Overview of RAI Activities Throughout the Product Life Cycle


7.1 DETECT: Perform Continous Monitoring of the System and its Use, Context, and Ecosystem

  1. Implement continuous T&E, support, and monitoring to ensure performance goals continue to be met.
    1. Ensure the task specification remains valid
    2. Ensure data inputs remain valid and secure
    3. Ensure new data doesn’t degrade the system
  2. Establish procedures for continuous monitoring of sources of drift, changes in operational context, and human degradation/deskilling, error, and misuse. Establish procedures for mitigation of the same.
  3. Confirm that unintended consequences can be detected and avoided through these procedures.
  4. Establish procedures through which deployed systems that demonstrate unintended behavior can be disengaged, deactivated, or rolled back.
  5. Ensure incremental training processes and plans are in place.
  6. Establish procedures for continuous harms, opportunities, and impact monitoring.
    1. Ensure performance outputs and stakeholder engagement are leveraged to identify potential harms.
    2. Ensure harms and impact assessments, and risk assessments, are conducted on a regular schedule
    3. Ensure the SOCs are updated on a regular schedule.
  7. Establish procedures for monitoring the system for unintended/novel uses and applications.
  8. Establish procedures for rolling out updates. Will this involve risky system downtimes?
  9. Continue to collect trust and assurance metrics.
  10. Is there a plan for updating the assessments once new functionality or features are added, new training sets out of scope from the original datasets are used, shifts or drifts have occurred, new risks have emerged, the technological landscape has changed, the broader societal or geopolitical context has changed, etc.
    • Note: in the case of such changes where 3000.09 reviews are involved, such changes to the AI-enabled capability and its context of use can require a re-initiation of the formal review process. c.f. “An autonomous weapon system that is a variant of an existing weapon system previously approved through this review will not be covered by previous approval if changes to the system algorithms, intended mission set, intended operational environments, intended target sets, or expected adversarial countermeasures substantially differ from those applicable to the previously approved weapon system so as to fall outside the scope of what was previously approved in the senior review. Such systems will require a new senior review before their formal development and again before fielding.&dquo; (4.1.a)
  11. Will the technological landscape of emerging components or systems be monitored to evaluate potential developments that may provide supplemental capabilities that could augment the performance of the system? Will the landscape be monitored for risks of out-of-scope repurposing of the system in combination with new technologies or capabilities?
  12. Will the legal, ethical, and policy landscape be monitored for any developments that have implications for the system?

7.2 IMPROVE & INNOVATE: Ensure Updating and Retraining

  1. Ensure data is still collected and remains fresh/up to date.
  2. Ensure models are being retrained sufficiently and frequently enough to remain relevant.
  3. Ensure system is updated sufficiently and frequently enough to remain operationally relevant
  4. Ensure training of users is updated to remain operationally relevant

7.3 Plan for System Retirement

  1. Establish a sunset plan for project end.
  2. Ensure this plan contains retirement conditions for which the system will automatically be sunsetted or eclipsed.
  3. Ensure this plan includes procedures for the handling of the associated hardware, software, and data to ensure they are maintained in accordance with applicable law and policy & and not repurposed in harmful ways.
  4. Ensure communication of the timelines, expectations, and criteria around the sunsetting are clear for stakeholders and operational users.

7.4 LOG: Record Lessons Learned

  1. Update the RAI use case repository with lessons learned so that other DoD projects can benefit from your insights.
  2. Update the RAI Incident Repository with any near misses so that other DoD projects can benefit from your insights.
  3. Explore other mechanisms through which to feed lessons learned or insights into policy recommendations.