There’s a document that exists, in various forms, inside most enterprises that have started deploying AI. It has a name like “AI Ethics Principles” or “Responsible AI Framework” or “Our Commitments on Trustworthy AI.” It lists values. Fairness. Transparency. Accountability. Human oversight. It was approved by a senior committee. It lives on an intranet page.
And then the engineering team ships a model and nobody quite knows how the document applies.
The Framework Wasn’t the Hard Part
The last few years produced a remarkable convergence of responsible AI frameworks. The UNESCO Recommendation on the Ethics of AI. The EU AI Act, working its way through active trilogue negotiations. And perhaps most practically, the NIST AI Risk Management Framework — published in January 2023 — which gave enterprises something genuinely useful: a structured four-function approach to AI governance across GOVERN, MAP, MEASURE, and MANAGE.
These frameworks are genuinely good work. They represent real thinking by smart people about how to handle the most consequential technology deployed at scale in human history. The issue isn’t the frameworks. The issue is the distance between a framework and a decision.
Because implementing responsible AI doesn’t happen in a document. It happens in a product review meeting at 4pm on a Thursday when two engineers disagree about whether the bias metric they’re seeing in test data is acceptable — and nobody in the room has a clear answer.
The Questions That Don’t Have Clean Answers
Here’s what responsible AI implementation actually confronts — and why the organisations that thought it would be an extension of their existing compliance work quickly discovered it was something more difficult.
What does fairness mean when your stakeholders define it differently?
A hiring algorithm that produces equal selection rates across demographic groups looks fair on one metric. An algorithm that produces equal error rates — equally likely to incorrectly reject a qualified candidate regardless of background — looks fair on a different metric. These two definitions of fairness are mathematically incompatible in most real datasets. You cannot optimise for both simultaneously. Choosing between them is not a technical decision. It’s a values decision disguised as a technical one.
How do you balance transparency with proprietary protection?
Enterprise AI models represent significant competitive investment. Full transparency — publishing model architecture, training data, decision logic — would expose that investment to competitors and potentially to adversarial manipulation. But opaque AI makes accountability nearly impossible. Regulators want to audit. Customers want to understand. The tension between “open enough to be trustworthy” and “closed enough to be commercially viable” has no clean resolution. It requires a negotiated position, case by case.
When an algorithm behaves unexpectedly, who’s accountable?
The vendor who built the model? The enterprise that deployed it? The team that configured it for the specific use case? The product manager who approved it? The answer in most organisations today is — genuinely — nobody in particular. Which means accountability exists in the framework document and almost nowhere else.
What Implementation Actually Requires
The pattern worth noting across organisations that have made real progress on responsible AI governance — not just framework publication, but operational practice — is that they’ve had to build four distinct capabilities. Not sequentially. Simultaneously.
Ethics review isn’t a one-time gate. It’s a recurring process — an internal capability that engages with specific deployment decisions, not just general principles. Organisations like Google, Microsoft, and IBM have established dedicated AI ethics boards that review product deployments before launch, with actual authority to delay or modify — not just advise.
Fairness testing requires investment that most ML pipelines weren’t originally built to support. Google’s Model Cards framework and Microsoft’s Datasheets for Datasets emerged precisely because the industry lacked standardised tooling for documenting and testing model behaviour across demographic subgroups. Both are in active enterprise use by this point — and both represent genuine infrastructure investment, not a checkbox.
Transparency documentation is harder than it sounds when the model is proprietary. The emerging practice is tiered transparency: full documentation shared with regulators and auditors under NDA, summary documentation shared with enterprise customers, and high-level explanation shared publicly. Not perfect. But a workable negotiation between openness and protection.
Accountability mechanisms are where most governance frameworks remain the weakest. Assigning clear ownership of AI behaviour — before an incident, not after — requires organisational design changes that most enterprises haven’t made. The conversations that follow an AI incident (“whose model was this? who approved it? who was supposed to be monitoring it?”) reveal, consistently, how much accountability exists on paper and how little exists in actual practice.
The Compliance Trap
There’s a version of responsible AI governance that organisations are tempted to pursue — and it produces a recognisable result.
Every ethics principle mapped to a policy. Every policy mapped to a process. Every process documented and filed. Audit trail complete. Governance programme: complete. Trustworthy AI: not meaningfully advanced.
The compliance trap is seductive because it’s measurable. Checkboxes checked. Documents signed. Committees convened. The problem is that the hard questions — what does fairness mean here? who is accountable when this fails? how transparent should we be with this customer about how this decision was made? — don’t get resolved by documentation. They get resolved by culture, judgment, and genuine organisational commitment.
The pattern worth understanding — visible across early implementations — is that organisations treating responsible AI as genuinely critical are moving more slowly in the short term and building something more durable. The organisations treating it as a compliance programme are moving faster toward a governance structure that will not hold under scrutiny.
Regulators are not the only audience for that scrutiny. Customers are too. And the evidence is accumulating that enterprise customers — particularly in regulated sectors — are increasingly making procurement decisions with AI trustworthiness as a meaningful evaluation criterion.
The Governance Thread Running Through This
There’s a thread worth connecting here. An earlier post in this series examined the FTX collapse through the lens of governance failure — specifically, how governance structures that existed on paper failed to function in practice because the culture, incentives, and accountability mechanisms that make governance real were absent.
Responsible AI governance faces the same structural risk. The frameworks exist. The principles are published. The committees are formed. What determines whether any of it functions is whether the organisation has built the accountability infrastructure to make the principles operational — and whether the people in the room at 4pm on Thursday actually know what to do with them.
The NIST AI RMF gave enterprises a genuinely useful map in January 2023. The EU AI Act, taking shape through active negotiation, will give them legal obligations. But maps and laws are still frameworks. The implementation — the cultural change, the operational capability, the judgment developed through difficult decisions — that part has to be built by the organisations themselves.
And the ones building it seriously are discovering that it’s less like a compliance project and more like an entirely new organisational competency.
The question worth sitting with: if someone asked your organisation today — not for the ethics document, but for evidence of how responsible AI principles actually changed a product decision in the last six months — what would the answer be?
Let’s keep learning — together
harish.balasubramanian 
Share your thoughts