University of Hertfordshire, profile picture
Uploaded byUniversity of Hertfordshire
302 views

Advanced IT Governance

Many people approach governance as they would a jigsaw puzzle, one piece at a time - as if they are all independent, disconnected, with only one pre-defined place they will fit!   The time when that might have been the case is long gone - everything is now connected and inherently complex to the point where exhaustive testing, in general, is combinatorially impossible, and fundamentally impractical! Today; people, machines, networks, devices, clouds, security, AI’s et al are stochastically coupled ‘influencers’ that dynamically interact in a complex and unpredictable ‘mesh’ that generally defies a complete description or understanding. In short; the behaviours of humans, machines, devices, and networks are emergent! This lecture addresses the numerous advances and operational challenges that mire the migration from a simplicity of governance to an increasingly intelligent driven by emergent connectivities, to conclude: “It is highly likely that ‘The End Game’ will see AI managing, and/or, controlling ‘The IT Governance Function’ across a wide spectrum of complex systems that each enjoy/rely on their own embedded AI based controllers, monitors and arbiters” Today we already see people being pushed to the periphery, and/or expunged from their traditional roles in machine, network, device, cloud, security, et al. AI managers, and management support, are necessary to deal with the complexity involved whilst simultaneously satisfying capacity demands and response times. The Governance Challenge Advanced artificial intelligence governance represents perhaps the most complex and consequential regulatory challenge of the 21st century, intersecting technical innovation, ethical considerations, economic interests, and geopolitical dynamics in unprecedented ways. As AI systems evolve from narrow applications to increasingly general and autonomous capabilities, traditional regulatory frameworks—designed for static technologies with predictable impacts—prove fundamentally inadequate for addressing the unique characteristics and risks of advanced AI systems. The governance challenge is multifaceted and evolving. Unlike previous technologies that developed incrementally with clear use cases and understood failure modes, advanced AI systems exhibit emergent behaviors, capability jumps, and cross-domain applications that defy conventional risk assessment approaches. The dual-use nature of AI technologies means that the same systems enabling medical breakthroughs or scientific discovery can potentially be repurposed for surveillance, manipulation, or more catastrophic applications. This complexity is compounded by the global and interconnected nature of AI development. Research advances propagate rapidly across borders through academic publications, open-source code, and talent mobility. Supply chains for AI development span multiple jurisdictions, from semiconductor manufacturing to cloud computing infrastructure to data collection.

Embed presentation

Downloaded 14 times
Prof Peter Cochrane OBE p e t e r c o c h r a n e . c o m A D V A N C E D I T G o v e r n a n c e 20 June 2025
Many people approach governance as they would a jigsaw puzzle, one piece at a time - as if they are all independent, disconnected, with only one pre- de fi ned place they will fi t! The time when that might have been the case is long gone - everything is now connected and inherently complex to the point where exhaustive testing, in general, is combinatorially impossible, and fundamentally impractical! Today; people, machines, networks, devices, clouds, security, AI’s et al are stochastically coupled in fl uences that dynamically interact… “There are no simple solutions to complex problems: but in this case we can be pragmatic in outlining the ‘status quo’ and highlighting the ongoing e ff orts to bring order to the many elements & components ” P r e c u r s o r
P a r a d o x ? “It is highly likely that ‘The End Game’ will see AI managing, and/or, controlling ‘The Governance Function’ across a wide spectrum of complex systems that each enjoy/rely on their own embedded AI based controllers, monitors and arbiters ” “Today we already see people being pushed to the periphery, and/ or expunged from their traditional roles in machine, network, device, cloud, security, et al. AI managers, and management support, are necessary to deal with the complexity involved whilst simultaneously satisfying capacity demands and response times.
A S tat e o f f l u x “Governance, by its very nature is a dynamic enterprise, but one now accelerating with technological developments in AI and Robotics. Frankly, it is way behind the wave, and struggling with revolutionary advancements in medicine, care, industries and warfare. We therefore see governments, institutions, and corporations, scrabbling to make sense of new opportunities and threats that demand the formulation suitable laws and regulations” The purpose of this lecture is therefore to contextualise Governance & its colourful journey/history/development in the application to IT .
Aristotle Bad men live that they may eat and drink Good men eat and drink that they may live How can you call a man free when his pleasures rule over him? Socrates Plato How should men live ? G o v e r n a n c e h a s A l o n g r i c h h i s t o r y “In the >2000 years since the Greek Civilisation, the key questions have not got any easier as technology and progress have introduced greater complexity - AI is now the big issue - and Quantum Computing may well be the next” 300 - 400 BC
D e f i n i t i o n The act or process of directing, controlling, and overseeing the activities of an organisation The complex system and framework of processes, functions, structures, rules, regulations, laws and norms born of the relationships, and interactions within and without an organisation The processes and structures through which decisions are made, rules are established, and laws are enforced in society The exercise of political, economic and administrative authority to manage a nation's affairs Law s Rules Ethics Behaviours Regulations Processes Leadership Oversight Functions Fram eworks Controls Steer ++++++
S ta n d a r d S + C O N T R O L S A R E V I T A L ! Public Safety Protection: Establish minimum safety requirements for products, services, and systems, preventing harm to consumers and workers through tested specs and protocols Quality Assurance: Provide consistent benchmarks for performance and reliability, ensuring products and services meet expected standards regardless of manufacturer or provider Economic E ffi ciency: Reduce costs by eliminating the need for custom speci fi cations in every transaction and enabling mass production through common design requirements Global Trade: Create common technical languages that enable international commerce by ensuring compatibility and mutual recognition across di ff erent markets and jurisdictions Innovation Foundation: Provide stable platforms upon which new technologies can be built, driving innovation through competitive compliance and continuous improvement processes Human advancement - progressively orchestrated by civilisations identifying what needed to be controlled and what could be free. Primary thinking culminated in ‘cost/risk - gain/ bene fi t guesses/estimates/analysis and the promotion of safe/ reliable/economic techniques, technologies, and processes
E U L a w s a n d R e g u l at i o n s General Data Protection Regulation (GDPR) - Privacy law a ff ecting all organisations processing EU residents' data, requiring consent, data portability, and breach noti fi cations. ePrivacy Directive - Governs electronic communications privacy, including cookies, direct marketing, and con fi dentiality of communications. Data Governance Act - Facilitates data sharing/reuse while ensuring data protection. Data Act - Regulates access & use of data generated by connected products and services. Digital Services Act (DSA) - Comprehensive regulation for digital services, requiring content moderation, transparency reporting, and risk assessments for large platforms. Digital Markets Act (DMA) - Targets large tech platforms ("gatekeepers") with speci fi c obligations including interoperability, data portability, and prohibitions on self-referencing. Platform-to-Business Regulation - Ensures fairness and transparency for businesses using online platforms and search engines. Network and Information Security Directive (NIS2) - Updated cybersecurity requirements for essential/important entities, including incident reporting and risk management measures. Cybersecurity Act - Establishes a cybersecurity certi fi cation framework Critical Entities Resilience Directive (CER) - Protects critical IT infrastructures n Society & commerce are subject to a complex framework of IT laws and regulations that vary by jurisdiction: here are some of the main categories and key examples:
E U L a w s a n d R e g u l at i o n s European Electronic Communications Code (EECC) - Framework for electronic communications networks and services, including 5G security requirements. Roaming Regulation - Ensures fair pricing for mobile services across EU borders AI Act - Comprehensive regulation classifying AI systems by risk levels, with speci fi cs for high-risk applications and prohibitions on certain AI practices Copyright Directive Requires platforms to obtain licenses for copyrighted content Database Directive - Protects database rights across the EU Software Directive - Harmonises copyright protection for computer programs. Consumer Rights Directive - Provides rights for online purchases and data requirements Unfair Commercial Practices Directive - Prohibits misleading and aggressive practices Digital Content Directive - Speci fi c consumer rights for digital content and services. European Accessibility Act - For various products 7 services including computers, mobiles Web Accessibility Directive - Mandates accessible websites & mobile apps for public sector bodies Treaty on the Functioning of the European Union (Articles 101-102) - Prohibits anti-competitive agreements and abuse of dominant market positions. Society & commerce are subject to a complex framework of IT laws and regulations that vary by jurisdiction: here are some of the main categories and key examples:
E U L a w s a n d R e g u l at i o n s Merger Regulation - Controls concentrations that may signi fi cantly impede e ff ective competition Payment Services Directive 2 (PSD2) - Regulates payment services and promotes open banking Markets in Crypto-Assets Regulation (MiCA) - Framework for cryptocurrency and digital assets. Digital Finance Package - Various regulations modernising EU fi nancial services law for the digital age Dual-Use Export Regulation - Controls export of dual-use items including certain technologies Foreign Direct Investment Screening Regulation - Allows EU countries to screen all investments Medical Device Regulation (MDR) - Governs software classi fi ed as medical devices General Safety Regulation - Vehicle safety requirements including cybersecurity for connected cars. Radio Equipment Directive - Technical requirements for radio equipment including IoT devices Foreign Direct Investment Screening Regulation - Allows EU countries to screen all investments Medical Device Regulation (MDR) - Governs software classi fi ed as medical devices General Safety Regulation - Vehicle safety requirements including cybersecurity for connected cars. Radio Equipment Directive - Technical requirements for radio equipment including IoT devices Society & commerce are subject to a complex framework of IT laws and regulations that vary by jurisdiction: here are some of the main categories and key examples:
E U L a w s a n d R e g u l at i o n s “The EU regulatory framework is comprehensive and continues to expand, with proposed legislation on liability for AI systems, digital identity wallets, and cyber resilience requirements for products with digital elements. Many of these regulations have extraterritorial e ff ect, applying to non-EU companies serving EU users or markets” “Individuals and small companies can often ignore some of this growing catalogue with little or no chance of being challenged/prosecuted/ fi ned. For large companies and institutions they must comply to survive and prosper! The majority of these ‘regulations’ are enforced through human e ff ort with suitable operating procedures and protocols, a very few can be/have been automated! Ultimately AI has a role in policing all these activities”
Mechanisation Steam Power Weaving Looms Cyber Physical Nano-Bio Tech AI, Robotics, IoT Mass Production Assembly Line Electric Power Automation Computer Control Water Power T H E B I G P i c t u r e O n e g i a n t l e a p a t a t i m e INDUSTRY 5.0 Smart Materials Programmed Form & Function Evolving Sentient Living?
Mechanisation Steam Power Weaving Looms Cyber Physical Nano-Bio Tech AI, Robotics, IoT Mass Production Assembly Line Electric Power Automation Computer Control Water Power T H E B I G P i c t u r e O n e g i a n t l e a p a t a t i m e INDUSTRY 5.0 Smart Materials Programmed Form & Function Evolving Sentient Living? Accelerating Human Progress
Mechanisation Steam Power Weaving Looms Cyber Physical Nano-Bio Tech AI, Robotics, IoT Mass Production Assembly Line Electric Power Automation Computer Control Water Power T H E B I G P i c t u r e O n e g i a n t l e a p a t a t i m e INDUSTRY 5.0 Smart Materials Programmed Form & Function Evolving Sentient Living? Accelerating Human Progress Sentient/Evolutionary Intelligent/Adaptable Electronic Mechatronic Electro-Mechanical Mechanical
Symbiotic society balancing ecological, social, & economic transformation, to realise/assure sustainable futures 13 Evolving Governance of OF Mankind and MAchines Human- Machine Augmentation “There are >>1,000 fold more machines on the planet than humans, and our dependency on them is total”
Symbiotic society balancing ecological, social, & economic transformation, to realise/assure sustainable futures 13 Evolving Governance of OF Mankind and MAchines Human- Machine Augmentation Mankind in Control Machines in Control “There are >>1,000 fold more machines on the planet than humans, and our dependency on them is total”
M A c h i n e s IN CONTROL Today: No drivers/pilots/controllers in the loop - a gradual-to-rapid transition - once accident rates for machines is a fraction for that of humans it’s over !
M a c h i n e s R U L E ? A I - G o v e r n a n c e
W h e n G o v e r n a n c e H u m a n / M a c h i n e F a i l ?
G o v e r n a n c e H u m a n F a i l !
G o v e r n a n c e H u m a n - T e c h n o l o g y F a i l u r e
W h e n M a n ag e m e n t N EE D O v e r R i d e s E n g i n e e r i n g 1986 NASA Challenger Launch: No Survivors ! An ethical and moral failure of the worst of the worst kind ! Mission/Management Critical V Life Critical
How The Heck …? NASA had been without a permanent CEO for 4 months and was in disarray The Flight Centre Director had mandated that there would be no more delays NASA was under political and media pressure to perform, to deliver…. Lower level employees were constrained by bureaucracy and were not heard The (Morton Thiokol) solid state boosters had known low temperature problems Morton Thiokol were also under commercial and political pressure The Engineers could not give a rock solid NO-GO statement So NASA Management took this as a GO!
W h e n E t h i c s D I E A N D T H R E AT S r u l e B o e i n g 7 3 7 M a x Fatal crashes 2018 & 2019 (>300 dead) - grounded all MAX jets. Crashes due to the flight control system relying on a single sensor & development/ certification issues An ethical and moral failure of the worst of the worst kind ! Management V Engineering
Engineering: Technology: Science Business: Management: Leadership Segue: HUMAN Ethics
Universality Ethics spans every aspect of human activity
Narrative http://scrippsmediaethics.blogspot.com/2013/09/do-ethics-and-bias-go-hand-in-hand.html Wo r t h a r e a d E.W.Scripps School of Journalism
“With great power comes a code of ethics”
Basics Ethics: Principles that govern a person's behaviour or the conducting of an activity Morals: Describe one's value set concerning what is right and what is wrong Essence: Doing the right thing - no matter what !
Positioning Ethics = Rules of behaviour based on ideas about what is morally good and bad A company, organisation, profession: may have its own code of ethics — its own set of rules/bounds on acceptable behaviours Philosophy = An area of study dealing with good and bad behaviour: what is morally right or wrong Belief = Something identified as being very important — usually singular (peace, work ethic, justice, accuracy, reliability…)
Short Form “Making the right decisions even if they disadvantage you in some way” • planet/environment • species/societies • country/nation • company/organisation • clients/customers • share holders/governors • our departments • employees/people/contractors • our departments • our families • our careers • our prosperity Scale of Priorities/ Subordination What is right for our Organisation/: ] Most Important Least Important
WORRY ABOUT THIS EVERY DAY “Making an error that results in a human injury or death”
WORRY ABOUT THIS EVERY DAY “Making an error that results in a human injury or death” M M M M M M M M M M M M M M M M A A A A A A A A A A A A A A A A A A A A A A A A A A F F F F F F F s s s s s s s s s s s s s P P P P P P P P P P P P P P P P P P P F F F F F F F s s s s s s s s s s s e s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s S S S S S S S S S S S S S S S S F F F F F F F N N N N N N N N N N N N N F F F F F F F w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w
WORRY ABOUT THIS EVERY DAY “Making an error that results in a human injury or death” Mission Critical: A design/component/decision Failure results in a catastrophe, potentially involving loss of life and/or severe environmental damage, or major safety hazards Production Critical: Failure sees a signi fi cant disruption of production or operations ($ $ $ $) Support Critical: Failure would impact production/operations but would not cause a complete shutdown Non-Critical: Failure would have minimal impact on operations or safety All within your Ethical and Code of Conduct/Practice envelope
General Paradox “An organisation of good, honest, ethical and well meaning people can result in bad an unethical behaviours” Entirely counter intuitive This emergent property is evident with animals, machines and AIs
General Paradox Pressure changes everything Values/Ethics can start to slip when there is a crisis…
At The Core “We endeavour to make the right judgement calls a n d d e c i s i o n s e v e n w h e n t h e y a r e disadvantageous to our personal situation and/or interests” Ethics Challenges Our: Relationships Loyalties Integrity Honesty Values +++ It tests our Strength & Nerve It tempts our Weaknesses
If… Rudyard Kipling If… Rudyard Kipling Ethics & Values “Easy to state but can be so very hard to hold on to”
P e r s p e c t i v e o f Governance Today The di ffi culty of managing/steering interconnected systems, institutions, and actors within a society cannot be overstated. The inherent complexity stems from a growing functional di ff erentiation of institutions with accelerating technological change, and the deepening of systemic, and globalised, interdependencies/di ff erences. It is about e ff ectively guiding a multifaceted network of actors and systems towards desired outcomes when simple, top-down control is no longer viable. “There are no simple solutions to complex problems”
U N I T E D NATIONS M E G A - G O V ’ & T h e P l a n e t
U N l ay e r s “This is a simpli fi ed (skeletal) representation as there are multiple layers under each of the above sections” “Provides a level of unity and cohesion across a planet of 8Bn people - this is not perfect, but it is all we have. Can we can do better?” “The complexity of the UN operation is on a monumental scale - demanding an AI solution with support/guidance ”
U N L a y e r s “Vital for globalisation, peace, and equitable standards of living that are sustainable”
G o v e r n m e n t s • Individual countries adopt widely di ff ering modes of governance • De fi ning who has authority to make decisions, and is accountable for the practices, behaviours, and performance of all organisations/country • Aiming to ensure ethical management, of peoples and operations across all districts and bodies with openness, transparency, and accountability to bene fi t all citizens, communities and society overall • A primary responsibility is the safety, security, and wellbeing of the population without bias or favour
G o v e r n m e n t Who RULES ? NONE Anarchy ONE Monarchy Dictatorship FEW Oligarchy Junta ALL ALL Democracy Direct Representation To survive & prosper societies need rules/regulations that span local to national - they also align internationally to enable trade, globalisation and resource sharing et al “Not all frameworks and systems lend themselves to collaboration, mature learning, adaptation, trade, and the betterment/bene fi cial opportunities available to their populations”
N O N A l i g n e D Unable to trade and bankrupting the once mighty USA - all down to rampant ignorance, lies, no moral or ethical code
Industrial AND P r o f e ss i o n a l S ta n d a r d S I N SYNC with Tech! “At the core of any organisation or relationship is trust, reliability, responsibility and an assumed level of knowledge and capability implicit to a successful outcome”
S ta n d a r d S A R E V I TA L ! Consumer Con fi dence: Give buyers reliable information about product capabilities & safety, enabling informed purchasing decisions and building trust in markets Regulatory Framework: A technical foundation for government regulations, providing measurable criteria for compliance and enforcement activities Interoperability: Ensure di ff erent systems, products, and services can interwork Professional Practice Guidance: Establish consistent methods/procedures for professional work, ensuring competence and accountability across di ff erent practitioners and operators Environmental Protection: Incorporate sustainability requirements and safeguards, helping industries minimise ecological impact while maintaining operational e ff ectiveness NPL Atomic Clock
S I B A S i s P h y s i c a l StandardS NPL Atomic Clock Used by scientists, engineers and public around the world - except for the USA. Pre fi xes added to the base units to scale measurements up or down when needed. Simpli fi es international manufacturing, supply chains, and support All measures traceable to atomic de fi nitions and values that can be replicated at multiple locations across the planet. This is foundational to the manufacture of the same product in multiple locations addressing di ff erent markets!
We, the members of the IEEE, in recognition of the importance of our technologies in a ff ecting the quality of life throughout the world, and in accepting a personal obligation to our profession, its members, and the communities we serve, do hereby commit ourselves to the highest ethical and professional conduct and agree: - to hold paramount the safety, health, and welfare of the public, to strive to comply with ethical design and sustainable development practices, and to disclose promptly factors that might endanger the public or the environment; - to avoid real or perceived con fl icts of interest whenever possible, and to disclose them to a ff ected parties when they do exist; - to be honest and realistic in stating claims or estimates based on available data; - to reject bribery in all its forms; E x e m p l a r
- to improve the understanding by individuals and society of the capabilities and societal implications of conventional and emerging technologies, including intelligent systems; - to maintain and improve our technical competence and to undertake technological tasks for others only if quali fi ed by training or experience, or after full disclosure of pertinent limitations; - to seek, accept, and o ff er honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others; - to treat fairly all persons and to not engage in acts of discrimination based on race, religion, gender, disability, age, national origin, sexual orientation, gender identity, or gender expression; - to avoid injuring others, their property, reputation, or employment by false or malicious action; - to assist colleagues and co-workers in their professional development and to support them in following this code of ethics. E x e m p l a r
H i s t o r i c a l P e r s p e c t i v e Circa 1855: Samuel Colt invented the revolver and revolutionised fi rearms manufacturing by pioneering the standardisation of parts and mass production. He conceived interchangeable parts, and assembly lines for faster, cheaper gun production. Traditionally, gun parts were individually crafted part-by-part. Colt famously gifted his revolver to o ffi cers on both sides of the American Civil War
The London and Blackwall Railway (1840) was the fi rst commercially successful railway to use the telegraph for e ffi cient tra ffi c management. Cooke and Wheatstone patented the fi rst commercial electric telegraph (1837). The system was successfully introduced on railways for signalling. Vail and Morse also developed a telegraph and the Morse Code around the same time 1896 “There was no universal time standards when the steam train was invented. Time varied village-to-village, town-to town, city-to-city, country-to-country and it was impossible to create workable time tables and the safe management systems for increasingly busy networks” The first commercial steam railway was the Stockton and Darlington 1825. It was designed to transport coal and, later, passengers. H i s t o r i c a l P e r s p e c t i v e
P e r s p e c t i v e “For all forms of man-made large scale network, standardised time information has to be ahead of all forms of communication and control” - Time information has to be ahead of the bits/bytes In short: - Control information has to be/get ahead of the bytes GPS < 10ns LAN < 1ms NTP ~ n x 10ms
S ta n d a r d Organisations International Organisation for Standardisation (ISO) Independent, non-governmental organisation develops and publishes international standards. Founded 1947 (Geneva) membership comprises national standards bodies globally. >23,000 ISO standards span a wide range of industries and disciplines. Among the well-known: ISO 9001 quality management, ISO 14001 environment management, andISO 27001 information security. International Electrotechnical Commission (IEC) Develops & publishes international standards for the electrical and electronics industries. Founded in 1906 (Geneva) it covers power generation and distribution, electronics, and renewable energy et al. Two of the most well-known are the IEC 60335 safety standard for household appliances and IEC 61850 standard for communication networks and systems American National Standards Institute (ANSI) Non-pro fi t organisation oversees industrial standards. Founded in 1918 (New York). Accredits standards organisations ensuring openness, transparency, & consensus-basis. Represents US in ISO and IEC. Coverage includes construction, engineering, healthcare, and IT et al. The most well- known are ANSI/ASHRAE 90.1 energy standard for buildings & ANSI/HI 9.6.4 pump testing ISO M3 Nut, Bolt & Washer
S ta n d a r d S Organisations European Committee for Standardisation (CEN) Develops and publishes EU standards. Founded 1961 (Brussels). Covers a wide range of areas, including construction, engineering, environmental management, and healthcare. Among the well known are EN 1090 standard for structural steel and aluminium construction and the EN ISO 14001 environmental management standard. CEN works closely with ISO and IEC to develop international standards globally and provides technical support to the EU and member states in developing/implementing standards-related policies/regulations. International Telecommunication Union (ITU) Specialised UN agency that develops and publishes standards for the telecom industry. Founded 1865 (Geneva). Covers a wide range of areas, including radio spectrum, satellite orbits, and Internet. Some well-known standards include ITU-R RF spectrum allocation and ITU-T telecoms. Used by businesses, governments et al globally to ensure that telecom products and services are safe, reliable, and of good quality. Compliance with ITU standards can also help reduce costs, improve e ffi ciency, and enhance compatibility. FCC Radio Frequency/Band Allocation + Modulation Modes
S E G U A E Largely Ignored ?: ISO focus on ensuring quality, reliability, and safety of software products through guidelines for ethical practices and sustainability. Standards include ISO/IEC 2500: Framework de fi nition for evaluating quality, and ISO/IEC 5055 focussed on structure “But the planet is running on very poor quality (energy wasteful) software systems” “Vast armies of coders have had poor/little/or no education/training” Out of Control ?: New and rapidly developing technologies sees governments, legal, bodies and standards organisations wrong footed and left behind in their wake with defacto situations created by rapid roll out and adoption at the leading edge. “AI is a prime example of a now ubiquitous technology without governance - but societies/ industries have already developed 100% core dependencies ” For decades software producers have assumed that the necessary computing power will always be available - but this is not assured, there are energy limits on the horizon for all forms of ‘bloatware’ including AI..
G o v e r n a n c e & I n d i v i d u a l S The governance of any organisation/institution/society is de fi ned by the sum of the ethical standards of the ‘component peoples’ their adherence to: the laws of the land; behavioural norms - including honesty, morals, and responsibilities they progressively embrace with advancing maturity. In reality individuals come with biases born of their family; parents, relations, home lives, communities, the education system, working environment, social media et al, along with religious and political induction & other belief systems …. “At the foundational core of all this is the ability to maintain acceptable ethical standards bounded by the limitations and expectations of legal systems, education/working and societal environments….”
The framework of rules, processes, and structures that control and steer an organisation De fi nes who has authority to make decisions, and is accountable for the practices, behaviours, and performance of the organisation Aims to ensure ethical management, people & operations with openness, transparency, and accountability to bene fi t all stakeholders, including the shareholders, employees, and wider community/society G o v e r n a n c e i n B u s i n e s s
G o v e r n a n c e G o v e r n m e n t Directs, controls and steers a nation by embracing all political decisions including the implementation of policies with accountability to the populous Systems and practices ensure the overall direction, e ff ectiveness, outcomes and accountability of all government entities in the state of the nation, vis defence and wellbeing of all individuals Ethical practices are demanded, with transparency, accountability, and full responsiveness, in the participation, and adherence to the rule of law.
G o v e r n a n c e ProfessionaL I N S T I T U T I O N S Directs, controls and steers a nation by embracing all political decisions including the implementation of policies with accountability to the populous Systems and practices ensure the overall direction, e ff ectiveness, outcomes and accountability of all government entities in the state of the nation, vis defence and wellbeing of all individuals Ethical practices are demanded, with transparency, accountability, and full responsiveness, in the participation, and adherence to the rule of law.
G o v e r n a n c e ProfessionaL I N S T I T U T I O N S Embrace a crucial role in regulating and promoting all professions: ensuring quality, competence, and ethical conduct of individuals and organisations. Structures and standards in the engineering, science, technology, design, operations, (et al) and practices vary widely profession-to-profession, and sector- to-sector, but the primary objective is to ensure the capabilities and standards of individuals, teams and organisations. Balancing every aspect of the e ff ectiveness of individuals & teams through fair and representative measures and outcomes relies on self-policing and mindfulness of the responsibility each individual carries. This is reinforced by overarching regulation, continuing education/experience, and the induction into professional bodies that act as supporting and guiding communities.
G o v e r n a n c e ProfessionaL I N S T I T U T I O N S Regulation: Ensures individuals have the necessary quali fi cations and experience Licensing /Accreditation: Grant practice licenses, legal status, chartered ranking Membership/Representation: Government interface for advisory support Professional Development: Continuing education oversight, legal/practice changes Standards: Issues, enforces and polices codes of conduct/practice/ethical issues Oversight/Accountability: Sets and makes judgement on behaviours and processes
G o v e r n a n c e IT - THE BASICS COBIT (Control Objectives for IT): A common framework/guide for managing IT resources and ensuring they align with business objectives ITIL (IT Infrastructure Library): Focused on IT service management with guidance on processes for delivering/managing IT services CMMI (Capability Maturity Model Integration): Improving the process of software development & maintenance, leading to better project outcomes COSO (Committee of Sponsoring Organisation's): Internal control and risk management, providing guidance on establishing/maintaining fi rm control FAIR (Factor Analysis of Information Risk): Identify, assess, and manage information and cyber risks.
T H E O L D R e a l ly ! ! A recommended draft of all the roles and responsibilities - very nice for a bank or large multinational, but impossible for a small company, and ‘the small’ dominate economic activity and su ff er the greatest risk. The landscape is so varied it is impossible to forge a general solution of this kind. We have to span the multi- national with vast economic and people resources, and the less well endowed large, medium, small, and virtual organisations… down to the ‘singleton’ operators
A d v a n c e d I T C o m p l i a n c e Strategic Evolution: From basic tech oversight to an integrated business discipline driving organisational competitiveness/change: sees 25-40% increase ROI on tech investments Business-Technology Integration: Dynamic, bidirectional relationships with tech driving strategy as much as business directs tech investments via continuous portfolio optimisation Multi-Layered Risk Management: Sophisticated frameworks addressing traditional operations alongside emerging algorithmic bias, data privacy violations, and supply chain vulnerabilities et al Proactive Compliance: Continuous monitoring & automated compliance validation across multiple jurisdictions & compliance-by-design principles embedded in system architectures. Value Optimisation: Sophisticated analytics decodes complex relationships between tech investments and business outcomes, using predictive models Beyond SLAs: Performance management to encompass business outcome metrics, user experience measurements, & ecosystem health indicators through balanced scorecards Architecture: Integrates deeply with enterprise architecture to create coherent technology ecosystems emphasising API- fi rst design, micro-services, and cloud-native principles
DevOps Alignment: Adapts governance principles to support agile methodologies through lightweight processes with automated compliance checks & security embedded validations Data Governance: This strategic asset fuels comprehensive frameworks addressing quality, privacy, security, and accessibility while enabling advanced analytics and AI applications. Management: Addresses complex multi-cloud environments through AI frameworks establishing consistent policies across providers while leveraging unique platforms AI/ML Governance: Establishes AI ethics committees, algorithmic audit processes, and frameworks for managing AI-related risks including bias, explainability, & accountability. Cybersecurity: Employs security-by-design principles with continuous monitoring and proactive threat management using intelligence and predictive analytics. Multi-Tiered Governance: Establishes executive steering committees, architectural review boards, and operational teams with clear decision rights and escalation paths. Evolved Roles: De fi nes new roles such as data stewards, cloud architects, AI ethics o ffi cers whilst emphasising cross-functional collaboration over traditional hierarchies.
Maturity-Based Implementation: Begins with comprehensive maturity assessments and creates multi-year transformation roadmaps balancing quick wins with strategic objectives. Change Management Focus: Requires sophisticated management addressing technical and cultural transformations with governance champions and comprehensive training programs. Continuous Improvement Discipline: Continuous improvement with regular assessments, feedback mechanisms, and adaptation to emerging challenges and technologies. Future-Ready Adaptability: Evolves to address emerging tech like quantum and edge computing, and sustainability requirements while maintaining core governance principles. Comprehensive Measurement: Multi-dimensional frameworks tracking innovation roll-out, risk reduction, and strategic alignment alongside traditional metrics. Future-Ready Adaptability: Evolves to address new tech eg quantum and edge computing, plus sustainability requirements while maintaining core governance principles Comprehensive Measurement: Implements multi-dimensional innovation enablement & tracking, risk reduction, and strategic alignment alongside traditional/established metrics
The charts that follow depict the conceptual macro-complexity of a leading edge/future system as envisaged by a co-human/AI team for just one set of boundary conditions, These have been extended to identify the critical components impacted by scaling - ie major banks and giant cooperations, down to a singleton specialist consultant. Ergo, it is clear that various degrees of outsourcing/sharing of AI-Governance functions, along with new powering models will be necessary, and there are in prospect a number of new tech/ business opportunities that will emerge. I T G o v e r n a n c e AI BASed FUTURE The future involves integration across the entire spectrum of functions and operations from IT and cyber security to every business and social aspect of an institution, organisation, and business. “I think we can safely assume that this is a task way beyond human ability alone; and it will demand a symbiotic relationship with AI to fully conceive and realise a full set of adaptive systems capable of leveraging the capabilities of future technologies and business models”
CDO/CIO/CTO Leadership Data/AI Team Intelligence & Automation Data/AI Team Intelligence & Automation Data/AI Team Intelligence & Automation Product Team Customer Focussed Data/AI Team Intelligence & Automation Platform Team Cloud(s) & APIs Data/AI Team Intelligence & Automation Experience Teams Customer Focussed F U T u R E G o v e r n a n c e M a c r o I N T e g r a t i o n
Agile Portfolio RoI Driven Funding Embedded IT Partners IT Fusion Partners Co-Innovation Nets Automation Smart Risk Management Predictive Insights Proactive Decisions Rapid R&D Fail/Learn Fast Agile Portfolio RoI Driven Funding Dev Ops Continuous Integration Agile Portfolio RoI Driven Funding Agile Portfolio RoI Driven Funding Monitoring Live Insights Business Owners Knowledge Sharing Agile Portfolio RoI Driven Funding Automation Real Time Releases Dynamic Strategy & Planning Governance AI-Oversight F U T U R E G o v e r n a n c e I N T e g r a t i o n D E T A I L
F U T U R E G o v e r n a n c e I N T e g r a t i o n D E T A I L
Today Business Dominated by People Owned by People Tomorrow Business Dominated by Machines ‘Owned by Machines’ ?????
IT Governance AI primary KEY The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
IT Governance AI primary KEY At the extremes of national and global organisations IT is the primary tech on which all functionality rides - from admin to automation and robotic production, AI is the nervous system that orchestrates success. IT is also a vital component of the management forecasting/decision loop and every level of management and machine… The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
IT Governance AI primary KEY All Business Data At the extremes of national and global organisations IT is the primary tech on which all functionality rides - from admin to automation and robotic production, AI is the nervous system that orchestrates success. IT is also a vital component of the management forecasting/decision loop and every level of management and machine… All Operations Data All R&D Data All Inventory Data Physical Oversight Cyber Oversight The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
IT Governance AI primary KEY All Business Data At the extremes of national and global organisations IT is the primary tech on which all functionality rides - from admin to automation and robotic production, AI is the nervous system that orchestrates success. IT is also a vital component of the management forecasting/decision loop and every level of management and machine… All Operations Data All R&D Data All Inventory Data Physical Oversight Cyber Oversight Attack Alert/Action Irregularity Alert/Action Failure Alert/Action The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
IT Governance AI primary KEY All Business Data At the extremes of national and global organisations IT is the primary tech on which all functionality rides - from admin to automation and robotic production, AI is the nervous system that orchestrates success. IT is also a vital component of the management forecasting/decision loop and every level of management and machine… All Operations Data All R&D Data All Inventory Data Device Data/ Control Net(s) Data/Control Cloud(s) Data/Control Access Data/Control Physical Oversight Cyber Oversight Attack Alert/Action Irregularity Alert/Action Failure Alert/Action The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
IT Governance AI primary KEY All Business Data “Behavioural Analysis returns biggest RoI” At the extremes of national and global organisations IT is the primary tech on which all functionality rides - from admin to automation and robotic production, AI is the nervous system that orchestrates success. IT is also a vital component of the management forecasting/decision loop and every level of management and machine… All Operations Data All R&D Data All Inventory Data Device Data/ Control Net(s) Data/Control Cloud(s) Data/Control Access Data/Control Physical Oversight Cyber Oversight Attack Alert/Action Irregularity Alert/Action Failure Alert/Action The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
IT Governance AI primary KEY All Business Data “Behavioural Analysis returns biggest RoI” At the extremes of national and global organisations IT is the primary tech on which all functionality rides - from admin to automation and robotic production, AI is the nervous system that orchestrates success. IT is also a vital component of the management forecasting/decision loop and every level of management and machine… All Operations Data All R&D Data All Inventory Data Device Data/ Control Net(s) Data/Control Cloud(s) Data/Control Access Data/Control Physical Oversight Cyber Oversight Attack Alert/Action Irregularity Alert/Action Failure Alert/Action In general the AI is not singular - multiple units are dispersed across the entire business platform ( fi xed & mobile) with exception reporting the norm The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
I T S e c u r i t y If humans are involved in anything they are always the primary risk, and the most di ffi cult to protect/defend against. A few are evil, but most are honest and just plain careless, or over kind, and helpful! * * * AI attacks may warrant an AI defence alone - the jury is out on this ones! So far, it appears that all forms of attack are initiated by humans The Dark Side is using AI and AL to create/breed new forms of attack
I T S e c u r i t y If humans are involved in anything they are always the primary risk, and the most di ffi cult to protect/defend against. A few are evil, but most are honest and just plain careless, or over kind, and helpful! * * * * * * * AI attacks may warrant an AI defence alone - the jury is out on this ones! * So far, it appears that all forms of attack are initiated by humans The Dark Side is using AI and AL to create/breed new forms of attack
Sociology of People Sociology of Things B E H a V I O U R A L A N A L Y S I S Might just be the ‘king pin’ that holds together our security Are any people and technology behaviours abnormal….? Just as we can be identi fi ed by where and what we eat, say, do; and how we walk, talk, type, behave; the friends and colleagues we meet; there is an equivalency for all our technologies!
NSA Insider attack Edward Snowden NSA 2013
NSA Insider attack Edward Snowden NSA 2013 Ed Snowden, a National Security Agency (NSA) contractor, leaked classi fi ed information about the agency's extensive surveillance programs, including PRISM & XKeyscore. These programs collected vast amounts of data, including phone records and internet activity, of US citizens and foreign telecoms agencies. Snowden's actions exposed the NSA's widespread surveillance activities and raised signi fi cant concerns about privacy and civil liberties.
Malicious employee Hates successful, happy, people & feels cheated Perhaps a bad, poor, disrupted, deprived home/childhood/education Probably something of a social mis fi t and/or sociopath/psychopath Likely intolerant less empathic - with fewer friends than most Normally angry and upset about almost everything Random acts of physical and software damage Open to suggestion and acting as an agent of crime Open to bribery and corruption and the stealing of almost anything
enraged employee F r u s t r a t e d b y f a i l u r e t o a d v a n c e Feels unappreciated and undervalued Always overlooked for promotion Really dislikes management chain At odds with the company values Stays on site & creates damaging failures and/or data changes Leaves the company and plants software bombs/backdoors Open to bribery and corruption and the stealing of IP
innocent employee Feels insecure - has become over helpful Naive, open, careless, needs to be seen to be useful Gullible and careless with information Talks too much when care is needed Unquestioning and so very supportive Random information and data Tends to be careless and make mistakes Open to being ‘steered’ by a skilled manipular
LAX Management F a i l u r e s o f d i s c i p l i n e a n d n a i v e t y
Corporation/Bank/Gov Large Company Small Company Singleton Secure Mobile Secure Mobile Secure Mobile Secure Mobile Insource ✓ ✓ ✓ IT Provision/Support Outsource ✓ ✓ ✓ ✓ ✓ ✓ ✓ Personal ✓ ✓ ✓ ✓ *************************** Insource ✓ ✓ Security Dept Outsource ✓ ✓ ✓?? None *************************** Corporate ✓ ✓ Machines & Devices Mix Corp & Private ✓ ✓ Private BYOD ✓ ✓ ✓ *************************** Internal ✓ ✓ Cloud(s) External ✓ ✓ ✓?? None ✓ ✓?? *************************** Cloud Depth In + Outsource >3 >2 1 0 - 1 ?? *************************** Corporate ✓ ✓ Art’ Intelligence(s) Distributed Open ✓ ✓ ✓ ✓ Personal ✓ ✓ ✓ ✓ *************************** People ✓ ✓ Devices ✓ ✓ Behavioural Analysis Machines ✓ ✓ ✓ ✓ ✓ Networks ✓ ✓ ✓ Traf fi c ✓ ✓ ✓ *************************** Public ✓ ✓ ✓ Personal ✓ ✓ ✓ ✓ Access/Log On Controlled ✓ ✓ ✓ Convoluted ✓ ✓ Perverse Maze ✓ *************************** IT Assurance P r o t e c t i o n As organisations become more tech (IT+AI+Robots) than human, it is essential we move deeper into the world of security at all levels as failure costs escalate….
Prognosis WE have to gather real data to test and prove/validate every element all of this to address the issue of machines potentially assuming full autonomy ! AI IT AI IT AI IT Gov Legals Regulators
Regulation: Ensure su ffi cient individuals have the necessary quali fi cations/experience Licensing /Accreditation: Grant practice licenses, legal status, chartered ranking Representation: Government and industry interfaces for advisory support Professional Development: Continuing education oversight, legal/practice changes Standards: Issues, enforcement and polices codes of conduct/practice/ethics Oversight/Accountability: Re fi ne tech judgement on behaviours and processes AI’s & Automation: Enable the machines to progressively embrace more responsibility Symbiosis: Foster new cultures that embrace AI as co-workers and collaborators F u t u r e I T / A I G o v e r n a n c e BIG Challenges
AI & IT Basics Ethics: If AI and IT harbour a shred of ethical understanding and/or practice, we can safely assume that it is but a shadow of it’s human designers and users; inadvertently imparted and subsumed - not some intent of design or evolution! Morals: Deciding what is right and what is wrong is not an attribute inherent in any machine - it has to be ‘programmed in’ - but needs to be differentiated from the ‘right and wrong’ of war machines! Essence: For machines to do the right thing - no matter what - is a very tall order for machines designed and programmed by humans and capable observing and learning from humans and their libraries of wars, crimes and other barbarisms ! Complexity: Our systems are now so big, distributed, diverse, and networked, we have no means to exhaustively test, and/or, indeed, fully understand them in isolation/singularly or partial/fully interconnected, operation and functionality
WE have to gather real data to test and prove all of this - and address the issue of letting machines potentially operate with full autonomy ! “When the machines make far fewer errors than we do, then it will be game over” fi le:///Users/petercochrane/Desktop/shutterstock_2379409263.eps Segue: IT+AI Ethics We are in virgin territory - no prior art ! We have never been here before and have to step beyond the established norms of: Business: Management: Leadership Engineering: Technology: Science Our IT/AI machines cannot address all this alone to a su ffi cient degree that satis fi es our human need for safety; acceptable levels of honesty, morality, conduct; and the future actions of autonomous individual entities as well as networked/collaborating groups - with fi xed, mobile and integrated multi-generational capabilities…
WE have to gather real data to test and prove all of this - and address the issue of letting machines potentially operate with full autonomy ! “When the machines make far fewer errors than we do, then it will be game over” Status Quo We are in virgin territory - no prior art ! The fi eld is experiencing rapid regulatory evolution with concrete implementation timelines, increased focus on practical governance frameworks, and growing emphasis on international cooperation - but signi fi cant challenges remain in balancing innovation with safety. Major Regulatory Developments **EU AI Act Implementation (2024-2027) In force from 01/08/24, with a phased implementation: Key prohibitions and AI literacy obligations e ff ective 02/02/25. General-purpose AI rules apply from 02/08/25. High-risk systems must comply by August 2026-27. This is the fi rst comprehensive AI framework based on a risk-based approach: minimal, high, unacceptable risk, and transparency risk. Global AI Safety Summit Progress (2025) Paris: Concluded with the "Statement on Inclusive and Sustainable AI for People and the Planet," focusing on bridging digital divides, AI safety and security, avoiding market concentration. However, concerns exist that France may prioritise economic ambitions over safety, with the o ffi cial AI safety track reduced to "AI Trust" discussions.
“When the machines make far fewer errors than we do, then it will be game over” We are in virgin territory - no prior art ! AI Behaviour Issues Recent incidents include AI coding assistants refusing to generate code, citing dependency concerns + reduced learning opportunities, demonstrating how AI is absorbing cultural norms from training data Military and Defense Applications DAROA funded the ASIMOV program in 2024 to develop metrics for evaluating ethical implications of autonomous weapon systems, highlighting ongoing concerns about lethal autonomous weapons. IEEE and Academic Initiatives Addressing robot ethics, legal, and user perspectives, with a focus on responsible robotics, privacy, security, safety, and diversity. The 10th Int Conf on Robot Ethics & Standards be held in July 2025. Service Robot Ethics Research identi fi es six main ethical concerns for service robots: replacement and labour implications, privacy & data protection, responsibility and accountability, trust/safety, social cues, and autonomy. Leadership UNESCO continues leading international e ff orts through its Recommendation on the Ethics of AI, with Thailand hosting Asia-Paci fi c's fi rst UNESCO Global Forum on AI Ethics in 2025. Status Quo
“When the machines make far fewer errors than we do, then it will be game over” We are in virgin territory - no prior art ! AI Safety Institutes Over 20 countries see signi fi cant advancement in monitoring of safety commitments at a meeting of this network in San Francisco 2024, with members including Australia, Canada, EU, France, UK, Korea, Industry Commitments Sixteen major AI companies, including Google, Meta, Microsoft, and OpenAI, pledged to develop AI technology safely, with commitments to transparency, internal accountability, and risk management. Governance Challenges Harvard's Michael Sandel argues business "can't have it both ways," refusing responsibility for AI's consequences while fi ghting government oversight, emphasising the need for self-regulation. Cultural and Language Testing Singapore published the AI Safety Red Teaming Challenge Report 2025, testing how large language models perform across different languages and cultures in the Asia Paci fi c region, involving over 350 participants from nine countries testing four LLMs for cultural bias.. Balancing Innovation and Safety There is ongoing tension between promoting AI innovation and ensuring safety. The global AI regulation landscape remains fragmented & rapidly evolving: earlier optimism giving way to complex realities Status Quo
RESPONSIBILITY E M P O W E R M E N T ETHICS & TRUST ALL IN our hands WE have to gather data as we go to test and prove everything anew - address the big issue of letting machines potentially operate with full autonomy or with a degree of human oversight ! In a sense: “when the machines make far fewer errors than we do, then it will be game over, but we might reserve the right to engineer a ‘kill switch’ and/or an override command line” BIG QUESTION: Can we teach AI morals & ethics ?
T h a n k Y o u www.petercochrane.com Q & A

More Related Content

PPTX
COI/ IT LAWS AND PRACTICES Module 1.pptx
byRBeze58
 
PPTX
#RegulatingCode IEEE SIIT conference 24092013
byChris Marsden
 
PPTX
SCL Annual Conference 2019: Regulating social media platforms for interoperab...
byChris Marsden
 
PPTX
The Governance of Emerging Technologies.pptx
byMark Leiser
 
PPTX
AI and Robotics policy overview - Adam Thierer (Aug 2022)
byAdam Thierer
 
PPTX
Marsden AI coregulation in Europe, Macquarie AILS
byChris Marsden
 
PDF
S1_4_2 Lorelien Hoet_content validated.pdf
byFinTech Belgium
 
PPTX
Tendencias globales en la regulación de la IA y estándares tecnológicos asoci...
byComisión de Regulación de Comunicaciones
 
COI/ IT LAWS AND PRACTICES Module 1.pptx
byRBeze58
 
#RegulatingCode IEEE SIIT conference 24092013
byChris Marsden
 
SCL Annual Conference 2019: Regulating social media platforms for interoperab...
byChris Marsden
 
The Governance of Emerging Technologies.pptx
byMark Leiser
 
AI and Robotics policy overview - Adam Thierer (Aug 2022)
byAdam Thierer
 
Marsden AI coregulation in Europe, Macquarie AILS
byChris Marsden
 
S1_4_2 Lorelien Hoet_content validated.pdf
byFinTech Belgium
 
Tendencias globales en la regulación de la IA y estándares tecnológicos asoci...
byComisión de Regulación de Comunicaciones
 

Similar to Advanced IT Governance

PDF
A full analysis of the available Security Frameworks for AI
byCarlo Dapino
 
PDF
Cybersecurity Rubicon: Emerging Threats
byKagrati3972
 
PDF
TEST EMBED
byCouncilofCanadianInn
 
PPTX
Introduction to telecom regulation
byIdongesit Williams (Ph.D)
 
PDF
Keita Nishiyama, Opening session
byOECD Governance
 
PDF
A Roadmap for Responsible AI Leadership in Canada
byCouncil of Canadian Innovators
 
PPTX
All Legislation Guide PowerPoint file which details current legislation
byadamlennox2
 
PDF
Technology governanace overview from nz nfp finance 2014
byHazel Jennings
 
PDF
'Alexa, how about the legal aspects of artificial intelligence (AI)?'
byMatthias Dobbelaere-Welvaert
 
PPTX
Publish expo 2012 agility without damnation
byAnne Caborn
 
PPTX
Marsden #icis2013
byChris Marsden
 
PDF
Written-Blog_Ethic_AI_08Aug23_pub_jce.pdf
byjiricejka
 
ODP
IISP NW branch meeting 15 nov 2012 security through governance, compliance…
byGurbir Singh
 
ODP
IT Security through governance, compliance and risk
byE Radar
 
PPTX
Artificial Intelligence co-regulation
byChrisMarsden13
 
PDF
S 1 _ 4 _ 1 _ Joan Carette ( 1 ). p d f
byFinTech Belgium
 
PPT
I walden
byOnkar Sule
 
PPTX
I walden
byOnkar Sule
 
PDF
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
byAndrew Clark
 
PDF
Governing algorithms – perils and powers of ai in the public sector1(1)
byPanagiotisKeramidis
 
A full analysis of the available Security Frameworks for AI
byCarlo Dapino
 
Cybersecurity Rubicon: Emerging Threats
byKagrati3972
 
TEST EMBED
byCouncilofCanadianInn
 
Introduction to telecom regulation
byIdongesit Williams (Ph.D)
 
Keita Nishiyama, Opening session
byOECD Governance
 
A Roadmap for Responsible AI Leadership in Canada
byCouncil of Canadian Innovators
 
All Legislation Guide PowerPoint file which details current legislation
byadamlennox2
 
Technology governanace overview from nz nfp finance 2014
byHazel Jennings
 
'Alexa, how about the legal aspects of artificial intelligence (AI)?'
byMatthias Dobbelaere-Welvaert
 
Publish expo 2012 agility without damnation
byAnne Caborn
 
Marsden #icis2013
byChris Marsden
 
Written-Blog_Ethic_AI_08Aug23_pub_jce.pdf
byjiricejka
 
IISP NW branch meeting 15 nov 2012 security through governance, compliance…
byGurbir Singh
 
IT Security through governance, compliance and risk
byE Radar
 
Artificial Intelligence co-regulation
byChrisMarsden13
 
S 1 _ 4 _ 1 _ Joan Carette ( 1 ). p d f
byFinTech Belgium
 
I walden
byOnkar Sule
 
I walden
byOnkar Sule
 
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
byAndrew Clark
 
Governing algorithms – perils and powers of ai in the public sector1(1)
byPanagiotisKeramidis
 

More from University of Hertfordshire

PDF
Mission Critical Mission Critical Science & Engineering November 2025.pdf
byUniversity of Hertfordshire
 
PDF
Research Methodologies in Business, Society, Engineering and Science
byUniversity of Hertfordshire
 
PDF
Advanced Soft Computing BINUS July 2025.pdf
byUniversity of Hertfordshire
 
PDF
Why AI is Needed Procurement and Supply Chains
byUniversity of Hertfordshire
 
PDF
Future Networking v Energy Limits ICTON 2024 Bari Italy
byUniversity of Hertfordshire
 
PDF
Applied Science: Thermodynamics, Laws & Methodology.pdf
byUniversity of Hertfordshire
 
PDF
Quantifying Artificial Intelligence and What Comes Next!
byUniversity of Hertfordshire
 
PDF
The Philosophy of Science
byUniversity of Hertfordshire
 
PDF
Future Telecoms Challenges & Opportunities
byUniversity of Hertfordshire
 
PDF
Thermodynamics - Laws Embracing Our Universe
byUniversity of Hertfordshire
 
PDF
Applied Science - Engineering Systems
byUniversity of Hertfordshire
 
PDF
IoT Yet to Come
byUniversity of Hertfordshire
 
PDF
The Scientific Meme
byUniversity of Hertfordshire
 
PDF
Uncanny Valley and Human Destiny
byUniversity of Hertfordshire
 
PDF
Resurgence of Technology Driven Change
byUniversity of Hertfordshire
 
PDF
Society 5.0: A Vital Symbiosis
byUniversity of Hertfordshire
 
PDF
Cyber Portents and Precursors
byUniversity of Hertfordshire
 
PDF
Technology Overlords Or A Symbiosis ?
byUniversity of Hertfordshire
 
PDF
THE FUTURE OF MOBILE NETWORKS
byUniversity of Hertfordshire
 
PDF
Quantifying Machine Intelligence Mathematically
byUniversity of Hertfordshire
 
Mission Critical Mission Critical Science & Engineering November 2025.pdf
byUniversity of Hertfordshire
 
Research Methodologies in Business, Society, Engineering and Science
byUniversity of Hertfordshire
 
Advanced Soft Computing BINUS July 2025.pdf
byUniversity of Hertfordshire
 
Why AI is Needed Procurement and Supply Chains
byUniversity of Hertfordshire
 
Future Networking v Energy Limits ICTON 2024 Bari Italy
byUniversity of Hertfordshire
 
Applied Science: Thermodynamics, Laws & Methodology.pdf
byUniversity of Hertfordshire
 
Quantifying Artificial Intelligence and What Comes Next!
byUniversity of Hertfordshire
 
The Philosophy of Science
byUniversity of Hertfordshire
 
Future Telecoms Challenges & Opportunities
byUniversity of Hertfordshire
 
Thermodynamics - Laws Embracing Our Universe
byUniversity of Hertfordshire
 
Applied Science - Engineering Systems
byUniversity of Hertfordshire
 
IoT Yet to Come
byUniversity of Hertfordshire
 
The Scientific Meme
byUniversity of Hertfordshire
 
Uncanny Valley and Human Destiny
byUniversity of Hertfordshire
 
Resurgence of Technology Driven Change
byUniversity of Hertfordshire
 
Society 5.0: A Vital Symbiosis
byUniversity of Hertfordshire
 
Cyber Portents and Precursors
byUniversity of Hertfordshire
 
Technology Overlords Or A Symbiosis ?
byUniversity of Hertfordshire
 
THE FUTURE OF MOBILE NETWORKS
byUniversity of Hertfordshire
 
Quantifying Machine Intelligence Mathematically
byUniversity of Hertfordshire
 

Recently uploaded

PDF
Achieving Interoperability in Healthcare IT: A Strategic Guide
byHart, Inc.
 
PPTX
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
PDF
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
DOCX
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
PDF
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
PDF
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
PDF
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
PDF
How to Connect HP LaserJet MFP M234dwe to WiFi
byPrinter Tales
 
PDF
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
PDF
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
PPTX
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
PDF
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
PDF
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
PDF
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
PPTX
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
PPTX
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
PDF
Unit 1.2 Components of a Computer System.pdf
bySanieBautista
 
PDF
IAI-Unit1-notes useful.............................
bydinesh620610
 
PDF
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
PDF
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
Achieving Interoperability in Healthcare IT: A Strategic Guide
byHart, Inc.
 
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
How to Connect HP LaserJet MFP M234dwe to WiFi
byPrinter Tales
 
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
Unit 1.2 Components of a Computer System.pdf
bySanieBautista
 
IAI-Unit1-notes useful.............................
bydinesh620610
 
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 

Advanced IT Governance

  • 1.
    Prof Peter CochraneOBE p e t e r c o c h r a n e . c o m A D V A N C E D I T G o v e r n a n c e 20 June 2025
  • 2.
    Many people approachgovernance as they would a jigsaw puzzle, one piece at a time - as if they are all independent, disconnected, with only one pre- de fi ned place they will fi t! The time when that might have been the case is long gone - everything is now connected and inherently complex to the point where exhaustive testing, in general, is combinatorially impossible, and fundamentally impractical! Today; people, machines, networks, devices, clouds, security, AI’s et al are stochastically coupled in fl uences that dynamically interact… “There are no simple solutions to complex problems: but in this case we can be pragmatic in outlining the ‘status quo’ and highlighting the ongoing e ff orts to bring order to the many elements & components ” P r e c u r s o r
  • 3.
    P a ra d o x ? “It is highly likely that ‘The End Game’ will see AI managing, and/or, controlling ‘The Governance Function’ across a wide spectrum of complex systems that each enjoy/rely on their own embedded AI based controllers, monitors and arbiters ” “Today we already see people being pushed to the periphery, and/ or expunged from their traditional roles in machine, network, device, cloud, security, et al. AI managers, and management support, are necessary to deal with the complexity involved whilst simultaneously satisfying capacity demands and response times.
  • 4.
    A S tate o f f l u x “Governance, by its very nature is a dynamic enterprise, but one now accelerating with technological developments in AI and Robotics. Frankly, it is way behind the wave, and struggling with revolutionary advancements in medicine, care, industries and warfare. We therefore see governments, institutions, and corporations, scrabbling to make sense of new opportunities and threats that demand the formulation suitable laws and regulations” The purpose of this lecture is therefore to contextualise Governance & its colourful journey/history/development in the application to IT .
  • 5.
    Aristotle Bad men livethat they may eat and drink Good men eat and drink that they may live How can you call a man free when his pleasures rule over him? Socrates Plato How should men live ? G o v e r n a n c e h a s A l o n g r i c h h i s t o r y “In the >2000 years since the Greek Civilisation, the key questions have not got any easier as technology and progress have introduced greater complexity - AI is now the big issue - and Quantum Computing may well be the next” 300 - 400 BC
  • 6.
    D e fi n i t i o n The act or process of directing, controlling, and overseeing the activities of an organisation The complex system and framework of processes, functions, structures, rules, regulations, laws and norms born of the relationships, and interactions within and without an organisation The processes and structures through which decisions are made, rules are established, and laws are enforced in society The exercise of political, economic and administrative authority to manage a nation's affairs Law s Rules Ethics Behaviours Regulations Processes Leadership Oversight Functions Fram eworks Controls Steer ++++++
  • 7.
    S ta nd a r d S + C O N T R O L S A R E V I T A L ! Public Safety Protection: Establish minimum safety requirements for products, services, and systems, preventing harm to consumers and workers through tested specs and protocols Quality Assurance: Provide consistent benchmarks for performance and reliability, ensuring products and services meet expected standards regardless of manufacturer or provider Economic E ffi ciency: Reduce costs by eliminating the need for custom speci fi cations in every transaction and enabling mass production through common design requirements Global Trade: Create common technical languages that enable international commerce by ensuring compatibility and mutual recognition across di ff erent markets and jurisdictions Innovation Foundation: Provide stable platforms upon which new technologies can be built, driving innovation through competitive compliance and continuous improvement processes Human advancement - progressively orchestrated by civilisations identifying what needed to be controlled and what could be free. Primary thinking culminated in ‘cost/risk - gain/ bene fi t guesses/estimates/analysis and the promotion of safe/ reliable/economic techniques, technologies, and processes
  • 8.
    E U La w s a n d R e g u l at i o n s General Data Protection Regulation (GDPR) - Privacy law a ff ecting all organisations processing EU residents' data, requiring consent, data portability, and breach noti fi cations. ePrivacy Directive - Governs electronic communications privacy, including cookies, direct marketing, and con fi dentiality of communications. Data Governance Act - Facilitates data sharing/reuse while ensuring data protection. Data Act - Regulates access & use of data generated by connected products and services. Digital Services Act (DSA) - Comprehensive regulation for digital services, requiring content moderation, transparency reporting, and risk assessments for large platforms. Digital Markets Act (DMA) - Targets large tech platforms ("gatekeepers") with speci fi c obligations including interoperability, data portability, and prohibitions on self-referencing. Platform-to-Business Regulation - Ensures fairness and transparency for businesses using online platforms and search engines. Network and Information Security Directive (NIS2) - Updated cybersecurity requirements for essential/important entities, including incident reporting and risk management measures. Cybersecurity Act - Establishes a cybersecurity certi fi cation framework Critical Entities Resilience Directive (CER) - Protects critical IT infrastructures n Society & commerce are subject to a complex framework of IT laws and regulations that vary by jurisdiction: here are some of the main categories and key examples:
  • 9.
    E U La w s a n d R e g u l at i o n s European Electronic Communications Code (EECC) - Framework for electronic communications networks and services, including 5G security requirements. Roaming Regulation - Ensures fair pricing for mobile services across EU borders AI Act - Comprehensive regulation classifying AI systems by risk levels, with speci fi cs for high-risk applications and prohibitions on certain AI practices Copyright Directive Requires platforms to obtain licenses for copyrighted content Database Directive - Protects database rights across the EU Software Directive - Harmonises copyright protection for computer programs. Consumer Rights Directive - Provides rights for online purchases and data requirements Unfair Commercial Practices Directive - Prohibits misleading and aggressive practices Digital Content Directive - Speci fi c consumer rights for digital content and services. European Accessibility Act - For various products 7 services including computers, mobiles Web Accessibility Directive - Mandates accessible websites & mobile apps for public sector bodies Treaty on the Functioning of the European Union (Articles 101-102) - Prohibits anti-competitive agreements and abuse of dominant market positions. Society & commerce are subject to a complex framework of IT laws and regulations that vary by jurisdiction: here are some of the main categories and key examples:
  • 10.
    E U La w s a n d R e g u l at i o n s Merger Regulation - Controls concentrations that may signi fi cantly impede e ff ective competition Payment Services Directive 2 (PSD2) - Regulates payment services and promotes open banking Markets in Crypto-Assets Regulation (MiCA) - Framework for cryptocurrency and digital assets. Digital Finance Package - Various regulations modernising EU fi nancial services law for the digital age Dual-Use Export Regulation - Controls export of dual-use items including certain technologies Foreign Direct Investment Screening Regulation - Allows EU countries to screen all investments Medical Device Regulation (MDR) - Governs software classi fi ed as medical devices General Safety Regulation - Vehicle safety requirements including cybersecurity for connected cars. Radio Equipment Directive - Technical requirements for radio equipment including IoT devices Foreign Direct Investment Screening Regulation - Allows EU countries to screen all investments Medical Device Regulation (MDR) - Governs software classi fi ed as medical devices General Safety Regulation - Vehicle safety requirements including cybersecurity for connected cars. Radio Equipment Directive - Technical requirements for radio equipment including IoT devices Society & commerce are subject to a complex framework of IT laws and regulations that vary by jurisdiction: here are some of the main categories and key examples:
  • 11.
    E U La w s a n d R e g u l at i o n s “The EU regulatory framework is comprehensive and continues to expand, with proposed legislation on liability for AI systems, digital identity wallets, and cyber resilience requirements for products with digital elements. Many of these regulations have extraterritorial e ff ect, applying to non-EU companies serving EU users or markets” “Individuals and small companies can often ignore some of this growing catalogue with little or no chance of being challenged/prosecuted/ fi ned. For large companies and institutions they must comply to survive and prosper! The majority of these ‘regulations’ are enforced through human e ff ort with suitable operating procedures and protocols, a very few can be/have been automated! Ultimately AI has a role in policing all these activities”
  • 12.
    Mechanisation Steam Power Weaving Looms CyberPhysical Nano-Bio Tech AI, Robotics, IoT Mass Production Assembly Line Electric Power Automation Computer Control Water Power T H E B I G P i c t u r e O n e g i a n t l e a p a t a t i m e INDUSTRY 5.0 Smart Materials Programmed Form & Function Evolving Sentient Living?
  • 13.
    Mechanisation Steam Power Weaving Looms CyberPhysical Nano-Bio Tech AI, Robotics, IoT Mass Production Assembly Line Electric Power Automation Computer Control Water Power T H E B I G P i c t u r e O n e g i a n t l e a p a t a t i m e INDUSTRY 5.0 Smart Materials Programmed Form & Function Evolving Sentient Living? Accelerating Human Progress
  • 14.
    Mechanisation Steam Power Weaving Looms CyberPhysical Nano-Bio Tech AI, Robotics, IoT Mass Production Assembly Line Electric Power Automation Computer Control Water Power T H E B I G P i c t u r e O n e g i a n t l e a p a t a t i m e INDUSTRY 5.0 Smart Materials Programmed Form & Function Evolving Sentient Living? Accelerating Human Progress Sentient/Evolutionary Intelligent/Adaptable Electronic Mechatronic Electro-Mechanical Mechanical
  • 15.
    Symbiotic society balancing ecological,social, & economic transformation, to realise/assure sustainable futures 13 Evolving Governance of OF Mankind and MAchines Human- Machine Augmentation “There are >>1,000 fold more machines on the planet than humans, and our dependency on them is total”
  • 16.
    Symbiotic society balancing ecological,social, & economic transformation, to realise/assure sustainable futures 13 Evolving Governance of OF Mankind and MAchines Human- Machine Augmentation Mankind in Control Machines in Control “There are >>1,000 fold more machines on the planet than humans, and our dependency on them is total”
  • 17.
    M A ch i n e s IN CONTROL Today: No drivers/pilots/controllers in the loop - a gradual-to-rapid transition - once accident rates for machines is a fraction for that of humans it’s over !
  • 18.
    M a ch i n e s R U L E ? A I - G o v e r n a n c e
  • 19.
    W h en G o v e r n a n c e H u m a n / M a c h i n e F a i l ?
  • 20.
    G o ve r n a n c e H u m a n F a i l !
  • 21.
    G o ve r n a n c e H u m a n - T e c h n o l o g y F a i l u r e
  • 22.
    W h en M a n ag e m e n t N EE D O v e r R i d e s E n g i n e e r i n g 1986 NASA Challenger Launch: No Survivors ! An ethical and moral failure of the worst of the worst kind ! Mission/Management Critical V Life Critical
  • 23.
    How The Heck…? NASA had been without a permanent CEO for 4 months and was in disarray The Flight Centre Director had mandated that there would be no more delays NASA was under political and media pressure to perform, to deliver…. Lower level employees were constrained by bureaucracy and were not heard The (Morton Thiokol) solid state boosters had known low temperature problems Morton Thiokol were also under commercial and political pressure The Engineers could not give a rock solid NO-GO statement So NASA Management took this as a GO!
  • 24.
    W h en E t h i c s D I E A N D T H R E AT S r u l e B o e i n g 7 3 7 M a x Fatal crashes 2018 & 2019 (>300 dead) - grounded all MAX jets. Crashes due to the flight control system relying on a single sensor & development/ certification issues An ethical and moral failure of the worst of the worst kind ! Management V Engineering
  • 25.
    Engineering: Technology: Science Business:Management: Leadership Segue: HUMAN Ethics
  • 26.
    Universality Ethics spans everyaspect of human activity
  • 27.
  • 28.
    “With great powercomes a code of ethics”
  • 29.
    Basics Ethics: Principles thatgovern a person's behaviour or the conducting of an activity Morals: Describe one's value set concerning what is right and what is wrong Essence: Doing the right thing - no matter what !
  • 30.
    Positioning Ethics = Rulesof behaviour based on ideas about what is morally good and bad A company, organisation, profession: may have its own code of ethics — its own set of rules/bounds on acceptable behaviours Philosophy = An area of study dealing with good and bad behaviour: what is morally right or wrong Belief = Something identified as being very important — usually singular (peace, work ethic, justice, accuracy, reliability…)
  • 31.
    Short Form “Making theright decisions even if they disadvantage you in some way” • planet/environment • species/societies • country/nation • company/organisation • clients/customers • share holders/governors • our departments • employees/people/contractors • our departments • our families • our careers • our prosperity Scale of Priorities/ Subordination What is right for our Organisation/: ] Most Important Least Important
  • 32.
    WORRY ABOUT THIS EVERYDAY “Making an error that results in a human injury or death”
  • 33.
    WORRY ABOUT THIS EVERYDAY “Making an error that results in a human injury or death” M M M M M M M M M M M M M M M M A A A A A A A A A A A A A A A A A A A A A A A A A A F F F F F F F s s s s s s s s s s s s s P P P P P P P P P P P P P P P P P P P F F F F F F F s s s s s s s s s s s e s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s S S S S S S S S S S S S S S S S F F F F F F F N N N N N N N N N N N N N F F F F F F F w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w w
  • 34.
    WORRY ABOUT THIS EVERYDAY “Making an error that results in a human injury or death” Mission Critical: A design/component/decision Failure results in a catastrophe, potentially involving loss of life and/or severe environmental damage, or major safety hazards Production Critical: Failure sees a signi fi cant disruption of production or operations ($ $ $ $) Support Critical: Failure would impact production/operations but would not cause a complete shutdown Non-Critical: Failure would have minimal impact on operations or safety All within your Ethical and Code of Conduct/Practice envelope
  • 35.
    General Paradox “An organisationof good, honest, ethical and well meaning people can result in bad an unethical behaviours” Entirely counter intuitive This emergent property is evident with animals, machines and AIs
  • 36.
    General Paradox Pressure changeseverything Values/Ethics can start to slip when there is a crisis…
  • 37.
    At The Core “Weendeavour to make the right judgement calls a n d d e c i s i o n s e v e n w h e n t h e y a r e disadvantageous to our personal situation and/or interests” Ethics Challenges Our: Relationships Loyalties Integrity Honesty Values +++ It tests our Strength & Nerve It tempts our Weaknesses
  • 38.
    If… Rudyard Kipling If… Rudyard Kipling Ethics& Values “Easy to state but can be so very hard to hold on to”
  • 40.
    P e rs p e c t i v e o f Governance Today The di ffi culty of managing/steering interconnected systems, institutions, and actors within a society cannot be overstated. The inherent complexity stems from a growing functional di ff erentiation of institutions with accelerating technological change, and the deepening of systemic, and globalised, interdependencies/di ff erences. It is about e ff ectively guiding a multifaceted network of actors and systems towards desired outcomes when simple, top-down control is no longer viable. “There are no simple solutions to complex problems”
  • 41.
    U N IT E D NATIONS M E G A - G O V ’ & T h e P l a n e t
  • 42.
    U N lay e r s “This is a simpli fi ed (skeletal) representation as there are multiple layers under each of the above sections” “Provides a level of unity and cohesion across a planet of 8Bn people - this is not perfect, but it is all we have. Can we can do better?” “The complexity of the UN operation is on a monumental scale - demanding an AI solution with support/guidance ”
  • 43.
    U N La y e r s “Vital for globalisation, peace, and equitable standards of living that are sustainable”
  • 44.
    G o ve r n m e n t s • Individual countries adopt widely di ff ering modes of governance • De fi ning who has authority to make decisions, and is accountable for the practices, behaviours, and performance of all organisations/country • Aiming to ensure ethical management, of peoples and operations across all districts and bodies with openness, transparency, and accountability to bene fi t all citizens, communities and society overall • A primary responsibility is the safety, security, and wellbeing of the population without bias or favour
  • 45.
    G o ve r n m e n t Who RULES ? NONE Anarchy ONE Monarchy Dictatorship FEW Oligarchy Junta ALL ALL Democracy Direct Representation To survive & prosper societies need rules/regulations that span local to national - they also align internationally to enable trade, globalisation and resource sharing et al “Not all frameworks and systems lend themselves to collaboration, mature learning, adaptation, trade, and the betterment/bene fi cial opportunities available to their populations”
  • 46.
    N O NA l i g n e D Unable to trade and bankrupting the once mighty USA - all down to rampant ignorance, lies, no moral or ethical code
  • 47.
    Industrial AND P ro f e ss i o n a l S ta n d a r d S I N SYNC with Tech! “At the core of any organisation or relationship is trust, reliability, responsibility and an assumed level of knowledge and capability implicit to a successful outcome”
  • 48.
    S ta nd a r d S A R E V I TA L ! Consumer Con fi dence: Give buyers reliable information about product capabilities & safety, enabling informed purchasing decisions and building trust in markets Regulatory Framework: A technical foundation for government regulations, providing measurable criteria for compliance and enforcement activities Interoperability: Ensure di ff erent systems, products, and services can interwork Professional Practice Guidance: Establish consistent methods/procedures for professional work, ensuring competence and accountability across di ff erent practitioners and operators Environmental Protection: Incorporate sustainability requirements and safeguards, helping industries minimise ecological impact while maintaining operational e ff ectiveness NPL Atomic Clock
  • 49.
    S I BA S i s P h y s i c a l StandardS NPL Atomic Clock Used by scientists, engineers and public around the world - except for the USA. Pre fi xes added to the base units to scale measurements up or down when needed. Simpli fi es international manufacturing, supply chains, and support All measures traceable to atomic de fi nitions and values that can be replicated at multiple locations across the planet. This is foundational to the manufacture of the same product in multiple locations addressing di ff erent markets!
  • 50.
    We, the membersof the IEEE, in recognition of the importance of our technologies in a ff ecting the quality of life throughout the world, and in accepting a personal obligation to our profession, its members, and the communities we serve, do hereby commit ourselves to the highest ethical and professional conduct and agree: - to hold paramount the safety, health, and welfare of the public, to strive to comply with ethical design and sustainable development practices, and to disclose promptly factors that might endanger the public or the environment; - to avoid real or perceived con fl icts of interest whenever possible, and to disclose them to a ff ected parties when they do exist; - to be honest and realistic in stating claims or estimates based on available data; - to reject bribery in all its forms; E x e m p l a r
  • 51.
    - to improvethe understanding by individuals and society of the capabilities and societal implications of conventional and emerging technologies, including intelligent systems; - to maintain and improve our technical competence and to undertake technological tasks for others only if quali fi ed by training or experience, or after full disclosure of pertinent limitations; - to seek, accept, and o ff er honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others; - to treat fairly all persons and to not engage in acts of discrimination based on race, religion, gender, disability, age, national origin, sexual orientation, gender identity, or gender expression; - to avoid injuring others, their property, reputation, or employment by false or malicious action; - to assist colleagues and co-workers in their professional development and to support them in following this code of ethics. E x e m p l a r
  • 52.
    H i st o r i c a l P e r s p e c t i v e Circa 1855: Samuel Colt invented the revolver and revolutionised fi rearms manufacturing by pioneering the standardisation of parts and mass production. He conceived interchangeable parts, and assembly lines for faster, cheaper gun production. Traditionally, gun parts were individually crafted part-by-part. Colt famously gifted his revolver to o ffi cers on both sides of the American Civil War
  • 53.
    The London andBlackwall Railway (1840) was the fi rst commercially successful railway to use the telegraph for e ffi cient tra ffi c management. Cooke and Wheatstone patented the fi rst commercial electric telegraph (1837). The system was successfully introduced on railways for signalling. Vail and Morse also developed a telegraph and the Morse Code around the same time 1896 “There was no universal time standards when the steam train was invented. Time varied village-to-village, town-to town, city-to-city, country-to-country and it was impossible to create workable time tables and the safe management systems for increasingly busy networks” The first commercial steam railway was the Stockton and Darlington 1825. It was designed to transport coal and, later, passengers. H i s t o r i c a l P e r s p e c t i v e
  • 54.
    P e rs p e c t i v e “For all forms of man-made large scale network, standardised time information has to be ahead of all forms of communication and control” - Time information has to be ahead of the bits/bytes In short: - Control information has to be/get ahead of the bytes GPS < 10ns LAN < 1ms NTP ~ n x 10ms
  • 55.
    S ta nd a r d Organisations International Organisation for Standardisation (ISO) Independent, non-governmental organisation develops and publishes international standards. Founded 1947 (Geneva) membership comprises national standards bodies globally. >23,000 ISO standards span a wide range of industries and disciplines. Among the well-known: ISO 9001 quality management, ISO 14001 environment management, andISO 27001 information security. International Electrotechnical Commission (IEC) Develops & publishes international standards for the electrical and electronics industries. Founded in 1906 (Geneva) it covers power generation and distribution, electronics, and renewable energy et al. Two of the most well-known are the IEC 60335 safety standard for household appliances and IEC 61850 standard for communication networks and systems American National Standards Institute (ANSI) Non-pro fi t organisation oversees industrial standards. Founded in 1918 (New York). Accredits standards organisations ensuring openness, transparency, & consensus-basis. Represents US in ISO and IEC. Coverage includes construction, engineering, healthcare, and IT et al. The most well- known are ANSI/ASHRAE 90.1 energy standard for buildings & ANSI/HI 9.6.4 pump testing ISO M3 Nut, Bolt & Washer
  • 56.
    S ta nd a r d S Organisations European Committee for Standardisation (CEN) Develops and publishes EU standards. Founded 1961 (Brussels). Covers a wide range of areas, including construction, engineering, environmental management, and healthcare. Among the well known are EN 1090 standard for structural steel and aluminium construction and the EN ISO 14001 environmental management standard. CEN works closely with ISO and IEC to develop international standards globally and provides technical support to the EU and member states in developing/implementing standards-related policies/regulations. International Telecommunication Union (ITU) Specialised UN agency that develops and publishes standards for the telecom industry. Founded 1865 (Geneva). Covers a wide range of areas, including radio spectrum, satellite orbits, and Internet. Some well-known standards include ITU-R RF spectrum allocation and ITU-T telecoms. Used by businesses, governments et al globally to ensure that telecom products and services are safe, reliable, and of good quality. Compliance with ITU standards can also help reduce costs, improve e ffi ciency, and enhance compatibility. FCC Radio Frequency/Band Allocation + Modulation Modes
  • 57.
    S E GU A E Largely Ignored ?: ISO focus on ensuring quality, reliability, and safety of software products through guidelines for ethical practices and sustainability. Standards include ISO/IEC 2500: Framework de fi nition for evaluating quality, and ISO/IEC 5055 focussed on structure “But the planet is running on very poor quality (energy wasteful) software systems” “Vast armies of coders have had poor/little/or no education/training” Out of Control ?: New and rapidly developing technologies sees governments, legal, bodies and standards organisations wrong footed and left behind in their wake with defacto situations created by rapid roll out and adoption at the leading edge. “AI is a prime example of a now ubiquitous technology without governance - but societies/ industries have already developed 100% core dependencies ” For decades software producers have assumed that the necessary computing power will always be available - but this is not assured, there are energy limits on the horizon for all forms of ‘bloatware’ including AI..
  • 58.
    G o ve r n a n c e & I n d i v i d u a l S The governance of any organisation/institution/society is de fi ned by the sum of the ethical standards of the ‘component peoples’ their adherence to: the laws of the land; behavioural norms - including honesty, morals, and responsibilities they progressively embrace with advancing maturity. In reality individuals come with biases born of their family; parents, relations, home lives, communities, the education system, working environment, social media et al, along with religious and political induction & other belief systems …. “At the foundational core of all this is the ability to maintain acceptable ethical standards bounded by the limitations and expectations of legal systems, education/working and societal environments….”
  • 59.
    The framework ofrules, processes, and structures that control and steer an organisation De fi nes who has authority to make decisions, and is accountable for the practices, behaviours, and performance of the organisation Aims to ensure ethical management, people & operations with openness, transparency, and accountability to bene fi t all stakeholders, including the shareholders, employees, and wider community/society G o v e r n a n c e i n B u s i n e s s
  • 60.
    G o ve r n a n c e G o v e r n m e n t Directs, controls and steers a nation by embracing all political decisions including the implementation of policies with accountability to the populous Systems and practices ensure the overall direction, e ff ectiveness, outcomes and accountability of all government entities in the state of the nation, vis defence and wellbeing of all individuals Ethical practices are demanded, with transparency, accountability, and full responsiveness, in the participation, and adherence to the rule of law.
  • 61.
    G o ve r n a n c e ProfessionaL I N S T I T U T I O N S Directs, controls and steers a nation by embracing all political decisions including the implementation of policies with accountability to the populous Systems and practices ensure the overall direction, e ff ectiveness, outcomes and accountability of all government entities in the state of the nation, vis defence and wellbeing of all individuals Ethical practices are demanded, with transparency, accountability, and full responsiveness, in the participation, and adherence to the rule of law.
  • 62.
    G o ve r n a n c e ProfessionaL I N S T I T U T I O N S Embrace a crucial role in regulating and promoting all professions: ensuring quality, competence, and ethical conduct of individuals and organisations. Structures and standards in the engineering, science, technology, design, operations, (et al) and practices vary widely profession-to-profession, and sector- to-sector, but the primary objective is to ensure the capabilities and standards of individuals, teams and organisations. Balancing every aspect of the e ff ectiveness of individuals & teams through fair and representative measures and outcomes relies on self-policing and mindfulness of the responsibility each individual carries. This is reinforced by overarching regulation, continuing education/experience, and the induction into professional bodies that act as supporting and guiding communities.
  • 63.
    G o ve r n a n c e ProfessionaL I N S T I T U T I O N S Regulation: Ensures individuals have the necessary quali fi cations and experience Licensing /Accreditation: Grant practice licenses, legal status, chartered ranking Membership/Representation: Government interface for advisory support Professional Development: Continuing education oversight, legal/practice changes Standards: Issues, enforces and polices codes of conduct/practice/ethical issues Oversight/Accountability: Sets and makes judgement on behaviours and processes
  • 64.
    G o ve r n a n c e IT - THE BASICS COBIT (Control Objectives for IT): A common framework/guide for managing IT resources and ensuring they align with business objectives ITIL (IT Infrastructure Library): Focused on IT service management with guidance on processes for delivering/managing IT services CMMI (Capability Maturity Model Integration): Improving the process of software development & maintenance, leading to better project outcomes COSO (Committee of Sponsoring Organisation's): Internal control and risk management, providing guidance on establishing/maintaining fi rm control FAIR (Factor Analysis of Information Risk): Identify, assess, and manage information and cyber risks.
  • 65.
    T H EO L D R e a l ly ! ! A recommended draft of all the roles and responsibilities - very nice for a bank or large multinational, but impossible for a small company, and ‘the small’ dominate economic activity and su ff er the greatest risk. The landscape is so varied it is impossible to forge a general solution of this kind. We have to span the multi- national with vast economic and people resources, and the less well endowed large, medium, small, and virtual organisations… down to the ‘singleton’ operators
  • 66.
    A d va n c e d I T C o m p l i a n c e Strategic Evolution: From basic tech oversight to an integrated business discipline driving organisational competitiveness/change: sees 25-40% increase ROI on tech investments Business-Technology Integration: Dynamic, bidirectional relationships with tech driving strategy as much as business directs tech investments via continuous portfolio optimisation Multi-Layered Risk Management: Sophisticated frameworks addressing traditional operations alongside emerging algorithmic bias, data privacy violations, and supply chain vulnerabilities et al Proactive Compliance: Continuous monitoring & automated compliance validation across multiple jurisdictions & compliance-by-design principles embedded in system architectures. Value Optimisation: Sophisticated analytics decodes complex relationships between tech investments and business outcomes, using predictive models Beyond SLAs: Performance management to encompass business outcome metrics, user experience measurements, & ecosystem health indicators through balanced scorecards Architecture: Integrates deeply with enterprise architecture to create coherent technology ecosystems emphasising API- fi rst design, micro-services, and cloud-native principles
  • 67.
    DevOps Alignment: Adaptsgovernance principles to support agile methodologies through lightweight processes with automated compliance checks & security embedded validations Data Governance: This strategic asset fuels comprehensive frameworks addressing quality, privacy, security, and accessibility while enabling advanced analytics and AI applications. Management: Addresses complex multi-cloud environments through AI frameworks establishing consistent policies across providers while leveraging unique platforms AI/ML Governance: Establishes AI ethics committees, algorithmic audit processes, and frameworks for managing AI-related risks including bias, explainability, & accountability. Cybersecurity: Employs security-by-design principles with continuous monitoring and proactive threat management using intelligence and predictive analytics. Multi-Tiered Governance: Establishes executive steering committees, architectural review boards, and operational teams with clear decision rights and escalation paths. Evolved Roles: De fi nes new roles such as data stewards, cloud architects, AI ethics o ffi cers whilst emphasising cross-functional collaboration over traditional hierarchies.
  • 68.
    Maturity-Based Implementation: Beginswith comprehensive maturity assessments and creates multi-year transformation roadmaps balancing quick wins with strategic objectives. Change Management Focus: Requires sophisticated management addressing technical and cultural transformations with governance champions and comprehensive training programs. Continuous Improvement Discipline: Continuous improvement with regular assessments, feedback mechanisms, and adaptation to emerging challenges and technologies. Future-Ready Adaptability: Evolves to address emerging tech like quantum and edge computing, and sustainability requirements while maintaining core governance principles. Comprehensive Measurement: Multi-dimensional frameworks tracking innovation roll-out, risk reduction, and strategic alignment alongside traditional metrics. Future-Ready Adaptability: Evolves to address new tech eg quantum and edge computing, plus sustainability requirements while maintaining core governance principles Comprehensive Measurement: Implements multi-dimensional innovation enablement & tracking, risk reduction, and strategic alignment alongside traditional/established metrics
  • 69.
    The charts thatfollow depict the conceptual macro-complexity of a leading edge/future system as envisaged by a co-human/AI team for just one set of boundary conditions, These have been extended to identify the critical components impacted by scaling - ie major banks and giant cooperations, down to a singleton specialist consultant. Ergo, it is clear that various degrees of outsourcing/sharing of AI-Governance functions, along with new powering models will be necessary, and there are in prospect a number of new tech/ business opportunities that will emerge. I T G o v e r n a n c e AI BASed FUTURE The future involves integration across the entire spectrum of functions and operations from IT and cyber security to every business and social aspect of an institution, organisation, and business. “I think we can safely assume that this is a task way beyond human ability alone; and it will demand a symbiotic relationship with AI to fully conceive and realise a full set of adaptive systems capable of leveraging the capabilities of future technologies and business models”
  • 70.
    CDO/CIO/CTO Leadership Data/AI Team Intelligence &Automation Data/AI Team Intelligence & Automation Data/AI Team Intelligence & Automation Product Team Customer Focussed Data/AI Team Intelligence & Automation Platform Team Cloud(s) & APIs Data/AI Team Intelligence & Automation Experience Teams Customer Focussed F U T u R E G o v e r n a n c e M a c r o I N T e g r a t i o n
  • 71.
    Agile Portfolio RoI DrivenFunding Embedded IT Partners IT Fusion Partners Co-Innovation Nets Automation Smart Risk Management Predictive Insights Proactive Decisions Rapid R&D Fail/Learn Fast Agile Portfolio RoI Driven Funding Dev Ops Continuous Integration Agile Portfolio RoI Driven Funding Agile Portfolio RoI Driven Funding Monitoring Live Insights Business Owners Knowledge Sharing Agile Portfolio RoI Driven Funding Automation Real Time Releases Dynamic Strategy & Planning Governance AI-Oversight F U T U R E G o v e r n a n c e I N T e g r a t i o n D E T A I L
  • 72.
    F U TU R E G o v e r n a n c e I N T e g r a t i o n D E T A I L
  • 73.
    Today Business Dominated by People Ownedby People Tomorrow Business Dominated by Machines ‘Owned by Machines’ ?????
  • 74.
    IT Governance AI primaryKEY The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
  • 75.
    IT Governance AI primaryKEY At the extremes of national and global organisations IT is the primary tech on which all functionality rides - from admin to automation and robotic production, AI is the nervous system that orchestrates success. IT is also a vital component of the management forecasting/decision loop and every level of management and machine… The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
  • 76.
    IT Governance AI primaryKEY All Business Data At the extremes of national and global organisations IT is the primary tech on which all functionality rides - from admin to automation and robotic production, AI is the nervous system that orchestrates success. IT is also a vital component of the management forecasting/decision loop and every level of management and machine… All Operations Data All R&D Data All Inventory Data Physical Oversight Cyber Oversight The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
  • 77.
    IT Governance AI primaryKEY All Business Data At the extremes of national and global organisations IT is the primary tech on which all functionality rides - from admin to automation and robotic production, AI is the nervous system that orchestrates success. IT is also a vital component of the management forecasting/decision loop and every level of management and machine… All Operations Data All R&D Data All Inventory Data Physical Oversight Cyber Oversight Attack Alert/Action Irregularity Alert/Action Failure Alert/Action The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
  • 78.
    IT Governance AI primaryKEY All Business Data At the extremes of national and global organisations IT is the primary tech on which all functionality rides - from admin to automation and robotic production, AI is the nervous system that orchestrates success. IT is also a vital component of the management forecasting/decision loop and every level of management and machine… All Operations Data All R&D Data All Inventory Data Device Data/ Control Net(s) Data/Control Cloud(s) Data/Control Access Data/Control Physical Oversight Cyber Oversight Attack Alert/Action Irregularity Alert/Action Failure Alert/Action The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
  • 79.
    IT Governance AI primaryKEY All Business Data “Behavioural Analysis returns biggest RoI” At the extremes of national and global organisations IT is the primary tech on which all functionality rides - from admin to automation and robotic production, AI is the nervous system that orchestrates success. IT is also a vital component of the management forecasting/decision loop and every level of management and machine… All Operations Data All R&D Data All Inventory Data Device Data/ Control Net(s) Data/Control Cloud(s) Data/Control Access Data/Control Physical Oversight Cyber Oversight Attack Alert/Action Irregularity Alert/Action Failure Alert/Action The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
  • 80.
    IT Governance AI primaryKEY All Business Data “Behavioural Analysis returns biggest RoI” At the extremes of national and global organisations IT is the primary tech on which all functionality rides - from admin to automation and robotic production, AI is the nervous system that orchestrates success. IT is also a vital component of the management forecasting/decision loop and every level of management and machine… All Operations Data All R&D Data All Inventory Data Device Data/ Control Net(s) Data/Control Cloud(s) Data/Control Access Data/Control Physical Oversight Cyber Oversight Attack Alert/Action Irregularity Alert/Action Failure Alert/Action In general the AI is not singular - multiple units are dispersed across the entire business platform ( fi xed & mobile) with exception reporting the norm The speed and complexity involved puts this challenge way outside human abilities - the machines have to tend the machines!
  • 81.
    I T Se c u r i t y If humans are involved in anything they are always the primary risk, and the most di ffi cult to protect/defend against. A few are evil, but most are honest and just plain careless, or over kind, and helpful! * * * AI attacks may warrant an AI defence alone - the jury is out on this ones! So far, it appears that all forms of attack are initiated by humans The Dark Side is using AI and AL to create/breed new forms of attack
  • 82.
    I T Se c u r i t y If humans are involved in anything they are always the primary risk, and the most di ffi cult to protect/defend against. A few are evil, but most are honest and just plain careless, or over kind, and helpful! * * * * * * * AI attacks may warrant an AI defence alone - the jury is out on this ones! * So far, it appears that all forms of attack are initiated by humans The Dark Side is using AI and AL to create/breed new forms of attack
  • 83.
    Sociology of People Sociology of Things BE H a V I O U R A L A N A L Y S I S Might just be the ‘king pin’ that holds together our security Are any people and technology behaviours abnormal….? Just as we can be identi fi ed by where and what we eat, say, do; and how we walk, talk, type, behave; the friends and colleagues we meet; there is an equivalency for all our technologies!
  • 84.
    NSA Insider attack EdwardSnowden NSA 2013
  • 85.
    NSA Insider attack EdwardSnowden NSA 2013 Ed Snowden, a National Security Agency (NSA) contractor, leaked classi fi ed information about the agency's extensive surveillance programs, including PRISM & XKeyscore. These programs collected vast amounts of data, including phone records and internet activity, of US citizens and foreign telecoms agencies. Snowden's actions exposed the NSA's widespread surveillance activities and raised signi fi cant concerns about privacy and civil liberties.
  • 86.
    Malicious employee Hates successful,happy, people & feels cheated Perhaps a bad, poor, disrupted, deprived home/childhood/education Probably something of a social mis fi t and/or sociopath/psychopath Likely intolerant less empathic - with fewer friends than most Normally angry and upset about almost everything Random acts of physical and software damage Open to suggestion and acting as an agent of crime Open to bribery and corruption and the stealing of almost anything
  • 87.
    enraged employee F ru s t r a t e d b y f a i l u r e t o a d v a n c e Feels unappreciated and undervalued Always overlooked for promotion Really dislikes management chain At odds with the company values Stays on site & creates damaging failures and/or data changes Leaves the company and plants software bombs/backdoors Open to bribery and corruption and the stealing of IP
  • 88.
    innocent employee Feels insecure- has become over helpful Naive, open, careless, needs to be seen to be useful Gullible and careless with information Talks too much when care is needed Unquestioning and so very supportive Random information and data Tends to be careless and make mistakes Open to being ‘steered’ by a skilled manipular
  • 89.
    LAX Management F ai l u r e s o f d i s c i p l i n e a n d n a i v e t y
  • 90.
    Corporation/Bank/Gov Large CompanySmall Company Singleton Secure Mobile Secure Mobile Secure Mobile Secure Mobile Insource ✓ ✓ ✓ IT Provision/Support Outsource ✓ ✓ ✓ ✓ ✓ ✓ ✓ Personal ✓ ✓ ✓ ✓ *************************** Insource ✓ ✓ Security Dept Outsource ✓ ✓ ✓?? None *************************** Corporate ✓ ✓ Machines & Devices Mix Corp & Private ✓ ✓ Private BYOD ✓ ✓ ✓ *************************** Internal ✓ ✓ Cloud(s) External ✓ ✓ ✓?? None ✓ ✓?? *************************** Cloud Depth In + Outsource >3 >2 1 0 - 1 ?? *************************** Corporate ✓ ✓ Art’ Intelligence(s) Distributed Open ✓ ✓ ✓ ✓ Personal ✓ ✓ ✓ ✓ *************************** People ✓ ✓ Devices ✓ ✓ Behavioural Analysis Machines ✓ ✓ ✓ ✓ ✓ Networks ✓ ✓ ✓ Traf fi c ✓ ✓ ✓ *************************** Public ✓ ✓ ✓ Personal ✓ ✓ ✓ ✓ Access/Log On Controlled ✓ ✓ ✓ Convoluted ✓ ✓ Perverse Maze ✓ *************************** IT Assurance P r o t e c t i o n As organisations become more tech (IT+AI+Robots) than human, it is essential we move deeper into the world of security at all levels as failure costs escalate….
  • 91.
    Prognosis WE haveto gather real data to test and prove/validate every element all of this to address the issue of machines potentially assuming full autonomy ! AI IT AI IT AI IT Gov Legals Regulators
  • 92.
    Regulation: Ensure su ffi cientindividuals have the necessary quali fi cations/experience Licensing /Accreditation: Grant practice licenses, legal status, chartered ranking Representation: Government and industry interfaces for advisory support Professional Development: Continuing education oversight, legal/practice changes Standards: Issues, enforcement and polices codes of conduct/practice/ethics Oversight/Accountability: Re fi ne tech judgement on behaviours and processes AI’s & Automation: Enable the machines to progressively embrace more responsibility Symbiosis: Foster new cultures that embrace AI as co-workers and collaborators F u t u r e I T / A I G o v e r n a n c e BIG Challenges
  • 93.
    AI & ITBasics Ethics: If AI and IT harbour a shred of ethical understanding and/or practice, we can safely assume that it is but a shadow of it’s human designers and users; inadvertently imparted and subsumed - not some intent of design or evolution! Morals: Deciding what is right and what is wrong is not an attribute inherent in any machine - it has to be ‘programmed in’ - but needs to be differentiated from the ‘right and wrong’ of war machines! Essence: For machines to do the right thing - no matter what - is a very tall order for machines designed and programmed by humans and capable observing and learning from humans and their libraries of wars, crimes and other barbarisms ! Complexity: Our systems are now so big, distributed, diverse, and networked, we have no means to exhaustively test, and/or, indeed, fully understand them in isolation/singularly or partial/fully interconnected, operation and functionality
  • 94.
    WE have togather real data to test and prove all of this - and address the issue of letting machines potentially operate with full autonomy ! “When the machines make far fewer errors than we do, then it will be game over” fi le:///Users/petercochrane/Desktop/shutterstock_2379409263.eps Segue: IT+AI Ethics We are in virgin territory - no prior art ! We have never been here before and have to step beyond the established norms of: Business: Management: Leadership Engineering: Technology: Science Our IT/AI machines cannot address all this alone to a su ffi cient degree that satis fi es our human need for safety; acceptable levels of honesty, morality, conduct; and the future actions of autonomous individual entities as well as networked/collaborating groups - with fi xed, mobile and integrated multi-generational capabilities…
  • 95.
    WE have togather real data to test and prove all of this - and address the issue of letting machines potentially operate with full autonomy ! “When the machines make far fewer errors than we do, then it will be game over” Status Quo We are in virgin territory - no prior art ! The fi eld is experiencing rapid regulatory evolution with concrete implementation timelines, increased focus on practical governance frameworks, and growing emphasis on international cooperation - but signi fi cant challenges remain in balancing innovation with safety. Major Regulatory Developments **EU AI Act Implementation (2024-2027) In force from 01/08/24, with a phased implementation: Key prohibitions and AI literacy obligations e ff ective 02/02/25. General-purpose AI rules apply from 02/08/25. High-risk systems must comply by August 2026-27. This is the fi rst comprehensive AI framework based on a risk-based approach: minimal, high, unacceptable risk, and transparency risk. Global AI Safety Summit Progress (2025) Paris: Concluded with the "Statement on Inclusive and Sustainable AI for People and the Planet," focusing on bridging digital divides, AI safety and security, avoiding market concentration. However, concerns exist that France may prioritise economic ambitions over safety, with the o ffi cial AI safety track reduced to "AI Trust" discussions.
  • 96.
    “When the machinesmake far fewer errors than we do, then it will be game over” We are in virgin territory - no prior art ! AI Behaviour Issues Recent incidents include AI coding assistants refusing to generate code, citing dependency concerns + reduced learning opportunities, demonstrating how AI is absorbing cultural norms from training data Military and Defense Applications DAROA funded the ASIMOV program in 2024 to develop metrics for evaluating ethical implications of autonomous weapon systems, highlighting ongoing concerns about lethal autonomous weapons. IEEE and Academic Initiatives Addressing robot ethics, legal, and user perspectives, with a focus on responsible robotics, privacy, security, safety, and diversity. The 10th Int Conf on Robot Ethics & Standards be held in July 2025. Service Robot Ethics Research identi fi es six main ethical concerns for service robots: replacement and labour implications, privacy & data protection, responsibility and accountability, trust/safety, social cues, and autonomy. Leadership UNESCO continues leading international e ff orts through its Recommendation on the Ethics of AI, with Thailand hosting Asia-Paci fi c's fi rst UNESCO Global Forum on AI Ethics in 2025. Status Quo
  • 97.
    “When the machinesmake far fewer errors than we do, then it will be game over” We are in virgin territory - no prior art ! AI Safety Institutes Over 20 countries see signi fi cant advancement in monitoring of safety commitments at a meeting of this network in San Francisco 2024, with members including Australia, Canada, EU, France, UK, Korea, Industry Commitments Sixteen major AI companies, including Google, Meta, Microsoft, and OpenAI, pledged to develop AI technology safely, with commitments to transparency, internal accountability, and risk management. Governance Challenges Harvard's Michael Sandel argues business "can't have it both ways," refusing responsibility for AI's consequences while fi ghting government oversight, emphasising the need for self-regulation. Cultural and Language Testing Singapore published the AI Safety Red Teaming Challenge Report 2025, testing how large language models perform across different languages and cultures in the Asia Paci fi c region, involving over 350 participants from nine countries testing four LLMs for cultural bias.. Balancing Innovation and Safety There is ongoing tension between promoting AI innovation and ensuring safety. The global AI regulation landscape remains fragmented & rapidly evolving: earlier optimism giving way to complex realities Status Quo
  • 98.
    RESPONSIBILITY E M PO W E R M E N T ETHICS & TRUST ALL IN our hands WE have to gather data as we go to test and prove everything anew - address the big issue of letting machines potentially operate with full autonomy or with a degree of human oversight ! In a sense: “when the machines make far fewer errors than we do, then it will be game over, but we might reserve the right to engineer a ‘kill switch’ and/or an override command line” BIG QUESTION: Can we teach AI morals & ethics ?
  • 99.
    T h an k Y o u www.petercochrane.com Q & A