Overview
ABSTRACT
Operationalizing AI ethics is a major challenge for organizations. The Amazon, COMPAS and Obermeyer cases illustrate how AI systems can produce systemic discrimination despite the absence of malicious intent. This article proposes an operational framework for transforming ethical principles into concrete risk and impact management practices, based on the ISO/IEC 42001:2023 standard. We first show how this standard aligns with GDPR requirements in Europe and Law 25 in Quebec. We then detail the integration of risk and impact management at different stages of the AI systems lifecycle. Finally, we present operational tools (lifecycle × risks × controls matrix, indicators, organization) and a progressive roadmap for implementation. The illustration through an HR system case demonstrates the practical application of the framework.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Schallum PIERRE: Advisor on Responsible AI, Ethics, and Innovation at the Institute of Intelligence and Data at Laval University, member of the ISO/IEC JTC 1/SC 42 Artificial Intelligence committee, and co-founder of the non-profit organization Réseau d'expertise en éthique de données (REED)
INTRODUCTION
The growing interest in the use of artificial intelligence is transforming industrial processes, public services, and various sectors such as healthcare and finance. Recommendation tools, predictive algorithms, anomaly detection systems, and generative models are becoming the building blocks of information systems. These applications create opportunities, but they also introduce new challenges that go beyond traditional IT risks: bias and discrimination, privacy violations, opaque decision-making, data dependency, and model-specific vulnerabilities.
Several high-profile cases have highlighted these new risks. In 2016, a ProPublica investigation into the COMPAS algorithm—used by U.S. courts to assess the risk of recidivism—revealed that African American defendants were twice as likely to be incorrectly classified as high-risk compared to white defendants . In 2018, Amazon abandoned an automated recruitment tool after discovering that it systematically penalized female applicants . In 2019, Obermeyer et al. demonstrated that a commercial health management algorithm, deployed on a large scale in the U.S. healthcare system, systematically underestimated the care needs of Black patients compared to white patients with similar health conditions . The algorithm used historical healthcare costs as an indicator of future care needs, which led to an underestimation of Black patients’ needs due to their lower initial access to care. This is not an isolated case: in 2020, an...
Exclusive to subscribers. 97% yet to be discovered!
Already subscribed? Log in!
KEYWORDS
artificial intelligence | GDPR | AI ethics | ISO/IEC 42001 | AI risk management | Impact assessment | Law 25 | Algorithmic bias | Responsible AI
CAN BE ALSO FOUND IN:
AI Ethics: Risk and Impact Management According to ISO/IEC 42001:2023
Positioning AI Risk and Impact Management
Article included in this offer
"Technological innovations"
(
187 articles
)
Updated and enriched with articles validated by our scientific committees
A set of exclusive tools to complement the resources
Bibliography
Exclusive to subscribers. 97% yet to be discovered!
Already subscribed? Log in!
