TheCorporateCounsel.net

If you’re on the risk management side of the business – like most in-house lawyers – the risks associated with emerging technologies like artificial intelligence are likely taking up an increasing amount of your time & mental energy. Concerns about those emerging technology risks and identifying effective risk management programs to address them aren’t likely to go away anytime soon. Fortunately, over on Radical Compliance, Matt Kelly recently flagged a new “AI Risk Repository” developed by the smarty-pants at MIT that offers assistance in identifying the risks associated with AI.

This excerpt from Matt’s blog provides an overview of what this resource is all about:

A team of MIT researchers known as the FutureTech Group published the catalog, formally known as the AI Risk Repository, earlier this month. It’s free to all and designed to help a wide range of audiences, from academic researchers to policy makers to, yes, corporate risk managers trying to develop risk assessments for the AI systems running at your company. (Credit to compliance consultant Mark Rowe for noting the repository on LinkedIn earlier this week.)

The 700+ risks are organized into seven primary domains, such as discrimination, privacy, and system safety. Those seven primary domains are then split into 23 more precise sub-domains, which are divided again into even more precise risk categories.

The actual repository exists as a Google spreadsheet you can download, with various columns classifying each risk, describing its potential severity, identifying the potential cause (human versus AI itself; accidental versus deliberate action), and otherwise giving you a wealth of context.

Matt goes on to offer some thoughts on how to put the repository to work in your own risk management and compliance program. He points out that the 700+ risks in the repository were pulled together from 43 separate risk management frameworks and asks whether the existing frameworks used by companies to manage AI risks – like the NIST AI Risk Management Framework and the ISO 42001 standard – are sufficient to meet the challenge.

– John Jenkins