AI Governance Policy

1. Purpose

The purpose of this policy is to define Nexly’s approach to governing AI systems, ensuring they are safe, ethical, transparent, and aligned with business objectives and societal values.

2. Scope

This policy applies to all AI systems developed, procured, deployed, or operated by Nexly, including internal tools, third-party services, and AI-enabled products. All employees, contractors, and stakeholders involved in AI-related activities must comply.

3. Governance Structure

• AI Ethics Committee: Oversees ethical compliance, reviews AI projects, and approves high-risk systems.
• AI Risk Management Team: Identifies, assesses, and mitigates AI-related risks across operations.
• Department Heads: Ensure implementation of governance standards within their teams.
• Employees and Contractors: Follow AI policies, report risks, and comply with ethical and safety guidelines.

4. Principles for Responsible AI

• Fairness: Avoid bias and ensure equitable treatment across all users and stakeholders.
• Transparency: Maintain explainable AI systems and clear communication of AI-driven decisions.
• Accountability: Define roles and responsibilities for all AI systems and decisions.
• Safety and Reliability: Ensure systems are robust, resilient, and secure against failures or malicious exploitation.
• Privacy and Data Protection: Comply with all data privacy regulations and protect personal and sensitive data.
• Human Oversight: Maintain human-in-the-loop decision-making for high-risk AI applications.

5. Risk Assessment and Management

All AI systems must undergo a structured risk assessment, including:

• Identification of potential harms, including ethical, safety, operational, and legal risks.
• Evaluation of likelihood and impact of risks.
• Implementation of mitigation strategies, including design controls, monitoring, and human oversight.
• Ongoing monitoring of AI system performance and impact post-deployment.

6. Data Governance

• Ensure data quality, accuracy, and relevance for AI training and decision-making.
• Protect privacy and confidentiality of sensitive data.
• Maintain auditable data pipelines for compliance and accountability.
• Ensure datasets are representative and reduce bias in model development.

7. Compliance and Legal Requirements

All AI systems must comply with applicable regulations, industry standards, and internal policies. Key requirements include:

• Data privacy laws (e.g., GDPR, CCPA).
• Consumer protection and anti-discrimination laws.
• Internal audit and reporting standards for AI systems.
• Documentation of model design, assumptions, and decision logic.

8. Monitoring and Auditing

• Regular audits of AI system outputs for fairness, accuracy, and safety.
• Continuous monitoring of system performance and risk indicators.
• Incident reporting and corrective action mechanisms.
• Periodic review of governance policies and AI ethical standards.

9. Training and Awareness

• Regular training programs on AI ethics, governance, and safety for employees and contractors.
• Awareness campaigns to promote responsible AI usage.
• Guidelines and resources for understanding AI risks and compliance requirements.

10. Policy Review

This AI Governance Policy will be reviewed at least annually, or whenever significant technological, regulatory, or operational changes occur, to ensure continued relevance and effectiveness.

11. Contact Information

For questions, clarifications, or support regarding this AI Governance Policy, please contact:

Email: ai-governance@nexly.eu
Subject: AI Governance Inquiry