AIIM

Comments
on AI
Accountability

Why AIIM Responded to U.S. NTIA’s
Request for Comment.
Governments around the world have started the arduous process
of developing regulations and standards for artificial intelligence.
In June 2023, AIIM formally responded to a request for comment
from the U.S. National Telecommunications and Information
Administration (NTIA) on AI accountability. According to the NTIA
website, more than 1,400 responses were submitted.
Information management is not an insular profession and it’s most
successful in an organization when it’s focused outward on the
needs of stakeholders and business outcomes. As such, AIIM’s
leadership strongly believes that we must take a strong, active
stance on how AI tools use and produce information.
AIIM believes it’s vital that regulators develop flexible and practical
guardrails for how information is treated during AI development
and use. Guardrails will empower innovation, boost adoption, and
ensure accountability.
The key tenets of AIIM’s position are:
1. Not all AI is equal and public policy should reflect the
different levels of risk.
Unlike generative AI, some AI is simple, easy to comprehend,
and can be audited to determine how decisions were made
by the technology. Regulators should classify AI into different
categories and establish policy accordingly.
2. Need a flexible, universal framework.
Stakeholders need a framework to better understand their
obligations and ensure compliance. A framework would also
encourage further innovation and adoption of AI.
3. Accuracy is key to advancing AI accountability.
“Trustworthiness” of AI output is unattainable. Accuracy is
a more worthwhile and plausible ambition. It establishes
credibility, currency of the information, completeness, and
chain of control.
4. Transparency will ensure accountability.
AIIM supports the principle inf the U.S. Administration’s AI Bill
of Rights that consumers must know when, how, and why AI is
being used.
5. Responsibility is shared.
The developers and organizations who use AI share
responsibility and liability for AI output.
6. Mandatory auditing of some AI may be implausible.
Narrow AI tools are auditable and largely defensible. It’s
important to recognize the difficulty of auditing generative
AI tools, making mandatory auditing difficult and potentially
impossible.
7. The volume and quality of AI output should influence
regulations.
When considering recordkeeping obligations, regulators should
keep in mind the enormous volume of data AI can produce and
that the data quality may be subpar and not worth retaining.
page 2
The reality is the pace of change in AI development has
exceeded the pace at which regulations and standards are being
developed. And as AI adoption and use increases within our own
organizations, it is our responsibility as information management
professionals to protect our organizations and stakeholders.
What follows is a complimentary version of AIIM’s letter to NTIA;
we encourage information management professionals to use the
letter as a tool to help guide conversations, decisions, and policy
about using AI in their own organizations.

AIIM thanks the authors and editors of its letter to NTIA:

Authors.
Jed Cawthorne, MBA, CIP, IG, Principal Evangelist,
Shinydocs Corporation.
Tori Miller Liu, MBA, FASAE, CAE, President
& CEO, AIIM.
Jennifer Ortega, Ulman Public Policy.
Alan Pelz-Sharpe, Founder, Deep Analysis.
Editors.
Ron Cameron, CEO, KnowledgeLake.
Jason Cassidy, CEO, Shinydocs Corporation.
Rikkert Engels, CEO and Founder, Xillio.
Karen Hobert, Future of Work Thought Leadership
& Research, Cisco.
Kramer Reeves, Executive Vice President,
Work-Relay.

AIIM looks forward to continuing to participate in regulatory

conversations about information management in the age of AI.

page 3

AI Accountability Policy Request for
Comment, 88 FR 22433 (RIN: 0660-
XC057).
The Association for Intelligent Information Management (“AIIM”)
writes in response to the National Telecommunications and
Information Administration’s (“NTIA”) request for comment on AI
accountability policy (“RFC”), located at 88 FR 22433, in order to
provide AIIM organizations’ insights and expertise in this critical
and rapidly developing technology. Artificial intelligence (“AI”)
technology is altering our economy in profound ways, but it is
essential that the U.S. government establish the principles and
guidelines needed to ensure accountability among the users and
providers of these systems. As AIIM’s comments will explain,
our economy urgently needs a flexible, universal framework at
the federal level to boost adoption of and innovation in AI while
ensuring accountability among its users and developers.
1
Shesha Mani, “New era in content management and security in SharePoint, OneDrive, and Teams,”
Microsoft 365 Blog (May 2, 2023)
AIIM is the world’s leading association dedicated to the
information management industry. Information management
practitioners focus on the collection, processing, storage, security,
retention, and accessibility of information in an organization.
Information managers are also responsible for the accuracy
and transparency of information. Since 1944, AIIM has been
on a mission to transform the way organizations manage their
information, ultimately improving their performance. With
over 66,000 community members representing various fields,
including IT, records management, and knowledge management,
AIIM fosters a vibrant community of information management
leaders. Through independent research, comprehensive training,
and professional certification programs, AIIM empowers these
professionals to enhance their skills and better serve their
organizations. Additionally, AIIM serves as a hub for innovation,
connecting intelligent information management solutions providers
with practitioners and driving advancements in the field.
It is important to recognize the seemingly limitless potential of AI.
In business operations specifically, it can enable organizations to
perform tasks that simply could not be done without AI. Microsoft,
for example, recently said over 2 billion files are added to its
SharePoint, One Drive, and Teams systems every single day.1 It
would be impossible for humans to manage this volume of data
without AI. The technology has enabled companies to expand
their operations beyond what was physically possible only a few
years ago. AI has the potential to radically alter the economy
for the better, but the key to allowing the technology to flourish
without putting the consumer and the general public at risk will be
to put guardrails in place to ensure the technology is appropriately
developed and used. Without these guardrails, AI could cease
being a force for good but instead could have devastating
consequences for the public, the economy, and our culture. The
longer we wait to act, the more likely these potential negative
outcomes could come to fruition.
page 4

Not all AI Is Equal, and Public Policy
Should Reflect the Different Levels
of Risk.
The RFC uses the term AI generically to encompass all artificial
intelligence. NTIA does not acknowledge the significant
differences in the types of AI that exist today and seems to imply
all AI comes with the same level of risk. This is not the case.
Not all AI is created equally or should be given the same degree
of attention – and thereby regulated at the same extent – by
policymakers. Different types of AI exist and should be treated
according to the level of risk they pose to the public or the
consumer.
Some AI is simple, easy to comprehend, and can be audited to
determine how decisions were made by the technology. These
systems, herein referred to as Narrow AI, do not run massive
neural networks, and humans have control over what and how
the AI learns (i.e., supervised learning). They apply specified
or defined rules that have little to no risk associated with
them. Examples include document or email readers that can
scan the information to either validate the text or sort the item
appropriately, technology that can identify and protect sensitive
personally identifiable information, or tools that can automate
non-sensitive administrative tasks, such as back-office activities
or supply chain work. This type of technology has been around
for years and simply does not pose a significant threat to
consumers or the general public, as both their development
processes and the “training sets” of data used to train them can
be audited.
Generative AI, on the other hand, like ChatGPT for example,
could result in significantly more damage or detrimental harm if
used inappropriately or trained on large datasets that produce
harmful or injurious patterns. These systems, often referred to
as “black-box AI,” have internal processes and decision-making
mechanisms that cannot be determined or audited, making
it difficult to hold it and the entity using it accountable for the
decisions made. Moreover, developers of Generative AI are
not being transparent about what data was used to train their
systems, leaving even more uncertainty around their systems.
Likewise, the output of Generative AI could be harmful in and of
itself (e.g., biased, misleading, incorrect, made up, plagiarized),
regardless of intent. Consider the lawyer that used ChatGPT to
write a legal brief that, while authoritative sounding, cited cases
that never happened. The lawyer used the output innocently, if
not naively. Generative AI is trained to always provide the best
sounding answer. It is not trained to give honest or real answers.
Narrow AI should not be regulated in the same manner as
Generative AI. The limited risk Narrow AI poses means the
technology, the entities who use it, and the general public would
benefit most from a framework that provides guidance on the
principles critical to ensuring the AI is accountable and the
entity’s use of the AI abides by appropriate guardrails.
page 5
Such a framework would help encourage entities to adopt the
technology and help them understand what to look for when
trying to obtain accountable and responsible AI. Generative AI,
however, deserves increased scrutiny and more stringent rules
over its use to ensure the higher risk and dangers associated
with the technology are fully addressed. A more complex and
comprehensive policy approach is needed, including limits on
how entities can use such systems.
This approach – classifying AI into different categories and
establishing policy accordingly – aligns with the European
Union’s AI Act, which is currently working its way through their
legislative processes. While AIIM is not indicating its support
for this legislation nor advocating for the U.S. government
to adopt similar policy, the premise is commendable. The
E.U. has recognized that different kinds of AI come with very
different risk levels to the public and the entities or individuals
using the technology, and that risk should result in different
levels of caution and attention. NTIA would be wise to
recognize those differences as well.
For the remainder of our comments, we will be focusing on
Narrow AI and the priorities that should be the focus for any
federal agency looking to regulate in this space.

page 6

The Stakeholder Community Urgently
Needs a Flexible, Universal Framework
at the Federal Level to Boost Adoption
of Narrow AI and Ensure Accountability.
Interested stakeholders need a framework to better understand
their obligations and ensure compliance with acceptable
principles and best practices when utilizing Narrow AI. The
current lack of guidance has chilled innovation and AI adoption.
Organizations are unwilling to integrate available products and
technology out of fear of the very real risk of unintended harm,
loss, or liability from the use of AI or its resulting outputs. They
are reluctant to implement new technology when they do not
know their liabilities, don’t know if or how they will be audited
or who will be auditing them, and are unclear about who may
2
IBM and Morning Consult, “IBM Global AI Adoption Index 2022,” May 2022
have access to their data, among other things. This uncertainty
around such significant questions leaves entities unwilling to
adopt the technology, even though they are fully aware of the
potential benefits of using AI in operations and decision-making.
This chilling effect is not hypothetical, and examples abound.
For instance, insurance companies have had AI for years that
can analyze images of crashes or other incidents to help make
determinations about fault or awards, but companies have been
afraid to use it out of fear of the potential liability if an AI-made
decision is contested.
Entities’ unwillingness to adopt and take full advantage of AI
technology is also hurting our ability to compete at the global
level. According to a report commissioned by IBM,2 the U.S.
is behind other countries in adopting AI. Only 25% of U.S.
companies have adopted and deployed AI technology, while the
global average is 35%. Meanwhile, China has an adoption rate
of 58%. Our lack of a public policy strategy or legal framework
have resulted in U.S. companies not keeping pace with the
expansion and availability of the technology. Our reluctance
to adopt AI is leaving us behind in the race, and we’re quickly
losing the ability to perfect, utilize, and set guardrails for this
rapidly developing, ubiquitous technology.
In order to combat this uncertainty, a framework is desperately
needed to provide entities and the general public with clear
guidelines on how to procure and use AI in a responsible
manner. It is critical that the government not attempt to
implement regulations but instead focus on a framework that
outlines key principles and characteristics that will aid entities in
identifying appropriate AI. Regulations, however well-intentioned
or developed, cannot keep up with rapidly evolving technology
like AI. We are seeing progress in AI technology on a day-by-
day basis. This pace is simply too fast for the government, and
regulations would be obsolete even before going into effect.
page 7
Because of this pace of change, AIIM urges the government to
conduct regular and ongoing assessments of the framework and
implement updates whenever necessary. This will ensure the
framework does not become outdated or irrelevant in the face of
the advancements in the technology or changes in its potential
uses and risks.
AIIM strongly advises that any framework be developed and
implemented at the federal level. If states are allowed to regulate
in their own manner, entities will be forced to abide by and
monitor inevitable policy changes on a state-by-state basis. This
patchwork would be impossible to implement, and compliance
would be unmanageable and too costly. The sheer volume of
data impacted by these regulations would make attempting to
alter operations to accommodate changes at each state border
unfeasible. We’re already seeing the consequences of this
approach with regards to data privacy. Companies are attempting
to understand and monitor state laws and regulations, but it’s a
herculean task to keep up and adapt operations to accommodate
the different approaches, especially as they become obsolete as
the technology adapts beyond what the policies were intended to
regulate.
The framework must be universally applied to every sector and
industry. Attempting to design a framework for each sector
or industry would be overly complicated and unnecessarily
burdensome. It may also result in policy that does not easily
adapt to changing technology or circumstances or growth of the
technology into new areas of the economy. The more complicated
the approach is, the more likely something will go wrong. Instead,
AIIM is advocating for a framework that can be easily applied to
the broad array of entities and industries that want to use and
would benefit from AI technology. This approach should focus on
key principles that can guide entities in how to determine which
AI services or products are responsible and how to use the AI
in a conscientious manner. These principles should include, for
3
This comment does not reflect on the needs of accountability in AI development, but importantly, if the users of AI are aware of and recognize the
basic principles or tenets of responsible AI, they will only procure and use AI that meets the criteria. This will in turn force the market to develop
responsible AI. AI developers will be strongly incentivized to meet the market’s demands, further promoting responsible AI.
example, answers to who can use the AI system, what the system
or data can be used for, and whether and when entities should
declare they are using AI, so consumers are fully aware that AI
was used in a decision that impacts them.
The framework must be flexible. As we related above, the
government cannot keep up with AI technology and its rapid
advancements. Over the past five years, AI has exploded. The
technology has advanced exponentially, and deployment has
accelerated to the point that AI is pervasive throughout our
economy, our culture, and our day-to-day lives. The government
simply cannot keep pace, and any rigid public policy that includes
strict requirements would be obsolete in a matter of months, if not
weeks or even days. Flexibility must, therefore, be the priority for
any public policy initiative, and in order to achieve this flexibility,
the government should focus on establishing overarching
principles that allow the technology to progress.
The National Institute for Standards and Technology’s (“NIST”)
Cybersecurity Framework is a good model to follow, but AIIM
cautions that this framework should not be adopted whole cloth
by other agencies, which is unfortunately what we are seeing
occur with NIST’s framework. The framework is good in theory
and NIST has applied it appropriately; however, when other
agencies attempt to require compliance with the framework, it
stops being a guidepost for the regulated community and, in
essence, becomes a rigid regulation that is no longer a living
document that can grow and adapt to new technology or
advancements.
AIIM urges NTIA to establish a framework based on the above
listed factors – universality and flexibility at the federal level – in
order to provide the basic guidance to the regulated community
that is so desperately needed today. This framework would
provide the surety entities need to adopt the technology and
guarantee accountability among the entities who want to procure,
utilize, and benefit from AI.3
page 8

Accuracy Is Key to Advancing AI
Accountability.
NTIA’s focus for any policy pursuits moving forward should
be on accuracy of AI technology, not obtaining the potentially
unattainable “trustworthiness.” Attempting to achieve this abstract
goal would be a nearly impossible task and would only result in
the government getting bogged down in a quagmire. Focusing
on trustworthiness will be a distraction in the larger, more critical
quest of accountability – if the government can hold entities
responsible for the AI they use and how they use it.
Accuracy, on the other hand, is a more worthwhile and plausible
ambition. We as a society want to know critical facts when
engaging with AI: Is the information I’ve received and/or the
source from which it was obtained credible? Is this the most
up to date information? Is the information complete or were
critical details ignored, overlooked, or omitted? Answering
these questions will provide users of AI with more certainty and
awareness and enable users to hold entities accountable for using
AI that does not provide accurate, credible outputs.
4
Harvey Spencer, LinkedIn blog post (May 2023)
Transparency Will Help Ensure
Accountability.
Transparency will be critical to ensuring accountability in AI use.
For the public to fully accept and trust AI, consumers must know
when, how, and why AI is being used. This was an important tenet
of the White House’s Blueprint for an AI Bill of Rights, and AIIM
supports the principle.
In order to attain this transparency, NTIA should consider including
declaration requirements to inform consumers when AI is used to
make decisions and how those decisions were made. Knowing
AI is used and how it is being used will be key in promoting AI,
ensuring accountability, and achieving adoption on the scale AI is
capable of obtaining.
Another potential solution would be to develop a rating system
that determines the reliability of the information provided by an AI
system. A confidence rating system, for example, as advocated
by Harvey Spencer, President and Founder of Factorum LLC, in
a recent blog post,4 would explain the reliability of the sources or
algorithms used. Importantly, Narrow AI already has such systems
built into them, but Generative AI does not. While this would
likely be impossible at this point in time, the government should
consider devoting funding to research how to build such a rating
system into all AI systems.
Transparency and accountability would give the public and
entities a level of understanding of how AI is impacting them and
their interests. That transparency will spur greater uptake of the
technology both among the public and the entities that want to
use AI to help streamline or improve their operations, products,
and services.
page 9
Specific Concerns and Challenges
of AI Accountability Policy Must Be
Acknowledged.
NTIA recognized in the RFC that there are numerous concerns
about AI and challenges in establishing accountability in its use.
AIIM applauds NTIA for recognizing the difficulties of regulating
in this space. All of these concerns and obstacles must be dealt
with cautiously and thoughtfully. Fortunately, many of these
difficulties can be resolved – or at least alleviated – by pursuing a
federal, flexible, universal framework, as AIIM is calling for in this
comment. That said, there are specific areas flagged by NTIA that
AIIM believes are worth discussing in more detail and providing
specific recommendations.
Liability.
Questions were raised in the RFC regarding who
should be held liable if AI is misused. AIIM believes
both the developers of AI systems and the entity
using those systems should be responsible for the
outcomes they produce. Importantly, this should
apply to both the organization and their employees.
The purchaser of or entity using the tool must be
responsible for the manner in which they use the
technology, and when purchasing that product
or service, they should recognize and be held
accountable for that risk. If an entity uses Generative
AI and other high-risk products or services and cannot
identify or explain the reasons behind the decision
the AI system has made, that liability is and should
be on the entity. Additionally, the entity is oftentimes
the only one who can audit both the data going in
and the results coming out of the AI system, making it
uniquely capable of ensuring the AI system is meeting
appropriate standards.
Auditing.
There are several practical realities that would make
mandatory auditing difficult. Primarily, there are not
enough auditors available in the U.S. to mandate
nationwide auditing for every step of the AI lifecycle
or value chain. While the supply of individuals
capable of auditing AI systems is insufficient, the
ability of entities to perform such assessments will
inevitably be limited.
Only Narrow AI can be audited for what goes into an
AI system and what comes out. Generative AI, on the
other hand, cannot be audited for how decisions are
made or what happens between the input and output
stages. This shortcoming must be recognized in any
public policy initiative moving forward.
Recordkeeping.
Any recordkeeping obligations must recognize the
enormous volume of data that AI can produce.
Importantly, much of the information is junk and
not actually used by the entity in any way – whether
meaningfully or otherwise. NTIA and the government
should be cognizant of that when considering any
recordkeeping obligations.
page 10

Global Competitiveness Must Be
Considered.
The U.S. needs to act and be a leader on the issue of AI
accountability, and the U.S. does not want to cede its role in this
space and allow other countries to set the ground rules for AI. The
U.S. should be the ones who determine the best practices and
principles governing AI development and use. The consequences
of not doing so and not establishing strong protections from the
outset could be – and likely would be – devastating.
AIIM wants to take this opportunity to caution against any pause
of AI as was recently advocated in a letter circulated by the
Future of Life Institute.5 The letter called on AI labs to pause
training of AI systems for at least six months, but this pause
would be misguided. It would hurt the development, training,
and deployment of AI, hindering innovation and adoption. Such a
pause would also hurt our global competitiveness. Other countries
are not pausing and will see our pause as an opportunity to
step in as leaders in AI. We will be left behind, hurting our place
on the world stage and, perhaps more importantly, potentially
exacerbating all the risks of AI that are recognized in the letter.
5
Future of Life Institute Letter, “Pause Giant AI Experiments: An Open Letter,” March 22, 2023
AIIM acknowledges that there could be serious consequences
if AI is misused or allowed to developed with no guardrails in
place, but that is why it is critical we continue to design, develop,
promote, and adopt accountable AI based on sound principles
that prioritize the public wellbeing.
Conclusion.
AI is a rapidly developing technology that has the potential
to change the world. If developed properly with its risks
recognized and basic principles in place to mitigate those risks,
AI can be a force for good. It can better our lives, our economy,
and our world.
Government’s role should be to incentivize adoption of
accountable, responsible AI. A flexible, universal framework
applied at the federal level would provide entities with the
information and surety they need to adopt the technology and
fully incorporate it into their operations soundly and safely.
NTIA should immediately take the first steps in developing the
guidance that would allow the technology to safely advance
and flourish in the U.S. and set the ground rules for responsible
AI development and adoption.
AIIM thanks NTIA for providing the opportunity to weigh in on
this critical issue. We look forward to working with NTIA moving
forward.
Tori Miller Liu, MBA, FASAE, CAE.
President & CEO, AIIM.
page 11
 Your Next Step:
Join AIIM+ and
AIIM + Pro.

A new way to access our

great content on your terms.
Are you ready to master new
skills and build real relationships?
Join AIIM+ and AIIM + Pro for
exclusive access to helpful
resources, comprehensive
training, and a buzzing
community of 3,000 information
professionals just like you!

AIIM+ is where Information

Professionals belong.

Join Today

page 12
AIIM helps organizations
improve their performance
by transforming the way they
manage their information.

© 2023.

AIIM.
+1 301 587 8202.

hello@aiim.org.

www.aiim.org.