Proposal
This policy proposal establishes mandatory ethical governance requirements for organisations seeking AIMSS certification. The purpose is to ensure that AI systems are not only technically effective, but also aligned with human rights, fairness, explainability, accountability, and responsible organisational decision-making. AI systems can influence access to employment, finance, education, healthcare, public services, information, and safety. Because of this, ethical governance must be treated as a formal control function rather than an optional advisory process.
Under this proposal, every organisation shall maintain an AI Ethics Governance Framework approved by senior leadership. The framework shall define prohibited AI uses, ethical review triggers, escalation routes, accountability roles, and evidence requirements. Ethical review shall be mandatory for high-risk AI systems, including systems that affect legal rights, access to essential services, vulnerable groups, employment decisions, financial outcomes, health, safety, biometric identification, or large-scale public communication. Lower-risk systems shall be subject to proportionate review based on their potential impact.
Each AI system within scope shall have a named business owner, technical owner, and risk owner. These individuals shall be responsible for ensuring that ethical risks are identified, assessed, mitigated, and monitored throughout the system lifecycle. The organisation shall also establish an independent AI Ethics Committee or equivalent review body. This committee must have sufficient independence from product, engineering, and commercial teams to challenge deployment decisions. Its responsibilities shall include reviewing high-risk use cases, approving mitigation plans, escalating unresolved risks, and recommending suspension where ethical safeguards are inadequate.
The policy shall require organisations to conduct an AI Ethical Impact Assessment before deploying any high-risk AI system. This assessment shall examine intended use, foreseeable misuse, affected stakeholders, fairness risks, explainability needs, human oversight mechanisms, potential discrimination, social harm, and available alternatives. The assessment shall also document residual risks and the rationale for accepting or rejecting those risks.
Transparency is a central requirement. Organisations shall provide clear disclosures where AI materially influences decisions or user experiences. Disclosures shall explain the purpose of the AI system, its limitations, the role of human oversight, and how affected individuals may challenge or appeal outcomes. For systems that produce significant decisions, users shall have access to meaningful explanations that are understandable to a non-technical audience.
This proposal also requires a formal ethics escalation channel. Employees, contractors, users, and affected stakeholders must be able to raise ethical concerns without retaliation. Concerns shall be logged, reviewed, and resolved within defined timeframes. Repeated ethical concerns or unresolved material risks shall trigger management review and potential certification nonconformity.
Evidence for certification shall include ethics committee terms of reference, meeting minutes, ethical impact assessments, risk acceptance records, user disclosures, appeal records, complaint logs, training materials, and corrective action plans. Failure to maintain effective ethical governance should be classified as a major nonconformity. Deliberate deception, unlawful discrimination, retaliation, or concealment of material ethical harm should be classified as a critical nonconformity.