Why trust and assurance are key to AI success

How does a motorist know that they’re driving within the legal speed limit? If car drivers didn’t have speedometers they would have no idea if they were exceeding the limit. They would be putting the driver at risk of a fine or a ban and, more importantly, they could be putting passengers, pedestrians and other drivers at risk by driving too fast.

The analogy between cars and telecoms operators, or between drivers and AI practitioners, is perhaps a bit simplistic. But it highlights an important distinction: governance sets the rules and provides the means to monitor compliance, while assurance requires evidence that those rules are being followed in practice. And, like driving at speed, the adoption of autonomous systems in an operator’s business can be dangerous, putting its employees, its customers and the overall organization at risk

AI is evolving so quickly, and communications service providers (CSPs) are putting such pressure on themselves to scale AI deployments, that it is perhaps not surprising when it comes to AI assurance that there is a big gap between AI governance programs and the evidence that CSPs are systematically producing to demonstrate their AI is trustworthy.

“I've never seen risk appetites of boards be this massive. It's like they're just willing to take in all of the risk just to be able to come up with a press release that they now have AI-powered something,” the chief AI officer of one operator told us in an interview for our upcoming report Trust and assurance: the keys to AI deployment at scale.

The TM Forum report, to be published next month, explores CSPs’ progress in deploying AI in autonomous systems, their appetite for risk and the governance that they are deploying as they put AI into production.

The key finding from the research is that, based on a survey of AI decision-makers in 130 operators, the majority are unable to demonstrate – to themselves and to third parties – that their AI meets the requirements of the governance they are putting into place. Indeed, the survey shows that there is a large gap between CSPs’ confidence that their AI is trustworthy – based on the development of a governance program – and the evidence that is generated from the systems and processes that use AI. While 72% of respondents stated that they were confident that their AI was trustworthy, only around one in five of them, just 14% of all CSPs, can produce externally reviewable evidence of it.[RC1]

Good AI governance is not enough

The survey, conducted in partnership with IBM’s Institute for Business Value (IBV), set out to test whether CSPs are ready to let AI run their operations as they seek to progress from AI pilots and proofs of concept to full production.

“The more autonomy the more substantial operational evidence you need,” notes Guy Lupo, EVP of TM Forum’s Trustworthy AI and Data Mission, which is embarking on an initiative to establish AI trust levels for CSPs.

One of the main hypotheses when setting out to do the survey was that operators are deploying AI-enabled systems faster than they can govern them. However, this is not borne out by the data. It seems to indicate that, encouragingly, deployment and governance move roughly in step. Furthermore, there is nothing to suggest, based on the survey, that the deployment of autonomous systems is racing ahead of CSPs’ ability to put in place the required governance.

So, when it comes to assessing the safeguards and guardrails that CSPs are putting in place to ensure that it is trustworthy, the governance does not seem to be an issue. Rather, CSPs need to focus on the gap between AI operations and AI governance – ensuring that the observability, traceability, explainability and assurance are in place to meet both internal and external audit requirements.

Many operators are being forced to put these capabilities into place to satisfy the requirements of national regulators that have put tough rules into place to help ensure that their AI is safe. “Regulation appears to act as a readiness accelerator. It may add compliance burden, but it is associated with a stronger AI risk posture,” says Rakhee Chachra, Global Research Leader for Telecom and Media at IBV.

Today’s approaches towards compliance – a function that uses attestations from company auditors – will not work for autonomous systems. Rather, CSPs need a strategy which, like other systems such as revenue assurance or service assurance, continuously monitors systems and infrastructure, analyzes data in real time and generates operational evidence.

But how do CSPs make this happen? For most operators, governance is bolted onto the business. It sits above AI operations. If CSPs want governance and assurance that monitor and generate evidence in real time, they will need to be embedded within systems and infrastructure as part of the overall infrastructure.

If we return to the car analogy, the ideal assurance solution for a CSP would not only be an equivalent of the speedometer – a tool which provides evidence to the car driver, and to other passengers, that the car is travelling within the relevant speed limit. It would also be something that mirrors cruise control – a system that ensures AI practitioners, or more likely AI itself, are unable to deploy untrustworthy AI even when they attempt to do so.

Trust and assurance: the keys to AI deployment at scale will be published in July. A webinar to unveil some of the key findings and a panel discussion with AI experts will be held on the same date. Register here