Policy Advisor

The principle that individuals and organisations must be able to explain AI decisions, accept responsibility for AI outputs, and be answerable when AI causes harm. Accountability requires clear ownership — someone must be responsible for every AI deployment. It is a core pillar in most AI governance frameworks and a legal requirement under the EU AI Act for high-risk systems.

Technology that enables machines to perform tasks that typically require human intelligence — understanding language, recognising images, making decisions, generating content. AI is an umbrella term covering machine learning, deep learning, and natural language processing. In business, it refers to software that augments or automates decision-making, analysis, or content production.

An AI system that can perceive its environment, make decisions, and take actions autonomously — often without direct human instruction for each step. Agents can use tools (search, code, email), plan multi-step tasks, and operate over extended periods. As agents become more capable, human-in-the-loop oversight becomes more critical. The humanITLoop framework addresses agent governance in its risk assessment.

A structured document that justifies an AI investment to decision-makers and the board. A complete AI business case includes: the specific problem AI will solve, strategic alignment, financial analysis (ROI, costs, cost of inaction), testing criteria, and risk and ethics assessment. The humanITLoop 5-Step AI Strategy Tool guides you through building one.

A formal document setting out your organisation’s principles, commitments, and policies for responsible AI use — covering fairness, transparency, accountability, data protection, and human oversight. It is an operational document linked to specific governance procedures and role responsibilities, not just a statement of values. The humanITLoop AI Ethics Module produces a complete, board-ready charter.

The policies, processes, roles, and controls that ensure AI is developed and used responsibly. Good AI governance covers: who approves AI deployments, how risks are assessed, how outputs are reviewed, how compliance is monitored, and how issues are escalated. Governance requires executive ownership, clear accountability, and board-level visibility — not just an IT policy.

A composite measurement of how prepared an organisation is to implement AI responsibly. The humanITLoop AI Readiness Score aggregates results across three dimensions: Ethics & Governance maturity, People & Change readiness, and Strategy & Implementation progress. Tracked continuously on the AI Readiness Dashboard.

A classification of an AI system based on potential harm. The EU AI Act defines four tiers: Unacceptable (prohibited), High (heavily regulated), Limited (transparency obligations), Minimal (no specific obligations). Risk tiering determines what governance controls, documentation, and oversight your deployment requires. Assessed in the AI Ethics Module.

A set of rules or instructions a computer follows to solve a problem or make a decision. In AI, algorithms learn patterns from data rather than following explicit rules. When people refer to “the algorithm” in business (feeds, credit scoring, recruitment), they usually mean an AI or machine learning algorithm making decisions at scale — often without visibility into how it works.

Using AI to enhance human capability rather than replace workers. Augmentation means AI handles repetitive or data-heavy tasks so people can focus on judgment, creativity, relationships, and oversight. The humanITLoop philosophy is built on augmentation — AI succeeds when it empowers people, not when it eliminates them. This distinction is central to effective change management.

Systematic errors in AI outputs producing unfair or skewed results — often reflecting biases in training data, model design, or deployment context. AI bias can discriminate by race, gender, age, location, or other characteristics, sometimes invisibly. It is not always intentional — it can emerge from historical data reflecting past inequalities. Detecting and mitigating bias is a legal and ethical requirement under POPIA, the EU AI Act, and NIST AI RMF.

The structured process of preparing, supporting, and guiding people through organisational change — including AI implementation. Effective AI change management addresses employee resistance, communicates the “why,” identifies role impacts, provides training, and builds internal advocates. Research shows 70% of AI implementation success depends on people and process, not technology. The People & Change Strategy Tool uses the LOOP Framework.

An employee who advocates for AI adoption within their team — helping colleagues understand the change, addressing concerns informally, and feeding ground-level insight back to leadership. Change champions are identified based on influence and credibility, not just seniority. They bridge the gap between executive strategy and frontline reality.

The financial and strategic cost of not implementing AI — competitive disadvantage, efficiency losses, talent costs, missed opportunities. Including COI in your business case reframes the decision from “why spend on AI?” to “what does it cost us to do nothing?” It is often the most compelling element of a board-level AI proposal. Included in the 5-Step Strategy Tool.

An internal governance body that reviews, approves, and monitors AI deployments against your organisation’s ethical standards. It typically includes legal, HR, technology, operations, and executive leadership. It has actual decision-making authority over which AI systems can be deployed and under what conditions. Setting up an Ethics Review Board is an output of the AI Ethics Module.

The ability to describe, in understandable terms, why an AI system produced a particular output or decision. A governance requirement — employees, customers, and regulators may have the right to understand how a decision affecting them was made. Some AI models (especially deep neural networks) are inherently hard to explain. Using explainable models or adding explanation layers is often required for high-risk use cases.

The principle that AI systems should not produce discriminatory outcomes or treat people inequitably based on protected characteristics (race, gender, age, disability, etc.). Fairness in AI is complex — different mathematical definitions of fairness can conflict. Practically, fairness requires testing AI outputs across population groups, establishing acceptable thresholds, and monitoring for drift over time.

humanITLoop’s framework for building an AI ethics foundation, derived from NIST principles. The five pillars: Explainability (can you explain AI decisions?), Fairness (are outcomes equitable?), Robustness (does it perform reliably?), Transparency (is there visibility into how it works?), Privacy (is personal data protected?). The AI Ethics Module builds a maturity assessment and commitment statement for each.

AI systems that create new content — text, images, video, audio, code — in response to prompts. Examples: ChatGPT, Claude, Gemini, Midjourney, Copilot. Unlike traditional AI that classifies or predicts, generative AI produces novel outputs. Specific risks include hallucination, copyright concerns, deepfakes, and quality inconsistency. Governance must address output review, attribution, and acceptable use policies.

When an AI system generates information that sounds plausible and confident but is factually incorrect or fabricated. LLMs hallucinate because they predict statistically likely words — not because they “know” facts. Hallucinations are most dangerous in legal, medical, financial, or compliance contexts. Human-in-the-loop review is the primary mitigation — AI outputs in high-stakes areas must be verified before use.

An AI design and governance approach where a human reviews, approves, or corrects AI outputs before they are acted upon. HITL exists on a spectrum — some systems require human approval for every output; others only involve humans at exceptions. The right level depends on risk: high-stakes decisions (credit, employment, healthcare) require more involvement. HITL is a foundational principle embedded throughout the humanITLoop framework.

Under POPIA, every organisation that processes personal information must appoint an Information Officer responsible for overseeing POPIA compliance. The Information Officer handles data subject requests, breach notifications, liaising with the Information Regulator, and ensuring data processing meets POPIA’s eight conditions. This is a legal requirement for South African businesses — not optional.

A type of AI trained on massive text data to understand and generate human language. Powers tools like ChatGPT, Claude, Gemini, and Llama. Can write, summarise, translate, answer questions, and generate code. Despite their capability, LLMs do not “understand” in the human sense — they predict statistically likely responses. This makes human oversight essential for any business-critical application.

humanITLoop’s change management methodology for AI: Listen (understand employee concerns), Orient (create conditions for change — the “Why” narrative), Organise (build your change team, training plan, comms strategy), Prove (measure adoption and demonstrate value). The backbone of the People & Change Strategy Tool.

A subset of AI in which systems learn patterns from data to make predictions or decisions without being explicitly programmed for each scenario. A machine learning model is trained on examples and learns to generalise. Most practical business AI today — fraud detection, recommendations, predictive analytics, image recognition — is built on machine learning.

The US National Institute of Standards and Technology AI Risk Management Framework — a voluntary but widely adopted framework for managing AI risks across the full AI lifecycle. Four core functions: Govern, Map, Measure, Manage. Referenced globally as a practical governance baseline, and directly aligned to the humanITLoop AI Ethics Module.

A controlled, limited-scale AI deployment to validate performance, identify issues, and build confidence before full rollout. A good pilot defines success criteria upfront, includes HITL review protocols, has a defined duration and scope, and produces a clear go/no-go recommendation. Piloting before full deployment is a key risk mitigation in the 5-Step Strategy Tool.

South Africa’s primary data protection law, in full effect since July 2021. Governs how organisations collect, process, store, and share personal information of SA residents. Applies to AI systems that process personal data — HR tools, customer AI, credit decisions, and any model trained on personal data. Non-compliance: fines up to R10 million and criminal prosecution. Covered in the AI Ethics Module.

The right of individuals to control how their personal information is used by AI systems. AI privacy risks include using data without consent, training on sensitive data, inferring private information from anonymous data, and excessive retention. Privacy by design — building protections in from the start — is the recommended approach under POPIA and GDPR.

A prompt is the instruction given to a generative AI to produce a response. Prompt engineering is the practice of crafting prompts carefully to get accurate, useful outputs. For governance, acceptable use policies should define what prompts employees may use with AI tools — especially regarding confidential or personal data.

A measure of financial return relative to cost. In AI business cases, ROI captures time savings, revenue gains, error reduction, and capacity freed — compared against implementation, licensing, training, and oversight costs. A credible ROI must also account for governance overhead and error risk. The 5-Step Strategy Tool includes a step-by-step ROI calculator.

The ability of an AI system to perform reliably across different conditions — including unexpected inputs, edge cases, and adversarial attempts to manipulate it. A robust system does not fail catastrophically on unfamiliar data or produce wildly different outputs for small input changes. Robustness testing is part of every AI pilot programme.

Securing genuine support from key decision-makers, influencers, and affected parties before proceeding with AI implementation. Buy-in is not the same as approval — stakeholders must actively support, not just tolerate, the initiative. Effective engagement maps who is affected, tailors the “why” to each audience, addresses concerns directly, and involves stakeholders in design decisions where possible.

The dataset used to teach a machine learning model to recognise patterns, make predictions, or generate outputs. The quality, diversity, and representativeness of training data directly determines model quality. Biased, incomplete, or outdated training data produces biased outputs — often in ways that are hard to detect. Organisations should understand what data their chosen AI systems were trained on, and what their own operational data will contribute.

The principle that AI systems, their capabilities, limitations, and decision-making should be visible and understandable to appropriate stakeholders. Transparency means being open about when AI is being used, what it is doing, and how people can seek human review. It is a legal requirement in several jurisdictions (EU AI Act, POPIA) and a foundational pillar of trustworthy AI.