# ðŸ“˜ Week 11: Technology Governance & Ethics I - Frameworks & Principles

## MBA 590 - Advanced AI Strategy: Prompting and Agentic Frameworks

---

## Overview

As organizations deploy advanced technologies like LLMs and agentic systems, ethical considerations and robust governance become critical. This week introduces the fundamental principles and frameworks for responsible technology development and deployment. We'll explore established frameworks like NIST AI RMF, examine core ethical principles, and learn how to translate these into actionable organizational policies.

### Key Topics
- Ethical risks in AI and advanced technologies (bias, fairness, transparency, accountability)
- Overview of responsible AI frameworks (NIST, OECD, IEEE)
- Core principles for ethical technology development
- Translating principles into concrete policies
- Risk assessment and mitigation strategies
- Stakeholder considerations in governance

## ðŸŽ¯ Learning Objectives

By the end of this week, you will be able to:

1. Identify and assess key ethical risks in AI and advanced technology systems
2. Compare and contrast major responsible AI frameworks (NIST, OECD, IEEE)
3. Apply core ethical principles to technology decision-making
4. Translate abstract ethical principles into concrete organizational policies
5. Conduct risk assessments for AI/technology initiatives
6. Design governance structures appropriate for your organization
7. Balance innovation with ethical responsibility

## Academic Readings

1. **National Institute of Standards and Technology (NIST). (2023).** *AI Risk Management Framework (AI RMF 1.0).* (Focus on core principles and functions)

2. **Floridi, L., & Cowls, J. (2019).** *A Unified Framework of Five Principles for AI in Society.* Harvard Data Science Review, 1(1).

In [None]:
# Setup
import pandas as pd
import numpy as np
import matplotlib.pyplot as plt
import seaborn as sns
from typing import List, Dict, Tuple
import json

# Set style for visualizations
plt.style.use('seaborn-v0_8-darkgrid')
sns.set_palette('Set2')

print('Libraries imported successfully')

## 1. Key Ethical Risks in AI Systems

### Primary Risk Categories

#### A. Bias and Fairness
- **Data bias**: Historical biases in training data
- **Algorithmic bias**: Biases introduced by model design
- **Deployment bias**: Differential impact across user groups
- **Impact**: Discrimination, unequal treatment, legal liability

#### B. Transparency and Explainability
- **Black box problem**: Difficulty understanding model decisions
- **Stakeholder needs**: Different audiences need different explanations
- **Regulatory requirements**: Explainability mandates (e.g., GDPR "right to explanation")
- **Impact**: Lack of trust, compliance issues, poor decision-making

#### C. Accountability and Responsibility
- **Decision attribution**: Who is responsible when AI makes mistakes?
- **Liability chains**: Complex systems with multiple stakeholders
- **Human oversight**: Ensuring meaningful human control
- **Impact**: Legal liability, reputational damage, regulatory penalties

#### D. Privacy and Data Protection
- **Data collection**: Over-collection, unauthorized use
- **Data retention**: Storing data longer than necessary
- **Re-identification**: De-anonymized data risks
- **Impact**: Privacy violations, regulatory fines, loss of trust

#### E. Security and Safety
- **Adversarial attacks**: Manipulating model inputs/outputs
- **Model theft**: IP protection of AI systems
- **System failures**: AI making harmful decisions
- **Impact**: Security breaches, physical harm, financial losses

#### F. Environmental and Social Impact
- **Computational costs**: Energy consumption of large models
- **Labor displacement**: Job losses from automation
- **Societal polarization**: Amplification of misinformation
- **Impact**: Environmental damage, social inequality, democratic erosion

In [None]:
# Risk assessment framework

ethical_risks = {
    'Risk_Category': [
        'Bias & Fairness',
        'Transparency & Explainability',
        'Accountability',
        'Privacy & Data Protection',
        'Security & Safety',
        'Environmental Impact',
        'Social Impact'
    ],
    'Likelihood': ['High', 'High', 'Medium', 'High', 'Medium', 'Medium', 'Medium'],
    'Impact': ['High', 'Medium', 'High', 'Critical', 'High', 'Medium', 'High'],
    'Regulatory_Pressure': ['High', 'High', 'Medium', 'Critical', 'High', 'Medium', 'Low'],
    'Mitigation_Difficulty': ['High', 'Medium', 'Medium', 'Medium', 'High', 'Low', 'High']
}

df_risks = pd.DataFrame(ethical_risks)

# Convert to numeric for risk scoring
level_map = {'Low': 1, 'Medium': 2, 'High': 3, 'Critical': 4}
df_risks['Likelihood_Score'] = df_risks['Likelihood'].map(level_map)
df_risks['Impact_Score'] = df_risks['Impact'].map(level_map)
df_risks['Risk_Score'] = df_risks['Likelihood_Score'] * df_risks['Impact_Score']

print("ETHICAL RISK ASSESSMENT")
print("="*80)
print(df_risks[['Risk_Category', 'Likelihood', 'Impact', 'Risk_Score']].to_string(index=False))
print("\n" + "="*80)
print("HIGHEST PRIORITY RISKS (Risk Score â‰¥ 9):")
high_risks = df_risks[df_risks['Risk_Score'] >= 9].sort_values('Risk_Score', ascending=False)
print(high_risks[['Risk_Category', 'Risk_Score', 'Regulatory_Pressure']].to_string(index=False))

In [None]:
# Visualize risk landscape

fig, (ax1, ax2) = plt.subplots(1, 2, figsize=(16, 6))

# Risk matrix
scatter = ax1.scatter(df_risks['Likelihood_Score'], df_risks['Impact_Score'], 
                     s=df_risks['Risk_Score']*50, alpha=0.6, c=df_risks['Risk_Score'], 
                     cmap='YlOrRd', edgecolors='black', linewidth=1.5)

for idx, row in df_risks.iterrows():
    ax1.annotate(row['Risk_Category'], 
                (row['Likelihood_Score'], row['Impact_Score']),
                fontsize=9, ha='center', va='bottom')

ax1.set_xlabel('Likelihood', fontsize=12, fontweight='bold')
ax1.set_ylabel('Impact', fontsize=12, fontweight='bold')
ax1.set_title('Ethical Risk Matrix\n(Size = Risk Score)', fontsize=14, fontweight='bold')
ax1.set_xticks([1, 2, 3, 4])
ax1.set_xticklabels(['Low', 'Medium', 'High', 'Critical'])
ax1.set_yticks([1, 2, 3, 4])
ax1.set_yticklabels(['Low', 'Medium', 'High', 'Critical'])
ax1.grid(True, alpha=0.3)
ax1.set_xlim(0.5, 4.5)
ax1.set_ylim(0.5, 4.5)

# Add risk zones
ax1.axhline(y=2.5, color='orange', linestyle='--', alpha=0.3)
ax1.axvline(x=2.5, color='orange', linestyle='--', alpha=0.3)

# Risk scores comparison
colors = ['green' if x < 6 else 'orange' if x < 9 else 'red' for x in df_risks['Risk_Score']]
bars = ax2.barh(df_risks['Risk_Category'], df_risks['Risk_Score'], color=colors, alpha=0.7)
ax2.set_xlabel('Risk Score (Likelihood Ã— Impact)', fontsize=12, fontweight='bold')
ax2.set_title('Risk Score Rankings', fontsize=14, fontweight='bold')
ax2.axvline(x=6, color='orange', linestyle='--', alpha=0.5, label='Medium Risk')
ax2.axvline(x=9, color='red', linestyle='--', alpha=0.5, label='High Risk')
ax2.legend()
ax2.grid(True, alpha=0.3, axis='x')

plt.tight_layout()
plt.show()

## 2. Major Responsible AI Frameworks

### A. NIST AI Risk Management Framework (AI RMF 1.0)

**Purpose**: Voluntary framework to help organizations manage AI risks

**Core Functions**:
1. **GOVERN**: Establish and nurture a culture of risk management
2. **MAP**: Understand context and categorize AI risks
3. **MEASURE**: Assess, analyze, and track AI risks
4. **MANAGE**: Allocate resources to mapped and measured risks

**Key Characteristics**:
- Valid: Technical accuracy and effectiveness
- Reliable: Consistent performance
- Safe: No unacceptable harm
- Secure: Protected from threats
- Resilient: Handles exceptional conditions
- Accountable: Clear responsibility
- Transparent: Documented and explainable
- Explainable: Understandable to stakeholders
- Interpretable: Clear meaning of outputs
- Privacy-enhanced: Protects personal data
- Fair: No harmful bias

### B. OECD AI Principles

**Five Value-Based Principles**:
1. **Inclusive growth**: AI should benefit all of humanity
2. **Sustainable development**: Environmental and social responsibility
3. **Human-centered values**: Respect for human rights and dignity
4. **Transparency**: Understandable and explainable
5. **Robustness**: Safe, secure, and accountable

### C. IEEE Ethically Aligned Design

**Eight Principles**:
1. Human Rights
2. Well-being
3. Data Agency
4. Effectiveness
5. Transparency
6. Accountability
7. Awareness of Misuse
8. Competence

### D. Floridi & Cowls: Five Principles for AI in Society

1. **Beneficence**: Promoting well-being, preserving dignity, sustaining the planet
2. **Non-maleficence**: Privacy, security, capability caution
3. **Autonomy**: Decision-making power of humans
4. **Justice**: Fairness, non-discrimination, solidarity
5. **Explicability**: Intelligibility and accountability

In [None]:
# Framework comparison

frameworks = {
    'Framework': ['NIST AI RMF', 'OECD', 'IEEE EAD', 'Floridi & Cowls'],
    'Primary_Focus': [
        'Risk Management',
        'Values & Governance',
        'Design Principles',
        'Ethical Foundation'
    ],
    'Scope': ['Broad', 'Very Broad', 'Technical', 'Philosophical'],
    'Actionability': ['High', 'Medium', 'High', 'Low'],
    'Industry_Adoption': ['Growing', 'High', 'Medium', 'Low'],
    'Best_For': [
        'US organizations, risk-focused approach',
        'International organizations, policy makers',
        'Technical teams, designers',
        'Ethical foundations, academic research'
    ]
}

df_frameworks = pd.DataFrame(frameworks)

print("RESPONSIBLE AI FRAMEWORKS COMPARISON")
print("="*80)
for idx, row in df_frameworks.iterrows():
    print(f"\n{row['Framework']}:")
    print(f"  Primary Focus: {row['Primary_Focus']}")
    print(f"  Scope: {row['Scope']}")
    print(f"  Actionability: {row['Actionability']}")
    print(f"  Industry Adoption: {row['Industry_Adoption']}")
    print(f"  Best For: {row['Best_For']}")

In [None]:
# Map frameworks to ethical principles

principles_coverage = {
    'Principle': [
        'Fairness',
        'Transparency',
        'Accountability',
        'Privacy',
        'Security',
        'Safety',
        'Human Rights',
        'Sustainability'
    ],
    'NIST': ['âœ“âœ“', 'âœ“âœ“âœ“', 'âœ“âœ“', 'âœ“âœ“', 'âœ“âœ“âœ“', 'âœ“âœ“âœ“', 'âœ“', 'âœ“'],
    'OECD': ['âœ“âœ“', 'âœ“âœ“', 'âœ“âœ“', 'âœ“', 'âœ“', 'âœ“âœ“', 'âœ“âœ“âœ“', 'âœ“âœ“âœ“'],
    'IEEE': ['âœ“âœ“', 'âœ“âœ“', 'âœ“âœ“âœ“', 'âœ“âœ“âœ“', 'âœ“âœ“', 'âœ“', 'âœ“âœ“âœ“', 'âœ“'],
    'Floridi': ['âœ“âœ“âœ“', 'âœ“âœ“âœ“', 'âœ“âœ“âœ“', 'âœ“âœ“', 'âœ“', 'âœ“', 'âœ“âœ“', 'âœ“']
}

df_coverage = pd.DataFrame(principles_coverage)

print("\nPRINCIPLES COVERAGE BY FRAMEWORK")
print("Legend: âœ“ = Addressed, âœ“âœ“ = Emphasized, âœ“âœ“âœ“ = Core Focus")
print("="*80)
print(df_coverage.to_string(index=False))

## 3. Core Ethical Principles in Practice

### Applying NIST AI RMF: The Four Functions

#### GOVERN
**Objective**: Establish organizational culture and structure for AI risk management

**Key Activities**:
- Define AI governance structure
- Assign roles and responsibilities
- Establish risk tolerance levels
- Create policies and procedures
- Foster risk-aware culture

#### MAP
**Objective**: Understand AI system context and identify potential risks

**Key Activities**:
- Document system purpose and use cases
- Identify stakeholders and impacts
- Categorize risks (technical, societal, legal)
- Assess data quality and bias
- Map regulatory requirements

#### MEASURE
**Objective**: Assess and track AI risks quantitatively and qualitatively

**Key Activities**:
- Define metrics for trustworthy characteristics
- Test for bias and fairness
- Evaluate model performance
- Measure privacy preservation
- Conduct security assessments
- Monitor ongoing performance

#### MANAGE
**Objective**: Prioritize and respond to AI risks

**Key Activities**:
- Develop risk treatment plans
- Implement controls and safeguards
- Document decisions and rationale
- Establish incident response
- Continuous monitoring and improvement

In [None]:
# NIST AI RMF implementation template

def create_ai_rmf_template(system_name: str, use_case: str) -> Dict:
    """
    Create a structured AI RMF assessment template.
    """
    template = {
        'system_info': {
            'name': system_name,
            'use_case': use_case,
            'assessment_date': '2025-11-17',
            'risk_owner': '[To be assigned]'
        },
        'govern': {
            'governance_structure': {
                'board_oversight': 'TBD',
                'executive_sponsor': 'TBD',
                'risk_committee': 'TBD',
                'technical_lead': 'TBD'
            },
            'policies': [
                'AI Development Policy',
                'Data Governance Policy',
                'Ethics Review Process',
                'Incident Response Plan'
            ],
            'risk_tolerance': 'Medium'  # Low, Medium, High
        },
        'map': {
            'stakeholders': [],  # To be identified
            'potential_risks': [
                {'category': 'Bias', 'description': 'TBD', 'likelihood': 'TBD', 'impact': 'TBD'},
                {'category': 'Privacy', 'description': 'TBD', 'likelihood': 'TBD', 'impact': 'TBD'},
                {'category': 'Security', 'description': 'TBD', 'likelihood': 'TBD', 'impact': 'TBD'},
            ],
            'regulatory_requirements': [],  # GDPR, CCPA, etc.
            'impact_assessment': 'Required'
        },
        'measure': {
            'fairness_metrics': ['Demographic parity', 'Equal opportunity', 'Calibration'],
            'performance_metrics': ['Accuracy', 'Precision', 'Recall', 'F1-score'],
            'privacy_metrics': ['k-anonymity', 'Differential privacy', 'Re-identification risk'],
            'security_metrics': ['Adversarial robustness', 'Input validation', 'Access controls'],
            'monitoring_frequency': 'Monthly'  # Daily, Weekly, Monthly, Quarterly
        },
        'manage': {
            'risk_treatments': [],  # To be developed
            'controls': [
                'Human review for high-stakes decisions',
                'Bias testing in development',
                'Privacy impact assessment',
                'Security penetration testing'
            ],
            'incident_response': 'Defined',
            'continuous_improvement': 'Quarterly reviews'
        }
    }
    return template

# Example: Customer service chatbot
example_rmf = create_ai_rmf_template(
    system_name="Customer Service AI Agent",
    use_case="Automated customer inquiry resolution and support"
)

print("AI RMF ASSESSMENT TEMPLATE")
print("="*80)
print(json.dumps(example_rmf, indent=2))

## 4. Translating Principles into Policies

### From Abstract to Concrete

Ethical principles must be operationalized into specific policies and guidelines that teams can follow.

#### Example 1: Fairness Principle â†’ Bias Testing Policy

**Principle**: "AI systems should be fair and not discriminate"

**Policy**: 
- All AI systems impacting individuals must undergo bias testing
- Test across protected attributes (race, gender, age, etc.)
- Document disparate impact analysis
- Achieve <10% difference in outcomes across groups
- Annual re-testing for production systems

#### Example 2: Transparency Principle â†’ Model Documentation Standard

**Principle**: "AI systems should be transparent and explainable"

**Policy**:
- Complete model cards for all AI systems
- Document training data, performance metrics, limitations
- Provide explanation mechanisms appropriate to use case
- Make documentation accessible to stakeholders
- Update documentation with each model version

#### Example 3: Accountability Principle â†’ Human Oversight Requirements

**Principle**: "There should be clear accountability for AI decisions"

**Policy**:
- High-stakes decisions require human review
- Define escalation paths for AI uncertainties
- Maintain audit logs of all AI decisions
- Designate responsible parties for each system
- Establish appeal processes for affected individuals

In [None]:
# Policy translation framework

policy_translations = {
    'Principle': [
        'Fairness',
        'Transparency',
        'Accountability',
        'Privacy',
        'Security',
        'Safety'
    ],
    'Abstract_Statement': [
        'AI should be fair and unbiased',
        'AI should be explainable',
        'Responsibility should be clear',
        'Personal data should be protected',
        'Systems should be secure',
        'AI should not cause harm'
    ],
    'Concrete_Policy': [
        'Bias testing across protected classes; <10% outcome disparity',
        'Model cards + explanation mechanisms for all systems',
        'Human review for high-stakes; audit logs; designated owners',
        'Privacy impact assessments; data minimization; encryption',
        'Penetration testing; access controls; incident response',
        'Safety testing; human oversight; emergency shutoff'
    ],
    'Measurement': [
        'Demographic parity ratio',
        'Documentation completeness',
        'Audit trail coverage',
        'Privacy compliance score',
        'Security audit results',
        'Incident frequency'
    ],
    'Enforcement': [
        'Pre-deployment review',
        'Documentation gate',
        'Quarterly audits',
        'Automated checks',
        'Continuous monitoring',
        'Incident response'
    ]
}

df_policies = pd.DataFrame(policy_translations)

print("PRINCIPLE-TO-POLICY TRANSLATION")
print("="*80)
for idx, row in df_policies.iterrows():
    print(f"\n{row['Principle'].upper()}")
    print(f"  Abstract: {row['Abstract_Statement']}")
    print(f"  Concrete Policy: {row['Concrete_Policy']}")
    print(f"  Measurement: {row['Measurement']}")
    print(f"  Enforcement: {row['Enforcement']}")

## 5. Risk Assessment Methodology

### AI System Risk Categorization

Based on EU AI Act approach:

**UNACCEPTABLE RISK** - Prohibited
- Social scoring by governments
- Real-time biometric identification in public (with exceptions)
- Subliminal manipulation
- Exploitation of vulnerabilities

**HIGH RISK** - Strict requirements
- Critical infrastructure
- Education/employment decisions
- Essential services (credit, insurance)
- Law enforcement
- Migration/border management
- Justice administration

**LIMITED RISK** - Transparency obligations
- Chatbots (must disclose AI nature)
- Emotion recognition
- Biometric categorization
- Deepfakes (must label)

**MINIMAL RISK** - No restrictions
- AI-enabled video games
- Spam filters
- Recommendation systems (in most cases)

In [None]:
# AI system risk assessment tool

def assess_ai_system_risk(use_case: str, 
                          impacts_individuals: bool,
                          high_stakes: bool,
                          automated_decision: bool,
                          protected_attributes: bool,
                          reversible: bool) -> Dict:
    """
    Assess risk level of an AI system based on key characteristics.
    
    Returns risk level, required controls, and governance approach.
    """
    risk_score = 0
    
    if impacts_individuals:
        risk_score += 2
    if high_stakes:
        risk_score += 3
    if automated_decision:
        risk_score += 2
    if protected_attributes:
        risk_score += 3
    if not reversible:
        risk_score += 2
    
    if risk_score >= 10:
        risk_level = 'HIGH'
        controls = [
            'Executive approval required',
            'Comprehensive bias testing',
            'Human review of all decisions',
            'Full explainability required',
            'Privacy impact assessment',
            'Security penetration testing',
            'Quarterly audits',
            'Appeal mechanism required'
        ]
        governance = 'Strict oversight with dedicated review board'
    elif risk_score >= 6:
        risk_level = 'MEDIUM'
        controls = [
            'Director approval required',
            'Bias testing for key attributes',
            'Explanation capability required',
            'Privacy assessment',
            'Security review',
            'Semi-annual audits'
        ]
        governance = 'Regular review with risk committee'
    else:
        risk_level = 'LOW'
        controls = [
            'Manager approval',
            'Basic testing',
            'Standard security review',
            'Annual review'
        ]
        governance = 'Standard development process'
    
    return {
        'use_case': use_case,
        'risk_score': risk_score,
        'risk_level': risk_level,
        'required_controls': controls,
        'governance_approach': governance
    }

# Example assessments
test_cases = [
    {
        'use_case': 'Resume screening for hiring',
        'impacts_individuals': True,
        'high_stakes': True,
        'automated_decision': True,
        'protected_attributes': True,
        'reversible': False
    },
    {
        'use_case': 'Product recommendations',
        'impacts_individuals': True,
        'high_stakes': False,
        'automated_decision': True,
        'protected_attributes': False,
        'reversible': True
    },
    {
        'use_case': 'Internal document summarization',
        'impacts_individuals': False,
        'high_stakes': False,
        'automated_decision': False,
        'protected_attributes': False,
        'reversible': True
    }
]

print("AI SYSTEM RISK ASSESSMENTS")
print("="*80)

for test in test_cases:
    result = assess_ai_system_risk(**test)
    print(f"\n{result['use_case'].upper()}")
    print(f"  Risk Score: {result['risk_score']}")
    print(f"  Risk Level: {result['risk_level']}")
    print(f"  Governance: {result['governance_approach']}")
    print(f"  Required Controls:")
    for control in result['required_controls']:
        print(f"    - {control}")

## 6. Practical Exercise

### Translate a Principle into Policy

In [None]:
# YOUR TURN: Select a NIST principle and create organizational policy

my_ethics_policy = """
SELECTED PRINCIPLE: [Choose: Explainable, Fair, Secure, Privacy-Enhanced, etc.]

WHY THIS PRINCIPLE MATTERS TO MY ORGANIZATION:
[Explain the business/ethical rationale]

CONCRETE POLICY REQUIREMENTS:
1. [Specific requirement with measurable criteria]
2. [Specific requirement with measurable criteria]
3. [Specific requirement with measurable criteria]
4. [Specific requirement with measurable criteria]

IMPLEMENTATION GUIDELINES:
For Developers:
- [Specific action]
- [Specific action]

For Product Managers:
- [Specific action]
- [Specific action]

For Data Scientists:
- [Specific action]
- [Specific action]

MEASUREMENT & COMPLIANCE:
- Primary Metric: [How will you measure compliance?]
- Target: [Specific target value]
- Monitoring Frequency: [How often?]
- Review Process: [Who reviews and when?]

ENFORCEMENT:
- Pre-deployment: [What must happen before deployment?]
- Ongoing: [What happens during operation?]
- Non-compliance: [What are the consequences?]

EXCEPTIONS:
- When allowed: [Under what conditions?]
- Who can approve: [Who has authority?]
- Documentation required: [What must be documented?]

EXAMPLE SCENARIO:
[Describe a specific use case and how this policy applies]
"""

print(my_ethics_policy)

## 7. Discussion Questions

1. **Framework Selection**: Which responsible AI framework (NIST, OECD, IEEE, or Floridi) is most appropriate for your organization? Why?

2. **Principle Prioritization**: If you could only implement three ethical principles rigorously, which would you choose and why?

3. **Risk Tolerance**: How should your organization balance innovation speed with ethical safeguards? What's your risk tolerance?

4. **Trade-offs**: Transparency and privacy can conflict (explaining decisions may reveal personal data). How do you resolve such tensions?

5. **Measurement Challenges**: How do you measure abstract concepts like "fairness" or "accountability" in practice?

6. **Governance Burden**: How do you prevent ethics governance from becoming bureaucratic overhead that slows development?

7. **Global Operations**: If operating internationally, how do you harmonize different regulatory requirements (EU AI Act, US frameworks, etc.)?

8. **Stakeholder Conflicts**: When different stakeholders (customers, employees, shareholders, regulators) have conflicting interests, how do you prioritize?

### Your Reflections:

[Write your responses here]

## 8. Key Takeaways

1. **Ethics is not optional** - regulatory pressure and societal expectations make ethical AI a business imperative

2. **Multiple frameworks exist** - NIST, OECD, IEEE provide complementary approaches to responsible AI

3. **Principles need translation** - abstract ethics must become concrete policies with measurable criteria

4. **Risk varies by use case** - not all AI systems require the same level of governance

5. **Governance enables scale** - proper frameworks allow responsible deployment at scale

6. **Stakeholder engagement matters** - diverse perspectives strengthen ethical decision-making

7. **Measurement is challenging** - quantifying ethical performance requires thoughtful metrics

8. **Continuous improvement** - ethics governance must evolve with technology and societal norms

## 9. Looking Ahead to Week 12

Next week, we'll continue with **Technology Governance & Ethics II: Regulation & Implementation**.

We'll explore:
- Overview of regulatory landscapes (EU AI Act, GDPR implications)
- Practical implementation of governance frameworks
- Bias audits and transparency reporting
- Data privacy controls and security protocols
- Human oversight mechanisms

**Preparation:** Review your organization's current compliance obligations. What regulations currently apply to your AI/technology initiatives?

## Additional Resources

### Frameworks:
- NIST AI Risk Management Framework: [https://www.nist.gov/itl/ai-risk-management-framework](https://www.nist.gov/itl/ai-risk-management-framework)
- OECD AI Principles: [https://oecd.ai/en/ai-principles](https://oecd.ai/en/ai-principles)
- IEEE Ethically Aligned Design: [https://ethicsinaction.ieee.org/](https://ethicsinaction.ieee.org/)

### Ethics Research:
- Partnership on AI resources
- AI Ethics Lab guidelines
- Montreal Declaration for Responsible AI

### Implementation Guides:
- Google's Responsible AI Practices
- Microsoft's Responsible AI Standard
- IBM's AI Ethics framework

---

*End of Week 11 Notebook*