On Tuesday October 4, 2022, the White House Office of Science and Technology Policy (“OSTP”) released a document entitled “Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People” (the “Blueprint”) together with a companion document “From Principles to Practice: A Technical Companion to the Blueprint for an AI Bill of Rights” (the “Technical Companion”).

Non-Binding “Guidance”

OSTP included a “Legal Disclaimer” which attempts to soften the impact of the release, describing it as a “white paper.”  OSTP states that the Blueprint is “non-binding and does not constitute US government policy” and “does not supersede, modify, or direct an interpretation of any existing statute, regulation, policy, or international instrument.”  While the Foreword to the Blueprint states that it is intended to provide “guidance” in connection with automated systems, the Legal Disclaimer clearly states that the Blueprint “does not constitute binding guidance for the public or Federal agencies and therefore does not require compliance with the principles described herein.”

Five “Principles”

The Blueprint and Technical Companion describe five principles and associated practices “to help guide the design, use, and deployment of automated systems.” The five principles are

  1. Safe and Effective Systems;
  2. Algorithmic Discrimination Protections;
  3. Data Privacy;
  4. Notice and Explanation; and
  5. Human Alternatives, Consideration, and Fallback.

While these five principles often overlap, they combine concepts relevant to employment law and data privacy that are also relevant to the evolving legal landscape around the use of artificial intelligence and automated systems.

OSTP intends the Blueprint to apply broadly, demonstrated by how it defines “automated system” as “any system, software, or process that uses computation as whole or part of a system to determine outcomes, make or aid decisions, inform policy implementation, collect data or observations, or otherwise interact with individuals and/or communities.”  The “Definitions” section notes that automated systems may include, but are not limited to, those derived from machine learning or artificial intelligence.

Principle 1: “Safe and Effective Systems”

The first principle, “Safe and Effective Systems,” states that automated systems should be “developed in consultation from diverse communities, stakeholders, and domain experts” and should “undergo pre-deployment testing, risk identification and mitigation, and ongoing monitoring.”  The Technical Companion highlights that the National Institute of Standards and Technology (NIST) is also developing a risk management framework to better manage risks posed by Artificial Intelligence.

Principle 2: “Algorithmic Discrimination Protections”

Under the second principle, “Algorithmic Discrimination Protections,” Americans “should not face discrimination by algorithms and systems should be used and designed in an equitable way.”  This principle also states that “independent evaluation and plain language reporting in the form of an algorithmic impact assessment, including disparity testing results and mitigation information, should be performed and made public whenever possible[.]”  The Technical Companion describes a handful of examples,  such as “a hiring tool that learned the features of a company’s employees (predominantly men) rejecting women applicants for spurious and discriminatory reasons; [and] resumes with the word ‘women’s,’ such as ‘women’s chess club captain,’ were penalized in the candidate ranking.”

Principle: 3: “Data Privacy”

The third principle, “Data Privacy,” provides that “[y]ou should be protected from abusive data practices via built-in protections and you should have agency over how data about you is used.” This principle encourages designers, developers, and deployers of automated systems to request permission and respect decisions regarding “collection, use, access, transfer, and deletion of your data[.]”  The Technical Guidance cautions against companies using “surveillance software to track employee discussions about union activity.”  It encourages privacy by design when designing automated systems, and champions extra protections for “sensitive domains” including “health, employment, education, criminal justice, and personal finance” related data.

Principle 4: “Notice and Explanation”

Pursuant to the fourth principle, “Notice and Explanation,” Americans “should know that an automated systems is being used, and understand how and why it contributes to outcomes that impact you.”  The principle encourages clear documentation regarding how the system works, and publicly reporting summaries of the automated systems.  The Technical Guidance notes that notice has “long been a standard practice, and in many cases is a legal requirement[.]” The Technical Guidance also calls attention to the Illinois Biometric Information Privacy Act, which contains a notice requirement, and a California law requiring warehouse employees to be provided with notice and explanation about use of quota systems, which are “often facilitated by algorithmic monitoring systems.”

Principle 5: “Human Alternatives, Consideration, and Fallback”

The fifth principle, “Human Alternatives, Consideration, and Fallback,” states that “[y]ou should be able to opt out, where appropriate, and have access to a person who can quickly consider and remedy problems you encounter.” The Technical Guidance provides the example of an unemployment benefits system in Colorado which required applicants to have a smartphone to verify their identity but provided no alternative option.  The Technical Guidance encourages the use of brief, clear, and accessible ways to opt out of automated systems in favor of human alternatives, where doing so would be timely and effective.


The Blueprint represents a significant effort by the White House to guide private industry and state and local governments in developing practices and policies around the use of automated systems.  While it is expressly non-binding, it will likely provide a framework for drafts of future legislation.  Some jurisdictions, just as New York City, Illinois, and Maryland, have already passed laws directed at certain automated systems.  The Blueprint may encourage other jurisdictions to pass laws and regulations governing the same.

Back to Workforce Bulletin Blog

Search This Blog

Blog Editors


Related Services



Jump to Page


Sign up to receive an email notification when new Workforce Bulletin posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.