Skip to content

AI Risk Analysis & Ethics Guidelines

1. Purpose

This document provides a formal risk analysis in alignment with the EU's "AI Act" and "Ethics Guidelines for Trustworthy AI." The goal is to determine our project's risk level, analyze its alignment with key ethical principles, and define the specific directives our team must follow.

2. EU AI Act: Risk Level Classification

The EU AI Act categorizes AI systems into four tiers: Unacceptable Risk, High Risk, Limited Risk, and Minimal Risk.

  • Project Function: This project classifies code comments to assist software developers in code comprehension and maintenance. It functions as a productivity and analysis tool, integrating into a developer's workflow to help them filter and understand code documentation.
  • Analysis:
    • The project does not fall under Unacceptable Risk (e.g., social scoring, manipulation) or High Risk (e.g., medical devices, credit scoring, critical infrastructure, recruitment). Our system's output does not pose a threat to fundamental rights, health, or safety.
    • The project's function is more advanced than Minimal Risk systems (e.g., spam filters, video games) because it actively generates analytical content (classification labels) that a user interacts with.
  • Limited Risk The project is classified as Limited Risk. This category includes AI systems where the primary concern is transparency. Like a chatbot, our system interacts with a user and provides AI-generated output.

3. Analysis Requirements for Trustworthy AI

We assess the project against the seven requirements for ethical AI:

1. Human Agency and Oversight

The project fully supports this principle. The AI model is designed to be an assistive tool, not an autonomous decision-maker. The developer remains in full control, using the model's classifications as suggestions to aid their work. The developer can always ignore, validate, or disagree with the AI's output.

2. Technical Robustness and Safety

For our project, "safety" relates to reliability. An incorrect classification does not pose a physical risk but rather an "inefficiency," as noted in our ML Canvas. Our commitment to robustness is demonstrated by tracking F1-score, inference runtime, and GFLOPS to ensure the model is performant, reliable, and efficient.

3. Privacy and Data Governance

The current project is trained exclusively on the NLBSE'26 dataset, which is derived from open-source projects. This minimizes privacy risks as no private or user-specific data is being processed.

4. Transparency

Users (developers) must be aware that the comment categories are generated by an AI. The project's ML Canvas describes what the system does, and this analysis formalizes that the user interface must also reflect this.

5. Diversity, Non-discrimination and Fairness

A potential risk exists for model bias. If the training data is not well-distributed, the model may perform poorly on certain types of comments or coding styles, creating a biased tool that is less helpful for some users. We must actively test for and mitigate this.

6. Societal and Environmental Wellbeing

The project has a clear positive societal impact by improving developer productivity and software quality. The environmental (computational) cost is being actively monitored by tracking GFLOPS, ensuring we remain computationally efficient.

7. Accountability

Our ML Canvas outlines a feedback mechanism ("True"/'False" validation) which is the foundation of our accountability process. This allows us to track model performance in the real world and provides a clear channel for users to report errors, which can then be used to retrain and improve the system.

4. Applicable Directives and Obligations

Based on our Limited Risk classification and the analysis above, the following directives are mandatory for the project:

  1. Mandatory Transparency: The project must adhere to the AI Act's transparency obligations. Any tool or UI that displays the model's output (the comment classification) must clearly and explicitly state that this classification was generated by an AI. This can be achieved via a tooltip, a settings panel, or a subtle label.

  2. Uphold Human Oversight: The design of any integrating tool must present the AI's classification as a suggestion or aid, not a definitive fact. The developer must always be in control and have the final judgment.

  3. Implement Feedback Loop: The accountability process described in the ML Canvas is not optional. We must implement the technical mechanism for developers to provide feedback on incorrect classifications.

  4. Test for Bias: During evaluation, we must go beyond average F1-scores. We must analyze model performance across all distinct comment categories and languages to identify and address any significant fairness or bias issues where the model fails for specific groups.

  5. Maintain Data Provenance: We must maintain clear records of our training data (NLBSE'26 dataset) and its original license to ensure we are in full compliance with its terms of use.