What is the first step in addressing organizational harms in AI?

Starting with known risks and reviewing requirements is a critical first step in addressing organizational harms in AI because it allows for an informed foundation upon which to build further risk management strategies. By focusing on known risks, organizations can leverage existing data and insights to understand potential harms better and how they align with legal, ethical, and operational requirements. This approach not only prioritizes immediate issues that have already been recognized but also helps establish a baseline understanding of the current regulatory framework and expectations for AI use.

When organizations start by assessing known risks, they can identify specific requirements that must be met to mitigate those risks effectively. This proactive analysis ensures that preventative measures can be integrated into the AI deployment process. Additionally, understanding these known risks facilitates the identification of gaps in current practices, aligning operational behavior with compliance obligations, and laying a robust groundwork for addressing more complex or evolving risks in later phases of AI governance.

Other approaches may focus on continuous identification of harms or addressing new risks, but these strategies typically come after the initial assessment of known risks. By laying the groundwork with what is already understood about AI's impact, organizations are better positioned to develop comprehensive risk management frameworks.