ARTIFICIAL INTELLIGENCE & RESPONSIBLE

BUSINESS CONDUCT
Over the last decade, rapid advancements in artificial intelligence (AI) and machine learning have
opened up new opportunities for productivity, economic development, and advancements in
various sectors, from agriculture to healthcare. While current and future AI applications have the
potential to advance responsible business, they can also pose risks to human rights, the
environment and other important elements of responsible business conduct as addressed in the
OECD Guidelines for multinational enterprises.

For example, AI can unlock significant improvements in occupational health and safety through
automation of dangerous tasks. The use of AI in smart grids, smart cities and connected devices
can help reduce greenhouse gas emissions and aid in the adaptation to climate change.

On the other hand, the use of AI in hiring, law enforcement, lending, and other fields could lead
to discriminatory outcomes through the reliance on inappropriately biased data or algorithms.
Relying on and collecting increasing amounts of personal data, there is a risk of AI adversely
impacting privacy. When used in autonomous weapons systems, AI could lead to impacts on the
human right to life, personal security, and due process.

This background paper provides an overview of the different types of AI applications, the ways
in which humans and AI can interact, and potential adverse human rights and societal impacts
that AI technology may introduce.

Definition and Overview

The OECD defines an Artificial Intelligence (AI) System as a
machine-based system that can, for a given set of human-
defined objectives, make predictions, recommendations,
or decisions influencing real or virtual environments.1
When applied, AI has seven different use cases, also known
as patterns, that can
coexist in parallel within the same AI system.2

1. Hyper-personalisation uses AI to develop a profile of

each individual, and then having that profile learn and
adapt over time for a wide variety of purposes including

1 OECD, “Recommendation of the Council on Artificial Intelligence” (2019) Available at:

https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449
2 Source of diagram: Cognilytica, “The Seven Patterns of AI”(2019) Available at: https://www.cognilytica.com/2019/04/04/the-seven-patterns-

of-ai/
 displaying relevant content in online search, recommending relevant products, providing
personalized recommendations and so on. Hyper-personalisation is often used in
targeted marketing, for example, Netflix suggesting other shows and movies on its
platform based on relevant content the user already watched.3 Another example of
hyper-personalisation is in finance, with the movement away from traditional financial
credit scoring systems, which work by “bucketing” people into credit worthiness scores
based on an individual’s past data to a hyper-personalised 1:1 credit scoring system using
algorithms that look at the credit histories of individuals with similar characteristics in
order to produce targeted scores for an individual user.

2. Conversation and human interaction use cases involve machines and humans interacting
with each other through conversational content across a variety of methods including
voice, text, and image forms. For example, applications such as Wysa, Joyable and
Talkspace use chatbots to provide users with automated mental health care and conduct
mood and intent analysis. Other examples include digital assistants such as Siri and Alexa.

3. Applications using pattern and anomaly detection identify patterns in the data and higher
order connections between data points to see if they fit an existing pattern or if they are
an outlier or anomaly. For example, this type of AI is used in law enforcement to detect
financial fraud or money laundering, flagging purchases in unusual amounts or locations.4

4. Recognition uses machine learning and other cognitive approaches to identify and
determine objects or other data points within image, video, audio, text, or other primarily
unstructured data. This type of AI is used in facial recognition to verify someone’s identity,
for example in border control, to monitor the movement of people or to unlock a smart
phone. It can also be used in healthcare, in combination with anomaly detection, to
review pictures of skin conditions and provide potential diagnoses.

5. Goal Driven Systems use machine learning and other cognitive approaches to give
computer systems the ability to learn through trial and error. The primary objective of
these systems is to find the optimal solution to a problem. Use cases include bidding and
real time auctions. This type of AI has also been tested in games, for example when IBM’s
Deep Blue computer beat world champion Gary Kasparov in chess in 1997.5

6. Predictive analytics and decision support are used to understand how past or existing
conditions or behaviours can help predict future outcomes to help humans make better
decisions. An example of this is the application of an AI system to weather forecasting,
using data to assess past forecasts and improve predictions over time. With these
algorithms, humans still make the final decisions about what to do with the AI system’s

3 Forbes, “The Seven Patterns of AI” (2019) Available at: https://www.forbes.com/sites/cognitiveworld/2019/09/17/the-seven-patterns-of-

ai/#2e384e2c12d0
4 Forbes, “AI Is Predicting The Future Of Online Fraud Detection” (2019) Available at:

https://www.forbes.com/sites/louiscolumbus/2019/08/01/ai-is-predicting-the-future-of-online-fraud-detection/#736abeac74f5
5 Scientific American, “20 Years after Deep Blue: How AI Has Advanced Since Conquering Chess” (2017) Available at:

https://www.scientificamerican.com/article/20-years-after-deep-blue-how-ai-has-advanced-since-conquering-chess/

2
 predictions. This is called augmented intelligence, as opposed to other forms of AI which
are fully autonomous.

7. Autonomous systems are physical and virtual software and hardware systems that are
able to accomplish a task, reach a goal, interact with their surroundings, and achieve an
objective with varying degrees of human involvement; they require machine learning
capability that can without further human interaction i receive information about the real
or virtual environment , and predict the future behaviour of all elements in the system,
and plan for how to deal with those changes. An example of this is autonomous vehicles.

Human Interactions with AI

Humans interact with AI enabled technologies at different levels. Even where an AI system is
designed to operate autonomously there is a role for humans in the responsible development of
the system:

We can understand the different levels of human involvement with the example of an AI
application that helps doctors more efficiently diagnose patients. If the app provides augmented
intelligence, it may use hyper-personalisation, predictive analytics and decision support AI
patterns to inform the doctor on the “best” diagnosis, using the patient’s symptoms and medical
history for data, as well as verified medical sources. The app would suggest the most statistically
likely diagnoses. Based on the doctor’s feedback on correct and incorrect diagnoses the AI system
would learn to improve, becoming more accurate over time. Due to the doctor’s contribution to
how the app will synthesise the data moving forward, the human is in in the loop.

On the other hand, if the app was designed to use autonomous intelligence, it could continuously
review the patient’s profile and intake other new relevant information, adapting along the way
to improve the accuracy of its diagnosis without the help of a doctor. Apart from the design of
the app, humans are not in the loop in this process.

3
AI Actor Landscape

The ability of an AI system to augment human decision-making and to make changes

autonomously that impact how an end user interacts with an AI enabled product requires new
approaches to performing human rights due diligence around AI technologies. Different from a
standard physical product, where the relationship between the makers, supply chain, retailers
and consumer is linear, there is significant overlap and exchange in the AI landscape between
developers, vendors and end-users. Indeed, there remains a question of assigning responsibility
to different AI actors who either develop, sell, or deploy different technologies. The OECD
defines AI actors as “those who play an active role in the AI system lifecycle, including
organisations and individuals that deploy or operate AI”.

Source: OECD (2019) AI in Society: AI system lifecycle as defined and approved by the OECD Expert Group on AI (AIGO) in February 2019

Landscape of AI Developers, Vendors, and Users

Developers Cloud
Data Miners
Create AI Software, APIS, Component Parts, Developers Computing
& Providers Power
and/or Enabled Hardware

Vendors Developers
Sell AI Software, Component Parts, and/or Vendors that are also
Enabled Hardware; Includes Open Source Platforms Vendors
that facilitate AI Integration solutions

Private Private
End Users Governments
Sector
Civil Society Civil Society
Sector
Governments

High Risk Law Law

Military Military
Enforcement Enforcement
End Users

An example landscape of different AI actors across an AI system value chain provided as an illustration. It may not include all actors in the value
chain.

4
Developers
AI products are created by developers, through the following process:6
1. Ideation: Identifying a problem and priorities for the AI
2. Data Gathering: Selecting the appropriate data set for the AI to learn from
3. Method Selection: Selected the method for teaching the AI what to do with the data
4. Performance Testing: Testing the AI’s ability to perform the task it was taught

While due diligence should cover all stages of the product lifecycle, companies have the greatest
amount of leverage during the product development of AI technologies. By applying a “human
rights by design strategy,” developers can mitigate potential risks of technologies at every step
of development. Developer due diligence could include asking questions such as:
 Who will likely use the product and for what purpose?
 Is there the potential for misuse, poor handling or lack of enforcement of respective rules
and standards?
 Is there a chance that vulnerable groups will be especially impacted by the use of the
technology?

Vendors
Once a product is developed, it is sold by vendors to end-users, who deploy and operate the
technology. It is the responsibility of the vendor to conduct RBC due diligence at the point of sale
on the risks associated with the use of the product. Importantly, most AI developers also sell their
own products, for example, Microsoft, Apple, IBM, Amazon, and Google.

These companies may be contracted by governments or militaries directly to create specific

products, and as such, take on extended responsibilities of due diligence. Other companies, such
as Cisco, develop AI products that are distributed by its partners or third-party retailers.

Vendor due diligence could include asking questions such as:

 Was the product designed and assembled according to RBC standards?
 Is the product being sold directly to the end-user or to another distributor?
 Does the product come with an end-user agreement or training on AI limitations?

End Users
End users can be anyone, ranging from a government, to a government contractor to another
company, to an NGO to a member of civil society. When end users are government agencies or
government contractors, particularly militaries or private military and security companies, they
present higher risks of the technology being used for harm and require more stringent due
diligence.

6Adapted from Data Robot, (2019) “Machine Learning Life Cycle” Available at: https://datarobot.com/wiki/machine-learning-life-cycle/ and
Brook, Adrien (2019) Towards Data Science, “10 Steps to Create Your Very Own Corporate AI Project” Available at:
https://towardsdatascience.com/10-steps-to-your-very-own-corporate-a-i-project-ced3949faf7f

5
For many AI technologies that are licensed to end users, developers have the ability to monitor
the product, creating opportunities for human rights due diligence directly between the
developer and the end user. For example, developers and vendors can limit licensing renewals
with end users. End user due diligence could include asking questions such as:
 Does the product have a dual-use that is harmful?
 Was the product accompanied by guidance or training on its limitations?
 Has the product been altered in any way that may increase its potential RBC risks through
resale channels?

AI and RBC
RBC includes all interfaces between business and society with human rights playing a particularly
important role in the context of AI. The use of AI has the potential to be affiliated or linked with
various human rights harms, including the following:

Societal harm stemming from the use of AI can be the result of a business or government’s own
activities or can be directly linked to its business operations. As an element of due diligence there

6
 are opportunities for risk mitigation at all stages of AI development. The table below outlines
different types of harm:

TYPE OF HARM EXAMPLES OPPORTUNITIES FOR RISK OPEN QUESTIONS

MITIGATION

Purposeful Deepfake video designed to Investments in detection How can harmful deepfakes be
“harm by design” harm an individual’s technology prevented without curtailing the
reputation and right to freedom of expression?
privacy.

Harm caused by Biased training data leading Risk review during product What checks and balances are
inherent “side effects” to discrimination. development necessary to reduce risk of bias
Social media algorithm transfer or new biases in AI
promoting hate speech or Increased user transparency systems?
false information. How should business AI actors
provide greater transparency on
bias or hate speech risks? What
is the role of governments?

Harm caused by failure False positives by facial Product development How can the risks of harm caused
rates recognition in law Customer human rights due by AI failure be mitigated?
enforcement diligence What tools and systems are
needed to ensure appropriate
remediation and ensure “lessons
learnt”?

Harm caused by Political disinformation Customer and user due How should business AI actors
intentional misuse using data / AI systems diligence provide greater transparency on
use of AI to spread disinformation
or other harms? What is the role
of governments?

Harm caused by Hackers taking control of Product development What is the appropriate level of
security breach autonomous vehicles Public policy care to ensure security?

Collaborative Solutions
In response to the way AI is reshaping society, a number of companies, governments, and civil
society actors are putting in place risk mitigation measures. The most common approach is
developing and implementing principles for ethical and rights respecting AI. Companies such as
Google, Workday, TeliaSonera have issued ethical AI principles. Organisations such as the OECD
have put forward guidance, while civil society groups have put forward principles including the
Toronto Declaration and IEEE Principles. A landscape of ethical and rights based AI guiding
principles that have come out since 2016 is mapped in the chart on the next page.

7
To implement ethical AI principles, companies have taken steps including:

 Conducting human rights impact assessments on emerging technologies

 Driving collaboration and dialogue through industry and multi-stakeholder platforms
 Putting in place governance structures, such as internal review committees
 Advocating for public policy aimed at mitigating human rights risks related to AI

Intel and Microsoft are among the companies that have conducted human rights impact
assessments on emerging technologies. For ongoing risk review, Microsoft has created an
internal governance structure to identify and review risks, known as the AETHER Committee.

Collaborative platforms such as the Partnership on AI have emerged to connect companies with
external stakeholders, and bridge gaps to implement rights respecting mitigation at all stages of
the product lifecycle, spanning from development to deployment and including both public and
private sector actors.

Landscape of AI Ethical & Rights Based Principles*

Private Sector

Multi-
Stakeholder
Actor Type

Inter-
Governmental

Government

Civil Society

*Adapted from Harvard

2016 2017 2018 2019 Principled Artificial Intelligence

The OECD Directorate for Science, Technology, and Innovation (STI), with the Committee for
Digital Economy Policy, supports governments by measuring and analysing the economic and
social impacts of AI technologies and applications.

8
Further Reading
1. OECD (2019) “Artificial Intelligence in Society”Available at: http://www.oecd.org/going-
digital/artificial-intelligence-in-society-eedfee77-en.htm
2. OECD (2019) “Recommendation of the Council on Artificial Intelligence” :
https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449
3. BSR (2018), “Artificial Intelligence: A Rights-Based Blueprint for Business:
https://www.bsr.org/reports/BSR-Artificial-Intelligence-A-Rights-Based-Blueprint-for-Business-
Paper-01.pdf
4. Data & Society, (2018) “Governing Artificial Intelligence: Upholding Human Rights and Dignity” :
https://datasociety.net/wpcontent/uploads/2018/10/DataSociety_Governing_Artificial_Intellige
nce_Upholding_Human_Rights.pdf
5. AI for Good Global Summit (2017), “AI For Good Global Summit Report,”: Available at:
https://www.itu.int/en/ITU-
T/AI/Documents/Report/AI_for_Good_Global_Summit_Report_2017.pdf
6. Ada Lovelace Institute (2019), “Ethical and Societal Implications of Algorithms, Data, and AI: a
roadmap for research” Available at:
https://www.nuffieldfoundation.org/sites/default/files/files/Ethical-and-Societal-Implications-
of-Data-and-AI-report-Nuffield-Foundat.pdf
7. Cognilytica (2018), “What is ArtificiaI Intelligence?” Available at:
https://www.cognilytica.com/2018/10/08/white-paper-what-is-artificial-intelligence-for-
consumer-technology-association/

This paper was prepared by the OECD Centre for Responsible Business Conduct in the Directorate for Financial and Enterprise
Affairs in collaboration with Article One Advisors. It was produced with support from the Government of the Netherlands in order
to inform discussions at the OECD workshop on Responsible Business Conduct and Digitalisation taking place on 4 November 2019.
The authors are solely responsible for any remaining errors.
This document is published under the responsibility of the Secretary-General of the OECD. The opinions expressed and arguments
employed herein do not necessarily reflect the official views of OECD member countries. This document, as well as any data and
map included herein, are without prejudice to the status of or sovereignty over any territory, to the delimitation of international
frontiers and boundaries and to the name of any territory, city or area.
© OECD 2019