Catalogue of Tools & Metrics for Trustworthy AI

These tools and metrics are designed to help AI actors develop and use trustworthy AI systems and applications that respect human rights and are fair, transparent, explainable, robust, secure and safe.

Overview Tools Metrics About the catalogue

AI and Data Protection Risk Toolkit

Website

The risks and benefits to individuals that arise from personal data processing using artificial intelligence(AI) are heavily context-dependant, and vary significantly across the diverse range of sectors, technologies and organisation types covered by data protection legislation. This toolkit will help you understand some of the AI-specific risks to individual rights and freedoms and provides practical steps to mitigate, reduce or manage them.

Developing AI is generally an iterative process. We have divided the risks and controls by high-levellifecycle stages to help as a guide to what risks and controls you should be considering at each stage.However, you should always ensure your processing is compliant with data protection legislation as awhole. The toolkit can also be divided by risk area. So, for example, if you are struggling to think ofhow to mitigate risks associated with data minimisation, then you can filter the risk area column toonly include information related to data minimisation.

You can use this tool as a way to assess the risks to fundamental rights and freedoms of individuals. By undertaking the practical steps suggested in line with what is expected under the legislation, these risks to fundamental rights and freedoms are reduced and compliance with data protection law becomes more likely. Documenting your assessment of the risk and the steps you take to mitigate them can help you demonstrate compliance with the legislation. We have provided additional cells to
illustrate how you could carry out an evaluation.

When scoring risks, we have provided four options, 'high', 'medium', 'low' and 'non-applicable'. The
assessment of risks will vary depending on the context, so you should undertake your own assessments of the risks identified.

Using the toolkit is entirely optional and you will not be penalised for not using it. Although this toolkit can complement data protection impact assessments (DPIA) that you are legally required to conduct where processing is likely to result in high risk to individuals, it is not designed to replace them.

Please note that this tool is not designed to be 'one size fits all' and each risk should be assessed in the
context in which you are developing and deploying AI. There may also be additional risks that apply to
your context that are not included in this toolkit.

About the tool

You can click on the links to see the associated tools

Developing organisation(s):

Information Commissioner's Office

Tool type(s):

Toolkit/software
Risk management framework
Guidelines

Objective(s):

Fairness
Privacy
Human Agency & Control
Robustness
Transparency

Impacted stakeholders:

Employees
Management
Specific policy communities

Purpose(s):

Event/anomaly detection
Forecasting/prediction
Goal-driven optimisation
Interaction support/chatbots
Personalisation/recommenders
Reasoning with knowledge structures/planning
Recognition/object detection

Target sector(s):

Industry & entrepreneurship
Social & welfare issues
Science & technology
Public governance
Innovation
Health
Finance and insurance
Employment & labour
Education
Digital Economy
Corporate governance

Country of origin:

United Kingdom

Lifecycle stage(s):

Operate & monitor
Deploy
Verify & validate
Build & interpret model
Collect & process data
Plan & design

Type of approach:

Technical
Procedural

Maturity:

Published document

Usage rights:

Open source/Permissive

Target groups:

Private sector
Professionals
Public sector
Technical community

Target users:

All employees

Stakeholder group:

Other

Validity:

Periodic review

Benefits:

Faster implementation
Improved ability to scale
Increased quality results
Open access material
Reduction in cost of implementation
Reduction in risk of failure
Responsible implementation

Geographical scope:

All countries & regions

People involved:

All employees
Clients
Government agencies
IT employees
Operations employees
Suppliers

Required skills:

Data
Domain expertise

Technology platforms:

Platform neutral

Tags:

ai risks
data documentation
data governance
demonstrating trustworthy ai
documentation
evaluate
evaluation
legal playbook
transparent
trustworthy ai
ai assessment
open source
ai governance
ai auditing

Modify this tool

Use Cases

There is no use cases for this tool yet.

Would you like to submit a use case for this tool?

If you have used this tool, we would love to know more about your experience.

Add use case

Disclaimer: The tools and metrics featured herein are solely those of the originating authors and are not vetted or endorsed by the OECD or its member countries. The Organisation cannot be held responsible for possible issues resulting from the posting of links to third parties' tools and metrics on this catalogue. More on the methodology can be found at https://oecd.ai/catalogue/faq.