Artificial Intelligence is transforming the way in which many organizations work. Its nature means that it cannot simply be treated as “just another application”. In a growing number of regions across the globe, it falls under specific regulatory control and, increasingly, internal IT, privacy and security policy enforcement. It both consumes and disseminates huge quantities of information, which may conflict with laws and policies associated with data privacy, intellectual property and commercial sensitivity. It can interact directly with customers and machines, affecting health, safety, reputation and ethics. As a result, it has distinct architectural and security considerations that demand management attention.

This Solution focuses on the identification and classification of systems that leverage AI capabilities, enabling organizations to plan the adoption of AI and track its deployment, use and consumption. See Getting Started with AI Lens: Enterprise AI Management for details of how to get started with this Solution. A sister Solution, Enterprise AI Governance, extends the scope of this Solution to cover governance aspects of managing AI.

This solution provides a place where organizations can oversee how AI is being deployed and used. They can use it to identify opportunities, monitor progress, track risks, record compliance, implement controls and measure success.

Ardoq’s Enterprise AI Management Solution gives organizations the ability to address the following key business questions:

* optional, with the Technology Portfolio Management Solution

Consideration of the scope of this Solution begins with a definition of an AI System:

“A machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.”

Whilst many organizations do not fall within the regulatory reach of the EU AI Act, we believe this is a good general definition that can be used to help distinguish between systems that do, or do not, have an AI capability. Even if the EU AI Act is not relevant, organizations that are employing AI are well advised to put in place specific governance to manage their use of AI, perhaps adopting their own principles and policies to guide and control its adoption. The governance of AI is the subject of a sister Solution, Enterprise AI Governance. Any attempt to govern AI systems has to begin with adoption of a definition such as this one, and the identification and classification of AI systems in the organization, which is the subject of this Solution.

AI Systems may take different forms:

All of these are recognised by the Solution, and can be identified as AI Systems so that they can be governed and managed accordingly.

There are a wide range of capabilities that fall within the above definition of an AI System. This Solution leverages an AI Technical Capability Model which is used to identify which systems, among those that an organization has deployed, should be considered to be “AI Systems”. If the model describes different types of AI technology, it provides a means of analysing the impact or potential impact of different AI capabilities on the organization.

This approach to identifying AI Systems (using a reference from the Technical Capability model) has a number of advantages over the alternative of using a field on a component to indicate that it is an AI System:

In effect, we have taken a design decision to “soft code” the classification of AI Systems in preference to “hard coding” it.

Below is an example AI Technical Capability Model that is part of the sample Technical Capability model that can be imported using Ardoq’s Frameworks & Resources import capability. The description of the top-level “Artificial Intelligence” component is the same as the above definition of an AI System taken from the EU AI Act. It follows, therefore, that any technical capability below this component in the parent-child hierarchy will be considered to be an AI technical capability in accordance with this definition, and systems that realize any of these AI capabilities will be classified as AI Systems in accordance with this definition (and therefore, where relevant, in accordance with the Act).

In the sample model, the Artificial Intelligence component that is the root of this AI extract is a Level 1 component (alongside other, non-AI, technical capabilities). If you already have a Technical Capability Model and just wish to add an AI section to it, you will likely choose to place the Artificial Intelligence technical capability component as an additional Level 1 component in your model, but the Artificial Intelligence component does not have to sit at Level 1 in the model for this Solution to function properly. The Artificial Intelligence capability and its set of descendants shown below, simply need to be placed somewhere within the your existing Technical Capability Model in the Technical Capabilities Workspace. And if you simply wish to classify systems as being either AI or not, and do not care about different types of AI, then you only need to add a single component called Artificial Intelligence to your existing Technical Capability Model and ensure that the Technical Capability component type includes the field AI Capability. See Getting Started with AI Lens: Enterprise AI Management for more details of this model and how to import it into Ardoq.

Sample AI Technical Capability Model

The Technical Capability component contains a new calculated field, AI Capability, which will be set to true if the component name is “Artificial Intelligence” or if it is a descendent of a component with that name.

The following components can be identified as realizing an AI Technology Capability, and consequently being classified as an AI System:

These component types contain a calculated field, AI System, which is used to determine whether a component is considered to be an AI System. In the case of Technology Products, which are part of the Technology Portfolio Management Solution, the field needs to be added manually. See Configuring the Technology Catalog in Getting Started with AI Lens: Enterprise AI Management for details of how to do this.

Creating an Is Realized By reference from an AI technical capability component to one of the above component types will cause its AI System field to become true (checked).

If that component is a Technology Product, then any components that are the destination for a Deploys To reference from it, or its children, will also have their AI System field become true.

The Technology Product component is part of the Technology Catalog that comes with the Technology Portfolio Management Solution. If you have deployed the Technology Portfolio Management Solution and wish to use your catalog to identify AI systems in this way, the AI System field must be added manually to the Technology Product in the Technology Product Catalog Workspace. Details of how to do this are provided in Getting started with AI Lens: Enterprise AI Management.

If an Application Module’s AI System field is set to true, its parent’s AI System field will also be set to true.

The embedding of AI capabilities in applications that do not, inherently, have AI capabilities, by integrating them with third party AI agents and applications, or by leveraging the AI capabilities of supporting platforms and services, means that users must take care to correctly classify systems. Whilst it would be possible to automatically classify a system as an AI System if it connects to, or is supported by, another system that is classified as an AI System, such an automated classification would lead to a large number of “false positives”. Integration with, or support from, a system that has an AI capability does not necessarily mean that the AI capability is being leveraged. Such an application that connects to an AI System might be doing so purely to make use of non-AI capabilities.

The example below shows a Customer Payment Portal Application that integrates with Salesforce CRM but does not expose the latter’s AI capability. The Customer Payment Portal is not, therefore, classified as an AI System even though Salesforce CRM, with which it is integrated, is.

So we took the design decision not to propagate the AI System flag automatically across the graph via Connects To or Is Supported By references. This means that customers should examine all systems that connect to applications, modules or tech services that are classified as AI Systems to determine whether they are embedding AI capabilities via that connection. If they are, they need to record those systems as AI Systems by adding Is Realized By references from the AI capabilities they have embedded from those third party AI Systems. This will ensure that these systems rightly fall within the scope of any AI governance processes that have been implemented. A Viewpoint, named Non AI Applications that integrate with AI Applications - EAI is provided to help you identify candidate systems:

View highlighting three Non-AI Applications that integrate with AI Applications

Beyond simply listing all components that are AI System (i.e. ones that have the AI System field set to true), it can be useful to understand how AI Systems are used across the organization from different perspectives:

Note that adding links to processes is outside the scope of the assets provided with this Solution, but if the Business Process Management Solution has been deployed, viewpoints that start from Business Process components and highlight those that make use of AI Systems can easily be created, following a similar approach to that adopted here for Business Capabilities.

We emphasize the importance of correctly recording embedded AI capabilities to ensure that the use of AI capabilities are fully recognized when using the above approaches to track the use of AI across an organization.

Artificial Intelligence is an umbrella term that covers a wide range of different technical capabilities. This Solution provides the ability for organizations to monitor the different types of AI capability they have at their disposal, and analyze how these different capabilities are being used across their organization.

If you’ve deployed a Technology Catalog using the Technology Portfolio Management Solution, you can also analyze the AI technical capabilities you have available to you in your catalog but which have not yet been deployed in your estate. This can be a useful tool for planning the adoption of new AI capabilities leveraging technology you already have at your disposal. Below is an example of a report specification that identifies all Technology Products in your catalog that have an AI Capability and have not been deployed.

See Configuring the Technology Catalog in Getting Started with AI Lens: Enterprise AI Management for details of how to make your Technology Catalog “AI aware”.

If you have deployed the Strategy to Execution Solution, you may choose to examine proposed changes to your estate from the perspective of the business capabilities that are undergoing AI-related changes. Assets to support this have not been provided with this Solution to avoid creating a dependency between it and the Strategy to Execution Solution. But for organizations whose focus is on pursuing new AI initiatives, deploying Strategy to Execution Solution and linking it to this one would be worthwhile, and will open up new possibilities. For example, you can create a viewpoint that starts from all Capability Deltas that refer to “AI”, and trace the Applications and Organizational Units that are impacted by them via the initiatives that are realizing the deltas.

A viewpoint like this can produce a useful view showing key connections to the planned capability delta:

and a valuable corresponding timeline view:

You can contact Ardoq technical support if you have questions about deploying the Strategy to Execution Solution.

We’ve seen how this Solution enables an organization to plan and track the adoption of AI in their application portfolio, and identify all use of AI across their estate. This enables them to understand which parts of the business are making use of AI, from the perspectives of their business capabilities, their people, their processes, and to analyze the different AI technologies that are being exploited (and those that are not).

Most organizations will wish to adopt formal governance of AI Systems, in response to regulatory requirements (such as those imposed by the EU AI Act) and to internally applied frameworks consisting of adopted AI policies and principles. Ardoq’s Enterprise AI Governance Solution builds on the provisions of this Solution to provide a comprehensive AI governance capability. It supports the definition and operational governance of an organization’s internal policies and principles, the regular evaluation of AI Systems against these, the recording of compliance with them, and the assessment of AI Systems against formal regulatory frameworks. Specific support for compliance with the EU AI Act is also available as part of the Regulatory Compliance Solution.