Module 7: Governing AI Deployment · BoK I.C

Adapting existing policies for AI

Review the current policy framework for gaps first, then tailor what exists and add what's missing across five areas - data privacy, security, intellectual property, engineering/model ops and open source. Adopt a risk-centric approach, evaluate frontier intent, integrate holistically and address AI procurement explicitly.

Review the current policy framework for gaps first → tailor what exists, add what's missing, and start from a solid data governance framework if you have one.

Data privacy → compliance with regulation while safeguarding sensitive information processed by AI.
Security → update for AI-specific risks like adversarial attacks, vulnerabilities in ML models.
Intellectual property → ownership and usage rights for AI-generated outputs and proprietary algorithms.
Engineering / model ops → the development life cycle and best practices for AI engineering.
Open source & platforms → the organisation's position on open-source models and platforms like AWS or Google's Model Garden.

Adopt a risk-centric approach → resources are limited, so concentrate on the most significant, highest-risk areas.
Evaluate cutting-edge intent → incorporate risk acceptance and watch legal requirements for automated decision-making and frontier models, the most advanced capabilities of AI.
Integrate holistically → align AI governance with existing processes and make policies flexible across laws, industries and technologies.
Address AI procurement → if models will be procured externally, that must be explicitly addressed in governance policies.

Key terms - quick answers

What is “Frontier models”?

The most advanced capabilities of AI, warranting heightened legal and risk attention.

← The lay of the land Where the model lives - three environments →