Global Assets AI Responsibility Model

Introduction

At NTT DATA, we recognize that the use of Artificial Intelligence in our Global Assets must be followed by a strong sense of responsibility. As a trusted partner, we are upholding the highest standards of compliance, governance, and ethical AI practices, guided by our NTT Group AI charter.

We align with a broad range of global frameworks and standards, including ISO/IEC 27001, GDPR, and the EU AI Act, as well as recent legislative proposals from South Korea (AI Basic Act, 2025) and California, USA (Bill SB420 & 243). These regulations embed rigorous controls into every stage of our AI lifecycle. We also invest in training and ethical responsibility programs to empower our teams to design, deploy, and operate AI systems responsibly.

NTT DATA is one of the signatory companies of the two pillars of the AI Pact, an initiative by the European Commission to help organisations anticipate and prepare for the obligations imposed by the EU AI Act. NTT DATA has been recognised by the European Commission as a success story in the field of AI literacy. The Global Gen AI Academy, a comprehensive training programme completed by all employees of the organisation, demonstrates NTT DATA’s firm and tangible commitment to responsible AI training, as well as the use of validated methodologies benchmarked at an international level.

In addition, NTT DATA Spain, where many of our AI-based Global Assets are allocated, is currently in the process of obtaining ISO/IEC 42001 certification, the first international standard for AI Management Systems, which provides a structured approach to managing AI risks and ensuring responsible innovation.

This Responsibility Model defines how responsibilities are distributed across all actors involved in the lifecycle of AI-based components within our Global Assets, from model builders to end-users. This model ensures that AI systems are used in a legal, safe, ethical, and compliant manner.

By clearly delineating roles and obligations, this Model helps mitigate risks related to bias, misinformation, data privacy, intellectual property, regulatory compliance, and misuse. It promotes transparency, accountability, and trust across the AI lifecycle. It also improves transparency and accountability, as each stakeholder is clear about their roles and responsibilities, leading to a more transparent and accountable collaboration.

The Responsibility Model key roles

• AI System Providers Entities that develop an AI system and make it available on the market or put it into service under their own name or trademark (e.g. OpenAI or Google). Responsibilities: foundational integrity of the model; ensure legality, safety, transparency; address bias; comply with IP and data protection laws; publish documentation to support downstream risk management.

• Platform Providers Cloud or infrastructure providers that enable hosting, deployment, and operation of AI systems (e.g., Azure OpenAI Service, Vertex AI). Responsibilities: provide secure/compliant infrastructure, data protection measures, audit trails, multi-tenant support, facilitate regulatory reporting.

• Deployers Entities that embed AI systems into their business applications or integrate them in a product/service under their control. Responsibilities: implement safeguards to prevent misuse, monitor model quality, perform input/output filtering, ensure human oversight (human-in-the-loop).

• Customers Organizations that adopt and use AI-enabled solutions. Responsibilities: define intended use, provide accurate data, manage integrations, ensure ethical and legal use, enforce internal AI policies, monitor deployment.

• End-Users Users that interact directly with AI systems. Responsibilities: understand system limitations, follow usage guidelines, avoid misuse, report harmful outputs through governance channels.

NTT DATA role when licensing Global Assets embedding AI

NTT DATA plays a key role in the AI value chain as a Deployer, focusing on developing and integrating AI-driven components into our Global Assets. NTT DATA designs and delivers end-to-end solutions that integrate trusted AI Systems—such as OpenAI, Azure OpenAI, Google Gemini, and Amazon Bedrock.

Core AI integration activities:

• Integration with LLMs (selection, configuration, API orchestration)

• Prompt execution and optimization (prompt engineering)

• Retrieval-Augmented Generation (RAG) and embedding generation

• AI Agent orchestration for multi-agent workflows

• Guardrails management (safety, ethics, human-centric interaction)

• Users and Agents management

Use of third-party AI systems by Customers is subject to the AI System Provider terms. NTT DATA acts as an intermediary and facilitator of such terms (“pass-through model”), ensuring contractual frameworks reflect roles and responsibilities.

Roles according to EU AI Act

NTT DATA’s Responsibility Model for AI systems usage in Global Assets aligns with the EU Artificial Intelligence Act (Regulation 2024/1689) and internal governance practices. The EU AI Act defines roles (Provider, Deployer, Importer, Distributor, User) with specific regulatory obligations depending on control and position in the AI value chain.

• Providers (EU AI Act): legally responsible to ensure compliance before placing an AI system on the market. NTT DATA would assume a Provider role only in exceptional cases where an LLM or AI System used within a Global Asset is substantially modified, changing its performance, intended purpose, or risk profile. In such cases, NTT DATA would undertake Provider-level obligations under the EU AI Act.

• Deployers (EU AI Act): entities that use AI systems under their authority for professional purposes. This is NTT DATA’s primary role in most cases. To fulfil Deployer responsibilities, NTT DATA supports:

  • Input and Output Filtering (prevent harmful prompts / unsafe outputs)

  • Human-in-the-Loop Oversight

  • Monitoring and Evaluation (performance, fairness, safety)

  • Legal and Regulatory Compliance (GDPR, IP, EU AI Act)

  • Training Data Awareness (review third-party model documentation)

  • Risk assessments (bias, discrimination, privacy, security)

  • Transparency toward clients and users (model limitations, safe usage guidance)

  • Training and awareness for employees involved in AI integration and governance

• Users (EU AI Act): individuals interacting with AI systems but not modifying or operating them. Primary responsibility: use systems ethically per provided guidance and report harmful or unsafe behaviour.

NTT DATA maintains internal procedures and governance bodies to supervise AI legislation compliance. Ultimately, it is the Customer’s responsibility to assess their specific use-case risk and inform NTT DATA to determine corresponding obligations.

Reference Links

Microsoft Azure

• Azure AI Content Safety

• Abuse Monitoring

• Responsible Use of AI

• Microsoft AI Code of Conduct

Google Cloud

• Responsible AI

• Navigating the EU AI Act: Google Cloud's proactive approach

• Generative AI and data governance

AWS

• AWS Responsible AI Policy