Schellman becomes The First ISO 42001 ANAB Accredited Certification Body!

Learn More
866.254.0000
Contact Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
SOC 1 / SSAE 18 Examination
SOC 2 Examination
SOC 3 Examination
SOC for Supply Chain
SOC for Cybersecurity
C5 Attestation
CSA STAR Programs
Payment Card Assessments
Payment Card Assessments
PCI DSS Validation
PCI SSF
PCI P2PE Validation
PCI PIN Assessments
PCI 3DS Compliance
ISO Certifications
ISO Certifications
ISO 27001
ISO 42001
ISO 27701
ISO 9001
ISO 22301
ISO-20000-1
Privacy Assessments
Privacy Assessments
APEC Certification
GDPR Assessment
International Privacy Assessments
US State Privacy Assessments
Microsoft SSPA/DPR Assessment
Privacy Program Assessment
FERPA Assessment
EU Cloud Code of Conduct
Federal Assessments
Federal Assessments
FedRAMP®
CMMC / NIST SP 800-171
FISMA/NIST
ITAR
CJIS
IRAP
FTC Consent Decrees
Healthcare Assessments
Healthcare Assessments
HITRUST CSF Certification
HIPAA Compliance
HIPAA Express
EPCS-DEA Audits
Health Data Host (HDS) Certification
Penetration Testing
Penetration Testing
Application
Network
Mobile
Social Engineering
Cloud
Physical
Hardware and IoT
Advanced Series
Cybersecurity Assessments
Cybersecurity Assessments
Cloud Configuration Assessments
Ransomware Assessments
NIST Cybersecurity Framework Assessments
Schellman Software Security Assessment (S3A)
TISAX®
SWIFT Customer Security Programme
Internal Audit Co-Sourcing
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Learning Center
Our Technology
About Us
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships
ISO Certificate Directory
Contact Us

«  View All Posts

WEF AI Governance Alliance Briefing Papers: An Overview Blog Feature
Jerrad Bartczak

By: Jerrad Bartczak

Print/Save as PDF

WEF AI Governance Alliance Briefing Papers: An Overview

Cybersecurity Assessments | Artificial Intelligence

In January 2024, the AI Governance Alliance—an arm of the World Economic Forum (WEF)— released a series of three papers covering several important artificial intelligence (AI) topics:

  • Paper #1 – Presidio AI Framework: Towards Safe Generative AI Models
  • Paper #2 – Unlocking Value from Generative AI: Guidance for Responsible Transformation
  • Paper #3 – Generative AI Governance: Shaping a Collective Global Future

This move signals back to one of the hottest hot topics at Davos and the WEF this year—the intersection of AI and cybersecurity, and how to build widespread trust in this incredibly promising technology that is increasingly becoming enmeshed in the business landscape.

As cybersecurity experts keeping up with the latest developments in AI, in this blog post, we will highlight the important points discussed in these papers so that you too can more fully understand where the technology is headed.

 

What is the AI Governance Alliance?

But first, let’s establish the weight of these papers (and why you should care about their findings). After all, who is the AI Governance Alliance?

Created as a new initiative by the WEF in June 2023, this coalition was brought together “to champion responsible global design and release of transparent and inclusive AI systems.” Made up of over 250 people from 200 organizations, the Alliance is comprised of diverse leaders from many different cornerstone sectors, including industry, government, academia, and civil society. To serve its overarching purpose of addressing the many facets of AI, the Alliance has structured its focus around three core concepts:

  • Safe Systems and Technologies
  • Responsible Applications and Transformation
  • Resilient Governance and Regulation

 

What are the AI Governance Alliance Briefing Papers?

As one of their first moves, they’ve released this briefing paper series—a collection of insight regarding responsible AI development, implementation, and governance with the intent to help guide decision-makers toward a transparent future where AI only enhances societal progress.

Paper #1 – Presidio AI Framework: Towards Safe Generative AI Models

When developing any technology, best practice is always to ensure security is by design rather than an afterthought, and the Alliance says AI should be no different in the first paper of its series.

To minimize risk, the Presidio AI Framework recommends a shared responsibility between stakeholders so that all available knowledge is leveraged to protect against threats to AI systems throughout the development lifecycle—something they break down into six phases:

Phase

What Happens?

Data Management Phase

Consideration of data access and data source(s)

Foundation Model Building Phase

Design, data acquisition, model training, etc. of an AI system

Foundation Model Release Phase

Determination of access to the model (e.g., is it fully closed, API, fully open)

Model Adaptation Phase

Adaptation of a model to perform generative AI tasks

Model Integration Phase

Integration of the model into an application

Model Usage Phase

Engagement with the model by users using natural language prompts

To mitigate risk and avoid having to scramble in response to an event, the framework urges the implementation of “guardrails” throughout the phases that will also ensure the safety and trustworthiness of your AI systems.

Despite their recommendations for the implementation of these procedural/technical safety measures at every step of the way, the paper only provides specific strategies for three phases:

Phase

Guardrail

Foundation Model Building Phase
  • Red teaming
  • Addressing vulnerabilities

Foundation Model Release Phase
  • Transparent documentation
  • Use restriction

Model Adaptation Phase
  • Model drift monitoring
  • Model watermarking

With this proactive guardrail approach, the framework aims to set the stage for more ethical AI development that keeps downstream stakeholders in mind during all phases through the securing of systems and creating detailed documentation to effectively troubleshoot issues when they arise.

Paper #2 – Unlocking Value from Generative AI: Guidance for Responsible Transformation

If you’ve been keeping up with the news, you likely know that use cases for AI are rising exponentially, be they in the medical, art, or technology industries—the possibilities for artificial intelligence are almost endless.

In their second paper, the Alliance groups these AI use cases into three categories:

  • Enhancing enterprise productivity;
  • Creating new products or services; and
  • Redefining industries and societies.

However, even if AI has a possible use case, the paper argues that to move forward with actual implementation, the value of a potential AI system should be evaluated using three elements:

Value Element

Questions to Ask

Business impact
  • Does the system increase employee productivity?
  • Will the adoption of AI grow the company’s image?
  • Will implementing AI help the company attract talent as well as retain current employees?

Operational readiness
  • Is your organization ready for the implementation of AI?
  • Does your organization have accurate data, as well as the talent and infrastructure available, to handle AI?
  • Do you have human feedback loops in place to ensure that AI system risks are reduced?
  • Are your stakeholders fully invested in this AI solution? (Because without their trust, new technology will never reach its potential even if you move forward with implementation)

Investment strategy

Do you have the financial resources available to integrate AI into your organization? That includes the funds it’ll take to:

  • Invest upfront
  • Develop AI models in-house or outsource
  • Upskill current employees or hire employees with the necessary skills

Once you’ve answered these questions, you can better decide if implementation of AI is suitable, and if it is, you must move forward responsibly, as careless implementation of AI systems can lead to job displacement, the spread of misinformation through AI hallucination, and sustainability issues due to the large amount of energy needed to train AI models.

To decrease these and other risks as you harness generative AI’s benefits, focus particularly on strategies addressing the following during implementation:

  • Accountability (multi-stakeholder governance, distributed ownership)
  • Trust (transparency, education)
  • Challenges to scale (organization-wide implementation of AI)
  • Human impact (considerations of an evolving workforce, impact on employees)

Paper #3 – Generative AI Governance: Shaping a Collective Global Future

While the first two papers speak to AI development and implementation on an organizational scale, the last one focuses on how to address AI governance by taking a four-pronged approach:

  • Risk-based – classifying and prioritizing risks of harm caused by AI systems
  • Rules-based – detailed rules, standards, or requirements for AI systems
  • Principles-based – principles or guidelines for AI systems
  • Outcomes-based – measured outcomes that do not enforce specific processes

However, the Alliance also stresses that this should be done globally rather than by individual nations—as you can imagine, if every country implemented its own AI frameworks and laws, it’d likely quickly lead to incompatibility or confusion. What if one nation took a rules-based approach to AI whereas another country took an outcomes-based approach?

To avoid such clashing and develop an international governance framework that works for all, collaboration among diverse perspectives—like those from stakeholders in academia, industry, government, and other groups— will be key. Even more important will be a willingness to compromise between all parties involved, which should also include those in the Global South, who this paper stresses should have input in AI development and governance decisions.

Though the Global South has not historically been associated with technological advancement due to their lack of infrastructure, data, and technology talent in the workforce, the Alliance argues that excluding these nations would create a greater power imbalance and digital divide. For AI to reach its full potential, all parties must have access to its power. Including these countries would not only mean even more diverse perspectives to help shape the global framework, but their involvement could also spur improvement of those citizens’ lives through the implementation of AI in areas like healthcare and education.

 

Next Steps for Your AI Systems

Though the future of AI remains in flux as both the technology and standards to govern its use continue to rapidly evolve and emerge, the WEF’s AI Governance Alliance—and the insight within its series of 3 briefing papers—can still serve as a helpful guiding light regarding the development, implementation, and governance of artificial intelligence.

That being said, these papers aren’t the only available resource for those looking to proactively build trust in their AI systems—check out our articles on these other documents and published frameworks that can also help shape a more responsible approach to AI:

Should you have any further questions regarding the current landscape of AI regulations and how your organization can get started in validating the security of your systems, contact us today to speak with our dedicated AI team.

About Jerrad Bartczak

Jerrad Bartczak is a Senior Associate with Schellman based in New York. In his work ensuring that clients maintain an effective system of controls within their organization, he has experience conducting HITRUST, SOC 1, SOC 2, and HIPAA audits and maintains CISA, CCSFP, CCSK certifications.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Read delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.