AI governance

Why AI governance software isn’t enough to manage AI risks  

In 2023, AI went mainstream – to put it lightly – and governments pushed for AI regulation. In parallel, quite a few companies have put AI governance tools on the market. But are they really all you need to manage AI risks?  

As we’ve mentioned here countless times, more and more businesses are deploying AI – but the risks of AI are becoming increasingly clear as well. In response, the EU is set to adopt risk-based regulations for AI. With media attention for AI at all-time highs, the reputational risks of “bad” AI have never been greater. Consider DPD’s chatbot writing poems about how awful the delivery firm’s service really is, or a local California Chevrolet dealer’s chatbot making “binding” promises to sell brand-new cars for just one dollar. Both are not just examples of careless implementation, but also of the soaring media attention for AI failures and scandals. AI is a key driver of value for companies, but the media also love using its mistakes to drive traffic.  

There’s a clear market need for safeguards, and the EU has committed to providing clear rules on what should and shouldn’t be allowed. However, the private sector hasn’t been twiddling its thumbs either: quite a few companies, both startups and established firms, have developed platforms to more efficiently manage AI governance processes. In these toolsuites, companies often can follow up on compliance requirements and collaborate on risk management strategies. Some, of course, also give you useful technical insights on error rates and biases. Still, many of these tools are interactive checklists with shaky methodological foundations. After all, the real risks of AI can’t be captured in lists and numbers, as they require a thorough understanding of your business model, your operations, and even your relationship with your customers.  

The problem with using AI governance tools isn’t really the way these tools work, but rather the very nature of AI risk management: there’s much more to it than checking boxes and creating the right documents to present to the relevant authorities when so instructed. AI governance tools inevitably never give you the full picture, because they can’t replace the active engagement and holistic understanding that an AI risk management consultant can give you.  

These tools can be useful to help you collaborate better on AI governance, sure. But they can’t replace a proper risk management strategy. One example is awareness-building. To really do AI risk management well, they need to know what risks AI poses, how to evaluate outputs, and how to see when things could be going awry. Your people need to be on board, and that’s something a piece of software simply can’t give you. 

AI risk management is fundamentally a transformation project that covers your entire organization. That’s’ why AI governance tools should be part of an overarching risk management strategy that covers your processes, policies, technical infrastructure, and your people. AI governance tool can tie things together and make it easier to follow up on who’s doing what – but only after your organization has been transformed into an AI-ready company.  

There’s no point in subscribing to expensive software without having the proper systems in place. In fact, it’s worse than having nothing at all, because AI governance tools can give you a false sense of security – and, in fact, it’s good business for them to give you that sense of security. You might think you’re getting all the AI risk management you need for a fraction of the price, but that’s not accurate at all. It’s like buying an expensive bike without being properly trained to ride it – it leads to nothing but accidents.    

In the end, AI isn’t a fire-and-forget technology. If you commit to an AI project, you should be in it for the long haul. In most cases, your systems will get better with more data, while your organization’s risk management processes will continue to be streamlined. But to actually improve, you need to have the chance to do so. Just buying a toolsuite, tacking it onto your existing processes, and calling it a day doesn’t give you that chance.  

Have you procured an AI governance tool without first aligning your business processes, people, and technical capabilities? Or are you just interested in AI risk management? Don’t hesitate to get in touch with our EU AI Act Compliance Manager Koen Mathijs or contact your local Sparkle office.


Scroll to Top