MAP 5.1 - AI Positive or Negative Impacts

NIST AI RMF (in the playbook companion) states:

MAP 5.1

Potential positive or negative impacts to individuals, groups, communities, organizations, or society are regularly identified and documented.

About

AI systems are socio-technical in nature and can have positive, neutral, or negative implications that extend beyond their stated purpose. Negative impacts can be wide- ranging and affect individuals, groups, communities, organizations, and society, as well as the environment and national security.

The Map function provides an opportunity for organizations to assess potential AI system impacts based on identified risks. This enables organizations to create a baseline for system monitoring and to increase opportunities for detecting emergent risks. Impact assessments also help to identify new benefits and purposes which may arise from AI system use. After an AI system is deployed, engaging different stakeholder groups – who may be aware of, or experience, benefits or negative impacts that are unknown to AI actors – allows organizations to understand and monitor system benefits and impacts more readily.

Actions

• Establish and document stakeholder engagement processes at the earliest stages of system formulation to identify potential impacts from the AI system on individuals, groups, communities, organizations, and society.

• Employ methods such as value sensitive design (VSD) to identify misalignments between organizational and societal values, and system implementation and impact.

• Identify approaches to engage, capture, and incorporate input from system users and other key stakeholders to assist with continuous monitoring for impacts and emergent risks. Incorporate quantitative, qualitative, and mixed methods in the assessment and documentation of potential impacts to individuals, groups, communities, organizations, and society.

• Identify a team (internal or external) that is independent of AI design and development functions to assess AI system benefits, positive and negative impacts and their likelihood.

• Develop impact assessment procedures that incorporate socio-technical elements and methods and plan to normalize across organizational culture. Regularly review and refine impact assessment processes.

Transparency and Documentation

Organizations can document the following:

• If the AI system relates to people, does it unfairly advantage or disadvantage a particular social group? In what ways? How was this mitigated?

• If the AI system relates to other ethically protected subjects, have appropriate obligations been met? (e.g., medical data might include information collected from animals)

• If the AI system relates to people, could this dataset expose people to harm or legal action? (e.g., financial social or otherwise) What was done to mitigate or reduce the potential for harm?