A Values-Anchored Framework for Trustworthy AI Conduct in Practice
Every NHS organisation already possesses the raw material of AI ethics: co-produced vision and values, developed with patients, carers, and staff. These documents are not aspirational posters. They encode what an organisation believes about dignity, safety, equity, and accountability.
This paper argues that sustainable AI governance in the NHS should begin there — and build upward. By mapping the established pillars of AI ethics onto existing organisational values, and then designing a runtime monitoring layer that accounts for real human behaviour rather than idealised compliance, NHS organisations can move from governance as language to governance as verifiable operation.
This is not a proposal to build new technology from scratch. It is a framework for using what exists more intelligently — and for being honest about where the gaps are.
The question for NHS AI governance is not 'Do we have a policy?' It is: 'Can we show, at the point of clinical action, that only admissible conduct occurred — and that human oversight was genuinely exercised, not merely performed?'
Most NHS AI governance frameworks are not inadequate. They are incomplete. They describe, document, audit, and reconstruct. What they rarely do is govern in real time — at the moment a clinical decision is made, a note is generated, or a triage recommendation is accepted.
This gap matters because the highest-risk moments in AI-assisted care are not detectable after the fact. They occur in the interaction between a clinician and an AI system: the acceptance without review, the override that does not happen, the recommendation followed without documented clinical reasoning.
Current frameworks typically provide:
What they rarely provide is a live, computable layer that can demonstrate — at the execution boundary — that human oversight was genuinely present, that the system behaved within approved parameters, and that specific patient populations were not disadvantaged by automation patterns.
A clinician who accepts an AI-generated clinical note in three seconds has technically completed the 'human in the loop' step. But they have not exercised clinical judgment. Governance that cannot distinguish performed compliance from real oversight produces a false sense of assurance — and a genuine safety exposure.
Every NHS organisation has co-produced values representing genuine engagement with patients, carers, clinical staff, and communities. For AI governance, they are the ethical ground truth — the answer to 'What does good look like here?' that no generic framework can answer. The translation requires no new values — only taking existing ones seriously as operational commitments.
| Organisational Value | AI Governance Implication |
|---|---|
| We listen | AI outputs must not override patient-expressed preferences. Review must include patient voice where it exists in the record. |
| We are compassionate | AI-assisted triage must not systematically deprioritise complex presentations or protected characteristics. |
| We take responsibility | Every AI-generated clinical action must have a named, accountable clinician. |
| We keep you safe | Any system that drifts from its approved safety case must trigger immediate review — not a quarterly report. |
| We work together | Governance is shared across clinical, operational, and patient leaders — not delegated to digital teams. |
International frameworks — WHO, OECD, NHS AI Lab — converge on consistent principles. These are not alternatives to Trust values; they are the vocabulary that lets values be operationalised in AI systems.
| Pillar | Commitment | Governance Question |
|---|---|---|
| Beneficence | AI benefits patients and populations | Net clinical benefit, including for underserved groups? |
| Non-maleficence | AI does not cause harm, including via inaction | Monitoring over-reliance and delayed review? |
| Autonomy | Patients and clinicians keep meaningful choice | Consent documented? Override meaningful? |
| Justice & Equity | AI does not widen inequalities | Performance disaggregated by ethnicity, deprivation? |
| Explicability | Decisions are understandable | Can a patient get a meaningful answer? |
| Accountability | Responsibility is clearly assigned | Named clinician for every AI-assisted action? |
This is the most neglected dimension of AI governance — and the most important. Every framework implicitly assumes a rational, attentive, unhurried clinician. This clinician does not exist at scale.
Clinicians systematically favour AI recommendations over their own judgment under time pressure — an effect stronger with confidence scores, fatigue, or a track record of accuracy. Governance that does not monitor for it is not monitoring the right thing.
When review becomes a workflow step rather than judgment, it loses its protective function. Time-on-task, amendment rates, and override patterns are behavioural proxies for genuine oversight — system-level safety signals, not disciplinary data.
A layer that fires too many alerts will be ignored. Alert mechanisms must be designed with clinical-decision-support discipline: precise, actionable, calibrated to interrupt only when it matters.
Clinicians under capacity pressure find the path of least resistance. Governance must make the compliant path the easiest path — by design, not discipline.
Automation bias compounds inequality. If a system performs better for some populations and clinicians defer disproportionately for others with sparser records, the result is a governance-invisible harm. Equity monitoring must be designed in from the start.
Four operational layers, built on a foundation that already exists in every NHS organisation.
A framework that does not acknowledge its own constraints is not a framework — it is a pitch.
Governance cannot monitor what it cannot see. Make interaction-level data a standard condition of NHS AI deployment contracts.
Trusts should not design this alone. Monitor AI performance disaggregated by ethnicity, age, deprivation, and gender — as a national minimum.
Live governance rules mapped to DCB0129/0160, led by the clinical safety community.