AI 治理示范框架 2.0

通过确保设计者和运营商对其系统、应用程序和算法负责并承担责任，并确保这些系统、应用程序和算法以透明和公平的方式运行，建立信任。

Build trust by ensuring that designers and operators are responsible and accountable for their systems, applications and algorithms, and to ensure that such systems, applications and algorithms operate in a transparent and fair manner.

提供外部可见且公正的补救途径，以应对不利影响。

To make available externally visible and impartial avenues of redress for adverse effects.

AI系统应安全可靠，不易被篡改或危及训练数据。

AI systems should be safe and secure, not vulnerable to tampering or compromising the data they are trained on.

无论是否使用AI技术，组织仍负责确保其产品和服务的可用性、可靠性、质量和安全性。

Organisations remain responsible for ensuring the availability, reliability, quality and safety of their products and services, regardless of whether AI technologies are used.

采用本自愿性模型框架不免除组织遵守现行法律法规的义务。

Adopting this voluntary Model Framework will not absolve organisations from compliance with current laws and regulations.

建议组织注意相关法律、法规和指南，因为采用模型框架并不意味着组织符合这些特定行业的法律、法规或指南。

Organisations are advised to remain mindful of such laws, regulations and guidelines, as adopting the Model Framework does not mean that organisations are in compliance with such sector-specific laws, regulations or guidelines.

当以合乎道德的方式实施AI技术的成本超过预期收益时，组织应考虑是否采用非AI替代方案。

Where the cost of implementing AI technologies in an ethical manner outweighs the expected benefits, organisations should consider whether alternative non-AI solutions should be adopted.

使用AI进行决策的组织应确保决策过程可解释、透明且公平。

Organisations using AI in decision-making should ensure that the decision-making process is explainable, transparent and fair.

在AI的设计、开发和部署中，应优先考虑人类的利益，包括福祉和安全。

The protection of the interests of human beings, including their well-being and safety, should be the primary considerations in the design, development and deployment of AI.

AI解决方案应以人为本。

AI solutions should be human-centric.

组织应考虑使用此模型框架来指导其AI部署。

Organisations should consider using this Model Framework to guide their deployment of AI.

组织在规模化部署AI时应详细阐述一套伦理原则。

Organisations should detail a set of ethical principles when they embark on deployment of AI at scale within their processes or to empower their products and/or services.

组织应尽可能审查现有企业价值观并融入已阐明的伦理原则。

As far as possible, organisations should also review their existing corporate values and incorporate the ethical principles that they have articulated.

组织应努力理解数据集可能存在偏见的方式，并在安全措施和部署策略中解决这一问题。

Organisations should strive to understand the ways in which datasets may be biased and address this in their safety measures and deployment strategies.

建立监控和报告系统以及流程，确保适当的管理层了解已部署AI的性能及其他相关问题。

Establishing monitoring and reporting systems as well as processes to ensure that the appropriate level of management is aware of the performance of and other issues relating to the deployed AI.

确保在涉及AI活动的关键人员变动时进行适当的知识转移。

Ensuring proper knowledge transfer whenever there are changes in key personnel involved in AI activities.

当组织结构或关键人员发生重大变化时，审查内部治理结构和措施。

Reviewing the internal governance structure and measures when there are significant changes to organisational structure or key personnel involved.

定期审查内部治理结构和措施，以确保其持续的相关性和有效性。

Periodically reviewing the internal governance structure and measures to ensure their continued relevance and effectiveness.

本模型框架包含组织在以下关键领域应采用促进负责任使用AI的措施的指导：a. 内部治理结构；b. 确定人类参与程度；c. 运营管理；d. 利益相关者互动。

This Model Framework comprises guidance on measures promoting the responsible use of AI that organisations should adopt in the following key areas: a. Internal governance structures and measures; b. Determining the level of human involvement in AI-augmented decision-making; c. Operations management; d. Stakeholder interaction and communication.

在多个国家运营的组织应尽可能考虑社会规范、价值观和期望的差异。

It is also desirable for organisations operating in multiple countries to consider the differences in societal norms, values and/or expectations, where possible.

任何不一致和偏差都应是组织有意识做出的决定，并有明确记录的理由。

Any inconsistencies and deviations should be conscious decisions made by organisations with a clearly defined and documented rationale.

组织在权衡商业目标与AI使用风险时，应以其企业价值观为指导。

Organisations' weighing of their commercial objectives against the risks of using AI should ideally be guided by their corporate values.

通过定期审查的风险影响评估记录这一过程，有助于组织在使用AI解决方案时建立清晰度和信心。

Documenting this process through a periodically reviewed risk impact assessment helps organisations develop clarity and confidence in using the AI solutions.

组织应持续识别和审查与其技术解决方案相关的风险，缓解这些风险，并制定应对计划以防缓解失败。

It is desirable for organisations to continually identify and review risks relevant to their technology solutions, mitigate those risks, and maintain a response plan should mitigation fail.

模型框架提出了一个设计框架（矩阵结构），帮助组织确定AI辅助决策中所需的人类参与程度。

The Model Framework proposes a design framework (structured as a matrix) to help organisations determine the level of human involvement required in AI-augmented decision-making.

不应认为矩阵意味着危害概率和严重性是确定AI决策过程中人类监督水平的唯一因素。

The matrix should not be taken to imply that the probability of harm and severity of harm are the only factors to be considered in determining the level of human oversight in an organisation’s decision-making process involving AI.

对于安全关键系统，组织应确保人员能够接管控制，AI系统提供足够信息以便做出有意义的决策或安全关闭系统。

For safety-critical systems, it would be prudent for organisations to ensure that a person be allowed to assume control, with the AI system providing sufficient information for that person to make meaningful decisions or to safely shut down the system where human control is not possible.

为确保AI解决方案的有效性，负责数据质量、模型训练和模型选择的相关部门必须共同制定良好的数据问责实践。

To ensure the effectiveness of an AI solution, relevant departments within the organisation with responsibilities over quality of data, model training and model selection must work together to put in place good data accountability practices.

负责数据质量、模型训练和模型选择的相关部门应共同努力，建立良好的数据问责实践。

It would be helpful for relevant departments within the organisation with responsibilities over quality of data, model training and model selection to work together to put in place good data accountability practices.

理想情况下，智能系统中部署的模型应有内部部门负责人，负责决定部署哪些模型。

It is ideal for the models deployed in an intelligent system to have an internal departmental owner, who will be the one making decisions on which models to deploy.

组织应审慎评估使用此类数据的风险并进行相应管理。

It would be prudent for organisations to assess the risks of using such data and manage them accordingly.

了解数据谱系：知道数据最初来源、如何收集、整理和在组织内移动，以及如何随时间保持准确性。

Understanding the lineage of data: knowing where the data originally came from, how it was collected, curated and moved within the organisation, and how its accuracy is maintained over time.

保留数据来源记录使组织能够根据数据来源和后续转换确定数据质量，追踪潜在错误源，更新数据，并将数据归因于其来源。

Keeping a data provenance record allows an organisation to ascertain the quality of the data based on its origin and subsequent transformation, trace potential sources of errors, update data, and attribute data to their sources.

鼓励组织了解并处理可能影响数据质量的因素，如准确性、完整性、真实性、时效性和相关性。

Organisations are encouraged to understand and address factors that may affect the quality of data, such as accuracy, completeness, veracity, recency, and relevance.

即使仅使用非个人数据（包括匿名化个人数据）训练AI模型，上述良好数据问责实践仍然适用。

Even if only non-personal data are used for the training of AI models (including personal data that has been anonymised), the good data accountability practices above remain relevant.

可解释性、鲁棒性和定期调优等措施应作为AI部署流程的一部分。

Some of these measures like explainability (or repeatability, when using models that are not easily explained), robustness and regular tuning are sufficiently essential that they could, to varying extents, be incorporated as part of the organisation’s AI deployment process.

鼓励组织采取基于风险的方法进行双重评估：首先识别对利益相关者影响最大的功能子集，其次识别最有效的信任建立措施。

Organisations are encouraged to take a risk-based approach in making a two-fold assessment. First, identify the subset of features or functionalities that have the greatest impact on stakeholders for which such measures are relevant. Second, identify which of these measures will be most effective in building trust with their stakeholders.

记录模型训练和选择过程、决策原因以及应对已识别风险的措施。

Documenting how the model training and selection processes are conducted, the reasons for which decisions are made, and measures taken to address identified risks will enable the organisation to provide an account of the decisions subsequently.

将解决方案的设计和预期行为描述纳入产品或服务说明及系统技术规格文档中。

Incorporating descriptions of the solutions’ design and expected behaviour into product or service descriptions and system technical specifications documentation demonstrates accountability to individuals and/or regulators.

辅助解释工具有助于说明模型如何运作。

Supplementary explanation tools are helpful for explaining how the model operates.

组织可考虑向个人提供反事实和/或比较作为有力的解释类型。

Organisations could consider providing individuals with counterfactuals and/or comparisons as a powerful type of explanation.

当可解释性无法实现时，组织可考虑记录AI模型结果的重复性。

Where explainability cannot practicably be achieved given the state of technology, organisations can consider documenting the repeatability of results produced by the AI model.

对商业部署进行重复性评估，确保部署可重复。

Conducting repeatability assessments for commercial deployments in live environments to ensure that deployments are repeatable.

执行反事实公平性测试。

Performing counterfactual fairness testing.

评估当决策不可重复时如何识别和处理异常。

Assessing how exceptions can be identified and handled when decisions are not repeatable, e.g. when randomness has been introduced by design.

确保异常处理符合组织政策。

Ensuring exception handling is in line with organisations’ policies.

识别并考虑随时间的变化，确保基于时效性数据训练的模型保持相关性。

Identifying and accounting for changes over time to ensure that models trained on time-sensitive data remain relevant.

组织可考虑与AI开发者合作，对其模型进行对抗性测试，以确保模型能够处理更广泛的意外输入变量（尤其是面向公众的AI系统）。

Organisations can consider working with AI developers to conduct adversarial testing on their models to ensure that their models are able to handle a broader range of unexpected input variables (especially for public-facing AI systems).

组织可采取基于风险的方法，识别其产品或服务中需要进行对抗性测试的AI功能子集。

Organisations can take a risk-based approach towards identifying the subset of AI-powered features in their products or services that requires adversarial testing.

打算使用持续学习的组织应了解其风险，以防持续学习模型行为不可预测。

Organisations intending to use continual learning are encouraged to be aware of the risks of doing so, should the continual learning model behave in an unpredictable manner.

建立内部政策和流程以定期调整模型，确保部署的模型适应客户行为变化。

Establishing an internal policy and process to perform regular model tuning is effective for ensuring that deployed models cater for changes to customer behaviour over time.

为确保安全，测试可能需要评估AI解决方案的泛化能力和优雅降级程度。

To ensure safety, testing may need to assess the degree to which an AI solution generalises well and fails gracefully.

AI模型部署到真实环境后，建议进行主动监控、审查和调整。

Once AI models are deployed in the real-world environment, active monitoring, review and tuning are advised.

在可能的情况下，测试应反映计划生产环境的动态性。

Wherever possible, testing should reflect the dynamism of the planned production environment.

AI模型的可追溯性要求：其决策以及产生决策的数据集和过程（包括数据收集、标注和所用算法）以易于理解的方式记录。

An AI model is considered to be traceable if (a) its decisions, and (b) the datasets and processes that yield the AI model’s decision (including those of data gathering, data labelling and the algorithms used), are documented in an easily understandable way.

组织可考虑建立审计追踪，记录模型训练和AI辅助决策。

Practices that organisations may consider to promote traceability include: Building an audit trail to document the model training and AI-augmented decision.

组织可考虑实施黑匣子记录器，捕获所有输入数据流。

Practices that organisations may consider to promote traceability include: Implementing a black box recorder that captures all input data streams.

组织可考虑确保可追溯性相关数据妥善存储，避免降级或篡改，并按行业相关期限保留。

Practices that organisations may consider to promote traceability include: Ensuring that data relevant to traceability are stored appropriately to avoid degradation or alteration, and retained for durations relevant to the industry.

组织可考虑哪些产品功能需要可追溯性以及哪些措施足够，同时考虑记录AI模型决策、数据集和流程所需的资源。

Organisations can consider which of their product features require traceability and which traceability measures might be sufficient for their needs, bearing in mind the resources needed to document the AI model’s decisions, datasets and processes.

组织可采取基于风险的方法，识别其产品或服务中需要外部可重复性测试的AI功能子集。

Organisations can take a risk-based approach towards identifying the subset of AI-powered features in their products or services that requires external reproducibility testing.

测试是否需要考虑特定上下文或条件以确保可重复性。

Testing whether specific contexts or particular conditions would need to be taken into account to ensure reproducibility.

对于采购商用现成AI系统的公司，向原始AI解决方案提供商核实模型结果是否可重复。

For companies that procure commercial off-the-shelf AI systems, checking with the original AI solution provider about whether the model’s results are reproducible.

建立验证方法以确保AI模型可靠性和可重复性的不同方面。

Putting in place verification methods to ensure different aspects of the AI model’s reliability and reproducibility.

提供复制文件（即复制AI模型开发过程每一步的文件）以促进测试和重现行为。

Making available replication files (i.e. files that replicate each step of the AI model’s developmental process) to facilitate the process of testing and reproducing behaviours.

采用第3.30段(c)-(e)点关于可重复性的内容（即评估如何识别和处理异常，确保异常处理符合组织政策，以及识别并考虑随时间的变化）。

Adopting points in paragraph 3.30 (c)-(e) under repeatability (namely, assessing how exceptions can be identified and handled, ensuring that exception-handling is in line with organisational policies, and identifying and accounting for changes over time).

为促进可审计性，组织可考虑保留数据来源、采购、预处理、沿袭、存储和安全的全面记录。

To facilitate auditability, organisations can consider keeping a comprehensive record of data provenance, procurement, pre-processing, lineage, storage and security.

组织也可考虑将此类信息数字化集中记录在流程日志中。

Organisations may also wish to centralise such information digitally in a process log.

鼓励组织提供关于其产品/服务是否使用AI的一般信息。

Organisations are encouraged to provide general information on whether AI is used in their products and/or services.

组织可以考虑披露AI决策可能如何影响个人消费者，以及该决策是否可逆。

Organisations can consider disclosing the manner in which an AI decision may affect an individual consumer, and whether the decision is reversible.

鼓励组织制定关于向个人提供何种解释以及何时提供解释的政策。

Organisations are encouraged to develop a policy on what explanations to provide to individuals and when to provide them.

鼓励公司测试、评估和审查其策略的有效性。

Companies are encouraged to test, evaluate and review their strategies for effectiveness.

可将道德考量作为企业价值观引入，并通过伦理审查委员会或类似结构进行管理。

Ethical considerations can be introduced as corporate values and managed through ethics review boards or similar structures.

鼓励组织考虑消费者在与AI交互过程中的信息需求。

Organisations are encouraged to consider the information needs of consumers as they go through the journey of interacting with AI, from considering whether to use an AI solution, to understanding how the AI solution works as they use it, to requesting for reviews on the decisions made by the AI solution.

确保消费者知晓其考虑的产品或服务是AI驱动的。

Making sure that consumers are aware that the products or services that they are considering are AI-enabled.

鼓励组织识别那些通过提供额外信息能增强消费者信任的功能。

Organisations are encouraged to identify those features where providing additional information in this manner will enhance consumer trust.

提供信息使消费者了解AI功能在正常使用中的预期行为。

Providing information so that consumers know how the AI-enabled features are expected to behave during normal use.

如果AI用于决策，可提供信息使消费者了解AI辅助决策如何影响他们。

If AI is used in decision-making, information may be provided so that consumers understand how decisions made with the assistance of AI may affect them.

对于消费者经常交互的AI功能，提供信息使其理解行为原因，并提供偏好设置以影响未来行为。

For AI-enabled features that consumers interact with regularly, providing information so that they understand why the AI-enabled feature is behaving in a certain way, and providing preference settings to allow consumers some influence over future behaviour where possible.

对于影响消费者的AI增强决策，考虑提供额外信息解释决策原因，并为某些类别的决策提供申诉渠道。

For AI-augmented decisions that affect consumers, consider providing additional information so that they understand why the decisions were made; and for certain categories of such decisions, providing an appropriate channel to contest such decisions.

组织应仔细考虑是否提供个人选择退出AI产品或服务的选项，以及该选项是默认提供还是仅应要求提供。

Organisations may wish to consider carefully when deciding whether to provide individuals with the option to opt out from the use of the AI product or service, and whether this option should be offered by default or only upon request.

如果组织权衡上述因素后决定不提供退出选项，则应考虑提供消费者申诉渠道，例如审查决策的渠道。

Where an organisation has weighed the factors above and decided not to provide an option to opt out, it is prudent for the organisation to consider providing modes of recourse to the consumer such as providing a channel for reviewing the decision.

适当时，组织可保留聊天机器人对话历史以应对投诉或寻求消费者申诉。

Where appropriate, organisations may also wish to keep a history of chatbot conversations when facing complaints or seeking recourse from consumers.

鼓励组织为客户建立以下沟通渠道：反馈渠道和决策审查。

Organisations are encouraged to put in place the following communications channels for their customers: Feedback channels and Decision review.

反馈渠道可用于客户提出反馈或查询，可由组织的数据保护官或质量服务经理管理。

Feedback channels could be used for customers to raise feedback or queries, and could be managed by an organisation's Data Protection Officer or Quality Service Manager.

组织可考虑为个人提供请求审查影响其的重大AI决策的途径。

Organisations can consider providing an avenue for individuals to request a review of material AI decisions that have affected them.

当全自动决策对消费者的影响可能重大时，提供由人类审查该决策的机会是合理的。

Where the effect of a fully-autonomous decision on a consumer may be material, it would be reasonable to provide an opportunity for the decision to be reviewed by a human.

组织应意识到使用此类回复的风险，因为有些人可能故意使用不当语言或随机回复。

Organisations should be aware of the risks of using such responses as some individuals may intentionally use “bad language” or “random replies” which would affect the training of the AI system.

鼓励组织在部署前测试用户界面并解决可用性问题。

Organisations are encouraged to test user interfaces and address usability problems before deployment, so that the user interface serves its intended purposes.

如适用，鼓励组织告知个人其回复将用于训练AI系统。

If applicable, organisations are also encouraged to inform individuals that their responses would be used to train the AI system (e.g. a chatbot).

鼓励组织以易于理解的方式进行沟通以增加透明度。

Organisations are encouraged to communicate in an easy-to-understand manner to increase transparency.

组织可考虑制定可接受用户政策，防止用户恶意操纵模型性能或结果。

Organisations may wish to consider setting out certain acceptable user policies (“AUPs”) to ensure that users do not maliciously introduce input data that unacceptably manipulates the performance and/or results of the solution’s model.

可接受使用政策为个人与AI系统的互动设定广泛边界，包括禁止逆向工程、禁用、干扰或破坏AI服务功能、完整性或性能的行为。

AUPs serve to set broad boundaries for the interactions that individuals can perform with the AI system, such as restrictions with regard to intentional actions or attempts to reverse engineer, disable, interfere or disrupt the functionality, integrity or performance of the AI-powered service.

组织需要从AI解决方案提供商处获取足够信息以达成业务目标（例如，提供第3.51段所述信息的背对背安排）。

Organisations would thus need to obtain sufficient information from AI solution providers to help them meet their business objectives (for example, this could be a back-to-back arrangement for providing the information described in paragraph 3.51).

组织可考虑确定内部治理结构的适当特征。

Organisations may also consider determining the appropriate features in their internal governance structures.

组织高层管理和董事会对AI治理的赞助、支持和参与至关重要。

The sponsorship, support and participation of the organisation’s top management and its board of directors in the organisation’s AI governance are crucial.

组织可能需要考虑从AI解决方案提供商处获取的支持和详细信息，涉及数据、模型训练与选择、人为因素、推断、算法存在以及减轻数据和算法偏差的措施。

Organisations may have to consider the level of support and detailed information that they may need to obtain from AI solution providers pertaining to data, model training and selection, human elements, inferences, algorithmic presence, and measures and safeguards in place to mitigate biases in data and algorithms.

鼓励组织评估其AI治理实践和流程是否符合不断发展的AI标准，并向相关利益相关者提供评估结果。

Organisations are encouraged to evaluate whether their AI governance practices and processes are in line with evolving AI standards, and make available the outcome of such evaluations to relevant stakeholders.

如有必要且可能，考虑建立具有相关专业知识和适当代表的协调机构。

If necessary and possible, consider establishing a coordinating body, having relevant expertise and proper representation from across the organisation.

AI部署各阶段和活动的责任和监督应分配给适当的人员和/或部门。

Responsibility for and oversight of the various stages and activities involved in AI deployment should be allocated to the appropriate personnel and/or departments.

具有内部AI治理职能的人员和/或部门应充分了解其角色和职责，接受适当培训，并获得履行职责所需的资源和指导。

Personnel and/or departments having internal AI governance functions should be fully aware of their roles and responsibilities, be properly trained, and be provided with the resources and guidance needed for them to discharge their duties.