Emerging Consensus on AI Principles
There’s growing international alignment on core AI principles. This is evident in various instruments such as the UN Guiding Principles, OECD AI Principles, and the EU AI Act.
Challenges in Implementation
While principles are well-defined, translating them into practical action remains a hurdle. This relies on standards that might be technically focused and lack social awareness.
Introduction
The rapid development of AI, combined with growing public, industry and policymaker concerns about its potential negative impacts, has inspired the development of a series of instruments designed to prevent harm and promote accountability. These AI instruments share common principles, with transparency, accountability, explainability, risk mitigation, security and safety, and privacy emerging as the most prevalent themes. The consistent appearance of these AI principles across various instruments demonstrates an ongoing widespread consensus. However, these principles are general without clear guidance on how to implement them. This implementation is often left to standards which present challenges of their own.
Examining the evolution of international instruments applicable to AI governance, from the United Nations Guiding Principles on Business and Human Rights (UNGPs) to recent AI regulations and instruments, indicates whether this evolution trends toward common, actionable, responsible AI practices. Relevant in this context are the UN Guiding Principles (2011), the OECD AI Principles (2019) (and its 2024 update), the UNESCO Recommendation on the Ethics of Artificial Intelligence (UNESCO AI Recommendations) (2022), the US UN AI Resolution (2024), the Council of Europe AI Treaty (2024), the EU AI Act (2024), and the UN Global Digital Compact (2024).
From business harms to AI human impact
The AI instruments in question are diverse in nature, with their own approaches to transparency, accountability, explainability, risk assessment and mitigation, security and safety, privacy and enforcement. Select principles, like transparency and explainability, evolved significantly as AI developed, and as its potential impact was better understood. Other principles, like risk assessment, security and safety and privacy, have stayed fairly consistent. The challenge is thus not to reach an agreement on the definition of these principles, but on how to operationalize and enforce them.
Transparency
Transparency is a foundational principle for ensuring that other AI principles are upheld. This principle has evolved significantly, starting with the UNGPs’ obligation to communicate how human rights impacts were addressed. The EU AI Act and OECD AI Principles have further expanded transparency requirements, mandating disclosure of system capabilities, limitations, decision-making processes, and accuracy metrics. This evolution empowers users to challenge AI-driven decisions and enables deployers to use these systems more effectively by understanding their limitations.
Accountability
Accountability is a key concern for advocates of Responsible AI, as it helps prevent, mitigate, and address human rights impacts. The UNGPs strongly introduced this principle, and subsequent AI instruments have focused on applying it to AI systems.
The UNESCO Recommendations and EU AI Act have assigned specific responsibilities and liabilities to different actors in the AI ecosystem, ensuring a more structured approach to accountability in AI development and deployment.
Explainability
The OECD AI Principles introduced explainability as a way for those affected by AI to challenge outcomes based on understandable information. The EU AI Act and updated OECD principles have expanded explainability requirements, providing sufficient information to challenge AI outputs.
While the CoE AI Treaty’s final text omitted explainability, it was included in its report, highlighting its importance. Notably, the Global Digital Compact also omits this principle.
A challenge for explainability is that AI systems can be opaque even to their developers, some systems behave unexpectedly even after testing, making it hard to measure or determine their trustworthiness.
Risk Assessment and Mitigation
The UNGPs established a foundation for risk assessment and mitigation. Building on this, the UNESCO Recommendation on AI investigates the sociological and psychological effects of AI-based recommendations and advocates for testing systems in real-world conditions before release.
The EU AI Act imposes the first mandatory AI risk assessment (Risk Management System). Its upcoming implementation will set important precedents, including defining what constitutes an “acceptable” residual risk.
Security and Safety
The principle of security and safety is consistent across the documents. The OECD AI Principles translate this to the digital realm, requiring AI systems to be robust, secure, and safe throughout their lifecycle, avoiding unreasonable threats under normal or foreseeable misuse. The operation of this principle is imperative for systems’ proper functioning.
Privacy
This is a fundamental principle for advocates of responsible technological innovation, and is included in all instruments. The UNESCO Recommendations incorporate the requirement for a privacy impact assessment and a privacy-by-design approach. The Global Digital Compact calls on the UN to promote cooperation and harmonization of data governance initiatives. Consistent implementation of privacy principles will enhance user protection and facilitate cross-border interoperability.
Enforcement
The majority of the analyzed documents are considered soft law, lacking clear enforcement mechanisms. As international documents, they often rely on international pressure and calls for regulation. The EU AI Act is the only document with truly enforceable provisions, enforced by national authorities for market surveillance and control of designated AI systems. General-purpose AI will be enforced by the EU Office, which also coordinates a harmonized approach among national authorities. The Act includes clear penalties in the form of fines for non-compliance or false information.
While only the EU AI Act is legally enforceable, the other instruments, though considered ‘soft law,’ offer valuable guidance. These principles can influence future laws and protect users while safeguarding brand reputation. The EU AI Act’s potential Brussels effect could impact global AI regulation, similar to the GDPR.
Implementation Challenges
Although the principles have evolved and become more robust over time, they remain general guidance, leaving ambiguity on how to actually operationalize them. This lack of granularity leaves the specifics to standard setters. In the EU, the CEN-CENELEC is developing standards to help implement the EU AI Act, the implementation of these standards will shed some light into how the principles can be operationalized. In the risk management sphere, there are many frameworks with similar structure among them, like the ISO/IEC 23894:2023, and NIST AI Risk Management Framework (OECD.AI has a useful catalog of Tools and Metrics for Trustworthy AI). The Global Digital Compact sets the commitment to develop common standards. However, while standardization bodies are experts in industry matters, some critics are concerned about their ability to effectively incorporate social protection, and the ultimate impact this may have on human rights. Thus, human rights should be a fundamental pillar in the implementation of AI principles. Another obstacle for standards is that they are not enforceable per se, but they might acquire enforceability depending on the level of involvement the government has. For example the EU AI Act, the OSA and DSA make standards a presumption to have complied with the legislation. However, governments’ high interference with standards make the development of international standards more difficult. Lastly, international AI instruments have been criticized for their lack of consistent representation, as evidenced by the limited participation from various countries (as shown in the CSIS image).
Conclusion
International AI principles provide a foundation for responsible AI development, demonstrating global consensus on their importance. However, while these principles are well-established, their practical implementation remains a challenge, and is often operationalized through standards. Standard-setting organizations, though not directly enforceable, can play a crucial role. However, their technical focus and potential lack of social awareness raise concerns. The EU AI Act represents a significant step forward in operationalizing AI principles, but much remains to be seen, particularly regarding the accompanying measures and the pending EU AI Liability Directive.
Experts and stakeholders, like Brookings, ACM, and ITU have called on the international community to develop guidelines for operationalizing these principles. If standards are to be used, it’s imperative to involve human rights experts and train technical standards setters in understanding the human rights implications of technology and the need for safeguards against harm and abuse. A unified approach can ensure consistency of requirements across countries, facilitating trade and promoting human rights protection.
If you’re interested in learning more about Adapt’s work in this space, send us an email at team@weadapt.io
The Author
Cristina Herrera is a Senior Analyst at Adapt where she works on human rights, engagement with international organizations, regulation tracking and analysis and consumer trust & safety. She holds an LLB from the Autonomous University of Queretaro, a masters in Economics from UNAM and an LLM in Innovation, Technology and Law from the University of Edinburgh.
