Risks and harms

AI systems have specific characteristics that amplify risks

AI systems span a wide range of technical approaches. Organisations can use them for many tasks, such as helping with prediction, classification, optimisation or content generation. At their core, AI systems are software-based tools.

AI systems fall broadly into 2 types, each with different strengths and risks:

  • Narrow AI systems are designed and trained to perform a specific task. Most AI systems in use today fall into this category. These types of systems can perform well in a narrow range of activities, potentially even better than humans, but they cannot perform any other tasks. Examples include chess engines, recommender systems, medical diagnostic systems and facial recognition systems. 
  • General-purpose AI systems are designed and trained to handle a broad range of tasks and are therefore flexible. Their use is not limited to a specific function, so they can be more easily used for purposes their designers may not have considered. Examples include large language models and systems such as Open AI’s ChatGPT series.

Both narrow and general-purpose AI systems are built and operate differently from traditional software systems. These differences mean that using an AI system for a particular task may amplify existing risks when compared with traditional software. 

For example, in traditional software systems, developers explicitly define all the logic governing a system’s behaviour. This relies on explicit knowledge, with conscious human engagement at every stage of the software design and development process. Traditional software systems are easier for humans to control, predict and understand. 

In contrast, developers of AI systems take a different approach. This often involves defining an objective and constraints, selecting a dataset, and employing a ‘machine learning algorithm’. This creates an AI model which can achieve the specified objective. While such models often outperform comparable, traditional software systems, the different development approach means AI models are often less transparent, less interpretable, and more complex to test and verify. This amplifies risks and can lead to harm. This is more likely to happen in contexts where it is important to understand and explain how the output was achieved or to constrain the range of potential outputs for safety reasons.

The specific characteristics of general AI systems can amplify risks and harms or pose new risks and harms to an organisation. General AI systems are more prone to unexpected and unwanted behaviour or misuse. This is because of their increased flexibility of interactions, the reduced predictability of their capabilities and behaviour and their reliance on large and diverse training data. For example, large language models can deliberately or inadvertently manipulate or misinform consumers. They can also pose novel intellectual property challenges for both training data and the outputs generated.

The standard supports a risk-based approach to AI harm prevention

As with all software, AI systems vary in the level of risk and the type of harm they pose. Some, like an algorithm on a website that suggests reordering based on stock levels, tend to be lower risk. The potential harms are confined to a customer taking longer to receive a product. Others, like a tool that prioritises job applicants for an interview process or makes financial lending decisions, have far greater potential to create harm. For instance, they may deny a suitable applicant the opportunity of a job or bank loan, or even systematically and unlawfully discriminate against a group of people.

The standard supports a risk-based approach to managing AI systems. It does this by supporting organisations – starting with AI deployers – to take proactive steps to identify risks and mitigate the potential for harm posed by the AI systems they deploy, use or rely on. 

The standard prioritises safety and the mitigation of harms and risks to people and their rights. 

A human-centred perspective on the harms of AI systems

Organisations should assess the potential for these risks and harms to people:

  • Harm to people. This includes infringements on personal civil liberties, rights, and physical or psychological safety. It can also include economic impacts, such as lost job opportunities because of algorithmic bias in AI recruitment tools or the unfair denial of services based on automated decision-making.
  • Harm to groups and communities. AI systems can exacerbate discrimination or unwanted bias against certain sub-groups of the population, including women, people with disability, and people from multicultural backgrounds. This can lead to social inequality, undermining of equality gains and unjust treatment. This is pertinent in recommender algorithms that amplify harmful content.
  • Harm to societal structures. AI systems’ impact on broader societal elements, such as democratic participation or access to education, can be profound. AI systems that spread misinformation could undermine electoral processes, while those that affect educational algorithms could widen the digital divide.

The standard is useful and applicable for identifying, preventing and minimising other risks that may affect an organisation. Organisations often analyse these risks against the potential for reputational damage, regulatory breach, and commercial losses (Figure 3). 

An infographic outlining the 3 areas of risks to organisations: commercial, reputational and regulatory.

Figure 3: Organisational risks of AI

Commercial – Commercial losses due to poor or biased AI system performance; adversarial attacks.

Reputational – Damage to reputation and loss of trust due to harmful or unlawful treatment of consumers, employees or citizens.

Regulatory – Breach of legal obligations that may result in fines, restrictions and require management focus.

System factors and attributes that amplify risks and harms

Several factors impact the likelihood of both narrow and general AI systems amplifying existing risks. These include why, when, where and how an AI system is deployed, as outlined in the table below.

The standard recognises that AI deployers may not have full knowledge or control over all these factors. However, the standard encourages organisations to understand the AI systems they use or rely on. This will help to identify and mitigate risks more accurately. Use the questions in the table to assess if your system attributes suggest an elevated AI system risk.

System attributes and guiding questions for organisations to assess level of risk

System attribute Description

Questions to help identify when an attribute may amplify risk

(Answering ‘yes’ indicates a higher level of risk)

 Examples
AI system technical architecture The choice of AI approach and model can cause risk as well as improve performance. For example, reduced transparency and greater uncertainty mean AI systems tend to need ongoing monitoring and meaningful human oversight. They may be inappropriate for contexts where there is a legal requirement to provide a reason for a decision or output. General-purpose AI systems tend to have a higher risk profile than either narrow AI or traditional software solutions intended for the same task.

Is the way the AI system operates inherently opaque to the provider, deployer or user? 

Does it rely on generative AI in ways that can lead to harmful outputs? 

 A generative AI system is used to create HR-related marketing materials.
Purpose AI systems can considerably outperform traditional approaches in many areas. This means that organisations are increasingly adopting AI systems to perform tasks that have significant direct and indirect impacts for people. As the impacts of an AI system rise, so too does the potential for significant harm if they fail or are misused.

Does the AI system create an output or decision (intentional or not) that has a legal or significant effect on an individual?

If so, will any harm caused be difficult to contest or manage redress?

 A bank uses a risk assessment algorithm to decide whether to grant a home loan.
Context AI systems, being software, are scalable as well as high performing for many tasks. However, their deployment in certain contexts may be inappropriate and their scalability may lead to widespread harms. For example, the use of facial recognition systems in public spaces where children are likely to be present, or algorithms used to gather sensitive data about Australians from social media sites. (See, for example, the determination by Australian Information Commissioner and Privacy Commissioner Angelene Falk, who found that Clearview AI, Inc. breached Australians’ privacy by scraping their biometric information from the web and disclosing it through a facial recognition tool.)

Does the AI system interact with or affect people who have extra forms of legal protection (such as children)? 

Will the system be deployed in a public space? 

 A large retailer uses facial recognition technology to identify shoplifters. 
Data AI systems’ performance is affected by the quality of data and how accurately that data represents people. Biased training data can lead to poor quality or discriminatory outputs. For example, health diagnostic tools trained on historically male-dominated and non-diverse data may produce outputs that lead to under-diagnosis or misdiagnosis of women and non-white patients.

Is confidential, personal, sensitive and/or biometric information used either in the AI system’s training, its operation or as an input for making inferences?  

Is that data biased, non-representative or not a comprehensive representation of the people or contexts it is making a decision about?

 An SME deploys a chatbot to confirm customer contact details.
Level of automation Not all automated AI systems are risky. However, systems that operate independently, or that can be triggered or produce outputs independent of human engagement, may increase risks if they fail or are misused. Risk further increases when there is a considerable period of time between the fault or malicious use happening and the harm being recognised by responsible teams.

Does this system operate automatically?

Does the system make decisions without any meaningful human oversight or validation?

 A construction site deploys autonomous forklifts to move pallets in a warehouse.