About this guidance
What is the purpose of this guidance?
This guidance is intended to help organisations explain decisions made by artificial intelligence systems (AI) to the people affected by them. This guidance is in three parts:
- Part 1 – The basics of explaining AI (this part)
- Part 2 – Explaining AI in practice
- Part 3 – What explaining AI means for your organisation
This part of the guidance outlines the:
- legal requirements for explaining AI;
- benefits and risks of explaining AI;
- explanation types;
- contextual factors; and
- principles that underpin the rest of the guidance.
There are several reasons to explain AI, including complying with the law, and realising benefits for your organisation and wider society. It clarifies how to apply data protection provisions associated with explaining AI decisions, as well as highlighting other relevant legal regimes outside the ICO’s remit.
This guidance is not a statutory code of practice under the Data Protection Act 2018 (DPA 2018). Instead, we aim to provide information that will help you comply with a range of legislation, and demonstrate ‘best practice’.
How should we use this guidance?
This introductory section is for all audiences. It contains concepts and definitions that underpin the rest of the guidance.
Data Protection Officers (DPOs) and your organisation’s compliance team will primarily find the legal framework section useful.
Technical teams and senior management may also need some awareness of the legal framework, as well as the benefits and risks of explaining AI systems to the individuals affected by their use.
You will also find the “at a glance” sections of this guidance in this summary document. This pulls the fundamental elements of the guidance into one place and makes it easier to find them quickly.
If you run a SME that processes personal data using AI and you have concerns, it is worth remembering that you can get additional support from the ICO’s SME web hub.
What is the status of this guidance?
This guidance is issued in response to the commitment in the Government’s AI Sector Deal, but it is not a statutory code of practice under the DPA 2018, nor is it intended as comprehensive guidance on data protection compliance.
This is practical guidance that sets out good practice for explaining decisions to individuals that have been made using AI systems processing personal data.
Why is this guidance from the ICO and The Alan Turing Institute?
The ICO is responsible for overseeing data protection in the UK, and The Alan Turing Institute (The Turing) is the UK’s national institute for data science and artificial intelligence.
In October 2017, Professor Dame Wendy Hall and Jérôme Pesenti published their independent review on growing the AI industry in the UK. The second of the report’s recommendations to support uptake of AI was for the ICO and The Turing to:
“…develop a framework for explaining processes, services and decisions delivered by AI, to improve transparency and accountability.”
In April 2018, the government published its AI Sector Deal. The deal tasked the ICO and The Turing to:
“…work together to develop guidance to assist in explaining AI decisions.”
The independent report and the Sector Deal are part of ongoing efforts made by national and international regulators and governments to address the wider implications of transparency and fairness in AI decisions impacting individuals, organisations, and wider society.