- The OECD Principles are the DNA of virtually every major AI governance framework — the EU AI Act, NIST AI RMF, Singapore’s frameworks, and Canada’s AIA all trace back to them. When a regulator asks why you made a governance decision, these principles are usually the answer.
- Accountability under the 2024 revision explicitly includes traceability of datasets, processes, and decisions across the full AI lifecycle. That’s a documentation requirement, not a philosophy — build it into your project plan from day one.
- The “AI actor” concept distributes responsibility across everyone involved in the lifecycle, not just the vendor. If you’re deploying a third-party model, you’re an AI actor and you inherit obligations alongside the provider.
The OECD Recommendation on Artificial Intelligence was adopted in 2019 — the first intergovernmental standard on AI. Over 50 countries have adhered to it, including the United States, the European Union member states, the United Kingdom, Canada, Japan, and Australia. It has been revised twice since: once in 2023 to address generative AI, and again in 2024 to clarify accountability, add information integrity provisions, and strengthen guidance on misuse.
The Recommendation is not a regulation. It creates no direct legal obligations for project managers or their organizations. What it does is set the conceptual architecture that most binding AI regulations have since been built on. Understanding the OECD Principles means understanding the logic behind the rules — and the logic is useful long before the rules arrive.
Why Project Managers Should Care
Most governance frameworks PMs encounter are operational — they tell you what to do and when. The OECD Principles are different. They answer the question that every governance checklist skips: why does any of this matter?
The EU AI Act’s requirements for human oversight trace directly to Principle 1.2 (human agency and oversight as a safeguard against misuse). The NIST AI RMF’s GOVERN and MANAGE functions operationalize Principle 1.5 (accountability and systematic risk management). Singapore’s FEAT principles for financial AI, Canada’s Algorithmic Impact Assessment, and the UNESCO Recommendation on the Ethics of AI all build on the same conceptual foundation.
This matters practically. When you’re defending a governance decision to a stakeholder or regulator, “we followed the NIST framework” is an implementation claim. Being able to explain that the decision protects human dignity, maintains accountability, or ensures the system can be overridden if it causes harm is a principled claim. Both are useful. The second one tends to hold up better under pressure.
The Five Principles
The OECD Recommendation organizes its governance guidance into five complementary principles. They’re designed to work as a set, not a menu.
1. Inclusive Growth, Sustainable Development, and Well-Being
AI systems should deliver beneficial outcomes for people and the planet: augmenting human capabilities, reducing inequalities, advancing inclusion of underrepresented populations, and protecting natural environments. The 2024 revision added an explicit reference to environmental sustainability, reflecting the growing recognition that large-scale AI compute has environmental costs that belong in governance conversations.
PM implication: Stakeholder impact analysis isn’t just about who might be harmed by the system — it’s also about who might be excluded from its benefits. A system that works well for the majority while systematically underperforming for a subset of users fails this principle. Define who benefits, who might be left out, and whether that distribution is acceptable.
2. Respect for the Rule of Law, Human Rights, and Democratic Values
AI actors must respect human rights and democratic values throughout the entire AI system lifecycle — not just at deployment. The 2024 revision explicitly added misinformation and disinformation to the list of concerns, requiring that AI systems address information manipulation risks while respecting freedom of expression. The principle also requires mechanisms for human agency and oversight to address risks from intentional misuse or unintentional misuse outside the system’s intended purpose.
The rights named in the principle include non-discrimination and equality, freedom, dignity, autonomy, privacy and data protection, diversity, fairness, social justice, and internationally recognized labor rights. That’s a broad scope deliberately — the principle is meant to prevent technical compliance that violates the underlying values.
PM implication: Bias and fairness testing aren’t optional extras. Defining the intended use case isn’t enough if the system can readily be misused outside it — misuse scenarios belong in your risk register. And if your system generates or distributes content at scale, information integrity is now part of your governance scope.
3. Transparency and Explainability
AI actors must commit to transparency and responsible disclosure. The principle identifies four specific information obligations: fostering general understanding of AI systems and their limitations; making stakeholders aware when they are interacting with an AI system (including in the workplace); providing plain-language explanations of the factors and logic that led to a prediction, recommendation, or decision; and providing information that enables those adversely affected to challenge outputs.
The 2024 revision clarified that transparency obligations apply to AI actors based on their role and context — the level of explanation required from a developer is different from what’s required from a deployer, and the appropriate depth of explanation depends on the stakes of the decision.
PM implication: Explainability is a design requirement, not a documentation afterthought. If the system makes consequential decisions, add explainability to your functional requirements before architecture is set — retrofitting explainability into a black-box model is expensive and often incomplete. Define what explanation each affected stakeholder needs and who is responsible for providing it.
4. Robustness, Security, and Safety
AI systems must function appropriately under normal use, foreseeable use, misuse, and adverse conditions throughout their entire lifecycle. The principle requires mechanisms to override, repair, or decommission systems that cause undue harm or exhibit undesired behavior. The 2024 revision added a new provision: where technically feasible, mechanisms should be in place to bolster information integrity while respecting freedom of expression — a direct response to generative AI’s capacity to produce and amplify misleading content.
PM implication: Shutdown and override capabilities belong in your requirements, not as afterthoughts during testing. Define under what conditions the system can be overridden or taken offline, who has the authority to do so, and how that process is documented. For systems that generate or distribute content, information integrity controls need to be scoped explicitly.
5. Accountability
AI actors are accountable for the proper functioning of AI systems and for adherence to the other four principles — based on their role, the context, and the state of the art. Accountability has two concrete operational requirements in the 2024 text.
First, traceability: AI actors must ensure traceability of datasets, processes, and decisions made during the AI system lifecycle to enable analysis of outputs and responses to inquiry. The 2024 revision moved traceability explicitly into this principle and elaborated its scope — it now clearly covers not just the model but the full decision chain.
Second, systematic risk management: AI actors must apply a risk management approach to each phase of the lifecycle on an ongoing basis, and adopt responsible business conduct to address risks related to AI systems — including through cooperation across the AI value chain.
PM implication: Accountability under the OECD framework is not organizational — it’s actor-specific. Your role in the lifecycle determines your obligations. A PM deploying a third-party model is an AI actor with accountability for deployment and operation, even if they didn’t build the underlying model. Traceability means logging decisions, documenting data provenance, and maintaining records that survive the project phase gate. Risk management doesn’t close at go-live.
What Changed in the 2024 Revision
The 2024 revision was adopted at the OECD Ministerial Council meeting to maintain the framework’s relevance five years after its original adoption. Several changes are directly relevant to project managers working with current AI systems.
Generative AI was explicitly addressed. The AI system definition was updated in 2023 to clarify that the Recommendation applies to generative AI systems, which produce content rather than just predictions or classifications. The 2024 revision built on this, adding specific provisions around information integrity and disinformation risks that are primarily relevant to generative systems.
Misuse was called out explicitly. The revised Principle 1.2 now requires mechanisms to address risks from uses outside of intended purpose — both intentional misuse and unintentional misuse. This is a meaningful shift: earlier versions focused on the system’s intended operation; the revision acknowledges that how a system is used in practice often diverges from how it was designed.
Traceability was elevated and clarified. The text on traceability and risk management was moved to Principle 1.5 (Accountability) and elaborated to make clear that it applies to datasets, processes, and decisions — not just model outputs. This directly affects what governance documentation looks like.
Environmental sustainability was added. Principle 1.1 now includes protecting natural environments as a goal of responsible AI stewardship, acknowledging that the energy and resource demands of AI systems are a governance concern alongside their social impacts.
From Principles to Project Decisions
Each principle maps to specific PM activities. The table below translates the framework into project-level actions.
| Principle | PM Actions |
|---|---|
| 1.1 Inclusive Growth | Stakeholder impact analysis covering who benefits and who is excluded. Access and equity review in requirements phase. |
| 1.2 Human Rights & Fairness | Bias and fairness testing. Privacy impact assessment. Misuse scenario analysis in risk register. Human oversight mechanisms in scope. |
| 1.3 Transparency | Explainability requirements defined before architecture. Disclosure language in UX design. Stakeholder-specific explanation specs. |
| 1.4 Robustness & Safety | Adverse condition testing in TEVV plan. Override and shutdown procedures documented. Information integrity controls scoped for generative systems. |
| 1.5 Accountability | Decision logging from day one. Data provenance documentation. Risk register maintained post-deployment. AI actor roles and obligations mapped across the team. |
Right-Sizing for Your Situation
How deeply you engage with these principles depends on your system’s risk level, your regulatory environment, and your organization’s maturity. The principles themselves don’t specify a compliance level — they set the values that governance activities should serve.
Use the five principles as a project checklist during scoping. For each principle, ask: have we thought about this? You don’t need formal documentation yet — you need to make sure these questions get asked before key decisions are locked in. The OECD framework gives you vocabulary to raise governance concerns before anyone is using the word “compliance.”
Map each principle to a documented governance activity in your project plan. Transparency becomes an explainability requirement. Accountability becomes a decision-logging task. Robustness becomes an adverse-condition test case. The goal is to move from asking “did we think about this?” to “where is the evidence we addressed it?”
Build principle alignment into your regulatory evidence dossier. Most mature AI regulations — including the EU AI Act and NIST AI RMF — are grounded in the OECD Principles. Demonstrating explicit alignment with the principles, alongside your framework-specific compliance evidence, strengthens your position in regulatory engagement and provides a principled basis for governance decisions that regulations don’t explicitly address.
The AI Governance Advisor can help you work through how these principles apply to your specific project context, methodology, and risk level.
Framework References
OECD Recommendation of the Council on Artificial Intelligence (OECD/LEGAL/0449, 2024 revision) — Principles 1.1–1.5 (inclusive growth, rule of law, transparency, robustness, accountability); Section 2 national policy recommendations; 2023 and 2024 revision scope. Source framework for all governance content in this article.
NIST AI Risk Management Framework 1.0 (NIST AI 100-1, 2023) — GOVERN, MAP, MEASURE, MANAGE functions. Operationalizes OECD accountability and robustness principles into a lifecycle risk management structure. GOVERN function directly reflects OECD Principle 1.5.
EU AI Act (Regulation (EU) 2024/1689) — Articles 9, 13, 14, 15, 17. Translates OECD principles into binding obligations: risk management system (accountability), transparency and instructions for use (transparency), human oversight (human rights), accuracy and robustness (robustness).
UNESCO Recommendation on the Ethics of AI (2021) — Eleven values and principles with global development emphasis. Expands the OECD framework with explicit treatment of environmental sustainability, cultural diversity, and data protection. Shares structural logic with OECD Principles 1.1 and 1.2.
This article is part of AIPMO’s Frameworks series. See also: AI Impact Assessments | The PM’s Guide to NIST AI RMF | ISO 42001 for Project Managers | AI Risk Classification