The Convergence of AI Governance and Information Management

Foundations for Ethical AI Governance

RIM as the Original Ethical AI Framework

Ethical AI frameworks, e.g. from the EU, ISO, and NIST/IEEE, promote principles like fairness, accountability, transparency, and explainability. These concerns mirror the foundational tenets of RIM such as integrity, authenticity, reliability, and usability. For example, ISO 15489 on records management and ISO 23081 on metadata for records already provide essential guidance on creating, managing, and appraising trustworthy records. These standards are highly relevant to AI governance, ensuring that data feeding AI systems is accurate, complete, and auditable.

Floridi and Cowls’ unified framework of five AI principles of beneficence, non-maleficence, autonomy, justice, and explicability, align closely with RIM values. Beneficence and non-maleficence map to RIM’s commitment to information/data integrity and ethical stewardship, while autonomy and justice relate to transparency and fairness in recordkeeping. Explicability corresponds to provenance and metadata frameworks that enable traceability and accountability.

If we acknowledge that much AI risk stems from poor data governance, then RIM is not peripheral but a cornerstone of ethical AI.

Lifecycle and Stewardship Responsibilities

Compliance with regulations such as Privacy/GDPR, the NIST Framework (NIST AI Risk Management Framework (AI RMF)), and the EU AI Act requires evidence-based audit trails and justification of AI-driven decisions, i.e. core RIM responsibilities. For example, an AI chatbot deployed for immigration queries that fails to retain conversation logs makes subsequent complaint resolution and quality assurance auditing of the AI output impossible. This highlights the need for retention schedules, classification schemes, and metadata management embedded within RIM frameworks to ensure fairness and accountability, and to mitigate bias.

Privacy and data protection are critical concerns, especially when AI systems handle personal data. Records professionals’ expertise in managing lawful collection, use, storage, and disposal is a vital resource for organisations to use. Consider a local council using an AI model to optimise resource or building consents, that inadvertently processes address/individual-linked data and publishes it without proper user approval as part of the public consultation phase, for example. RIM tools such as access controls and records classification controls can prevent this potential breach occurring.

Respect for Māori data sovereignty becomes critical when AI systems interact with data about iwi or hapū, which is regarded as taonga. Without stewardship grounded in tikanga, kaitiakitanga, and rangatiratanga, AI risks violating Indigenous rights. Embedding RIM practices aligned with Indigenous governance principles and partnership models would assist with culturally appropriate data handling and protection, or at least raise the risks and provide an initial mechanism to seek informed responses.

AI governance models increasingly assigning roles like data stewards and ethical officers, creating paralleling RIM governance frameworks that hold individuals accountable for recordkeeping systems and compliance. For example, a scientific agency developing climate projections using diverse datasets must apply information governance policies and stewardship roles to verify data provenance and model reliability.

AI-generated outputs, such as decisions, analytics, or predictions, must be managed as records throughout their lifecycle, including appraisal and disposal. For instance, an employment AI tool generating hiring recommendations requires retention rules; otherwise, outdated models may influence decisions long after relevance or legality expires. There have been several high-profile instances of deep bias in the recruitment processes being perpetuated and further embedded through AI trained on historical data. For example, in 2018 when Google faced scrutiny over its AI-powered CV screening tool, which exhibited gender bias. The tool downgraded CVs containing terms associated with women, reflecting underlying gender biases in the training data.

Trust, Risk, and Public Accountability

Maintaining public trust necessitates transparent and accountable systems. RIM’s provenance and metadata frameworks enable tracing how and why data was captured, modified, or used. A public health agency using AI to prioritise patient care, for example, risks eroding trust if metadata is insufficient to explain why certain patients are deprioritised.

Technical Enablers for Governance

AI systems depend on high-quality, complete, and unbiased data and information. RIM professionals bring decades of experience ensuring data integrity, completeness, and contextual accuracy. Consider a predictive policing AI trained on historical arrest records that reflect systemic racial bias. Without rigorous appraisal and quality control, such AI risks perpetuating discrimination.

Metadata management, ontologies, and taxonomies are essential enablers for traceability, interoperability, and machine reasoning. For example, a health research organisation adopting SNOMED CT as a clinical ontology ensures consistent terminology across datasets and AI applications, enhancing both accuracy and transparency.

Culture and Capability Building

Embedding ethical awareness and RIM responsibilities within organisational culture is critical. Just as RIM professionals deliver recordkeeping training, they can support AI literacy and governance education. For instance, council staff using generative AI tools benefit from training that covers not only prompt use but also classification, appraisal, and exclusion of AI outputs from the official corporate record.

Why Relational Ontology Is Essential for Modern Information and Data Management

As data environments grow more complex, the shift from hierarchical taxonomies to relational ontologies is a strategic necessity. Relational ontologies reflect the dynamic, interconnected nature of real-world processes, improving discoverability, context, and governance.

Modern enterprises manage a mix of structured databases, multimedia, IoT streams, and user-generated content. A relational ontology supports intricate connections between these data points, enabling insights beyond rigid classifications. For example, a local council managing infrastructure uses relational ontology to link asset data with maintenance records, weather events, and community complaints, facilitating predictive maintenance that accounts for technical and social factors.

Relational ontologies underpin semantic search and AI reasoning by mapping explicit relationships. An AI system identifying environmental risks, for instance, can link water quality data, industrial activity, and weather patterns to infer contamination sources and generate recommendations.

Interoperability benefits when shared ontologies provide common meaning across systems, departments, and partners. In disaster recovery, emergency services, local government, and utilities can synchronise operations and share critical data using a shared ontology, enabling real-time coordination.

Dynamic data governance also becomes feasible. Rather than manually updating policies, relational ontologies can trigger automated governance across linked data entities. For example, new AI ethics laws requiring extra controls on sensitive data can propagate automatically through ontology-based systems, ensuring consistent compliance.

Strategic Value: Future-Proofing with Relational Ontologies

Relational ontologies enable AI to align closely with organisational context by encoding unique structures, workflows, and cultural norms and values. This produces outputs that are more relevant, explainable, and aligned with internal values.

Generative AI particularly benefits from ontologies embedding cultural, legal, and operational context, enhancing the appropriateness and accuracy of generated content.

Also, ontology-based decision-support systems enable multifaceted queries that surface complex relationships informing ethical and operational decisions. For example, a public health dashboard leveraging relational ontology could allow the exploration of how socioeconomic factors, housing quality, and disease prevalence interrelate, guiding targeted interventions.

Conclusion: Reclaiming AI Governance Through RIM

AI has not introduced fundamentally new ethical problems; rather, it has amplified longstanding challenges around transparency, accountability, and data quality, areas RIM has long addressed. Instead of reinventing AI governance, we must integrate RIM as a foundational partner in AI development and oversight.

Adopting a fully relational ontology model is a logical next step for RIM professionals seeking to shape AI’s future. This approach embeds ethics, supports automation, and enables meaningful interoperability. Investing in ontology is not a niche technical choice but a strategic investment in organisational resilience, equity, and public trust.

As a profession, RIM Practitioners need to repackage our benefit proposition and raise a call to action for RIM within our workplaces. Organisations should recommit to RIM capabilities, not as mere compliance, but as a strategic pillar for digital transformation. Ontology is not just the future of AI governance; it is the bridge connecting past recordkeeping principles with the intelligent systems of tomorrow.

References

1. Archives New Zealand. (2023). Atamai hangahanga me ngā mauhanga tūmatanui

2. Artificial intelligence and public and local authority records. https://www.archives.govt.nz/manage-information/how-to-manage-your-information/implementation/artificial-intelligence-and-public-records

3. Floridi, L. (2010–2022). Various works on the ethics of information and the philosophy of the infosphere. [See e.g., The Ethics of Information (2013); The Logic of Information (2019).]

4. Floridi, L., & Cowls, J. (2019). A unified framework of five principles for AI in society. Harvard Data Science Review, 1(1). https://doi.org/10.1162/99608f92.8cd550d1

5. Freedom of the Press Act of 1766, Swedish legislation regarded as the world’s first lawsupporting the freedom of the press and freedom of information. https://www.britannica.com/topic/Freedom-of-the-Press-Act-of-1766

6. General Data Protection Regulation (GDPR) https://gdpr.eu/what-is-gdpr/

7. Hyer, When Google’s AI Hiring Tool Turned Into a Diversity Disaster—And What HR Can Learn Today: https://hyer.sg/when-googles-ai-hiring-tool-turned-into-a-diversity-disaster/ accessed 10/06/2025

8. International Organization for Standardization. (2016). ISO 15489-1:2016 — Information and documentation – Records management – Part 1: Concepts and principles. https://www.iso.org/standard/62542.html

9. International Organization for Standardization. (2017). ISO 23081-1:2017 — Information and documentation – Metadata for records – Part 1: Principles. https://www.iso.org/standard/67904.html

10. National Archives (UK). (2021). Managing the risk of legacy and emerging technologies: Artificial Intelligence. https://www.nationalarchives.gov.uk

11. National Archives and Records Administration (NARA). (n.d.). Guidance on managing records in cloud computing environments and with artificial intelligence. https://www.archives.gov

12. Philip C Brooks, “What Records Shall We Preserve?”: in which he introduced the concept of the “life history” of records, a concept later generally called the “life cycle of records.” Brooks 1940, see also Brooks, Philip Coolidge. “The Selection of Records for Preservation.” American Archivist 3, no. 4 (October 1940): 221–234. https://doi.org/10.17723/aarc.3.4.u77415458gu22n65.”

13. Public Records Act 2005 https://www.legislation.govt.nz/act/public/2005/0040/latest/DLM345529.html

14. Research Data Alliance International Indigenous Data Sovereignty Interest Group. (2019). CARE Principles for Indigenous Data Governance. https://www.gida-global.org/care

15. Schwartz, J. M., & Cook, T. (2002). Archives, records, and power: The making of modern memory. Archival Science, 2(1–2), 1–19. https://doi.org/10.1007/BF024356361

16. Systematized Nomenclature of Medicine – Clinical Terms (SNOMED CT) standard ontology based on the ontology for general medical science https://bmcmedinformdecismak.biomedcentral.com/articles/10.1186/s12911-018-0651-5

17. Te Mana Raraunga – Māori Data Sovereignty Network. (n.d.). Principles of Māori Data Sovereignty. https://www.temanararaunga.maori.nz

18. The AI Act(Regulation (EU) 2024/1689  https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai#:~:text=The%20AI%20Act%20(Regulation%20(EU,regarding%20specific%20uses%20of%20AI