Risk categorization

Risk Categorization¶

Categorize the severity of risks linked to an AI system usecase, which includes the domain, purpose, capabilities, AI user, and AI subject.

Attribution¶

The author of this notebook is Dhaval Salwala (IBM Research) and the underlying risk classification methodology according to the EU AI Act was developed by the Social and Responsible AI Team at Nokia Bell Labs, Cambridge UK (ExploreGen paper link contributors: Viviane Herdel, Sanja Šćepanović, Edyta Bogucka, Daniele Quercia).

Learn more:¶

Herdel, Viviane, Sanja Šćepanović, Edyta Bogucka, and Daniele Quercia. "ExploreGen: Large language models for envisioning the uses and risks of AI technologies." In Proceedings of the AAAI/ACM Conference on AI, Ethics, and Society, vol. 7, pp. 584-596. 2024.

Load libraries.¶

In [8]:

Copied!





from risk_atlas_nexus.blocks.inference import OllamaInferenceEngine
from risk_atlas_nexus.blocks.inference.params import (
    InferenceEngineCredentials,
    OllamaInferenceEngineParams,
)
from risk_atlas_nexus.library import RiskAtlasNexus
from risk_atlas_nexus.blocks.inference import OllamaInferenceEngine
from risk_atlas_nexus.blocks.inference.params import (
    InferenceEngineCredentials,
    OllamaInferenceEngineParams,
)
from risk_atlas_nexus.library import RiskAtlasNexus

Risk Atlas Nexus uses Large Language Models (LLMs) to infer risks dimensions. Therefore requires access to LLMs to inference or call the model.¶

Available Inference Engines: WML, Ollama, vLLM, RITS. Please follow the Inference APIs guide before going ahead.

Note: RITS is intended solely for internal IBM use and requires TUNNELALL VPN for access.

In [2]:

Copied!





inference_engine = OllamaInferenceEngine(
    model_name_or_path="granite3.2:8b",
    credentials=InferenceEngineCredentials(api_url="OLLAMA_API_URL"),
    parameters=OllamaInferenceEngineParams(
        num_predict=1000, temperature=0, repeat_penalty=1, num_ctx=13750
    ),
)
inference_engine = OllamaInferenceEngine(
    model_name_or_path="granite3.2:8b",
    credentials=InferenceEngineCredentials(api_url="OLLAMA_API_URL"),
    parameters=OllamaInferenceEngineParams(
        num_predict=1000, temperature=0, repeat_penalty=1, num_ctx=13750
    ),
)

[2025-06-15 21:02:59:957] - INFO - RiskAtlasNexus - OLLAMA inference engine will execute requests on the server at http://localhost:11434.
[2025-06-15 21:03:00:8] - INFO - RiskAtlasNexus - Created OLLAMA inference engine.

Create an instance of RiskAtlasNexus¶

In [3]:

Copied!

risk_atlas_nexus = RiskAtlasNexus()
risk_atlas_nexus = RiskAtlasNexus()

[2025-06-15 21:03:00:120] - INFO - RiskAtlasNexus - Created RiskAtlasNexus instance. Base_dir: None

Prepare Use cases¶

In [10]:

Copied!





usecase_1 = "Generate personalized, relevant responses, recommendations, and summaries of claims for customers to support agents to enhance their interactions with customers."
print("usecase_1: ", usecase_1)
print()
usecase_2 = "An AI system is used by a consortium of universities and financial institutions to both assess student academic performance and determine their eligibility and risk level for student loans. The system automatically evaluates students' historical academic data, standardized test results, socio-economic background, behavioral data from educational platforms, and other digital footprints (e.g., attendance, participation, learning pace)."
print("usecase_2: ", usecase_2)
usecase_1 = "Generate personalized, relevant responses, recommendations, and summaries of claims for customers to support agents to enhance their interactions with customers."
print("usecase_1: ", usecase_1)
print()
usecase_2 = "An AI system is used by a consortium of universities and financial institutions to both assess student academic performance and determine their eligibility and risk level for student loans. The system automatically evaluates students' historical academic data, standardized test results, socio-economic background, behavioral data from educational platforms, and other digital footprints (e.g., attendance, participation, learning pace)."
print("usecase_2: ", usecase_2)

usecase_1:  Generate personalized, relevant responses, recommendations, and summaries of claims for customers to support agents to enhance their interactions with customers.

usecase_2:  An AI system is used by a consortium of universities and financial institutions to both assess student academic performance and determine their eligibility and risk level for student loans. The system automatically evaluates students' historical academic data, standardized test results, socio-economic background, behavioral data from educational platforms, and other digital footprints (e.g., attendance, participation, learning pace).

Invoking Risk Categorization Service on usecase_1 and usecase_2¶

The API receives a list of usecases along with an inference engine instance for LLM evaluation. It extracts key attributes - domain, purpose, capabilities, AI user, and AI subject—from each usecase. These attributes are then sent to the categorization service RiskSeverityCategorizer.categorize() to determine the Risk Severity and retrieve related information.

API: RiskAtlasNexus.categorize_risk_severity()

Params:

usecases (List[str]): A List of strings describing AI usecases
inference_engine (InferenceEngine): An LLM inference engine

Returns:

results (List[Dict]): Results detailing risk categorization by usecase.

In [ ]:

Copied!

response = risk_atlas_nexus.categorize_risk_severity(
    usecases=[usecase_1, usecase_2], inference_engine=inference_engine
)
response = risk_atlas_nexus.categorize_risk_severity(
    usecases=[usecase_1, usecase_2], inference_engine=inference_engine
)

[2025-06-15 21:03:08:136] - INFO - RiskAtlasNexus - AI Domain: Customer service/support
[2025-06-15 21:04:58:832] - INFO - RiskAtlasNexus - AI Domain: Risk and Compliance

Risk Severity Information¶

The response object has four fields:

Description: The description of the AI System inferred from the usecase.
Classification: The risk severity classification label
1. Excluded,
2. Prohibited,
3. High-Risk Exception,
4. High Risk, and
5. Limited or Low Risk.
AIActText: EU AI Act section that closely resembles the AI System including any amendments.
Reasoning: Explanation of the risk classification.

Response for usecase_1¶

In [6]:

Copied!

response[0]
response[0]

Out[6]:

{'Description': 'The AI system intended to be used in customer service/support to provide personalized, contextually relevant information and recommendations to support agents, enhancing their ability to address customer inquiries and claims effectively and efficiently through Natural Language Generation, Sentiment Analysis, Recommendation Engine, and Chatbot Integration.',
 'Classification': 'Limited or Low Risk',
 'AIActText': "This classification is based on the general principles of the EU AI Act, particularly Recital 58 which states that AI systems used to evaluate the credit score or creditworthiness of natural persons should be classified as high-risk AI systems, since they determine those persons' access to financial resources or essential services. However, the system described does not appear to fall under this category as it is primarily focused on improving customer service efficiency rather than determining creditworthiness.",
 'Reasoning': 'The AI system is not classified as Prohibited, High-Risk Exception, or High Risk as it does not involve any of the prohibited practices (Article 5) or high-risk activities (Article 6) such as subliminal techniques, exploiting vulnerabilities, biometric categorization, social scoring, predictive policing, or expanding facial recognition databases. It also does not fall under the High-Risk Exception categories like civil aviation security, two- or three-wheels vehicles, agricultural and forestry vehicles, marine equipment, interoperability of the rail system, motor vehicles, civil aviation, or critical infrastructure management. Instead, it is considered Limited or Low Risk as it primarily aims to enhance customer service efficiency through personalized responses and recommendations, without posing significant risks to health, safety, or fundamental rights.'}

Response for usecase_2¶

In [7]:

Copied!

response[1]
response[1]

Out[7]:

{'Description': 'The AI system intended to be used is a machine learning model that analyzes historical academic data, standardized test results, socio-economic background, behavioral data, and digital footprints to predict student academic performance and loan eligibility/risk level, utilizing natural language processing and predictive analytics.',
 'Classification': 'High Risk',
 'AIActText': 'Article 6(2) - AI systems intended to be used for the purpose of assessing the appropriate level of education that an individual will receive or will be able to access, in the context of or within educational and vocational training institutions at all levels.',
 'Reasoning': "The system falls under the 'High Risk' category as per Article 6(2) of the EU AI Act, specifically under the 'Education and vocational training' section. It is intended to assess the level of education for individuals, which can materially influence their educational and professional course, potentially affecting their ability to secure a livelihood. This system may perpetuate historical patterns of discrimination and violate the right to education and training, as well as the right not to be discriminated against."}