AI Governance Library

OECD Due Diligence Guidance for Responsible AI

AI actors should carry out risk-based due diligence to identify, prevent, mitigate and account for adverse impacts of AI systems across their lifecycle.
Jakub Szarmach
3 min read
OECD Due Diligence Guidance for Responsible AI
OECD Due Diligence Guidance for Responsible AI
OECD Due Diligence Guidance for Responsible AI.pdf
2 MB
download-circle

⚡ Quick Summary

The OECD Due Diligence Guidance for Responsible AI provides a practical, risk-based framework for implementing trustworthy AI in line with the OECD AI Principles. It translates high-level governance concepts into actionable due diligence processes aligned with existing frameworks like the OECD Guidelines for Multinational Enterprises. The document focuses on embedding responsibility across the entire AI lifecycle—from design to deployment and monitoring—while emphasizing accountability, transparency, and human rights. It is particularly valuable for organizations seeking to operationalize AI governance without starting from scratch, as it integrates well with existing compliance, risk, and ESG processes.

🧩 What’s Covered

The guidance is structured around a six-step due diligence cycle adapted for AI systems. It begins with embedding responsible AI into internal policies and governance structures, ensuring that organizations assign clear roles, responsibilities, and oversight mechanisms. It then moves into identifying and assessing risks, including impacts on human rights, safety, fairness, and the environment.

A strong emphasis is placed on lifecycle thinking. The document highlights that risks are not static—they evolve as AI systems are trained, deployed, and updated. This is reinforced by practical examples and structured guidance on how to continuously monitor systems and respond to emerging risks.

The guidance also introduces proportionality as a core principle. Organizations are expected to scale their due diligence efforts based on the severity and likelihood of potential harms. This is particularly relevant for high-risk AI systems, where deeper assessments, stakeholder engagement, and documentation are required.

Another key element is stakeholder engagement. The document encourages organizations to involve affected parties, including users and impacted communities, in identifying and mitigating risks. It also stresses transparency and communication, recommending that organizations publicly disclose relevant information about their AI systems and due diligence processes.

Finally, the guidance addresses remediation and accountability. Organizations are expected not only to prevent harm but also to establish mechanisms for addressing adverse impacts when they occur. This includes grievance mechanisms and internal escalation procedures.

Across the document, there are clear links to existing OECD instruments and alignment with broader governance frameworks, making it easier to integrate into enterprise risk management and compliance systems.

💡 Why it matters?

This is one of the first globally recognized attempts to operationalize “responsible AI” into a concrete governance process. Instead of introducing yet another framework, it bridges AI governance with established due diligence practices used in areas like human rights and supply chains.

For organizations navigating the EU AI Act or similar regulations, this guidance provides a practical foundation for building internal processes that regulators will expect—especially around risk assessment, documentation, and accountability. It also shifts the conversation from principles to execution, which remains one of the biggest gaps in AI governance today.

❓ What’s Missing

The guidance remains relatively high-level in its operational detail. While it outlines what organizations should do, it offers limited technical depth on how to implement specific controls, especially for complex AI systems like large language models.

There is also limited discussion of emerging risks tied to agentic AI, autonomous systems, and foundation models. The document focuses more on traditional risk categories and may require supplementation for cutting-edge use cases.

Additionally, while stakeholder engagement is emphasized, the guidance does not provide concrete methodologies for conducting meaningful engagement at scale.

👥 Best For

Compliance teams integrating AI into existing risk frameworks
AI governance leads building due diligence processes
Legal and policy professionals aligning with OECD and EU standards
Organizations preparing for AI Act obligations

📄 Source Details

OECD (2023), Due Diligence Guidance for Responsible Business Conduct applied to AI systems, Organisation for Economic Co-operation and Development.

📝 Thanks to

OECD AI Policy Observatory and contributors to the OECD AI Principles

Report
About the author
Jakub Szarmach

Jakub Szarmach

Read next

The OECD.AI Index – Technical Paper

International AI Safety Report 2026

Global approaches to AI Governance: Policy, Legal, and Regulatory Perspectives

Defense Against the AI Dark Arts: Threat Assessment and Coalition Defense

AI Governance Vendor Report 2026 (IAPP)

AI Governance Library

Curated Library of AI Governance Resources

AI Governance Library

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to AI Governance Library.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.