AI Governance: The Concept of the AI Officer

A translation of my original article published in Abogacía, the lead legal newsletter in México.

Josué David Citalán Hernández

6/2/20256 min read

AI Governance: The Concept of the AI Officer

By Josué David Citalán Hérnandez

Introduction

The growth of applications and the power of Artificial Intelligence systems is exponential. What surprises us today is likely to seem obsolete in a couple of weeks, surpassed by a much more capable system. Although experiments with Artificial Intelligence systems have been ongoing for over a decade, with the arrival and popularization of chatbots like ChatGPT and other large language models, the growth has been more than explosive.

AI systems, defined in the 2023 Executive Order on Safe, Secure and Trustworthy Development and Use of Artificial Intelligence as "any data-based system or software that can, for a set of human-defined objectives: collect, process, or analyze data; establish connections between disparate datasets; make recommendations, predictions, or decisions; or influence physical or virtual environments"

The pace at which artificial intelligence is growing makes it extremely difficult to keep abreast not only of new applications and models but also of the emerging regulatory framework seeking to govern its development and use. This complexity has given rise to the AI Officer, a professional who must combine technical knowledge, regulatory understanding, and strategic vision to effectively manage the implementation and use of AI.

Especially concerning emerging legislation, being informed about practices that could affect the company's legal sphere is, and should be considered, a priority for any company aiming to maintain healthy compliance practices. This need becomes even more critical when we consider that the use of AI within the company, if unregulated or completely ignored, entails significant risks: from the leakage of sensitive data to the misuse of systems that can translate into fines or legal actions against the organization.

Undoubtedly, the future of society points towards greater integration with Artificial Intelligence systems. Just as internet access is a necessity today, in a few more years we will be in constant contact with AI systems that help us in our daily lives. This reality is already palpable in various regions of the world, and with it arises the imperative need for specialized professionals who can manage, supervise, and guarantee the ethical and responsible use of these technologies. It is here that the figure of the AI Officer takes on special relevance, although its specific denomination and scope may vary depending on the jurisdiction or applicable regulatory framework.

The Concept of the AI Officer

I use the term AI Officer generically in this article to refer to the figure responsible for leading, supervising, and managing the use of artificial intelligence, in whatever form it takes, within an organization. When speaking of an organization, I refer to this concept in its broadest sense: from private companies and commercial societies to educational institutions, government agencies, municipalities, state secretariats, and even organized communities or social nuclei. The specific designation for this role may vary by region, applicable regulatory framework, or particular organizational structure, but its essence and fundamental objectives remain constant.

It must be understood that the implementation of Artificial Intelligence in organizations represents a critical duality that justifies the need for this figure: on the one hand, it constitutes a colossal opportunity for innovation and organizational growth; on the other, it implies significant risks in terms of information security and compliance. It is, in essence, like walking a tightrope where the balance between harnessing opportunities and managing risks is fundamental.

To mention a specific case, in the United States, the Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence of October 30, 2023 (hereinafter USEAI 2023) formalizes this figure under the title of Chief Artificial Intelligence Officer (CAIO), establishing it as mandatory for federal agencies.

(For precision, the term "agency" is defined according to 44 U.S.C. § 3502 as "any executive department, military department, government corporation, government-controlled corporation, or other establishment in the executive branch of the Government, including the Executive Office of the President, or any independent regulatory agency".)

The CAIO, according to this order, has three core responsibilities: coordinating the use of AI, promoting innovation in this area, and managing associated risks.

The AI Officer emerges as a transversal figure in the organization, whose influence and responsibilities cut across all departments and hierarchical levels. From technical teams to senior management, from operational areas to legal and compliance departments, their role is fundamental to ensuring a coherent and responsible implementation of AI. We could conceive of them as a kind of Artificial Intelligence ombudsman: an independent figure who ensures the ethical, safe, and efficient use of AI throughout the organization. This role goes beyond mere technical supervision: it must exert strategic leadership that drives innovation while safeguarding organizational values.

The complexity of this role reflects our society: multidisciplinary, multicultural, and constantly evolving. The AI Officer cannot solely be a legal expert or only a technical specialist; they must be a professional with a background that combines a deep knowledge of the legal framework with a solid understanding of the principles and functioning of artificial intelligence.

This duality in their profile is not accidental: just as digital transformation gave rise to figures like the Data Protection Officer, who is now indispensable in any modern (responsible) organization, or the Chief of Remote, which has emerged as a strategic role, the AI Officer is destined to become a fundamental piece for the technological governance of the immediate future.

The Role of the AI Officer

When discussing Artificial Intelligence, it is important to distinguish between three types: Predictive AI, commonly found in our devices like autocorrect or text suggestions; Generative AI, which we know through ChatGPT and other systems capable of creating original content such as text, code, or images; and General AI, which, although still theoretical, refers to systems that could equal or surpass human cognitive ability in any task.

To exercise effective strategic leadership, the AI Officer must, in coordination with the different areas of the organization, define the AI implementation strategy. At Know-me, we use the Service Design approach, a methodology focused on designing services by considering all points of interaction between the user and the system, seeking to optimize both efficiency and user experience. This approach allows for detailed mapping of processes and moments of interaction between AI and users, facilitating the identification of opportunities and risks.

Once the strategy is defined, the AI Officer must actively supervise the development and implementation process of AI solutions. This supervision involves not only selecting appropriate tools but also ensuring they are implemented and used correctly. In the current market, there is a wide range of options that differ in power, cost, and ease of use. For example, if a law firm seeks to implement AI for legal document analysis and creation, the AI Officer should recommend the most viable solution considering the budget available, the number of users, and their technical capacity.

In this technological supervision process, the AI Officer must stay updated on the capabilities and limitations of each tool. Although commercial solutions like ChatGPT are popular, organizations may require more specialized and secure options. For example, there are AI assistants that operate via APIs, using foundational models that can be modified for specific needs, implemented on more secure servers, and with superior data privacy functions. These solutions allow organizations to maintain greater control over their data and customize AI capabilities according to their particular requirements, while complying with ethical standards and current regulations in their region.

A fundamental aspect of the AI Officer's role is team management and the promotion of a culture of effective AI use within the organization. They must offer the necessary resources and support so that AI implementation flows as naturally as possible, which includes education and dissemination programs on the proper use of these tools. This responsibility is even recognized in the 2023 Executive Order on the safe development and use of AI, which emphasizes the importance of ensuring the organization has the necessary talent. This may involve both attracting AI specialists and developing the capabilities of existing staff through continuous training and establishing strategic alliances with external providers that complement the team's capabilities.

Conclusion

The need for an AI Officer in an organization depends on various factors such as its size, complexity, sector of activity, and, especially, the degree of implementation of AI systems in its operations. Although there is currently no specific regulation in Mexico establishing the existence of this figure, the global trend and the growing adoption of AI technologies suggest that its regulation is imminent.

I consider it important to note that implementing the AI Officer role does not necessarily imply creating a new specific position within the organizational chart. The responsibilities described in this article can be assumed, depending on the complexity and extent of the organization, by one or several members who possess the necessary skills and knowledge. For example, in small or medium-sized organizations, these functions could be performed by the Data Protection Officer or the compliance officer, provided they have adequate training.

Likewise, the role of the AI Officer can materialize in different ways: from an individual position to a specialized committee or team that collaborates in AI management. This flexibility allows organizations to adapt the role according to their specific needs, available resources, and organizational structure, always maintaining the fundamental objective of responsible AI development and implementation.

What is truly crucial is not the specific title or structure adopted, but ensuring that the fundamental responsibilities of the AI Officer—from technical supervision to risk management and regulatory compliance—are effectively and consistently addressed, thereby guaranteeing the safe, ethical, and productive use of AI in the organization.

Author:

Josué David Citalán Hérnandez. Lawyer, Legal Specialist for KNOW-ME, Data Privacy and AI regulation expert.