 | Technical Robustness and safety | AI systems need to be resilient and secure. They need to be safe, ensuring a fall-back plan in case something goes wrong, as well as being accurate, reliable and reproducible. That is the only way to ensure that also unintentional harm can be minimised and prevented. |
| 3 | Privacy and data governance | Besides ensuring full respect for privacy and data protection, adequate data governance mechanisms must also be ensured, taking into account the quality and integrity of the data, and ensuring legitimised access to data. |
| 4 | Transparency | The data, system and AI business models should be transparent. Traceability mechanisms can help achieving this. Moreover, AI systems and their decisions should be explained in a manner adapted to the stakeholder concerned. Humans need to be aware that they are interacting with an AI system, and must be informed of the system’s capabilities and limitations. |
| 5 | Diversity, non-discrimination and fairness | Unfair bias must be avoided, as it could have multiple negative implications, from the marginalisation of vulnerable groups, to the exacerbation of prejudice and discrimination. Fostering diversity, AI systems should be accessible to all, regardless of any disability, and involve relevant stakeholders throughout their entire life circle. |
| 6 | Societal and environmental well-being | AI systems should benefit all human beings, including future generations. It must hence be ensured that they are sustainable and environmentally friendly. Moreover, they should take into account the environment, including other living beings, and their social and societal impact should be carefully considered. |
| 7 | Accountability | Mechanisms should be put in place to ensure responsibility and accountability for AI systems and their outcomes. Auditability, which enables the assessment of algorithms, data and design processes plays a key role therein, especially in critical applications. Moreover, adequate an accessible redress should be ensured. |
The NIST AI Risk Management Framework defines 7 qualities for trustworthy AI systems :
| 1 | Valid and Reliable | Perform consistently as intended: The assurance that AI systems are valid, reliable, accurate, and robust. Validation confirms that systems meet their intended purpose, while reliability ensures consistent, failure-free operation under expected conditions. Accuracy means results are close to the true or accepted values, and should be measured with realistic test sets and transparent methodologies. Robustness is the system’s ability to maintain performance across different, even unforeseen circumstances, minimising potential harm. Ongoing testing and monitoring are vital to confirm that deployed AI systems continue to perform as intended, and risk management should prioritise minimising negative impacts, with human oversight where necessary to handle errors or failures. |
| 2 | Safe | Operate without causing unacceptable harm: AI systems must be designed and managed to ensure they do not, under any circumstances, endanger human life, health, property, or the environment. Achieving safe operation involves responsible practices across the design, development, and deployment lifecycle, clear guidance for users, informed decision-making by deployers and end users, and transparent documentation of risks grounded in real-world evidence. Safety risk management should be tailored to the context and severity of potential risks, with the most urgent attention given to those that could cause serious injury or death. Early planning and rigorous testing, ongoing monitoring, and mechanisms for human intervention are essential to prevent hazardous outcomes. AI safety strategies should draw from established standards in sectors like healthcare and transport, aligning with relevant industry guidelines. |
| 3 | Secure and Resilient | Protect against threats and adapt to failures: Must be able to withstand unexpected adverse events or unexpected changes in their environment or use – or maintain their functions and structure in the face of internal and external change and degrade safely and gracefully when this is necessary. |
| 4 | Transparent and Accountable | Provide transparency, enabling auditability and responsibility: Accountability presupposes transparency. Meaningful transparency provides access to appropriate levels of information based on the stage of the AI lifecycle and tailored to the role or knowledge of AI actors or individuals interacting with or using the AI system. |
| 5 | Explainable and interpretable | Ensure decisions can be understood by stakeholders: Explainability refers to a representation of the mechanisms underlying AI systems’ operation, whereas interpretability refers to the meaning of AI systems’ output in the context of their designed functional purposes. Together, explainability and interpretability assist those operating or overseeing an AI system, as well as users of an AI system, to gain deeper insights into the functionality and trustworthiness of the system, including its out- puts. |
| 6 | Privacy-enhanced | Protect data rights and ensure privacy throughout the AI lifecycle: Privacy refers generally to the norms and practices that help to safeguard human autonomy, identity, and dignity. These norms and practices typically address freedom from intrusion, limiting observation, or individuals’ agency to consent to disclosure or control of facets of their identities (e.g., body, data, reputation). |
| 7 | Fair with meaningful bias managed | Proactively identify and reduce discrimination: Fairness in AI includes concerns for equality and equity by addressing issues such as harm- ful bias and discrimination. |
The NIST Trustworthy and Responsible AI Resource Center offers a Playbook and other resources to assist organisations in adopting these principles.
ISO 42001 is an international standard designed to provide requirements and guidance for establishing, implementing, maintaining, and continually improving an AI Management System (AIMS), ensuring responsible and trustworthy development and use of AI technologies.
ISO 42001 Annexure C includes possible objectives for an AI Management system that are similar to the AI principles identified in other frameworks. Those ISO 42001 Objectives include the following:
| 1 | Accountability | The use of AI can change existing accountability frameworks. Where previously persons would be held accountable for their actions, their actions can now be supported by or based o the use of an AI System. |
| 2 | AI Expertise | A selection of dedicated specialists with interdisciplinary skills sets and expertise in assessing, developing and deploying AI models. |
| 3 | Availability and quality of training and test data | AI systems based on ML need training, validation and test data in order to train and verify the systems for the intended behaviour. |
| 4 | Environmental impact | The use of AI can have positive and negative impacts on the environment. |
| 5 | Fairness | The inappropriate application of AI systems for automated decision making can be unfair to specific persons or groups of persons. |
| 6 | Maintainability | Maintainability is related to the ability of the organisation to handle modifications of the AI system in order to correct defects or adjust to new requirements |
| 7 | Privacy | The misuse or disclosure of personal and sensitive data (e.g. health records) can have harmful effects on data subject. |
| 8 | Robustness | In AI, robustness properties demonstrate the ability (or inability) of the system to have comparable performance on new data as on the data on which it was trained or the data of typical operations. |
| 9 | Safety | Safety relates to the expectation that a system that does not, under defined conditions, lead to a state in which human life, property or the environment is endangered. |
| 10 | Security | In the context of AI ad in particular with regard to AI systems based on ML approaches, new security issues could be considered beyond classical information and system security concerns. |
| 11 | Transparency and explainability | Transparency relates both to characteristics of an organisation operating AI systems and to those systems themselves. Explainability related to explanations of important factors influencing the AI system results that are provided to interested parties in a way understandable to humans. |
The OECD AI Principles are the first intergovernmental standard on AI. They promote innovative, trustworthy AI that respects human rights and democratic values. Adopted in 2019 and updated in 2024, they are composed of five values-based principles and five recommendations that provide practical and flexible guidance for policymakers and AI actors.
| OECD AI Principles | ||
| 1 | Inclusive growth, sustainable development and well-being | Stakeholders should proactively engage in responsible stewardship of trustworthy AI in pursuit of beneficial outcomes for people and the planet, such as augmenting human capabilities and enhancing creativity, advancing inclusion of underrepresented populations, reducing economic, social, gender and other inequalities, and protecting natural environments, thus invigorating inclusive growth, well-being, sustainable development and environmental sustainability. |
| 2 | Human rights and democratic values, including fairness and privacy | AI actors should respect the rule of law, human rights, democratic and human-centred values throughout the AI system lifecycle. These include non-discrimination and equality, freedom, dignity, autonomy of individuals, privacy and data protection, diversity, fairness, social justice, and internationally recognised labour rights. This also includes addressing misinformation and disinformation amplified by AI, while respecting freedom of expression and other rights and freedoms protected by applicable international law. To this end, AI actors should implement mechanisms and safeguards, such as capacity for human agency and oversight, including to address risks arising from uses outside of intended purpose, intentional misuse, or unintentional misuse in a manner appropriate to the context and consistent with the state of the art. |
| 3 | Transparency and explainability | AI Actors should commit to transparency and responsible disclosure regarding AI systems. To this end, they should provide meaningful information, appropriate to the context, and consistent with the state of art: to foster a general understanding of AI systems, including their capabilities and limitations, to make stakeholders aware of their interactions with AI systems, including in the workplace, where feasible and useful, to provide plain and easy-to-understand information on the sources of data/input, factors, processes and/or logic that led to the prediction, content, recommendation or decision, to enable those affected by an AI system to understand the output, and, to provide information that enable those adversely affected by an AI system to challenge its output. |
| 4 | Robustness, security and safety | AI systems should be robust, secure and safe throughout their entire lifecycle so that, in conditions of normal use, foreseeable use or misuse, or other adverse conditions, they function appropriately and do not pose unreasonable safety and/or security risks. Mechanisms should be in place, as appropriate, to ensure that if AI systems risk causing undue harm or exhibit undesired behaviour, they can be overridden, repaired, and/or decommissioned safely as needed. Mechanisms should also, where technically feasible, be in place to bolster information integrity while ensuring respect for freedom of expression. |
| 5 | AI Accountability | AI actors should be accountable for the proper functioning of AI systems and for the respect of the above principles, based on their roles, the context, and consistent with the state of the art. To this end, AI actors should ensure traceability, including in relation to datasets, processes and decisions made during the AI system lifecycle, to enable analysis of the AI system’s outputs and responses to inquiry, appropriate to the context and consistent with the state of the art. AI actors, should, based on their roles, the context, and their ability to act, apply a systematic risk management approach to each phase of the AI system lifecycle on an ongoing basis and adopt responsible business conduct to address risks related to AI systems, including, as appropriate, via co-operation between different AI actors, suppliers of AI knowledge and AI resources, AI system users, and other stakeholders. Risks include those related to harmful bias, human rights including safety, security, and privacy, as well as labour and intellectual property rights. |
The Assessment List for Trustworthy AI is practical tool that translates the Ethics Guidelines into an accessible and dynamic (self-assessment) checklist. The checklist can be used by developers and deployers of AI who want to implement the key requirements in practice. The list is available as a prototype web based tool and in PDF format.
Reviewing the principles outlined above, it is clear that there are significant overlaps and common themes across the different sets, notwithstanding the differences in headings and organsiation.
The following represent the core principles common to all the frameworks:
Accountability and transparency are particularly important. Each set highlights the necessity for transparent decision-making, proactive risk management, and ensuring that those involved in AI creation and operation possess the required expertise.
Most frameworks stress the need to safeguard against potential harms and misuse, reflecting a shared commitment to ethical stewardship and the protection of users and stakeholders. This is evident in the focus on unambiguous rationales for decisions (accountability) and explicit calls for vigilance around risks and unintended consequences (awareness of misuse).
However, there are also notable differences. Some sets of principles place greater emphasis on technical competence and adherence to best practices, while others foreground transparency, explainability or the rights of individuals affected by AI systems. The level of detail and the specific guidance provided can vary, with some frameworks offering high-level values and others specifying concrete operational requirements or regulatory mechanisms.
In terms of practical use, the most valuable principles for organisations are likely those that provide both clear ethical direction and actionable steps. Overlapping principles such as accountability and risk awareness form a strong foundation for trustworthy AI governance, while differences between frameworks can help tailor an approach that suits the unique context, industry and risk profile of each organisation. By drawing on the common elements and adapting distinctive features as needed, organisations can build robust, responsible AI programs that balance ethical imperatives with real-world requirements.
Identifying and adopting AI ethical principles is an important first step in establishing sound organisational AI governance. By carefully selecting principles that resonate with your organisation’s context, culture, and core values, as well as its risk appetite, you lay the groundwork for responsible and effective AI practices that are genuinely tailored to your unique environment.
With this foundation in place, your AI governance program can be progressively developed through additional steps that reflect and reinforce your organisational values and objectives.
These steps may include AI risk and impact assessments, audits, consideration of consumer data rights, robust oversight mechanisms, and formal regulatory compliance. By aligning each stage of the governance journey to your organisation’s culture and values, you ensure the ongoing integrity and trustworthiness of your AI initiatives. Future posts will continue to explore how to build a comprehensive AI governance program that reflects and supports your organisation’s unique character. Stay tuned.
We have been writing on different aspects of AI for some time. For more on AI development, including regulatory developments, check out our previous blog posts:
We have created a 1-page infographic summarising the frameworks covered in this post for easy reference.
You can download this resource here.
"*" indicates required fields
"*" indicates required fields
Privacy 108 collects your name and email to send you our newsletter. If you do not provide this information, we will be unable to send it to you. We may use third-party service providers (such as email marketing platforms) to distribute our communications. Some providers may store information overseas, including in the United States. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au. You can unsubscribe at any time using the link in our emails or by contacting hello@privacy108.com.au.
