An unrecognizable person with binary code projected, symbolizing cybersecurity and digital coding.

Ethical AI: From Sentiment to Agreements That Work

ByDaniel Fokker

Introduction

Ethical AI is a topic on which people quickly become very principled. And understandably so. AI touches privacy, power, work and identity. But if you discuss ethics only as sentiment, it remains a feeling. And then one of two things happens inside the organisation:

  • people do all kinds of things in the wild
  • or people no longer dare to do anything at all

Both are bad. The mature version is this: translate ethics into agreements.

That is also the direction we now see in legal and standards frameworks. The EU AI Act is being phased in and places increasing emphasis on governance, transparency and responsibilities, including around general purpose AI. And NIST has created a profile for generative AI that helps organisations manage risks in concrete terms.

Here is my practical approach: five types of agreements that suddenly make “ethical AI” executable. Without an ethics committee that meets once a quarter and then disappears again.

1. Agreements about purpose and boundaries

Ethics starts with the question: what do we use AI for, and what do we not use it for? This is not a technical discussion. It is a management choice.

Examples of clear agreements:

  • AI may support, but not autonomously decide on rejections or sanctions
  • AI may summarise, but not enter case files without source references
  • AI may write, but not send customer communication without human review

Output: a short list of “yes” and “no”. Done.

2. Agreements about transparency and explainability

Much of the fear around AI comes from invisibility. People want to know: where does this come from, and can I check it?

In its Generative AI Profile, NIST specifically emphasises the importance of transparency, documentation and appropriate controls depending on context and impact.

Practical examples:

  • for medium and high impact use cases, we log prompts, outputs and sources used
  • we label AI output as AI-assisted
  • we define a minimum explanation: “why this answer is plausible”

Not perfect. But mature.

3. Agreements about data, privacy and copyright

This is where ethics and compliance meet. Especially with generative AI, things can go wrong quickly with:

  • personal data
  • trade secrets
  • copyrighted material

The European Commission has explicitly stated that GPAI rules touch on transparency and copyright obligations.

Examples:

  • data classes and permitted tools
  • no customer data in public models
  • rules for processing documents and code
  • clear vendor agreements: where data is processed, what is stored and for how long

This is not sexy, but it prevents the pleasant surprise of your prompt suddenly showing up in an audit.

4. Agreements about human oversight and escalation

Ethical AI without human responsibility is a fairy tale. The most important mechanism is simple: who is watching, and what do we do when something goes wrong?

This is how I usually write it down:

  • human in the loop for high impact decisions
  • an escalation path: from team lead to security/privacy to the management team
  • a stop rule: when do we immediately switch off a use case?

This also fits the governance trend CIOs use to maintain speed without losing safety.

5. Agreements about continuous improvement and management system thinking

You do not need to enter a full certification route immediately, but it does help to think in a simple management cycle: plan, do, check, adjust.

ISO/IEC 42001 is exactly that kind of AI management system standard. It has been published as an international standard and describes requirements and guidance for setting up and improving AI management.

Practical implementation:

  • we create an AI register, even if it is small
  • every use case has an owner, purpose, risk assessment and controls
  • every quarter we recalibrate: what do we stop, what do we scale?

This is not bureaucracy. This is how you prevent AI from becoming a loose collection of disconnected projects.

How this connects to Common Sense Management

Common Sense Management is essentially about clarity, responsibility and simple, workable agreements. Not thick manuals. AI asks for exactly the same thing. Calm only appears when you make it small:

  • clear goals
  • clear owner
  • clear agreements
  • regular rhythm

Ethical AI is therefore not “extra”. It is a mature form of management in a new context.

Closing: ethics as enablement

The biggest misconception is that ethics slows innovation down. In practice, the opposite is true. When people know what is allowed, they dare to move. When things remain vague, everyone hits the brakes. Or everyone secretly accelerates.

My preference is simple: make it explicit. One page of agreements. A small cadence. And then act.

Do you want to make this concrete for your organisation? This is exactly the kind of management workshop I like to facilitate. Two hours. Whiteboard. Conclusions. Agreements you can move forward with on Monday.

Similar Posts