Governance is now an engineering concern
"Move fast" met regulation. AI systems make consequential decisions (hiring, lending, healthcare, content), and governance — the rules, controls, and accountability for how AI is built and used — is now something engineers must design into systems, not bolt on later. It's increasingly a legal requirement and a table-stakes expectation for enterprise customers.
The regulatory landscape (know the map)
- EU AI Act — the first comprehensive AI law: risk-tiered obligations (next chapter), phasing in through 2025–2027, with real penalties. Applies to anyone offering AI in the EU. The de-facto global reference.
- GDPR & privacy law — governs personal data anywhere it's processed (including in prompts, training data, and outputs); consent, minimization, the right to erasure, automated-decision rights.
- Sector rules — finance (fair lending, model risk management SR 11-7), healthcare (HIPAA), hiring (NYC Local Law 144 bias audits), etc.
- Frameworks & standards — NIST AI RMF, ISO/IEC 42001 (AI management systems) — voluntary but shape "reasonable" practice.
What governance covers
- Risk assessment — what could go wrong, and how bad (bias, privacy, safety, misinformation)?
- Data governance — provenance, consent, quality, privacy of training/serving data.
- Transparency — disclosing AI use, documenting how the system works.
- Accountability — who's responsible, audit trails, human oversight for high-stakes decisions.
- Ongoing monitoring — governance isn't a launch checklist; it's continuous (bias drift, new risks).
The engineer's role
You don't need to be a lawyer, but you must be able to build the controls governance requires: access control, audit logging, PII handling, human-in-the-loop, documentation, and monitoring — the topics of this course. "Responsible AI" is the sum of security + privacy + fairness + transparency + accountability, engineered in.