Documentation is the foundation of AI accountability. It is also where most organizations fail.
A hospital diagnostic tool misses a cancer diagnosis. The legal team investigates. They find no documentation of what data the model was trained on, no record of which physician approved each diagnosis, no audit log showing which model version was running on the day in question. The vendor says the model was updated three times since deployment. Nobody documented which version was live when the harm occurred.
Without documentation, accountability becomes impossible. This module teaches you to design the documentation systems that make accountability real — starting before deployment, not after something breaks.
Mercy General Hospital deployed an AI diagnostic tool for chest X-rays in 2022. The system helped radiologists identify early signs of pneumonia and other serious conditions. It was trained on 50,000 X-rays from a large teaching hospital database.
In November 2023, a 34-year-old woman came to the ED with chest pain. The AI flagged her scan as low-risk. The radiologist, trusting the score, reported the X-ray as normal. The woman left with a diagnosis of acid reflux and was sent home with antacids. Four months later, she returned to a different hospital with advanced pneumonia complicated by sepsis. A full workup revealed early lung cancer that had been missed on the original scan.
The patient sued. Mercy General's legal team opened an investigation. Here's what they found: no documentation of the training data source beyond "public database," no specifications for which radiologists trained on the tool, no version number recorded in the patient's chart showing which iteration of the model was in use that day, no audit log showing that anyone had reviewed the radiologist's decision before it was accepted, no record of when or how the model was validated against Mercy General's specific population.
The vendor said the model had been updated three times since deployment: a small tuning pass in March, a major retraining on additional data in July, and a patch for a discovered bias in September. Nobody at Mercy General knew which version had been live on the day of the diagnosis. The vendor's records showed deployment dates but not which version was active in which patient's chart.
The hospital's policy team, the radiologists, and the legal counsel all faced the same gap: there was no way to know what had gone wrong — or to explain to a jury why the decision-making process had been sound, because the decision-making process had never been documented.
AI accountability requires three types of documentation, each of which solves a specific problem. Without all three, you have a paper trail that doesn't actually trace anything.
A complete model card documents: what the system does, what data it was trained on (source, size, demographics, labeling process), what its accuracy is broken down by population, what it fails on, what version number it is, when it was created and last updated, who is responsible for it, and what its known limitations are. The model card is not marketing material — it is a technical specification. Any human who will be affected by this system should be able to read a model card and understand what they are trusting.
An audit log records every consequential decision the system makes and who approved it. In Mercy General's case, the audit log would show: patient identifier (de-identified), scan date, model version, AI output, physician name, physician's override (if any), final diagnosis, and timestamp. If something goes wrong, you can trace exactly which version of the system made the recommendation and which human had authority to override it. Without this, you have an AI system making decisions in a void.
Before an AI system deploys, someone must be named as responsible for each stage: development ownership (who built it, who validated it), deployment approval (who decided it was safe to use), operational monitoring (who watches for failures), and failure response (who handles it when something goes wrong). Not "the team" — named individuals with decision authority. When accountability is vague, accountability evaporates.
Documentation is not paperwork. Documentation is the structure that makes accountability real and legal liability traceable.
Before any AI system goes into production, three documentation pieces must be complete. If they are not, the system should not launch.
You should be able to produce a one-page summary of the training data: where it came from, how many examples, how it was labeled, who created the labels, what the demographic breakdown is, and what biases are known. If you cannot answer this question from memory, you do not know your system well enough to deploy it. If you can answer it but cannot document it, you have a liability problem.
Your audit log must record enough information that if something goes wrong, you can reconstruct: which version of the system made the recommendation, who had authority to override it, what they chose to do, and what the outcome was. If you cannot reconstruct this chain, you will not be able to defend your system in court — because you will not be able to prove what actually happened.
Who approved the model for deployment? Who monitors it in production? Who handles failures? Who decides whether to take it offline? These cannot be team decisions — they must be assigned to people with clear authority and accountability. Diffused responsibility is no responsibility.
If you cannot answer these three questions from your documentation, your system is not ready to deploy.