Responsible AI Needs an Owner

Hero image for Responsible AI Needs an Owner. Image by Alex Shuper.
Hero image for 'Responsible AI Needs an Owner.' Image by Alex Shuper.

AI ethics becomes very comfortable when it stays in principle form.

Be fair. Be transparent. Protect privacy. Keep humans in the loop. Avoid harm. Respect users. Use AI responsibly.

Most people can agree with that. Agreement is not the problem.

The problem starts when a delivery team has to decide whether an AI assistant can read customer records, summarise a complaint, draft a reply, change a permission, reject a claim, publish content, or recommend a refund. At that point, responsible AI is no longer a values statement. It is an operating model.

Someone has to own the decision. Someone has to own the data. Someone has to own the tool. Someone has to own the logs. Someone has to own exceptions. Someone has to own the consequence when the system fails.

If nobody can name those owners, the organisation does not have responsible AI. It has responsiblesounding AI.

Policy is Not Delivery

AI policy is useful. Without it, teams improvise, vendors define the rules, and every department develops its own private interpretation of what is acceptable.

But policy does not implement itself.

A good policy says what matters. Delivery decides how those principles survive contact with real users, real data, deadlines, procurement pressure, and awkward edge cases.

For example, a policy may say "human review is required for consequential decisions". Fine. Which decisions are consequential? Who reviews them? What does review mean? Can the reviewer see the evidence? Can they override the system? Is the override logged? What happens when reviewers rubberstamp outputs because the queue is too long?

A policy may say "do not use sensitive data in unapproved tools". Fine. Which data classes are sensitive? Which tools are approved? How is access blocked? What happens when a team uses a browser extension, model API, or vendor feature that was never reviewed?

This is why responsible AI belongs inside delivery governance, not beside it. The NIST AI Risk Management Framework is useful because it uses verbs: govern, map, measure, manage. That is the right direction. Responsible AI is work.

For organisations trying to turn that work into a management system, ISO/IEC 42001 is a useful reference point. It is not proof of maturity by itself, and certification should not become a substitute for judgement, but it does underline the direction of travel: AI controls need owners, measurement, review, and continual improvement.

The UK government's Introduction to AI assurance is useful for similar reasons. It keeps the focus on evidence around real systems, not claims of responsible intent.

Start with the Decision, Not the Model

Many AI reviews start in the wrong place.

They ask which model is being used before asking what decision the system affects.

The model matters, but consequence matters more. A weaker model with authority to change production data can create more immediate risk than a stronger model with no write access. A summarisation tool used for internal research is not the same as a tool that decides whether a customer gets a refund, whether a candidate moves forward, or whether a vulnerable user receives support.

A practical review should classify the workflow:

  • Does the system suggest, decide, or act?
  • Is the output internal or userfacing?
  • Can the action affect money, access, employment, health, legal position, safety, or reputation?
  • Can a human review the evidence before the action happens?
  • Is the action reversible?
  • Is the user told that AI is involved where that matters?
  • Can the decision be appealed or escalated?

That risk tiering can be plain language: suggest versus decide versus act, internal versus userfacing, reversible versus irreversible, lowconsequence versus highconsequence, and readonly versus writecapable. The model choice matters, but those distinctions usually decide the control surface.

This framing also stops teams hiding behind the phrase "human in the loop". A human who clicks approve without enough context is not a safeguard. A human who cannot override the system is not a safeguard. A human who is judged on throughput so aggressively that review becomes theatre is not a safeguard.

Human review only means something when the reviewer has authority, context, time, and accountability.

Data Handling is Part of Ethics

AI ethics often talks about fairness and transparency, then treats data handling as a separate privacy task.

That split is artificial.

If a system uses the wrong data, exposes the wrong data, retains too much data, or sends sensitive data to an unsuitable tool, the ethical failure has already started. The model output may be fluent, but the process is broken.

In delivery terms, that means knowing what data the tool receives, where it comes from, whether it is accurate enough for the task, whether the user or employee would reasonably expect the use, and whether personal data has been minimised. It also means checking whether sensitive data is redacted where possible, whether a provider retains the data, whether prompts and outputs can be inspected later, and whether model outputs are used to enrich profiles or records.

The ICO's AI and data protection guidance is useful here because it keeps AI tied to data protection obligations rather than treating it as a special category of magic. The broader product lesson is similar to privacy by design not being a cookie banner: if privacy is bolted on after the workflow exists, it is probably too late to make the design clean.

Provenance Matters More than Teams Expect

When AI is used inside delivery, provenance needs to cover more than the final output.

It should be possible to answer:

  • which model or tool was used?
  • which version or provider configuration was active?
  • what prompt or instruction shaped the output?
  • which documents, records, or retrieved passages were used?
  • which user initiated the action?
  • which human approved it?
  • which system executed it?
  • what changed afterwards?

Without that, auditability becomes storytelling.

This is especially important when generated work enters durable systems: codebases, CMS content, customer records, HR workflows, support histories, financial decisions, legal evidence, or operational runbooks. The organisation needs to know what was AIassisted, what was reviewed, and what was accepted as humanowned work.

That does not mean logging everything forever. Overlogging can create privacy, security, and cost problems. It means logging enough to reconstruct consequential actions.

Procurement is a Governance Control

Procurement is one of the places accountability can appear early or vanish quietly.

AI features now arrive through ordinary SaaS renewals, browser extensions, analytics tools, support platforms, CMS addons, office suites, and developer tools. A team may not think it has adopted a new AI system. It may think it has accepted a product update.

The accountable question is not only "which model?" It is who approved the feature, what data it can touch, whether it can be disabled, whether customer, employee, code, or confidential data is used for provider training, what audit logs exist, who supports incidents, and what happens at contract exit.

Security review needs to move with procurement, not arrive after the tool is already embedded in work. If procurement cannot say who owns the feature and its failure modes, it has not controlled the risk. It has only processed a purchase.

The OWASP GenAI Security Project's 2025 LLM risks are useful because they remind technical teams that LLM risks are not only about bad answers. Prompt injection, insecure output handling, excessive agency, sensitive information disclosure, supplychain risk, and other categories belong in architecture and procurement conversations.

The UK's NCSC secure AI system development guidelines add another practical point: secure AI is a lifecycle concern. Procurement should care not only about the feature being bought, but about how the system is designed, developed, deployed, operated, monitored, and changed.

Shadow AI is an Accountability Gap

Shadow AI is not just people using chatbots at work.

It is what happens when organisational pressure, useful tools, unclear policy, slow approval, and weak official options collide.

People use unapproved tools because they save time, because peers are doing it, because managers want faster output, because the approved tool is worse, or because nobody has explained the risk in a way that connects to their work.

The response cannot be only restriction. Restriction without a usable alternative creates quiet workarounds.

A healthier approach gives people approved tools that are genuinely useful, clear examples of allowed and banned uses, data classification that people understand, safe routes for proposing new use cases, training based on real work, consequences for reckless use, and support for people who ask before guessing.

This is an ownership problem. If the organisation demands AI productivity but does not provide safe adoption paths, it is helping create the behaviour it later calls noncompliant.

Exceptions Need a Route

Responsible systems need exception handling.

The model will be wrong. The data will be incomplete. The user will ask something unusual. The vendor will change behaviour. The prompt will fail in a way nobody predicted. The human reviewer will disagree with the recommendation. A user will complain. A regulator, customer, or internal risk team will ask what happened.

If the answer is "we will look into it", the system is not ready.

Define the route:

  • who can pause the workflow?
  • how can a user appeal or challenge the output?
  • who investigates failures?
  • where are investigation notes stored?
  • who can change prompts, tools, thresholds, or policies?
  • how are incidents reported?
  • how do lessons get fed back into the workflow?

At that point, responsible AI becomes ordinary operational discipline. It looks like incident management, support, change control, and product governance. Less glamorous, more useful.

The Eu AI Act Changes the Tone of the Conversation

The EU AI Act is not a substitute for local legal advice, and not every team will be working in the same regulatory context.

But it changes the tone.

It pushes organisations away from vague AI ethics language and towards risk categories, provider and deployer obligations, documentation, governance, and accountability. Even when a specific use case is outside the highestrisk categories, the direction of travel is clear: AI systems will be expected to have controls that can be explained.

For delivery teams, that means a simple habit is worth building now: write down why the system exists, what it can access, what it can change, who owns it, how people review it, and how failures are handled.

That habit is useful even before regulation enters the room.

Responsible AI is Not a Blocker

There is a lazy version of this argument where every control becomes a reason not to use AI at all.

That is not my view.

AI can help teams write, code, summarise, compare, triage, test, search, classify, and support users. Used well, it can remove real friction. Adoption should not be made impossible. Teams should stop pretending that fluency, speed, and convenience remove accountability.

The article AI will be OK if we stop treating it like magic takes the broader position. Treat AI like real technology. Real technology needs owners, constraints, logs, support, and a route for failure.

The more consequential the workflow, the more explicit those things need to be.

Wrapping Up

Responsible AI is not a slide, a slogan, or a committee note.

It is a set of ownership decisions.

Who owns the decision? Who owns the data? Who owns the tool? Who owns the vendor relationship? Who owns the logs? Who owns human review? Who owns exceptions? Who owns support? Who owns the consequence when the system is wrong?

If the organisation cannot answer those questions, it should not pretend it has made AI ethical by writing principles.

Principles matter. But in real delivery, accountability is where ethics either becomes real or disappears.

Key Takeaways

  • AI ethics becomes real only when it is translated into delivery ownership.
  • Start with the decision and consequence, not only the model.
  • Human review needs authority, context, time, and accountability to mean anything.
  • Data handling is an ethical issue, not only a privacy issue.
  • Provenance should cover tools, prompts, sources, approvals, and actions where consequences matter.
  • Procurement and security review are important AI governance controls.
  • Shadow AI is often a signal that official adoption paths are failing.
  • Exceptions, incidents, appeals, and support routes need owners before deployment.

Planning a platform change?

I help teams make difficult platform work clearer, from architecture decisions and migrations to launch recovery, performance, and search visibility.

Get in touch