Operating Model
Cultivate talent pool, proper team structure, ways of working and tooling solutions with robust risk management processes to implement and maintain AI governance across all organisational activities
Operating Model sub-dimensions
2.1 Governance (oversight and decision-making)
Establish governance that provides oversight, and guides decision-making and accountability for RAI implementation.
Detailed evidence required
AI governance forum TOR (terms of reference)
Requirement for Advanced level
Official document outlining the purpose, scope, members, and operational guidelines for the AI governance forum
2.2 Processes for identifying, assessing, and mitigating AI risks
Establish processes to identify, assess, and mitigate AI-related risks that involves defining and leveraging key risk indicators (KRIs) and existing risk management frameworks.
Examples of evidence
Set of defined KRIs (e.g., dashboard)
Requirement for Evolving level
Pre-defined set of key risk indicators (KRIs) that identify and track potential AI risks (e.g., through a dashboard)
Documented RAI processes
Requirement for Performing level
Written procedures/policies outlining the specific steps involved in identifying, assessing, and mitigating AI-related risks
Risk-based use case prioritisation framework
Requirement for Performing level
Use case evaluation framework includes criteria that prioritises use cases based on potential AI risks and alignment with the orgs. risk appetite
2.3 Roles and responsibilities
Define roles and responsibilities (involves RAI champions, ethics officers, RAI experts, etc.) to manage RAI transparently and effectively across the org.
Examples of evidence
Defined key roles and responsibilities
Requirement for Foundational level
Descriptions of essential roles and reporting structures, defining overview of responsibilities for each role
2.4 RAI talent
Identify and recruit/upskill individuals to possess the technical skills, ethical awareness and commitment to implement and maintain RAI within the organisation.
Examples of evidence
Job descriptions for RAI talent
Requirement for Evolving level
Job postings or internal descriptions outlining the skills and experience required for RAI-related roles
2.5 AI development protocol
Adopt a systematic and repeatable AI development process (incl. practices like documentation, customer testing, participatory design, and the “RAI by design” approach to incorporate risk management early in the design phase).
Examples of evidence
Standardised AI development protocol (incl. “RAI by design”)
Requirement for Performing level
AI development lifecycle protocols are standardised and documented, including established practices such as the “RAI by design” approach
2.6 RAI tooling solutions
Deploy tooling solutions to ensure AI governance, including an AI use case registry/registries (as appropriate based on how risk is managed by the organisation) to document and track AI use cases as applicable.
Examples of evidence
Use case registry/registries (e.g., in Excel)
Requirement for Foundational level
Registry/registries for documenting and tracking details of AI use cases (e.g., scope, value, costs, risks)
Step-By-Step
Guide
This guide outlines the steps companies can take to establish a foundational level of RAI maturity and offers practical recommendations on how to progress towards higher levels of maturity across the five dimensions.
Best Practice Tools
In this guide, you will find supporting tools and recommendations to help companies progress on the GSMA Responsible AI Maturity Roadmap. Developed by mobile operators, each example covers a specific sub-dimension required to operate at the highest level of maturity.
