San Francisco AI Ethics & Bias Audit Standards Ordinance

Technology and Data California 3 Minutes Read ยท published February 06, 2026 Flag of California

San Francisco, California agencies increasingly use automated decision systems and need clear ethics and bias-audit standards to protect civil rights and public trust. This guide explains expected standards for procurement, audit, transparency, and compliance for city departments and contractors, and maps enforcement and appeal pathways under San Francisco authorities. It summarizes what agencies should adopt in policy, records, and public reporting to reduce discriminatory outcomes while remaining compatible with procurement and privacy rules.

Agencies should document audits and retention schedules before deploying AI in public services.

Overview

This article outlines recommended standards for algorithmic impact assessments, bias-testing protocols, documentation, community engagement, and transparency obligations for San Francisco agencies. It refers to San Francisco municipal legislative and code resources where agencies can confirm legal obligations and to the Board of Supervisors legislative records for ordinance texts.[1]

Penalties & Enforcement

Enforcement depends on the controlling ordinance or municipal code provisions adopted by the Board of Supervisors and applicable administrative code chapters. Where an implementing ordinance or code section specifies fines, schedules, or non-monetary remedies, agencies and vendors are bound by those clauses; where not specified, enforcement tools follow standard city code enforcement practice.[2]

  • Fines: not specified on the cited page.
  • Escalation (first/repeat/continuing): not specified on the cited page.
  • Non-monetary sanctions: orders to cease use, mandatory remediation, public reporting, contract suspension or termination, and court actions are possible depending on the ordinance language.
  • Enforcer: typically the department named in the ordinance (for example, an assigned enforcement office, the City Attorney, or a designated oversight office).
  • Inspection and complaint pathways: complaints are generally filed with the enforcing department or through Board of Supervisors complaint channels; check the ordinance implementing guidance for the exact submission path.
  • Appeal/review: appeal routes and time limits depend on the ordinance or administrative code; if not stated in the ordinance, standard administrative appeal provisions apply or are "not specified on the cited page."
  • Defences/discretion: common defenses include documented reasonable reliance on vendor representations, active remediation, or a permitted variance if the ordinance provides one.
If the ordinance lacks numeric penalties, agencies should assume administrative remedies and contract-based sanctions may apply.

Applications & Forms

Where an ordinance requires audits, it may reference required forms or report templates; if no form is published in the ordinance or code, the city may provide guidance templates through the enforcing office or procurement portal. For specific form names, numbers, fees, submission addresses, and deadlines consult the adopting ordinance or the designated enforcement office.[1]

Standards for Audits and Records

Core elements agencies should include in ethics and bias audits are scope, data provenance, model descriptions, performance metrics disaggregated by protected classes, testing methodology, mitigation steps, and public summary reports. Audits should be retained according to city records retention schedules and redaction rules for sensitive data.

  • Audit scope and objectives.
  • Data lineage and provenance documentation.
  • Bias-testing methodology and results.
  • Mitigation steps and implementation plan.
Public summaries increase accountability and reduce community harm.

Operational Steps for Agencies

Agencies should integrate standards into procurement, contracting, project management, and legal review. Key action steps are listed in the How-To section below.

FAQ

What triggers an AI ethics or bias audit for a city agency?
When an automated decision system materially affects individuals or groups in public services, procurement guidance or an ordinance may require an audit. Agencies should consult the adopting ordinance or policy for exact triggers.[1]
Who enforces compliance with the standards?
Enforcement authority is the department or office named by the ordinance; if none is named, enforcement may default to the City Attorney or the Board of Supervisors' oversight mechanisms and standard administrative procedures.[2]
Are audit reports public?
Publication depends on the ordinance, confidentiality rules, and privacy laws; many standards require a public summary and a redacted technical appendix.

How-To

  1. Assess whether the system materially affects people and classify risk level.
  2. Commission a pre-deployment algorithmic impact assessment and bias test with documented methodology.
  3. Adopt mitigation measures, require vendor contract clauses for audit access and data access, and integrate monitoring.
  4. Publish a public summary report and retain full audit records per city records retention policy.

Key Takeaways

  • Agencies must document audits, mitigation, and public summaries.
  • Enforcement depends on the ordinance and named enforcing office.

Help and Support / Resources

  1. [1] Board of Supervisors - Legislation and Ordinances
  2. [2] San Francisco Municipal Code - Code Library

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data