Microsoft’s approach to responsible AI is built around a clear idea: people will not use technology they do not trust. To earn that trust, Microsoft keeps humans at the center of how AI is designed, developed, and deployed.

Since 2016, Microsoft has grounded its AI work in six core principles, formally adopted in 2018:

• Fairness
• Reliability and safety
• Privacy and security
• Inclusiveness
• Transparency
• Accountability

These principles act as a “North Star” whenever new AI capabilities or risks emerge. They shape policies, tools, and day-to-day practices across the company.

To operationalize these principles, Microsoft uses the NIST AI Risk Management Framework, which organizes work into four functions:

• Govern – define policies, roles, and responsibilities.
• Map – identify and understand AI risks.
• Measure – assess risks and the effectiveness of mitigations.
• Manage – implement and refine mitigations across the AI lifecycle.

In 2024, Microsoft expanded this approach to cover more modalities (such as images, audio, and video) and to support agentic, semi-autonomous systems, which are expected to be a major area of AI investment in 2025 and beyond.

Research and real-world experience also play a central role. Microsoft created the AI Frontiers lab to invest in core technologies that push AI capability, efficiency, and safety, and it continues to use insights from deployments and stakeholder feedback to refine governance practices over time.

Microsoft is treating AI risk and regulation as an ongoing governance challenge, not a one-time compliance exercise. The company has been investing in responsible AI for close to a decade, which has helped it move quickly as new rules and expectations emerge.

On the regulatory side, a major focus is the EU AI Act, which introduces uniform rules across EU Member States and applies to providers, deployers, distributors, and importers of AI systems whose outputs are used in the EU. Microsoft’s approach includes:

• Proactive, layered compliance planning – Cross-functional working groups (governance, engineering, legal, and public policy) review internal standards and practices against the final text of the Act and the emerging General Purpose AI (GPAI) Code of Practice.
• Screening for prohibited practices – Microsoft developed targeted questions to identify whether any AI system could fall into banned categories (such as social scoring or real-time biometric identification). These questions are built into a central responsible AI workflow tool and used both for existing and new systems.
• Contract and policy updates – Customer contracts, including the Microsoft Enterprise AI Services Code of Conduct, now explicitly prohibit uses like social scoring. Internally, Microsoft created new restricted uses and updated marketing and sales guidance so that general-purpose AI technologies are not positioned for prohibited scenarios.
• Model-level requirements and automation – New policy requirements help product teams understand what evaluations, documentation, and disclosures are needed for GPAI models. Microsoft is integrating its responsible AI workflow with model training infrastructure to automatically capture training details for transparency and reporting.

Microsoft is also active in shaping practical governance approaches globally. It participates in multistakeholder efforts around the EU AI Act’s GPAI Code of Practice and engages with the EU’s AI Office and Member State authorities to share implementation insights and advocate for efficient, interoperable outcomes.

For customers, this work translates into:

• Resources and materials to help them innovate in line with relevant regulations.
• Clear usage boundaries through codes of conduct and restricted-use policies.
• Tools for risk management that support compliance, documentation, and testing.

Survey data from the IDC Microsoft Responsible AI Survey highlights why this matters: over 30% of respondents cited lack of governance and risk management solutions as the top barrier to adopting and scaling AI, while more than 75% of those using responsible AI tools for risk management reported benefits in areas like data privacy, customer experience, confident decision-making, brand reputation, and trust.

Microsoft has built a structured governance ecosystem to make responsible AI part of everyday work, not just a set of high-level principles.

At the policy level, the foundation is the Responsible AI Standard:

• First developed in 2019 and publicly released in 2022.
• Acts as an internal playbook for building AI systems aligned with Microsoft’s six AI principles.
• Continuously updated as new capabilities, risks, and regulations emerge.

For generative AI, Microsoft formalized specific internal requirements in 2023 and refined them in 2024, including new policies for model development and deployment. A key addition is the Frontier Governance Framework, shared publicly in February 2025. This framework:

• Originated from voluntary Frontier AI Safety Commitments made with 15 other AI organizations in May 2024.
• Monitors emerging advanced model capabilities that could be misused to threaten national security or create at-scale public safety risks.
• Defines processes for assessing and mitigating these risks so frontier models can be deployed in a secure, trustworthy way.

To move from policy to practice, Microsoft uses a defined policy-to-implementation pipeline:

1. Intake – The Office of Responsible AI identifies and prioritizes new policy needs based on regulation, pre-deployment reviews, red teaming, product roadmaps, and incident monitoring.
2. Policy and tooling development – Policy experts, researchers, engineers, and legal teams co-develop guidance, while Responsible AI engineering builds supporting tools and technical instructions.
3. Review and launch – New policies and tools are reviewed, then rolled out with targeted communication so engineering teams understand expectations and available resources.

Organizationally, several groups play key roles:

• Executive leadership – The Responsible AI Council, led by senior executives including the Vice Chair and President and the CTO/EVP of AI, meets quarterly to oversee progress. The Board’s Environmental, Social, and Public Policy committee receives regular updates and provides guidance.
• Office of Responsible AI – Advises teams on legal and regulatory requirements, defines roles and processes, and leads oversight programs such as the Sensitive Uses and Emerging Technologies program, which focuses on high-impact and higher-risk AI uses (for example, in healthcare and the sciences).
• Responsible AI Governance Community – A network of responsible AI leaders and champions embedded across divisions, helping to embed a culture of proactive risk management.

On the tooling side, Microsoft has:

• Central responsible AI workflow tools that consolidate requirements from the Responsible AI Standard, support pre-deployment reviews, and keep screening questions (such as those related to EU AI Act prohibited practices) in one place.
• Internal workflow integrations that connect responsible AI processes with model training infrastructure, enabling automatic capture of training details and supporting transparency and documentation obligations.

Together, these structures, tools, and processes are designed to help Microsoft and its customers reimagine how AI is governed, while keeping risk management and trust at the center of AI innovation.