Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI governance and ethics: where do programmes still break down?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: AI governance and ethics fails when organisations stop at principles and never operationalise intake, review, monitoring, and evidence, according to Collibra. Responsible AI only works when governance is embedded across the lifecycle, because post-deployment ethics checks arrive after data, workflows, and business dependence have already hardened.

NHIMG editorial — based on content published by Collibra: AI governance and ethics: How to build responsible AI from the ground up

By the numbers:

Questions worth separating out

Q: How should organisations operationalise responsible AI governance?

A: Organisations should treat responsible AI as a lifecycle control, not a policy statement.

Q: Why do AI ethics programmes fail after deployment?

A: They fail because the organisation reviews the system too late.

Q: What do security teams get wrong about AI governance inventories?

A: They often inventory only the AI they built themselves and miss embedded AI inside vendor platforms and other shadow AI.

Practitioner guidance

  • Build a pre-development intake gate Require every AI use case to be reviewed before engineering resources are committed.
  • Create a live inventory of AI use cases, models, and agents Include embedded AI in vendor platforms, not just internally built systems.
  • Route reviews automatically by risk tier Tie high-risk use cases to privacy, legal, security, and fairness checks without manual chasing.

What's in the full article

Collibra's full blog post covers the operational detail this post intentionally leaves for the source:

  • The article expands on the EU AI Act, NIST AI RMF, and ISO/IEC 42001 and how each framework maps to responsible AI operating models.
  • It walks through the accountability workflow elements in more detail, including inventory, intake, automated risk routing, human review, and continuous monitoring.
  • The post explains how organisations should connect data lineage, policy traceability, and model ownership so governance evidence survives audits.
  • It also provides the practical sequence for getting started, including how to walk one high-stakes use case through the full lifecycle.

👉 Read Collibra's analysis of AI governance and ethics from the ground up →

AI governance and ethics: where do programmes still break down?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

AI governance fails when organisations treat ethics as commentary instead of control. The article is right that principles alone do not change outcomes, because a code of conduct does not tell reviewers what to approve, what to reject, or what evidence to capture. That gap is visible in every security domain where intent exists but workflow is missing. Practitioners should read this as an operating model problem, not a communications problem.

A few things that frame the scale:

A question worth separating out:

Q: Who should be accountable when an AI system produces harmful outcomes?

A: Accountability should sit with a named business owner supported by governance, legal, security, and privacy reviewers. If ownership is diffuse, no one can explain the approval, the monitoring state, or the escalation path when something goes wrong. The control model must make accountability explicit before the system is deployed.

👉 Read our full editorial: AI governance and ethics need operating models, not principles



   
ReplyQuote
Share: