Who is Responsible? The Data, Models, Users or Regulations? A Comprehensive Survey on Responsible Generative AI for a Sustainable Future

Imagine the world of Artificial Intelligence (AI) has just graduated from a university classroom and is now working a real job. It's no longer just a student writing essays; it's a new employee who can write code, diagnose diseases, create art, and even drive cars. But like any new employee, it makes mistakes, sometimes big ones.

This paper is essentially a comprehensive "Safety and Responsibility Report Card" for this new AI workforce. The authors asked a big question: "Who is responsible when things go wrong?" Is it the data the AI ate? The model itself? The people using it? Or the rules we made?

Here is the breakdown of their findings, explained with some everyday analogies.

1. The Big Picture: A New Employee with Superpowers

Generative AI (like the chatbots you know) is moving fast. It's like hiring a genius intern who can do a year's worth of work in a day. But this intern has a few dangerous habits:

Hallucinations: It confidently tells you lies that sound true (like a student making up a fake citation for a paper).
Memory Leaks: It might accidentally reveal secrets it read in its training books (like an intern spilling company secrets).
Jailbreaking: It can be tricked into ignoring its rules if someone asks the right way (like a guard being distracted by a magician).

The paper argues that we can't just hope this intern behaves. We need a system to check their work.

2. The Problem: The "Safety Washing" Trap

The authors looked at hundreds of studies and found a worrying trend. Currently, we have many "tests" to check if AI is safe, but they are like driving tests on an empty parking lot.

What we test: Can the AI say "no" to obvious bad words? (Yes, it's good at that).
What we miss: Can the AI handle a complex, multi-step plan where it has to use tools? Can it stop a deepfake video? Can it protect private data when it's working in a real office?

The authors call this "Safety Washing." It's like a car company putting a shiny "Safe" sticker on a car that hasn't actually been crash-tested in the rain or on icy roads. The AI passes the easy tests but fails the real world.

3. The Solution: A New "Driver's License" System

To fix this, the authors created a 10-point Rubric (a scoring sheet) and a set of Key Performance Indicators (KPIs). Think of this as a new, much stricter Driver's License test.

Instead of just asking, "Can you stop at a red light?" (which is easy), their new test asks:

The "Truth" Test: If you give the AI a medical question, how often does it invent fake facts? (We need to count these errors).
The "Privacy" Test: If you ask the AI to summarize a document, does it accidentally leak someone's home address?
The "Deepfake" Test: Can it tell the difference between a real video of a person and a fake one created by AI?
The "Teamwork" Test: If the AI is controlling a robot or a trading bot, does it get confused and crash the system?

They also created a Crosswalk Map. This is like a translator that takes complex government laws (like the EU AI Act) and turns them into simple engineering tasks. It tells the developers: "Okay, the law says you must be transparent. Here is the specific test you need to run to prove you are."

4. Who is Responsible? (The "Symmetric Responsibility Model")

The paper concludes that responsibility isn't just on one person. It's a relay race:

The Builders (Developers): They are responsible for building the car with good brakes and airbags. They must ensure the AI is aligned with human values and doesn't have hidden "bugs" that let it do bad things.
The Drivers (Users/Companies): You can't just buy a Ferrari and drive it off a cliff because "the car was fast." Users must know how to use the AI safely. If you use AI to write legal contracts, you are responsible for reading it. If you use it to diagnose patients, you are responsible for having a doctor double-check it.
The Traffic Cops (Regulators): They need to set the rules of the road and make sure the "Driver's License" tests are actually hard enough.

5. The Real-World Stakes

The authors show that this isn't just theory. Real people are getting hurt:

In Healthcare: An AI gave a doctor a fake medical study, leading to a potential misdiagnosis.
In Finance: An AI gave bad investment advice, or a hacker used a "deepfake" voice to trick a bank into transferring $25 million.
In Defense: AI systems are being used to plan military strategies; if they hallucinate, the consequences could be war.

The Bottom Line

The paper says: "Stop playing with toy cars."

We are moving from the "Wild West" era of AI, where anyone could build anything, to a "Regulated Highway" era. To get there, we need to stop relying on simple checklists and start using continuous, adaptive testing that mimics real-world chaos.

The takeaway: We need to treat AI not as a magic box that always works, but as a powerful tool that requires a manual, a safety harness, and a responsible operator. The authors have provided the blueprint for that safety harness.

Here is a detailed technical summary of the paper "Who is Responsible? The Data, Models, Users or Regulations? A Comprehensive Survey on Responsible Generative AI for a Sustainable Future."

1. Problem Statement

The rapid transition of Generative AI (GenAI) from research prototypes to production deployments (including LLMs, Vision-Language Models, Diffusion Models, and Agentic Pipelines) has outpaced the development of responsible governance frameworks. While Responsible AI (RAI) principles exist, there is a critical misalignment between:

Governance Mandates: Regulations like the EU AI Act and NIST AI RMF.
Technical Implementation: Current safety benchmarks and engineering controls.
Emerging Risks: GenAI introduces unique failure modes such as hallucinations, prompt injection, data memorization, deepfakes, and system-level failures in autonomous agents, which traditional predictive ML risk taxonomies fail to capture.

The paper identifies a "Evaluation Gap": current benchmarks are often static, task-local, and dense in bias/toxicity coverage but sparse in privacy, provenance, deepfake detection, and agentic system failures. This leads to "safetywashing," where models pass static tests but fail in real-world, adversarial, or multi-turn scenarios.

2. Methodology

The authors conducted a systematic literature review adhering to PRISMA guidelines (Preferred Reporting Items for Systematic Reviews and Meta-Analyses).

Scope: 232 studies published between November 2022 and December 2025 (post-GPT era).
Sources: Scopus, Web of Science, IEEE Xplore, ACM Digital Library, and arXiv.
Selection Process:
- Initial search yielded 5,313 records.
- After deduplication and screening for peer-reviewed journals, conferences, and high-impact preprints with technical frameworks or empirical risk assessments, 142 studies were selected for the final synthesis.
Analysis Framework: The review synthesizes findings across four thematic areas: Computer Science Theory, Application, Policy, and GenAI specifics, mapping them against a new taxonomy of risks and controls.

3. Key Contributions

The paper makes four primary technical contributions:

A. Comprehensive Taxonomy and Survey

It presents the first survey bridging governance principles, technical evaluation, and domain deployment across all four GenAI system types (LLMs, VLMs, Diffusion, Agentic). It establishes a structured risk taxonomy (Figure 1) covering:

Data Challenges: Synthetic contamination, model collapse, and opaque crawl pipelines.
Model/System Challenges: Bias, privacy leakage, hallucinations, and robustness.
Emergent Threats: Embedding inversion, synthetic identity swarms, and "hydra effects" (mitigating one risk exposes another).
Agentic Failures: Tool misuse, recursive hallucination, and plan hijacking.

B. The Ten-Criterion Rubric (C1–C10) and Policy Crosswalk

The authors developed a scoring rubric to evaluate AI safety benchmarks against governance needs:

Criteria: C1 (Bias), C2 (Toxicity), C3 (Security/Robustness), C4 (Misinformation), C5 (Deepfakes), C6 (Privacy), C7 (System-level failure), C8 (Malicious-actor realism), C9 (Metric validity), C10 (Governance alignment).
Policy Crosswalk: A mapping tool linking specific benchmarks to regulatory requirements (e.g., EU AI Act, NIST AI RMF), identifying which benchmarks provide plausible evidentiary support for compliance.

C. Operationalization via Lifecycle KPIs and Testbeds

The paper translates abstract principles into measurable 12 Lifecycle Key Performance Indicators (KPIs), including:

Data Quality ( $Q$ ) and Privacy Compliance ( $P$ ).
Bias Metrics: Statistical Parity Difference (SPD), Disparate Impact (DI).
Robustness ( $R$ ) and Attack Success Rate (ASR).
Explainability ( $E$ ) and Local Faithfulness Gap (LFG).
High-Stakes Error Rate ( $E_h$ ): Critical for healthcare/finance.
Sustainability: Energy ( $E_{kWh}$ ) and Carbon Emissions ( $C_{CO2e}$ ).
It also provides a catalogue of AI-ready Testbeds (e.g., ToolSandbox, Chatbot Arena) that generate audit-ready artifacts.

D. Domain-Specific Analysis

The study applies the ResGenAI lens to six critical sectors (Healthcare, Finance, Defense, Education, Arts, Agriculture), identifying specific risk profiles and required KPIs for each. For example, Healthcare prioritizes hallucination rates ( $E_h$ ), while Defense prioritizes red-teaming and human-in-the-loop oversight.

4. Key Results and Findings

Benchmark Coverage Gaps: Current benchmarks are heavily skewed toward Bias and Toxicity (dense coverage) but are critically sparse in Privacy, Provenance, Deepfakes, and System-level Agentic Failures.
- Top Performer: Rainbow Teaming (Score: 0.50) due to strong adaptive adversary coverage.
- Lowest Performers: Single-issue suites like RealToxicityPrompts (Score: 0.15).
Static vs. Dynamic Evaluation: Most evaluations are static and task-local. They fail to capture "adaptive adversaries" or multi-turn interactions where models can be "jailbroken" or manipulated into harmful behaviors (e.g., Microsoft Bing Chat incidents).
The "Explanation Gap": Post-hoc explainability tools (SHAP, LIME) often generate "plausible but unfaithful" narratives that do not reflect the internal mechanics of transformers, creating a false sense of security.
Governance Misalignment: Only a subset of benchmarks provides tangible evidence for privacy/security controls. No single suite covers more than half of the rubric criteria at a "strong" level, hindering cross-border regulatory compliance.
Symmetric Responsibility Model: The authors propose that responsibility is not solely on developers. A new model is suggested where Developers are accountable for Transparency/Alignment, while Users are accountable for Operational Integrity and Digital Literacy.

5. Significance and Future Directions

This paper provides a structured path to align GenAI evaluation with governance needs, moving from "safetywashing" to verifiable stewardship.

Research Agenda Priorities:

Adaptive Multimodal Evaluation: Moving beyond static prompts to dynamic, multi-turn, and cross-modal testing.
Privacy & Provenance: Integrating membership inference and data extraction probes into routine testing.
Deepfake Risk Assessment: Developing specific benchmarks for multimodal deepfake detection and provenance.
Continuous Monitoring: Shifting from one-time audits to continuous monitoring of model drift and adversarial tactics.
Sustainability Reporting: Mandating energy and carbon emission reporting normalized by throughput (e.g., per 1k tokens).

Conclusion:
The survey concludes that without bridging the gap between technical benchmarks and regulatory evidence, the deployment of GenAI remains unsafe. By introducing the ResGenAI Audit Loop (Figure 9), the authors offer a mechanism to translate technical KPIs into portable audit artifacts, enabling a sustainable and responsible future for Generative AI across all domains.