What is Automated Decision-Making?

What is Automated Decision-Making?

Automated Decision-Making (ADM) refers to the process by which AI systems or algorithms make decisions that affect people or organisations without meaningful human involvement at the point of decision. The system takes in data, applies rules or learned patterns, and produces a decision or recommendation that is acted upon directly.

For business leaders, ADM is both an enormous opportunity and a significant governance challenge. Automated decisions can dramatically improve speed, consistency, and cost-efficiency. But when those decisions affect people's lives, employment, access to credit, insurance claims, or legal outcomes, the stakes are high and the governance requirements are substantial.

The Spectrum of Automation

Not all automated decision-making is the same. It exists on a spectrum:

• Fully automated: The system makes the decision and executes it without any human review. Examples include automated credit scoring, algorithmic trading, and content moderation at scale.
• Semi-automated with human review: The system makes a recommendation, and a human reviews it before the decision is finalised. Examples include AI-assisted hiring shortlisting and medical diagnosis support.
• Human decision with AI support: A human makes the decision but uses AI-generated insights as one input among many. Examples include strategic planning with predictive analytics.

The governance requirements increase as you move toward full automation, especially when the decisions significantly affect individuals.

Why Automated Decision-Making Needs Governance

Automated decisions at scale can create systematic patterns of harm that are difficult to detect without deliberate oversight:

• Scale of impact: An automated system can make thousands or millions of decisions per day. If there is a flaw in the logic or data, the resulting harm is multiplied by every decision made.
• Consistency vs. rigidity: While consistency is a benefit of automation, it can also mean that a flawed decision is applied uniformly, affecting entire populations rather than individual cases.
• Accountability gaps: When no human is directly involved in a decision, it can be unclear who is responsible for the outcome. This creates both legal and ethical challenges.
• Reduced context sensitivity: Automated systems may not account for individual circumstances that a human decision-maker would consider. This can lead to decisions that are technically correct by the system's criteria but unjust in context.

Key Governance Requirements

Transparency

Individuals affected by automated decisions should know that an automated system is involved, what data it uses, and in general terms how decisions are made. This is both an ethical requirement and increasingly a legal one.

Right to Human Review

For significant decisions, individuals should have the ability to request human review. This serves as a safety net for cases where the automated system's output may be inappropriate or unjust due to unusual circumstances.

Regular Auditing

Automated decision-making systems should be regularly audited for accuracy, fairness, and compliance with applicable laws and organisational policies. Audits should examine both the system's technical performance and its real-world outcomes.

Impact Assessment

Before deploying an automated decision-making system, conduct an impact assessment that evaluates the potential effects on individuals and groups, particularly vulnerable populations. This assessment should inform design choices and governance controls.

Automated Decision-Making in Southeast Asia

Automated decision-making is increasingly common across ASEAN markets in sectors including financial services, insurance, telecommunications, and e-commerce.

Singapore addresses automated decision-making through its Model AI Governance Framework, which recommends human oversight for decisions that significantly affect individuals. The PDPA's provisions on data processing apply to data used in automated decisions, and the PDPC has issued guidance on transparency and accountability for algorithmic decisions.

Thailand's PDPA includes provisions relevant to automated decision-making, including the requirement for lawful bases for data processing and individual rights related to automated decisions affecting legal rights.

Indonesia's Personal Data Protection Act establishes individual rights related to automated processing, including the right to object to decisions based solely on automated processing that produce legal effects or similarly significant impacts.

The Philippines' Data Privacy Act includes provisions on automated processing and profiling, requiring data controllers to implement appropriate safeguards.

For businesses deploying automated decision-making across ASEAN, building governance structures that include transparency, human review options, and regular auditing provides a consistent standard that meets emerging requirements across the region.

Implementation Best Practices

1. Classify your automated decisions by risk: Not all automated decisions need the same level of governance. Credit decisions affecting individuals need more oversight than product recommendation algorithms.
2. Build in human review triggers: Define the conditions under which an automated decision should be escalated to a human reviewer, such as edge cases, high-value decisions, or consumer requests.
3. Maintain decision logs: Keep detailed records of automated decisions, the data used, and the rationale, to support auditing, dispute resolution, and regulatory compliance.
4. Test for bias regularly: Automated systems can develop biased patterns over time. Regular testing across demographic groups helps catch problems early.
5. Communicate clearly: Tell customers and stakeholders when automated decision-making is involved and explain how they can request human review if they are dissatisfied with an outcome.