The Department for Science, Innovation and Technology’s (“DSIT”) is seeking views on its AI Management Essentials tool (“AIME”). 

“AIME is a resource that is designed to provide clarity to organisations around practical steps for establishing a baseline of good practice for managing artificial intelligence (AI) systems that they develop and/or use.”

Through the consultation, DSIT would like to better understand how it can enable businesses of different sizes and sectors to implement robust AI management systems. DSIT has noted that it will use feedback received to ensure AIME is fit for purpose and supports organisations in implementing responsible AI management practices. 

Here we summarise DSIT’s guidance for using AIME. 

What is AIME? 

AIME: 

• is not designed to evaluate AI products or services themselves, but rather “evaluate the organisational processes that are in place to enable the responsible development and use of these products”;

• includes a self-assessment questionnaire designed to highlight the strengths and weaknesses of an organisation’s AI management system. The final version of AIME will also feature a scoring system and recommended actions for improvement; and

• is divided into three thematic areas (1) internal processes (overarching structures and principles underlying your AI management system); (2) managing risks (processes through which an organisation prevents, manages and mitigates risks); and (2) communication (communication with employees, external users and interested parties). 

Examples of questions within the self-assessment include whether the organisation:

• has an AI policy; 
• develops or uses AI systems that directly impact individuals; 
• conducts risk assessments of the AI systems its develops and uses; 
• ensures that the datasets used to develop its AI system are adequately complete and representative; 
• implements appropriate security measures to protect the data used and/or generated by its AI systems; and 
• has reporting mechanisms for all employees, users and external third parties to report concerns or system failures. 

Who is AIME for? 

AIME is designed for any organisation that develops, provides, or uses AI systems. It is particularly aimed at SMEs and start-ups that face challenges in engaging with existing AI management resources. Larger organisations can also use AIME to assess AI management systems for specific divisions or departments.

Why should businesses use AIME? 

The tool will not be mandatory but the guidance notes that it “will embed baseline good practice” in respect of AI systems. 

The guidance also highlights that “there may be opportunities to explore embedding AIME into public sector procurement frameworks for AI products and services”.

Some may see parallels with the government’s Cyber essentials programme, which ‘is a set of standard technical controls organisations should have in place to protect themselves against the most common online security threats’  and which developed into Cyber Essentials Plus (an additional verification scheme) (see here and here for more information).

Why did DSIT develop AIME?

DSIT notes that there are a number of standards and frameworks designed to help organisations effectively manage AI systems and its engagement with industry suggests “many organisations find it challenging to navigate this landscape and engage with these resources”. 

To address this, DSIT developed AIME to deliver “practical support and greater clarity for businesses”. AIME distils key principles from existing AI regulations, standards and frameworks. AIME is primarily based on ISO/IEC 42001, NIST Risk Management framework and the EU AI Act. 

If you would like to discuss how current or future regulations impact what you do with AI, please contact Tom Whittaker, Brian Wong, Lucy Pegler, Martin Cook,Liz Smith or any other member in our Technology team.

This article was written by Liz Smith and Tom Whittaker.