The Illusion of "Responsible AI" — and How We Actually Fix It

The CyberDiplomat

5 min read
Share
The Illusion of "Responsible AI" — and How We Actually Fix It
Transparency is falling, incidents are rising, and corporate ethics boards are quietly shutting down. Responsible AI has become a brand. Here's what genuine accountability looks like.

Something telling happened between 2024 and 2025. Corporate AI investment nearly hit $600 billion. Capability benchmarks kept climbing. And the number of reported AI incidents kept rising too. Yet according to Stanford's Foundation Model Transparency Index, average disclosure scores — covering training data, compute usage, and real-world impacts — dropped from 58 to 40.

In other words: as AI became more powerful and more profitable, the companies building it became less transparent. Meanwhile, every major player continued to plaster "responsible AI" across their strategy documents and conference agendas.

This is not a coincidence. It is the logical outcome of a governance framework that was largely written by the industry it was meant to govern.

↓40 - Stanford transparency score in 2025, down from 58 in 2024

$600B - Corporate AI investment in the same period

80% - Of respondents say responsible AI must address workforce impact (MIT/BCG)

A "responsible" label no one defined

The responsible AI movement was always a broad church. Its founders argued that AI systems should be fair, explainable, safe, and accountable. Frameworks multiplied. Ethics boards were convened — then quietly disbanded. What never really happened was a clear, enforceable definition of what "responsible" actually means, or who gets to award that label.

The vocabulary of AI safety — bias, hallucination, model accuracy — was largely forged inside a narrow circle of Silicon Valley research labs. The concern was always more about model behavior than about the humans affected by it. Labor displacement, discriminatory algorithms in criminal justice, and the concentration of economic power were quietly treated as downstream policy problems, not design problems.

"Responsible AI, as currently practiced, is a governance regime whose terms were largely set by the industry it is meant to govern. It is less a set of constraints than a very polite request."

As Oxford researcher Caroline Green has observed, this can become a form of "care washing" — using the language of ethics to legitimize tools that, on closer examination, serve institutional rather than human interests. Agentic AI today is not merely an assistant; it is the interface through which decisions are made, relationships are mediated, and emotional life is organized for hundreds of millions of people. The "responsible AI" conversation has not caught up with that reality.

Where ISO 42001 changes the equation

Against this backdrop, ISO/IEC 42001:2023 — the international standard for AI Management Systems — represents something genuinely different: an external, auditable framework that companies cannot draft for themselves.

WHAT ISO 42001 ACTUALLY REQUIRES

Unlike voluntary principles, ISO 42001 imposes a structured management system with documented controls, risk assessments, and third-party auditability across six key domains:

Organizational context & accountability Leadership must own AI risk, not delegate it to a separate ethics team.

Impact assessments Documented evaluation of harms before deployment — including workforce and societal impacts.

Transparency obligations Organizations must be able to explain AI decisions to affected parties — closing the disclosure gap Stanford measured.

Data governance Training data provenance, quality controls, and bias documentation must be maintained and auditable.

Continuous monitoring Post-deployment performance, incidents, and drift must be tracked — not just pre-launch benchmarks.

Supplier & third-party controls Responsibility does not end at the API boundary; the whole supply chain is in scope.

ISO 42001 does not solve every problem. It does not force companies to halt products, compensate displaced workers, or reverse concentrated market power. But it makes selective transparency structurally harder — you cannot pass an audit by publishing a glossy principles page. It is a floor, not a ceiling, and right now the floor is very much needed.

Crucially, ISO 42001 can also serve as a bridge between the EU AI Act's risk-based requirements, which took effect in early 2025, and the operational controls that companies actually need to implement. Organizations certified under 42001 are better positioned to demonstrate compliance across multiple jurisdictions — which matters in a world where three major regulatory frameworks (US, EU, China) currently reflect three completely different theories of what AI risk even is.

The human-level measures that standards alone cannot provide

Standards and regulation set the floor. But the ceiling — the difference between AI that merely avoids harm and AI that genuinely serves people — depends on human-centered design and governance choices that must be made at the organizational and societal level.

HUMAN-LEVEL MEASURES

1. Treat workforce impact as a core design parameter

The MIT/BCG research is clear: 80% of practitioners believe responsible AI must address workforce impact — yet governance frameworks almost universally focus on model outputs alone. Entry-level roles are not just jobs; they are where tacit knowledge and professional networks are built. Eliminating them does not only harm today's workers — it hollows out the mid-career workforce a decade from now. Impact assessments must include labor market modeling before deployment, not after.

2. Make "responsible benchmarks" as weighty as performance benchmarks

The industry has agreed on shared standards for measuring what its systems can do, while maintaining the freedom to stay quiet about what they might cause. Safety, fairness, and factuality benchmarks need to carry the same institutional weight — enforced by both social pressure (procurement criteria, investor ESG scoring) and regulation (mandatory disclosure tied to market access).

3. Strengthen consumer rights in high-asymmetry contexts

Healthcare, education, and AI companion services are contexts where the power imbalance between platform and user is greatest — and where terms of service routinely assign ownership of intimate interactions to the company. Meaningful consumer protection here means data portability, algorithmic recourse, and the right to opt out without losing access to essential services.

4. Build "boundedness" into design culture

As Caroline Green argues, we need AI that is created with the purpose of serving people — not for maximisation, not for endless capability growth through ever more data. Systems should be designed with explicit scope limits and shutdown mechanisms. This is not a technical constraint; it is a cultural and organizational one. It requires leadership willing to define what their AI is not for.

5. Modernize labor protections for AI-restructured work

We are significantly better at eliminating roles than at protecting the people in them. Labor law needs to evolve: portable benefits, transition support, and advance notice requirements for AI-driven restructuring. Collective bargaining agreements in AI-exposed sectors need to address algorithmic management, not just wages. This requires policymakers and labor representatives at the table where AI governance decisions are made.

6. Democratize governance participation

Governance frameworks built by a small set of research labs will reflect the values of those labs. Meaningful responsible AI requires diverse voices — workers, civil society, domain experts in healthcare and education, and communities disproportionately affected by algorithmic systems — to have formal, funded roles in setting standards, not just commenting on them.

Is there reason for optimism?

Honestly, cautious optimism at best. The structural incentives still favor capability over accountability. Regulation will always move more slowly than technology. And the companies with the most to lose from genuine transparency are the same ones with the most resources to shape how governance frameworks are written.

But the combination of external standards like ISO 42001, multi-jurisdictional regulatory pressure, and growing institutional awareness of the workforce dimension creates a more complete toolkit than existed even two years ago. The question is whether the institutions with the authority to act — regulators, standard-setters, large procurers — will use that toolkit with sufficient urgency before the current ways of working become entrenched.

The responsible AI conversation is finally, slowly, moving from model outputs to systemic impact. That shift is real, even if it is not yet decisive. The window to act is open. It will not stay open indefinitely.

Sources: Stanford HAI Foundation Model Transparency Index 2025 · MIT Sloan Management Review / BCG Responsible AI Report · EU AI Act (2025 implementation) · ISO/IEC 42001:2023 · Gartner / SXSW London 2025 · University of Oxford Civic AI research

Read more