While the specific regulations may vary from one jurisdiction to another, there are a set of core principles that underpin most regulatory frameworks for AI. A robust monitoring strategy should be designed to provide evidence of adherence to these principles.

‍

1. Transparency and Explainability

Regulators want to see that organizations can explain how their AI models work. This doesn’t necessarily mean that you need to be able to explain the inner workings of a complex deep learning model, but you do need to be able to explain the factors that are driving its decisions. This is often referred to as explainable AI (XAI). Your monitoring strategy should include tools and processes for:

• Model Documentation: Maintaining detailed documentation for each model, including its purpose, the data it was trained on, and its known limitations.
• Feature Importance: The ability to identify which features in the data are having the greatest impact on the model’s predictions.
• Decision Audits: The ability to audit individual predictions to understand why the model made a particular decision.

‍

2. Fairness and Bias Detection

One of the biggest concerns for regulators is the potential for AI systems to perpetuate and even amplify existing biases. A key focus of any AI audit will be to assess whether a model is producing fair and equitable outcomes for different demographic groups. Your monitoring strategy must include:

• Bias Testing: Regularly testing your models for bias against protected characteristics such as gender, ethnicity, and age.
• Fairness Metrics: Monitoring a set of fairness metrics to ensure that your models are not having a disparate impact on different groups.
• Mitigation Strategies: Having a plan in place to mitigate any bias that is detected in your models.

‍

3. Accountability and Governance

Regulators want to see a clear line of accountability for the decisions made by AI systems. This means having a well-defined AI governance framework that includes:

• Clear Roles and Responsibilities: Defining who is responsible for the development, deployment, and monitoring of each AI model.
• A Human in the Loop: For high-stakes decisions, regulators will often expect to see that there is a human in the loop who can review and override the model’s recommendations.
• An Audit Trail: Maintaining a detailed and immutable audit trail of all model predictions and all access to the data used by the model.

A comprehensive AI monitoring strategy must address both the AI model itself and the data it relies on.

‍

Monitoring the Model

AI models are not static. Their performance can degrade over time as the data they are seeing in the real world drifts away from the data they were trained on. This is known as model drift. A robust model monitoring strategy should include:

• Performance Monitoring: Continuously monitoring the model’s key performance metrics (e.g., accuracy, precision, recall) to detect any degradation in performance.
• Drift Detection: Using statistical techniques to detect when the distribution of the input data has changed significantly.
• Retraining and Redeployment: Having a process in place to retrain and redeploy the model when its performance degrades.

‍

Monitoring Data Access

The data that is used to train and run AI models is often highly sensitive. Regulators will want to see that you have strong controls in place to protect this data and to monitor who has access to it. This is where Data Access Governance (DAG) comes in. A robust DAG strategy should include:

• Data Classification: Classifying your data based on its sensitivity so that you can apply the appropriate level of security controls.
• Access Control: Implementing the principle of least privilege to ensure that users only have access to the data they need to perform their jobs.
• Access Monitoring: Continuously monitoring all access to sensitive data and alerting on any suspicious activity.
• Audit Trails: Maintaining a detailed audit trail of all data access events.