Artificial Intelligence Policy

Last Updated: March 2026

1. Introduction and Purpose

This Artificial Intelligence Policy ("AI Policy" or "Policy") establishes the principles, standards, governance structures, and operational requirements that govern the development, procurement, deployment, use, monitoring, and decommissioning of artificial intelligence and machine learning systems by ThinkFirm Information Technology Consultancy L.L.C ("ThinkFirm," "the Company," "we," "us," or "our"), a Limited Liability Company duly incorporated and registered under the laws of the United Arab Emirates. ThinkFirm operates as a technology consulting, advisory, and professional services firm specializing in information technology consultancy, enterprise risk management, cybersecurity, artificial intelligence, data management, regulatory compliance, digital transformation, and related domains across the public and private sectors.

ThinkFirm recognizes that artificial intelligence represents one of the most transformative technologies of the current era, with the capacity to fundamentally reshape industries, economies, and societies. As a firm that develops, deploys, and advises clients on AI systems, ThinkFirm bears a heightened responsibility to ensure that its use of AI is principled, ethical, transparent, and aligned with the values of fairness, human dignity, inclusivity, and societal well-being. This Policy reflects ThinkFirm's commitment to leading by example in the responsible adoption of AI technologies, and to establishing a culture of AI governance that balances innovation with accountability, performance with safety, and efficiency with ethical integrity.

The purpose of this Policy is to provide a comprehensive framework that: defines the ethical principles and values that guide ThinkFirm's AI activities; establishes governance structures and oversight mechanisms for AI systems throughout their lifecycle; sets standards for fairness, non-discrimination, and bias mitigation in AI design and deployment; mandates transparency, explainability, and interpretability requirements for AI-driven decisions; ensures human oversight, control, and the right to meaningful human review of automated decisions; addresses data quality, privacy, and security in the context of AI processing; defines accountability structures, roles, and responsibilities for AI governance; outlines risk assessment, monitoring, and incident response procedures for AI systems; ensures compliance with applicable laws, regulations, and industry standards; and provides mechanisms for stakeholder engagement, feedback, and redress.

This Policy applies to all AI systems developed, procured, deployed, operated, maintained, or decommissioned by ThinkFirm, whether for internal operational use or as part of services delivered to clients. It extends to all ThinkFirm personnel, including employees, officers, directors, contractors, temporary staff, secondees, and interns, as well as third-party vendors, partners, and service providers who develop, supply, or operate AI systems on behalf of or in connection with ThinkFirm. This Policy should be read in conjunction with ThinkFirm's Privacy Policy, Terms and Conditions, Information Security Policy, Data Governance Framework, and any other applicable policies, standards, and procedures.

2. Definitions and Scope

For the purposes of this Policy, "Artificial Intelligence" or "AI" refers broadly to any computational system, software, algorithm, or model that is designed to perform tasks that typically require human intelligence, including but not limited to: learning from data and experience (machine learning); understanding, generating, and processing natural language (natural language processing and natural language generation); recognizing patterns in images, audio, video, and other sensory data (computer vision, speech recognition); making predictions, recommendations, or decisions based on data analysis (predictive analytics, decision support systems); reasoning, planning, and problem-solving (knowledge-based systems, expert systems); and generating novel content including text, images, code, audio, and video (generative AI). This definition encompasses all forms of AI, including narrow AI (task-specific systems), general-purpose AI systems, foundation models, large language models (LLMs), deep learning architectures, reinforcement learning agents, robotic process automation (RPA) with cognitive capabilities, and any hybrid systems that combine AI with traditional software or human processes.

"Machine Learning" or "ML" refers to a subset of AI in which systems improve their performance on a specific task through exposure to data, without being explicitly programmed for every possible scenario. ML encompasses supervised learning (classification and regression from labeled data), unsupervised learning (clustering, dimensionality reduction, anomaly detection from unlabeled data), semi-supervised learning (combining labeled and unlabeled data), reinforcement learning (learning through interaction with an environment and reward signals), transfer learning (applying knowledge from one domain to another), federated learning (distributed model training across decentralized data sources), and any other technique whereby a system's behavior is shaped by data-driven optimization rather than explicit rule-based programming.

"AI System" refers to any implementation, deployment, or instance of AI or ML technology used by ThinkFirm, whether developed in-house, procured from third-party vendors, accessed through APIs or cloud services, integrated into existing platforms, embedded in products or services delivered to clients, or utilized in any other capacity. This includes both production systems operating in live environments and experimental or research systems in development, testing, staging, or pilot environments. The scope extends to AI systems operating across all domains of ThinkFirm's business, including but not limited to: client-facing advisory and consulting services; internal operations and business process automation; cybersecurity threat detection and response; risk assessment and compliance monitoring; data analytics and business intelligence; document analysis and contract review; recruitment and talent management; marketing and client engagement; financial planning and forecasting; and research and development activities.

This Policy applies regardless of the deployment model (on-premise, cloud, hybrid, edge), the underlying technology stack, the vendor or provider of the AI system, the geographic location where processing occurs, or the organizational function or business unit utilizing the system. Where ThinkFirm provides AI-related advisory, implementation, or managed services to clients, this Policy governs ThinkFirm's own conduct and obligations in delivering such services, while recognizing that clients may have their own AI governance frameworks and policies that apply to their use of AI systems. ThinkFirm will make reasonable efforts to align its AI service delivery with client-specific governance requirements where such requirements are communicated in writing and are consistent with ThinkFirm's own ethical standards and legal obligations.

3. Ethical Principles and Values

ThinkFirm's approach to artificial intelligence is grounded in a set of core ethical principles that inform all aspects of AI governance, from strategic planning and system design through development, deployment, monitoring, and decommissioning. These principles are not aspirational statements but binding commitments that shape ThinkFirm's operational practices, investment decisions, vendor relationships, and client engagements. ThinkFirm expects all personnel, contractors, and partners involved in AI activities to understand, internalize, and apply these principles in their daily work, and to escalate concerns where they observe or suspect deviations from these standards.

ThinkFirm is committed to ensuring that its AI systems respect and uphold fundamental human rights and human dignity, as recognized in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and other applicable international human rights instruments. AI systems shall not be designed, deployed, or used in ways that undermine, erode, or violate the rights of individuals or communities, including the right to privacy, the right to non-discrimination, the right to freedom of expression, the right to a fair trial, and the right to an effective remedy. ThinkFirm recognizes that AI has the potential to both advance and threaten human rights, and is committed to maximizing the former while vigilantly guarding against the latter through proactive risk assessment, continuous monitoring, and responsive remediation.

ThinkFirm is committed to the principle of human agency and oversight, which holds that AI systems should augment and empower human decision-making rather than replace or diminish it. AI systems deployed by ThinkFirm shall be designed to support, inform, and enhance human judgment, and shall not autonomously make decisions that have significant legal, financial, health, safety, or rights-related impacts on individuals without meaningful human oversight, review, and intervention capability. ThinkFirm maintains the principle that humans must retain the ability to understand, question, override, and reverse AI-driven decisions, particularly in high-stakes contexts. This commitment extends to ensuring that organizational structures, workflows, and incentive systems do not create conditions where human reviewers are pressured to rubber-stamp AI recommendations without genuine critical evaluation.

ThinkFirm is committed to the principle of societal and environmental well-being, recognizing that AI systems operate within broader social, economic, and environmental contexts and can have far-reaching impacts beyond their immediate operational scope. ThinkFirm shall consider the potential societal implications of its AI activities, including impacts on employment, economic inequality, social cohesion, democratic processes, and vulnerable populations. ThinkFirm shall also consider the environmental footprint of its AI operations, including the energy consumption, carbon emissions, water usage, and electronic waste associated with training and running AI models, and shall seek to minimize environmental impact through efficient model design, responsible infrastructure choices, and sustainable computing practices where commercially practicable.

4. Fairness, Non-Discrimination, and Bias Mitigation

ThinkFirm is committed to developing, deploying, and operating AI systems that are fair, equitable, and free from unjust discrimination. Fairness in AI is a multifaceted concept that encompasses statistical fairness (equitable distribution of outcomes across demographic groups), procedural fairness (equitable treatment in the process of decision-making), and substantive fairness (outcomes that are just, reasonable, and proportionate in context). ThinkFirm recognizes that achieving fairness in AI requires deliberate, sustained, and multi-disciplinary effort throughout the entire AI lifecycle, from problem formulation and data collection through model development, deployment, monitoring, and iteration.

ThinkFirm shall implement systematic measures to identify, assess, mitigate, and monitor bias in its AI systems across all stages of the AI lifecycle. During the data collection and preparation phase, ThinkFirm shall evaluate training datasets for representational bias (under-representation or over-representation of specific demographic groups), measurement bias (systematic errors in how features or labels are measured or recorded), historical bias (patterns of past discrimination embedded in historical data), sampling bias (non-random selection of training examples), and label bias (systematic errors or subjectivity in the labeling of training data). Where bias is identified, ThinkFirm shall implement appropriate remediation measures, which may include data augmentation, re-sampling, re-weighting, collection of additional data, modification of features or labels, or selection of alternative data sources.

During the model development phase, ThinkFirm shall evaluate AI models for algorithmic bias, including disparate impact (disproportionate adverse effects on protected groups), disparate treatment (differential processing based on protected characteristics), proxy discrimination (use of features that are highly correlated with protected characteristics), and intersectional bias (compounded disadvantage affecting individuals who belong to multiple marginalized groups). ThinkFirm shall utilize appropriate fairness metrics and testing methodologies, which may include demographic parity analysis, equalized odds assessment, calibration testing across subgroups, counterfactual fairness evaluation, individual fairness analysis, and adversarial debiasing techniques. The selection of appropriate fairness metrics shall be context-dependent and shall consider the specific use case, the potential impacts on affected individuals, the applicable legal and regulatory requirements, and the expectations of stakeholders.

ThinkFirm shall not develop, deploy, or operate AI systems that intentionally discriminate against individuals or groups on the basis of race, ethnicity, national origin, color, gender, sex, sexual orientation, gender identity or expression, age, disability, religion, belief, political opinion, marital or family status, pregnancy, genetic information, socioeconomic status, or any other characteristic protected by applicable law or ThinkFirm's own anti-discrimination commitments. Where AI systems are deployed in contexts that affect individuals' access to employment, credit, housing, education, healthcare, insurance, public services, or other essential opportunities, ThinkFirm shall apply heightened scrutiny and more rigorous fairness testing to ensure that such systems do not perpetuate, amplify, or create patterns of unjust discrimination.

ThinkFirm acknowledges that achieving perfect fairness in AI systems is an ongoing challenge, as different fairness criteria may be mathematically incompatible, societal definitions of fairness may evolve, and complex real-world contexts may present novel fairness considerations not anticipated during system design. ThinkFirm is committed to continuous improvement in its fairness practices and shall regularly review and update its bias assessment methodologies, fairness metrics, and mitigation techniques in response to advances in research, emerging best practices, stakeholder feedback, regulatory developments, and lessons learned from its own experience and the broader AI community.

5. Transparency and Explainability

ThinkFirm is committed to transparency in its AI activities, recognizing that transparency is a foundational prerequisite for accountability, trust, and meaningful oversight. Transparency in the context of AI encompasses multiple dimensions: organizational transparency (disclosure of AI governance structures, policies, and practices), operational transparency (disclosure of how, when, and where AI systems are used), technical transparency (disclosure of how AI systems function, make decisions, and produce outputs), and outcome transparency (disclosure of the results, impacts, and performance of AI systems). ThinkFirm shall pursue transparency across all of these dimensions to the extent that is technically feasible, commercially reasonable, and consistent with the protection of legitimate proprietary interests, trade secrets, security considerations, and applicable legal obligations.

ThinkFirm shall ensure that individuals who are subject to or affected by AI-driven decisions are informed, in clear and accessible language, that AI or automated processing is being used, the general purpose and function of the AI system, the types of data being processed, the potential impact of the AI-driven decision on the individual, the existence and nature of any human oversight or review mechanisms, and the means by which the individual can seek further information, request human review, or challenge the decision. This notification obligation applies to AI systems deployed in ThinkFirm's client-facing services, internal operations that affect employees or job applicants, and any other context where AI-driven decisions have a meaningful impact on identifiable individuals.

ThinkFirm is committed to ensuring that its AI systems are explainable and interpretable to the extent necessary for meaningful human oversight and accountability. Explainability refers to the ability to describe, in terms that are understandable to relevant stakeholders, how an AI system processes inputs, applies learned patterns, and arrives at specific outputs, predictions, recommendations, or decisions. The level and type of explanation required shall be proportionate to the significance of the decision, the potential impact on individuals, the regulatory requirements applicable to the use case, and the technical literacy of the intended audience. ThinkFirm shall implement appropriate explainability techniques, which may include feature importance analysis (SHAP values, LIME, permutation importance), decision path visualization, counterfactual explanations, attention mechanism analysis, rule extraction, model distillation, natural language explanations, and interactive explanation interfaces.

ThinkFirm recognizes that certain advanced AI techniques, including deep neural networks, ensemble methods, and large language models, may produce outputs that are inherently difficult to explain at a granular, step-by-step level due to the complexity and dimensionality of the underlying computations. In such cases, ThinkFirm shall implement alternative transparency measures, which may include providing general descriptions of system behavior and capabilities, documenting known limitations, failure modes, and edge cases, publishing aggregate performance metrics and fairness assessments, maintaining detailed model cards and datasheets, conducting independent audits and assessments, and offering post-hoc explanations and approximate interpretations of individual decisions. Where a fully transparent and explainable AI system is not feasible for a given use case, ThinkFirm shall implement compensating controls, including enhanced human oversight, more frequent monitoring, and additional safeguards to mitigate the risks associated with reduced transparency.

6. Accountability and Governance Structure

ThinkFirm maintains a comprehensive AI governance structure designed to ensure clear accountability, effective oversight, and consistent application of this Policy across all AI activities. Governance responsibility for AI is distributed across multiple organizational levels, with ultimate accountability residing with ThinkFirm's senior leadership and specific operational responsibilities assigned to designated roles, functions, and committees. ThinkFirm's AI governance structure is designed to be proportionate to the scale, complexity, and risk profile of its AI activities, and shall be reviewed and updated periodically to reflect changes in the organization's AI portfolio, risk landscape, and regulatory environment.

ThinkFirm's senior leadership, including the Managing Director and executive team, bears ultimate accountability for the Company's AI strategy, governance framework, risk appetite, and compliance posture. Senior leadership is responsible for setting the strategic direction for AI adoption, approving the AI Policy and material updates thereto, allocating resources for AI governance and compliance activities, establishing the organizational culture and tone from the top regarding responsible AI, reviewing periodic reports on AI governance performance and risk exposure, and ensuring that AI activities are aligned with the Company's overall business strategy, values, and ethical commitments. Senior leadership shall receive regular briefings on AI governance matters, emerging risks, regulatory developments, and significant incidents or issues.

ThinkFirm designates an AI Governance function responsible for the day-to-day implementation and oversight of this Policy. The AI Governance function is responsible for maintaining and updating the AI inventory (a comprehensive register of all AI systems deployed or under development by ThinkFirm); conducting and coordinating AI risk assessments and impact analyses; reviewing and approving AI deployments based on risk classification and governance requirements; monitoring AI system performance, fairness, and compliance on an ongoing basis; coordinating AI audits, reviews, and assessments (both internal and external); managing AI-related incidents, complaints, and escalations; developing and delivering AI governance training and awareness programs; advising business units and project teams on AI governance requirements; tracking and assessing regulatory developments and emerging standards related to AI; and reporting to senior leadership on AI governance activities, findings, and recommendations.

All ThinkFirm personnel involved in the development, procurement, deployment, operation, or oversight of AI systems bear individual accountability for complying with this Policy and for ensuring that AI systems within their area of responsibility are developed and operated in accordance with applicable ethical principles, governance standards, and legal requirements. Project managers, team leads, data scientists, engineers, product owners, and business stakeholders are collectively responsible for identifying and escalating AI-related risks, ensuring that governance requirements are incorporated into project plans and development workflows, participating in AI risk assessments and impact analyses, maintaining appropriate documentation and audit trails, and reporting potential violations, incidents, or concerns to the AI Governance function. ThinkFirm shall not penalize or retaliate against any individual who, in good faith, raises concerns about AI ethics, fairness, safety, or compliance with this Policy.

7. Risk Assessment and Classification

ThinkFirm employs a risk-based approach to AI governance, recognizing that not all AI systems present the same level of risk and that governance measures should be proportionate to the potential impact and likelihood of harm. All AI systems developed, procured, or deployed by ThinkFirm shall undergo a structured risk assessment process prior to deployment and at regular intervals throughout their operational lifecycle. The risk assessment process is designed to identify, evaluate, and prioritize risks associated with each AI system, and to determine the appropriate level of governance, oversight, and controls required.

ThinkFirm classifies AI systems into risk tiers based on a multi-dimensional assessment of potential harm, considering factors including: the nature and sensitivity of the data processed by the AI system; the type and significance of decisions made or supported by the system; the potential impact on individuals' rights, freedoms, safety, health, financial well-being, and access to essential services; the scale of deployment (number of individuals affected, geographic scope, frequency of use); the degree of human oversight and intervention capability; the reversibility of decisions and actions taken based on AI outputs; the vulnerability of affected populations (children, elderly, disabled persons, marginalized communities); the regulatory and legal requirements applicable to the use case and jurisdiction; and the maturity and reliability of the underlying AI technology. AI systems shall be classified as minimal risk, limited risk, high risk, or unacceptable risk, with corresponding governance requirements, controls, and oversight mechanisms applied at each tier.

High-risk AI systems — defined as those that may significantly affect individuals' legal rights, financial standing, employment, health, safety, education, housing, insurance, or access to essential public services — are subject to the most rigorous governance requirements under this Policy. Such systems shall undergo a comprehensive AI Impact Assessment (AIIA) prior to deployment, which shall evaluate the system's purpose, functionality, and intended use; the categories of data processed and the sources of training data; the potential for bias, discrimination, and unfair outcomes; the transparency and explainability of the system's decision-making process; the human oversight and intervention mechanisms in place; the security, reliability, and robustness of the system; the potential for misuse, dual-use, or unintended consequences; the legal and regulatory compliance posture; and the stakeholder engagement and redress mechanisms available to affected individuals. High-risk AI systems shall not be deployed without the explicit approval of the AI Governance function and, where warranted by the risk profile, the review and endorsement of senior leadership.

ThinkFirm shall not develop, deploy, or operate AI systems classified as unacceptable risk, which include but are not limited to: AI systems designed to manipulate, deceive, or exploit individuals through subliminal, deceptive, or coercive techniques that undermine their autonomy and informed decision-making; social scoring systems that evaluate individuals based on their social behavior or personal characteristics in ways that lead to unjustified or disproportionate adverse treatment; real-time biometric identification systems used for mass surveillance in publicly accessible spaces (except where required by law and subject to appropriate safeguards); AI systems that exploit the vulnerabilities of specific groups, including children, elderly persons, and persons with disabilities; and any AI application that poses a clear and significant risk to fundamental rights, public safety, or democratic values. ThinkFirm reserves the right to expand this list of prohibited applications as new risks and use cases emerge.

8. Data Quality, Privacy, and Security in AI

ThinkFirm recognizes that the quality, integrity, representativeness, and security of data used in AI systems are critical determinants of system performance, fairness, reliability, and trustworthiness. Data is the foundational input upon which AI systems learn, generate patterns, and produce outputs, and deficiencies in data quality can propagate and amplify through the AI pipeline, resulting in inaccurate, biased, unreliable, or harmful outputs. ThinkFirm is committed to maintaining rigorous data governance standards in connection with its AI activities, and to ensuring that data used in AI systems meets the highest practicable standards of quality, integrity, and fitness for purpose.

ThinkFirm shall implement comprehensive data quality assurance processes for AI training, validation, and testing data, including assessments of data accuracy (correctness and precision of data values), completeness (absence of missing values or gaps), consistency (uniformity across data sources and time periods), timeliness (currency and relevance of data to the intended use case), representativeness (adequate representation of all relevant populations, subgroups, and scenarios), provenance (documented origin, lineage, and transformation history of data), and labeling quality (accuracy, consistency, and inter-annotator agreement for labeled datasets). Where data quality deficiencies are identified, ThinkFirm shall implement appropriate remediation measures, which may include data cleaning, imputation, augmentation, re-collection, re-labeling, or selection of alternative data sources, and shall document the nature, extent, and potential impact of any known data quality limitations.

All AI-related data processing activities shall comply with ThinkFirm's Privacy Policy, applicable data protection legislation (including UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, the EU General Data Protection Regulation, the California Consumer Privacy Act, and other applicable frameworks), and established data governance standards. ThinkFirm shall apply data minimization principles to AI activities, collecting and processing only the data that is necessary and proportionate for the specified purpose, and shall avoid the use of sensitive personal data (including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, and data concerning sex life or sexual orientation) in AI training and processing unless there is a clear, lawful, and justified basis for such processing and appropriate safeguards are in place.

ThinkFirm shall implement robust security measures to protect AI systems, models, training data, and outputs from unauthorized access, tampering, theft, poisoning, extraction, and other adversarial attacks. Security measures shall include access controls and authentication for AI development and production environments; encryption of data at rest and in transit; secure model storage, versioning, and deployment pipelines; monitoring and logging of access to AI systems and data; vulnerability scanning, penetration testing, and red-teaming of AI systems; protection against data poisoning attacks (manipulation of training data to compromise model integrity), model inversion attacks (extraction of training data from model parameters), adversarial input attacks (crafted inputs designed to cause misclassification or erroneous outputs), and model extraction attacks (unauthorized replication of model functionality); and incident response procedures specific to AI security events. ThinkFirm shall regularly assess and update its AI security measures in response to evolving threats, vulnerabilities, and best practices in AI security research.

9. Human Oversight and Autonomous Decision-Making

ThinkFirm maintains the fundamental principle that AI systems should serve as tools to augment, inform, and enhance human decision-making, and that meaningful human oversight must be maintained over AI-driven processes, particularly where those processes affect individuals' rights, interests, opportunities, or well-being. The nature and extent of human oversight required shall be proportionate to the risk classification of the AI system, the significance of the decisions being made or supported, the potential impact on affected individuals, and the applicable legal and regulatory requirements. ThinkFirm is committed to ensuring that human oversight is not merely nominal or performative, but constitutes genuine, informed, and effective review and control of AI system behavior and outputs.

For high-risk AI systems, ThinkFirm shall implement a "human-in-the-loop" (HITL) or "human-on-the-loop" (HOTL) approach, as appropriate to the context and risk profile of the system. Under a HITL approach, a qualified human reviewer is directly involved in each decision cycle, reviewing AI recommendations, exercising independent judgment, and making the final decision. Under a HOTL approach, a qualified human reviewer monitors the AI system's operation in real-time or near-real-time, with the ability to intervene, override, or halt the system's operation at any point. In both cases, the human reviewer shall have access to sufficient information to understand the basis for the AI system's recommendation, the confidence level of the output, the key factors influencing the recommendation, and any flagged uncertainties, anomalies, or potential concerns. Human reviewers shall be trained, qualified, and authorized to exercise independent judgment and to override or reverse AI recommendations where they determine that such action is warranted.

ThinkFirm shall implement safeguards to ensure that human oversight mechanisms are effective and not undermined by automation bias (the tendency to over-rely on automated outputs), alert fatigue (desensitization to system-generated warnings due to excessive or false alerts), time pressure (insufficient time allocated for meaningful review), informational asymmetry (lack of access to relevant contextual information), or organizational pressure (cultural or hierarchical expectations to accept AI recommendations without critical evaluation). Safeguards may include rotation of human reviewers, mandatory review time allocations, cognitive debiasing training, independent quality assurance checks, random sampling and audit of reviewed decisions, feedback mechanisms for reviewers to report concerns, and organizational culture initiatives that reinforce the value and importance of human oversight.

ThinkFirm shall not deploy fully autonomous AI decision-making (AI systems that make decisions without any human review, intervention, or override capability) in high-risk contexts unless such deployment is specifically required by law, authorized by the client under an explicit contractual provision, and subject to compensating controls including enhanced monitoring, automated safeguards, kill-switch mechanisms, comprehensive audit logging, and regular post-deployment review. Where individuals are subject to AI-driven decisions that produce legal effects or similarly significant effects, ThinkFirm shall ensure that those individuals have the right to request and obtain meaningful human review of the decision, to be informed of the factors and logic that contributed to the decision, to express their point of view and contest the decision, and to receive a reasoned response to their challenge, all in accordance with applicable data protection legislation and the principles set forth in this Policy.

10. Robustness, Reliability, and Safety

ThinkFirm is committed to ensuring that its AI systems are robust, reliable, and safe throughout their operational lifecycle. Robustness refers to the ability of an AI system to maintain acceptable performance and behavior when confronted with unexpected inputs, edge cases, distribution shifts, adversarial perturbations, and other challenging conditions that deviate from the system's training distribution or expected operating environment. Reliability refers to the consistency and predictability of an AI system's performance over time and across different contexts, users, and deployment configurations. Safety refers to the assurance that an AI system does not cause or contribute to physical, psychological, financial, or other forms of harm to individuals, organizations, or the broader environment.

ThinkFirm shall implement comprehensive testing and validation procedures for all AI systems prior to deployment and on an ongoing basis thereafter. Testing procedures shall include functional testing (verification that the system performs its intended function correctly), performance testing (assessment of accuracy, precision, recall, F1 score, and other relevant performance metrics on representative evaluation datasets), stress testing (evaluation of system behavior under extreme or boundary conditions), adversarial testing (assessment of system resilience against deliberately crafted adversarial inputs designed to cause misclassification, evasion, or exploitation), regression testing (verification that updates or changes to the system do not degrade existing performance or introduce new defects), A/B testing and shadow mode deployment (comparison of AI system outputs against human decisions or baseline systems), and user acceptance testing (validation of system usability, output quality, and fitness for purpose by end users and domain experts).

ThinkFirm shall implement fallback mechanisms and graceful degradation strategies for AI systems, ensuring that in the event of system failure, unexpected behavior, or performance degradation, the impact on users and downstream processes is minimized. Fallback mechanisms may include automatic reversion to rule-based or manual decision-making processes, default-safe outputs that minimize potential harm, circuit breaker mechanisms that halt system operation when anomalous behavior is detected, escalation procedures that route uncertain or high-risk cases to human reviewers, redundant systems and failover configurations, and comprehensive error handling and recovery procedures. AI systems shall be designed to fail safely and predictably, with clear communication to users and operators when the system is operating in a degraded mode or when confidence in outputs falls below acceptable thresholds.

ThinkFirm shall maintain comprehensive incident management procedures for AI-related incidents, including but not limited to unexpected system behavior, performance degradation, biased or discriminatory outputs, security breaches affecting AI systems or data, data quality issues affecting model performance, and any event that results in or has the potential to result in harm to individuals or organizations. AI incidents shall be reported, investigated, documented, and remediated in accordance with established incident response procedures, and lessons learned shall be captured and incorporated into AI governance practices, development processes, and training programs. Significant AI incidents shall be escalated to the AI Governance function and, where warranted, to senior leadership, regulatory authorities, and affected stakeholders in accordance with applicable legal notification requirements and ThinkFirm's own escalation protocols.

11. Intellectual Property and AI-Generated Outputs

ThinkFirm's AI systems, including all models, algorithms, architectures, training methodologies, datasets, configurations, weights, parameters, embeddings, fine-tuning approaches, prompt engineering techniques, evaluation frameworks, and related documentation, constitute the proprietary intellectual property of ThinkFirm and are protected under applicable intellectual property laws, trade secret protections, and the confidentiality provisions set forth in ThinkFirm's Terms and Conditions. Users, clients, and third parties are prohibited from reverse engineering, extracting, replicating, or otherwise attempting to derive the structure, parameters, training data, or proprietary methodologies of ThinkFirm's AI systems without express written authorization from ThinkFirm.

Outputs generated by ThinkFirm's AI systems, including but not limited to text, reports, analyses, recommendations, predictions, risk scores, code, visualizations, and other content produced through AI processing, are subject to the intellectual property provisions set forth in ThinkFirm's Terms and Conditions and any applicable client engagement agreements. Users acknowledge that AI-generated outputs may incorporate patterns, knowledge, and insights derived from ThinkFirm's proprietary training data, methodologies, and domain expertise, and that the intellectual property status of AI-generated content is subject to evolving legal frameworks and may vary across jurisdictions. ThinkFirm reserves all rights in its AI-generated outputs except to the extent that specific usage rights are expressly granted under a written agreement.

ThinkFirm is committed to respecting the intellectual property rights of third parties in connection with its AI activities. ThinkFirm shall implement reasonable measures to ensure that training data used in its AI systems is obtained through lawful means and in compliance with applicable licensing terms, copyright restrictions, and data use agreements. Where ThinkFirm utilizes open-source AI tools, pre-trained models, or third-party datasets, it shall comply with applicable license terms and conditions, including attribution requirements, restrictions on commercial use, and copyleft obligations. ThinkFirm shall maintain records of the provenance and licensing terms of significant datasets, pre-trained models, and third-party components used in its AI systems.

Users and clients who receive AI-generated outputs from ThinkFirm are advised that such outputs are provided for informational and advisory purposes only and should be independently reviewed, validated, and verified before being relied upon for decision-making, publication, legal filings, regulatory submissions, or any other consequential purpose. ThinkFirm does not warrant the originality, accuracy, completeness, or fitness for any particular purpose of AI-generated outputs, and disclaims all liability for any consequences arising from the use, reproduction, distribution, or publication of such outputs, including claims of intellectual property infringement, factual inaccuracy, or misleading content. Users acknowledge that generative AI systems may produce outputs that inadvertently resemble existing copyrighted works, contain factual errors or fabricated information (commonly referred to as "hallucinations"), or reflect biases present in training data, and that such risks are inherent in the current state of generative AI technology.

12. Third-Party AI Systems and Vendor Management

ThinkFirm may procure, integrate, or utilize AI systems, models, APIs, tools, platforms, and services developed or provided by third-party vendors, including commercial AI providers, open-source communities, cloud platform providers, and specialized AI startups. The use of third-party AI systems is subject to the same governance principles, ethical standards, and risk management requirements set forth in this Policy, and ThinkFirm shall implement appropriate due diligence, contractual, and monitoring measures to ensure that third-party AI systems meet ThinkFirm's governance expectations and do not introduce unacceptable risks to the organization, its clients, or affected individuals.

Prior to procuring or deploying a third-party AI system, ThinkFirm shall conduct a risk-proportionate due diligence assessment that evaluates the vendor's AI governance practices, ethical commitments, and compliance posture; the system's technical architecture, capabilities, limitations, and known risks; the quality, provenance, and representativeness of the vendor's training data; the system's performance metrics, fairness assessments, and bias testing results; the system's transparency, explainability, and auditability features; the vendor's data handling, privacy, and security practices; the vendor's incident response, vulnerability management, and update procedures; the contractual terms, service level agreements, and liability provisions; and any relevant certifications, audits, or independent assessments of the vendor or system. The depth and rigor of due diligence shall be proportionate to the risk classification of the intended use case and the potential impact on ThinkFirm's operations, clients, and stakeholders.

ThinkFirm shall include appropriate AI governance provisions in its contracts and agreements with third-party AI vendors, which may include requirements for transparency regarding system capabilities, limitations, and known biases; commitments to provide explainability and interpretability features; obligations to notify ThinkFirm of material changes to the system, including model updates, data source changes, and performance degradations; cooperation with ThinkFirm's audit, testing, and monitoring activities; compliance with applicable data protection, privacy, and security requirements; incident notification and response obligations; indemnification for losses arising from system defects, biases, or security breaches; and provisions for data portability, model portability, and transition support upon termination of the relationship.

ThinkFirm shall implement ongoing monitoring and periodic reassessment of third-party AI systems to ensure continued compliance with governance requirements and to identify any emerging risks, performance degradations, or policy deviations. Monitoring activities may include regular performance and fairness evaluations, review of vendor-provided system updates and release notes, participation in vendor advisory boards or user groups, tracking of publicly reported incidents or vulnerabilities affecting the vendor or system, and periodic repetition of the initial due diligence assessment. Where a third-party AI system is found to be non-compliant with ThinkFirm's governance requirements or to present unacceptable risks, ThinkFirm shall take appropriate remedial action, which may include requesting corrective measures from the vendor, implementing compensating controls, restricting the system's scope of use, or discontinuing use of the system entirely.

13. Monitoring, Auditing, and Continuous Improvement

ThinkFirm is committed to the continuous monitoring, evaluation, and improvement of its AI systems and governance practices. AI systems are not static artifacts but dynamic systems whose performance, fairness, security posture, and alignment with intended objectives may evolve over time due to changes in input data distributions, user behavior patterns, operating environments, organizational needs, and external factors. Effective AI governance therefore requires ongoing vigilance, proactive monitoring, and a commitment to iterative refinement based on empirical evidence, stakeholder feedback, and emerging best practices.

ThinkFirm shall implement continuous monitoring mechanisms for all deployed AI systems, with the scope, frequency, and intensity of monitoring proportionate to the risk classification of the system. Monitoring activities shall include tracking of key performance indicators (accuracy, precision, recall, latency, throughput, availability), fairness metrics (demographic parity, equalized odds, calibration across subgroups), data drift detection (statistical monitoring of input data distributions to identify shifts from training data), concept drift detection (monitoring of the relationship between inputs and outputs to identify changes in underlying patterns), output quality assessment (sampling and evaluation of AI outputs for accuracy, relevance, and appropriateness), user feedback collection and analysis, incident and anomaly tracking, security event monitoring, and compliance status assessment. Monitoring results shall be documented, analyzed, and reported to the AI Governance function and, where warranted, to senior leadership and relevant stakeholders.

ThinkFirm shall conduct periodic audits of its AI systems and governance practices, both through internal audit activities and, where appropriate, through independent external audits conducted by qualified third-party assessors. AI audits shall evaluate compliance with this Policy and applicable legal and regulatory requirements; the effectiveness of governance structures, processes, and controls; the performance, fairness, and reliability of AI systems; the quality and security of AI-related data; the adequacy of human oversight mechanisms; the effectiveness of transparency and explainability measures; the completeness and accuracy of documentation and audit trails; and the organization's overall AI risk posture and maturity. Audit findings shall be documented, communicated to relevant stakeholders, and addressed through formal corrective action plans with defined timelines and accountability.

ThinkFirm is committed to a culture of continuous improvement in its AI governance practices and shall actively engage with the broader AI ethics and governance community to stay abreast of emerging research, standards, frameworks, and best practices. ThinkFirm shall regularly review and update this Policy, its AI governance procedures, risk assessment methodologies, fairness testing frameworks, and monitoring practices in response to advances in AI technology and research, evolving regulatory and legal requirements (including the EU AI Act, NIST AI Risk Management Framework, ISO/IEC 42001, IEEE Ethically Aligned Design, and other emerging standards), lessons learned from internal and external AI incidents, stakeholder feedback and engagement outcomes, and changes in ThinkFirm's business strategy, service offerings, and AI portfolio. Updates to this Policy shall be approved by senior leadership and communicated to all relevant personnel, contractors, and partners.

14. Training, Awareness, and Competency

ThinkFirm recognizes that effective AI governance depends not only on policies, processes, and technical controls, but also on the knowledge, skills, awareness, and ethical judgment of the individuals who design, develop, deploy, operate, oversee, and make decisions based on AI systems. ThinkFirm is committed to investing in the continuous development of AI literacy, ethical competency, and governance awareness across the organization, and to fostering a culture in which responsible AI practices are understood, valued, and embedded in daily operations.

ThinkFirm shall provide mandatory AI governance training to all personnel whose roles involve the development, procurement, deployment, operation, oversight, or use of AI systems. Training programs shall cover the core principles and requirements of this AI Policy; the ethical principles underlying responsible AI, including fairness, transparency, accountability, and human oversight; the risks and limitations of AI technologies, including bias, discrimination, explainability challenges, security vulnerabilities, and potential for misuse; the specific governance requirements applicable to the individual's role and responsibilities; the procedures for conducting AI risk assessments, impact analyses, and fairness evaluations; the organization's AI incident reporting, escalation, and response procedures; the applicable legal and regulatory framework for AI, including data protection requirements; and practical case studies and scenarios illustrating ethical dilemmas and governance challenges in AI contexts.

Training programs shall be tailored to the roles, responsibilities, and technical expertise of the target audience. Technical personnel (data scientists, ML engineers, AI architects) shall receive in-depth training on bias detection and mitigation techniques, fairness metrics, explainability methods, adversarial robustness, secure AI development practices, and model validation and testing methodologies. Business and operational personnel shall receive training focused on the responsible use and interpretation of AI outputs, the importance of human oversight, the limitations of AI-driven recommendations, and the procedures for escalating concerns and requesting human review. Senior leadership shall receive training focused on AI strategy, governance oversight, risk appetite, regulatory trends, and organizational accountability for AI outcomes.

ThinkFirm shall assess the effectiveness of its AI governance training programs through regular evaluations, including knowledge assessments, scenario-based exercises, feedback surveys, and analysis of governance compliance metrics and incident trends. Training content shall be updated regularly to reflect changes in this Policy, emerging technologies and use cases, evolving regulatory requirements, lessons learned from internal and external incidents, and feedback from participants and stakeholders. ThinkFirm shall maintain records of all AI governance training activities, including participant attendance, content covered, assessment results, and completion status, and shall use these records to identify training gaps and improvement opportunities.

15. Regulatory Compliance and Legal Framework

ThinkFirm is committed to ensuring that its AI activities comply with all applicable laws, regulations, standards, and regulatory guidance in the jurisdictions in which it operates and provides services. The regulatory landscape for AI is rapidly evolving, with new legislation, regulatory frameworks, and industry standards emerging at national, regional, and international levels. ThinkFirm shall maintain an active awareness of regulatory developments affecting AI governance and shall adapt its policies, practices, and procedures as necessary to ensure continued compliance and alignment with regulatory expectations.

In the United Arab Emirates, ThinkFirm's AI activities are conducted in compliance with applicable federal and local legislation, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its implementing regulations, applicable cybersecurity regulations and standards issued by relevant authorities, industry-specific regulations applicable to ThinkFirm's clients and service sectors, and any AI-specific legislation, guidelines, or standards issued by UAE federal or local authorities, including the UAE National Strategy for Artificial Intelligence 2031, the Dubai AI Principles, and the Abu Dhabi AI Strategy. ThinkFirm monitors regulatory developments through engagement with regulatory bodies, participation in industry associations and working groups, legal advisory services, and continuous scanning of legislative and regulatory publications.

Where ThinkFirm provides AI-related services to clients in other jurisdictions or processes data subject to the laws of other countries, ThinkFirm shall consider and, to the extent commercially reasonable and operationally practicable, comply with the relevant requirements of international AI governance frameworks, including but not limited to: the European Union Artificial Intelligence Act (EU AI Act) and its implementing and delegated acts; the OECD Principles on AI; the G7 Hiroshima Process International Code of Conduct for Organizations Developing Advanced AI Systems; the NIST AI Risk Management Framework (AI RMF); the ISO/IEC 42001 standard for AI Management Systems; the IEEE Ethically Aligned Design framework; the Singapore Model AI Governance Framework; the Canadian Directive on Automated Decision-Making; and any other applicable national, regional, or industry-specific AI governance requirements relevant to ThinkFirm's operations and client engagements.

ThinkFirm shall cooperate with regulatory authorities, supervisory bodies, and law enforcement agencies in connection with inquiries, investigations, or audits relating to AI governance, data protection, cybersecurity, or other regulatory matters. ThinkFirm shall maintain adequate records, documentation, and audit trails to demonstrate compliance with applicable legal and regulatory requirements, and shall make such records available to competent authorities upon lawful request. Where ThinkFirm identifies actual or potential non-compliance with applicable AI-related legal or regulatory requirements, it shall promptly investigate the matter, implement appropriate corrective actions, and, where required by law or regulation, notify the relevant regulatory authority and affected individuals within the timeframes prescribed by applicable law.

16. Stakeholder Engagement and Redress

ThinkFirm is committed to meaningful engagement with stakeholders affected by or interested in its AI activities, recognizing that inclusive dialogue, diverse perspectives, and constructive feedback are essential to responsible AI governance. Stakeholders include, but are not limited to: clients and end users of AI-powered services; employees and job applicants; business partners, vendors, and service providers; regulatory authorities and policymakers; industry associations and standards bodies; academic and research institutions; civil society organizations and advocacy groups; and members of the public who may be affected by ThinkFirm's AI systems. ThinkFirm shall create and maintain channels for stakeholders to provide feedback, raise concerns, and seek information about ThinkFirm's AI activities, and shall consider stakeholder input in the development, review, and refinement of its AI governance practices.

ThinkFirm shall provide accessible and effective mechanisms for individuals who believe they have been adversely affected by an AI-driven decision made by or on behalf of ThinkFirm to seek review, explanation, and redress. Individuals may submit a complaint or request for review by contacting ThinkFirm at [email protected] with the subject line "AI Inquiry" and providing a description of the AI-driven decision or action at issue, the nature of the concern or perceived adverse impact, any relevant supporting information or documentation, and the specific remedy or resolution being sought. ThinkFirm shall acknowledge receipt of such requests within five (5) business days and shall endeavor to provide a substantive response, including the outcome of any review and the rationale for the determination, within thirty (30) calendar days, subject to the complexity of the matter and any applicable legal or regulatory requirements.

Where an individual's complaint reveals a legitimate concern regarding bias, discrimination, unfair treatment, or other governance failure in an AI system, ThinkFirm shall investigate the matter promptly and thoroughly, implement appropriate remedial measures (which may include correcting the individual decision, modifying the AI system, updating training data, revising governance procedures, or other actions as warranted), communicate the outcome and any remedial actions to the complainant, and incorporate lessons learned into its AI governance practices to prevent recurrence. ThinkFirm shall not penalize, disadvantage, or retaliate against any individual who, in good faith, raises a concern about the fairness, accuracy, or appropriateness of an AI-driven decision.

ThinkFirm shall engage proactively with the broader AI governance community through participation in industry forums, standards development organizations, multi-stakeholder initiatives, academic research collaborations, and public consultations on AI policy and regulation. ThinkFirm recognizes that responsible AI governance is a collective endeavor that benefits from the sharing of knowledge, experiences, and best practices across organizations, sectors, and jurisdictions. ThinkFirm shall contribute its expertise and perspective to the advancement of responsible AI practices while maintaining the confidentiality of proprietary information and the privacy of individuals in accordance with applicable policies and legal obligations.

17. Environmental Sustainability of AI

ThinkFirm acknowledges the significant and growing environmental footprint of artificial intelligence, particularly in relation to the computational resources required for training large-scale models, running inference workloads, and maintaining the data center infrastructure that supports AI operations. The training of a single large language model can consume energy equivalent to the lifetime emissions of multiple automobiles, and the aggregate energy consumption of AI workloads globally is projected to grow substantially in the coming years. ThinkFirm is committed to understanding, measuring, and reducing the environmental impact of its AI activities as part of its broader commitment to corporate social responsibility and environmental sustainability.

ThinkFirm shall consider the environmental impact of AI systems as a factor in procurement, design, and deployment decisions. Where multiple approaches or architectures can achieve comparable performance, ThinkFirm shall favor options that offer lower energy consumption, reduced carbon emissions, and more efficient use of computational resources. Specific measures may include selecting appropriately sized models that balance performance with computational efficiency (avoiding unnecessary use of oversized models for tasks that can be effectively addressed by smaller, more efficient alternatives); utilizing efficient training techniques such as transfer learning, knowledge distillation, model pruning, quantization, and sparse architectures to reduce computational requirements; selecting cloud infrastructure providers and data center locations that utilize renewable energy sources and maintain strong sustainability credentials; implementing caching, batching, and other optimization strategies to reduce redundant computation; monitoring and reporting the energy consumption and carbon footprint of significant AI workloads; and decommissioning AI systems that are no longer needed or that have been superseded by more efficient alternatives.

ThinkFirm shall integrate environmental sustainability considerations into its AI risk assessment and governance processes, and shall include environmental impact as a dimension of AI system documentation and reporting. ThinkFirm shall stay informed of emerging tools, methodologies, and standards for measuring and reporting the environmental impact of AI (such as the ML CO2 Impact calculator, CodeCarbon, and emerging ISO standards on AI environmental sustainability), and shall adopt such tools and standards as they mature and become established. ThinkFirm recognizes that environmental sustainability in AI is a rapidly evolving area and is committed to continuous improvement in its practices as new knowledge, tools, and best practices become available.

18. Policy Updates and Contact Information

ThinkFirm reserves the right to modify, amend, update, supplement, or replace this AI Policy at any time and from time to time, at its sole discretion, to reflect changes in ThinkFirm's AI activities, governance practices, technological capabilities, business operations, risk landscape, regulatory environment, or stakeholder expectations. Updated versions of this Policy will become effective immediately upon publication on ThinkFirm's website or other designated platform, unless a different effective date is specified. The "Last Updated" date at the top of this Policy indicates the date of the most recent revision. ThinkFirm shall communicate material changes to this Policy to all relevant personnel, contractors, and partners through appropriate internal communication channels and training programs.

For any inquiries, concerns, feedback, or communications regarding this AI Policy, ThinkFirm's AI governance practices, the use of AI systems in ThinkFirm's services, or any other matter related to ThinkFirm's AI activities, users and stakeholders may contact the Company through the following channel:

ThinkFirm Information Technology Consultancy L.L.C
Email: [email protected]
Subject Line: AI Policy Inquiry — [Brief Description of Request]

To facilitate the efficient handling of inquiries, users are encouraged to include the following information: full legal name and contact details; organization name and title (if applicable); the specific section or provision of this Policy to which the inquiry relates; a clear and specific description of the inquiry, concern, or request; any relevant reference numbers, dates, or supporting documentation; and the specific action or resolution being sought. ThinkFirm will make commercially reasonable efforts to acknowledge receipt of inquiries within five (5) business days and to provide a substantive response within thirty (30) calendar days, subject to the complexity and nature of the request.

All communications sent to ThinkFirm regarding this AI Policy may be recorded, stored, and processed in accordance with ThinkFirm's Privacy Policy. Users acknowledge that contacting ThinkFirm does not create any attorney-client relationship, fiduciary duty, contractual obligation, or guarantee of response, resolution, or specific outcome, and that all interactions remain subject to the terms, conditions, limitations, and disclaimers outlined in ThinkFirm's Terms and Conditions and this AI Policy.