What an AI ethics policy does well
An AI ethics policy serves three legitimate purposes. It communicates the organisation's values on AI to employees, customers, and the public — establishing a shared understanding of what the organisation stands for in its AI work. It provides the foundational reference for more specific AI governance policies and decisions — when operational policies need to be designed, the ethics policy defines the values those policies must serve. And it establishes accountability for values-level commitments — if an organisation's AI ethics policy commits to fairness and its AI systems produce discriminatory outcomes, the ethics policy creates a basis for holding the organisation accountable against its stated values.
These are real and important functions. An AI ethics policy is not a governance mechanism, but it is a legitimate governance input — a document that shapes the governance system even though it cannot substitute for it.
What an AI ethics policy cannot do
An AI ethics policy cannot tell an employee whether to put a specific type of data into a specific AI tool — that requires a data classification policy. It cannot ensure that a credit scoring model does not produce discriminatory outcomes — that requires bias testing with documented methodology and results. It cannot ensure that an AI incident is escalated within the right timeframe — that requires an incident response procedure with named roles and notification obligations. It cannot ensure that the board receives adequate information about AI risk — that requires a board reporting framework.
