Skip to main content

Risk assessment and mitigation in ML projects

Instruction and application
Complete

Every ML project has uncertainty - but not all uncertainty is unmanaged risk. ML systems learn from data that changes, serve probabilistic predictions and often affect people directly. This section helps you recognise ML-specific risks, assess them and plan mitigations and ethical compliance early.

Microscope illustration

Recognising and assessing ML-specific risks

CategoryExample risks
DataIncomplete or biased training data, poor quality, late availability
ModelOverfitting, underperformance, drift, poor generalisation
OperationalIntegration failures, scale limits, deployment errors
StakeholderMisaligned expectations, low trust, unclear ownership
Ethical / regulatoryBiased outputs, poor explainability, non-compliance

How to assess ML risks

  • Risk matrix: Score likelihood and impact; prioritise high-high items (e.g. fairness in regulated use).
  • Stakeholder conversations: Legal, risk, engineering and product surface cross-cutting issues early.
  • Document assumptions: Data coverage, user behaviour, performance in subgroups - unchallenged assumptions often become incidents.

Example

A ride-sharing and insurer pilot uses mostly pre-pandemic data. Post-pandemic behaviour shifts cause demand errors; missing demographics in two regions surface drift anddata completeness risks. Without monitoring and validation protocols, services delay and trust erodes.

Mitigating risks and ethical compliance

Mitigations

  • Fallbacks: Rules or human review for high-stakes decisions.
  • Scheduled retraining: Cadence or drift-triggered refresh.
  • Pilots and A/B tests: Limited rollout before full scale.
  • Monitoring and alerting: Accuracy, fairness metrics, latency, drift.Example: A telecom provider routes to a rule-based backup when complaint-prediction accuracy drops below 75%.

Ethical and compliance focus areas

  • Bias audits: Compare error rates and outcomes across groups; plan mitigations when disparities appear.
  • Explainability: SHAP, LIME or simpler attribution - match depth to audience (regulators vs engineers).
  • Regulatory alignment: GDPR, HIPAA, sector rules - involve compliance early.
  • Consent and usage: Confirm training use rights; anonymise or pseudonymise where required.

Action item: Spot the risks before they happen

Scenario: You launch a model that predicts which customers may need support in the next 30 days, using location, product usage and past tickets. Record your thinking in the form below.

Reflection
What are two types of risks you would assess before deployment? (Data, model behaviour, operations or stakeholder trust.)
Your response here...
What steps would you take to check fairness or bias in this use case?
Your response here...
What questions should you ask about compliance or data use before training begins?
Your response here...