California GenAI risk management principles
California has identified key focus areas for identifying and managing risks of using GenAI. You should use these principles as a foundation in developing a risk mitigation strategy to address potential safety, privacy, and security concerns before deploying GenAI. California’s risk management principles emphasize key elements of the NIST Artificial Intelligence Risk Management Framework and are intended to ensure NIST standards are considered, referenced, and applied appropriately for California’s needs.
Risk Management is a key consideration for GenAI and is essential for you to successfully plan, implement, and operate GenAI technologies. The GenAI risk management principles are intended to ensure you responsibly deliver critical services to all Californians in a safe, secure, and equitable manner.
Key risk management principles
- Statewide Administrative Management – Statewide Administrative Management refers to policies contained in the Statewide Administrative Manual, State Contracting Manual, Statewide Information Management Manual, State Telecommunications Management Manual (STMM), and the CalHR Human Resources Manual. This principle emphasizes the need for administrative and operational policies, standards, and guidelines to ensure the use of GenAI is fit for the proposed purpose, and ensures the legal, ethical, equitable, safe, and secure use of GenAI technology.
- State Entity Governance – This principle highlights the importance of the departmental policies, processes, risk documentation, and procedures necessary to ensure acceptable use and effective operational oversight of GenAI technology as it relates to your business and mission objectives.
- Quality, Safety, and Security Controls – The principle focuses on the need for adequate quality, safety, and security controls required for you to train, validate, assess, secure, and take corrective actions to ensure that GenAI models and vendors perform as expected.
- Public-Private Partnerships and Community Engagement – This principle emphasizes the need for your department to create, grow, and sustain meaningful partnerships with those who build GenAI solutions as well as those Californians who may be most directly affected by them.