The first instalment of SAFE AI – the Standards and Assurance Framework for Ethical AI

Helen McElhinney (CDAC Network), Anjali Mazumder (The Alan Turing Institute) & Michael Tjalve (Humanitarian AI Advisory)

Why this matters: the world’s most vulnerable people are governed by AI systems with no sector-wide governance architecture to ensure safety, accountability and legitimacy

AI is now operational infrastructure in humanitarian action. It determines who receives aid, who is flagged, who is excluded. Yet the governance architecture to ensure these systems operate safely – in contexts defined by vulnerability, power asymmetry and limited avenues for redress – does not exist at sector level.

This is the central finding of SAFE AI’s inaugural briefing paper. The humanitarian sector has reached a tipping point: adoption is accelerating while governance infrastructure lags. Global AI frameworks provide important foundations, but they were designed for states, regulators and technology companies. They do not translate into the operational realities of organisations working in fragile and conflict-affected environments.

This briefing establishes the nature and scale of that gap, why it matters and why individual agency policies cannot close it alone. It sets the analytical foundation for the SAFE AI framework, arriving May 2026.

Where existing frameworks fall short

The briefing identifies four structural challenges that existing governance frameworks do not adequately address in humanitarian contexts:

1. AI intensifies an existing dual-use problem. Systems used for registration, targeting and needs analysis may rely on data and model infrastructure that can serve commercial, intelligence, or military purposes. In active conflict environments, the distinction between humanitarian and military AI is increasingly difficult to maintain – placing neutrality and independence at structural risk.

2. Adversarial information environments are ungoverned. AI systems in humanitarian contexts interact with contested information ecosystems where misinformation, manipulation and limited verification capacity are baseline conditions. No existing framework was designed for contexts where technical infrastructure is contested and the civilian/military boundary is unstable.

3. Accountability asymmetry is deepening. Humanitarian organisations are structurally more accountable to donors than to affected populations. AI systems risk further entrenching this imbalance – decisions shaped by systems that are neither transparent nor contestable by those they affect. This asymmetry has documented, differentiated impacts on those already facing barriers, including women and girls.

4. Responsibility without control. Organisations remain accountable for AI decisions they did not design and cannot fully inspect. Proprietary systems, external platforms and concentrated cloud infrastructure create structural asymmetries that procurement alone cannot resolve.

The case for independent assurance: internal governance cannot verify itself

An organisation that designs, deploys, and assesses its own AI systems faces the same problem as a company that audits its own accounts. The output may be accurate, but without independence, there is no reliable way to tell. Drug safety relies on independent clinical review. Aircraft certification involves regulators and third-party inspectors, not manufacturers. In each case, credibility depends not only on the rigour of the process, but on the separation between those providing assurance and those whose systems are being assessed.

Even the sector’s most governance-capable organisation cannot independently verify its own claims, cannot provide assurance to external partners and donors, and cannot resolve accountability gaps when systems are procured from vendors whose architecture is not fully visible. If the most governance-capable actor cannot close that gap alone, the gap is structural.

This is the shift SAFE AI is designed to enable: from governance as process to governance as assurance.

What humanitarian AI auditing involves

Independent assurance requires a methodology built for humanitarian deployment conditions – not adapted from general-purpose frameworks. Four components constitute the core:

1. Context-specific evaluation: Testing against the failure modes that matter in these contexts – performance across low-resource languages, reliability in adversarial information environments and behaviour in the specific functions for which a system is deployed.

2. Transparency obligations: Access to training data provenance, documented failure modes, update policies and supply chain disclosure. Where a developer cannot provide this, the audit cannot proceed and the system cannot be recommended for humanitarian deployment.

3. Human oversight architecture by risk tier: From documented internal processes for lower-risk applications, to mandatory human authorisation at each decision point for systems influencing eligibility, prioritisation or protection.

4. Community accountability mechanism: A meaningful pathway for affected people to raise concerns about system outputs, and for those concerns to result in adjustment, limitation or withdrawal. Where none exists, the audit finding must name its absence.

These components apply at deployment – and upstream, to whether systems are appropriate for humanitarian use before they are integrated into applications at all. This is the direction SAFE AI's Phase 2 auditing hub is designed to pursue.