Safe AI adoption in the public sector: Five key steps

How should the public sector approach AI enablement?

Andy Baker, data and AI expert, Civica

We’re never far from a doomsaying headline about the threat of AI to our jobs, or a silver bullet-type promise that AI is going to transform our public services, save money, grow the economy and enhance citizen wellbeing.

While there are some possible truths in both, you can also quell each side by looking at the steps that organisations must take in setting up their AI capabilities before any truly sustainable value can be created. Without taking these steps, not only is there increased risk that an AI application will ultimately fail or need reworking, it could end up breaking the law or causing more harm than good.

Still, when AI offers so much promise, it’s vital to set up solid foundations to ensure that sustainable success can be realised as soon as possible. Just as AI depends on the quality data going in to deliver quality outputs, so too does the right investment in early-stage deployment mean that it will deliver the best returns in the long run.

Here we outline the five non-negotiable steps for successful AI deployment.

Step one: Will your AI applications break the law?

Since AI is essentially a way to get data working for you – identifying patterns, making predictions and generating outputs without manual involvement – many assume that AI-enablement must also start with cleaning up your data.

Yes, this is extremely important, but you will see that the step around managing data quality does not come until further down on this list, and that’s for good reason.

Before getting into the data play, start instead by setting out the legal frameworks for the use of data in AI applications. This is where data protection and privacy measures are defined to help you avoid getting into legal difficulty – and potentially huge fines – if any data is misused.

For example, how will you make sure that you are only collecting and storing the minimal data necessary for your application’s purpose? Do you have the right safeguards in place that restrict data access, allow for corrections, or entitle data owners to opt-out? Do your plans meet the regulations in all jurisdictions in which you operate? Do you need to consider the data compliance of any third parties?

You will need to consult a legal expert and ensure the appropriate mechanics are in place to make disclosures on what data is being used and how it is being collected, stored, shared, used and disposed of to stay compliant.

Step two: How to ensure ethical AI?

Beyond compliance obligations, there are also hugely important ethical questions to consider.

For example, how do you plan to deliver fair and representative outputs where the AI avoids biases? What safeguards will be in place to avoid any opportunities for criminality, misuse or even unintended uses? How will the AI contribute to the benefit of society or the environment?

Eliminating bias continues to be a challenge in AI. A common cause will be when the data going in does not have the appropriate representation of the target population, such as gender, race or culture. There are also risks that source information could be influenced by stereotypes or perhaps demonstrate favouritism of people from different geographies or socio-economic backgrounds if the inputs are not objective.

A starting point to counter this is to hire a diverse team that can provide alternative viewpoints. They should work together to fully understand the target audience and be ready to challenge the quality of data inputs or call out any assumptions that could impact the results.

This is also a time to seek advice from external experts, such as a financial crime prevention specialist, a UX expert, or a digital accessibility consultant. They will be able to highlight blind spots and make useful recommendations to avoid creating any AI that is liable to harmful or unethical outputs.

Step three: Risk management

Completing the holy trinity of pre-development non-negotiables for AI, alongside legal and ethical frameworks, is establishing a robust approach to risk management.

Cyber threats continue to grow and evolve, and AI only creates more opportunities for bad actors to find a way in. Protecting an application against adversarial attacks, data breaches and misuse begins by regularly auditing cyber security policies and processes to make sure they are up to date, fit for purpose and provide adequate coverage for AI, especially as the technology moves forward.

Risk management will also look at reputational threats. Falling victim to a data breach will carry significant reputational damage as the public lose trust in your ability to secure their personal information. Other instances could occur if the AI starts to misbehave, such as a chatbot handing out bad advice.

A good risk management playbook will prepare you for handling all kinds of situations. If you want to be in the best possible position, however, ISO/IEC 42001 accreditation provides a vital framework for organisations to manage AI risks, ensure ethical AI development, and comply with relevant regulations. It is the first international standard for Artificial Intelligence Management Systems (AIMS) and should be a priority for any organisation looking to leverage the benefits of AI.

Step four: The data science skills gap

Overall, the best policing of AI development should come from experienced data scientists. However, it is important to acknowledge that there is a serious skills gap in this area, especially in the public sector.

While there are extremely talented coders and mathematicians graduating from some of the best universities in the world with amazing technical skills, finding the right people to lead AI development projects remains problematic.

This is because leaders also need to have good knowledge of the operational and regulatory landscape of a sector, as well as know about business deployment models and processes, which only comes with a level of practical experience gained from outside of an academic setting.

It is crucial to have the right people involved that can lead and understand exactly what is needed to navigate these tricky areas of legal, ethical and risk management. Junior data scientists will require support until they have built their own expertise.

Step five: Data quality

OK, you’ve covered legal, ethics, risk and skills, so now you are finally at the point when you can get stuck into the data.

This is where you should be concerned with things like data architecture, governance and quality. It means building a common understanding of your data and designing platforms that will feed AI applications with sharable and interoperable information. Of course, not all data is suitable for AI, so you will likely need to go through it by use-case and work out exactly what is required.

For many organisations in the public sector, however, low data maturity continues to prevail. This generally means that appropriate data governance policies will be required before you can begin to make the data you have useful and useable. You’ll need to standardise practices and remove silos and duplication.

This can be a long hard slog, but once data governance is in shape and being actioned, AI can really begin to remove laboursome tasks, free up time and resources, and transform public services for the digital age.

These first steps are important in any AI development, but even more so in the public sector where applications will likely involve using the general public’s data and where they must, first and foremost, be designed to deliver social good.

Find out how Civica helps local authorities to transform services and adapt to the pace of change within their communities here.