Advancing Responsible AI Innovation A Playbook 2025

Play 5 Adopt a systematic, systemic and context- specific approach to risk management The business implications of unmanaged AI risk exposure are far-reaching. A systematic, systemic and context-specific approach is needed to align responsible AI decision-making with risk-exposure and tolerances specific to the organization’s business size, sector, jurisdiction, operational structure and other contextual attributes. Organization leaders Key roadblocks that arise within the organization Misperception of responsible AI maturity, creating an overestimation of progress in responsible AI implementation46 Underestimation of risk management, viewing it more as a niche technical challenge than as an enterprise responsibility Low prioritization of risks, affecting AI risk mitigation and management measures, especially for organizations with limited resources despite the various AI risk management frameworks available Outdated procurement reviews, preventing the assessment of risks from AI vendors and third-party software with AI features Actions for organization leaders –Conduct a maturity assessment: Companies should assess the current state of their responsible AI implementation. For example, the Global System for Mobile Communications Association’s (GSMA) Responsible AI Maturity Roadmap is an industry-led initiative to help telecommunications organizations adopt and measure responsible and ethical approaches to AI.47 Best practices include: –Comprehensive: Review governance structures, policies, standards, risk management processes, technical safeguards, workforce capabilities, data practices, accountability mechanisms and alignment with responsible AI principles. –Context-specific: Perform assessments that are tailored to the context. –Repeat: Assess regularly to identify improvements, as well as responsible AI impacts and gaps that emerge with the evolving landscape. –Communicate: Provide the public with transparency into the state of the organization’s responsible AI practices (see Play 6). –Tailor high-level external frameworks to organizational contexts: Invest in adapting generalized risk assessment frameworks to internal control structures, define sector-specific risk scenarios, and integrate standardized and repeatable risk management processes into the organizational value chain and AI life cycle checkpoints: design, development, procurement, deployment and decommissioning (see Case study 6). Advancing Responsible AI Innovation: A Playbook 21