Governing AI at a regulated utility is different from governing it at an unregulated company, because the utility must justify AI-driven spending to a rate regulator, meet safety and reliability standards, protect customer data, and explain model decisions to commissions and auditors. An opaque model that reprioritizes capital or flags a customer for disconnection creates regulatory and legal exposure. This playbook sets out a governance framework covering rate recovery of AI investment, safety and reliability guardrails, data privacy, and the model documentation regulators expect before AI-influenced decisions affect customers or infrastructure.
The regulator is a stakeholder in every AI decision
A distribution utility does not spend money the way an ordinary company does. Capital and O and M costs flow into a rate base that a public utility commission reviews, and the utility earns a return only on prudent, used-and-useful investment. When AI reprioritizes which mains get replaced or which feeders get hardened, that decision must be defensible in a rate case that may be litigated by consumer advocates. An AI recommendation the utility cannot explain is a recommendation the utility may not be able to recover in rates. Governance therefore starts with a simple test: can we show the commission the inputs, the logic, and the assumptions behind every AI-influenced dollar?
Safety compounds the stakes. In gas distribution, a mispredicted leak risk is not a missed sales target, it is a public safety event. Reliability standards, pipeline safety rules, and data privacy obligations under state and federal law all constrain how AI can be deployed. The governance job is to let AI improve decisions without letting it become an unaccountable black box sitting between the operator and the network.
Four governance domains for utility AI
Effective utility AI governance covers four domains. For each, define who owns the control, what evidence must exist, and what stops a model from acting.
| Governance domain | Key requirement | Control / evidence |
|---|---|---|
| Rate recovery and prudence | AI-driven capital and O and M must be defensible as prudent in a rate case | Documented inputs, assumptions, and the human decision record for every AI-influenced spend |
| Safety and reliability | AI must not weaken pipeline, electric, or water safety and reliability standards | Human-in-the-loop sign-off on any safety-critical action; model kept advisory, not autonomous, for safety calls |
| Customer data privacy | AMI and CIS data are sensitive; use must comply with privacy law and tariff terms | Data minimization, access controls, consent tracking, and retention limits with audit logging |
| Model explainability | Regulators and auditors need to understand why a model recommended an action | Model cards, feature documentation, version history, and reason codes attached to each output |
| Bias and equity | Disconnection, credit, and service decisions must not disadvantage protected groups | Disparate-impact testing on affected populations; documented review before deployment |
Build governance before the model touches a customer or a main
- Require a model card for every deployed model that documents inputs, training data, assumptions, known limitations, and the prudence rationale a rate case would need.
- Keep safety-critical decisions advisory: AI can rank and recommend, but a qualified human signs off before any action that affects gas leak response, electric switching, or water quality.
- Stand up a cross-functional AI review board with engineering, regulatory, legal, and customer-service representation that approves models before production.
- Apply data minimization and strict access controls to AMI interval and CIS data, log every access, and align retention with tariff and privacy-law requirements.
- Run disparate-impact testing on any model that influences disconnection, deposits, payment plans, or credit before it goes live, and keep the results on file.
Governance failures that surface in a rate case or an audit
- Deploying a model with no documentation, then being unable to explain to the commission why capital was reprioritized, which puts cost recovery at risk.
- Letting an AI system take autonomous safety-critical action, so that a bad prediction becomes a safety incident with no human checkpoint in the chain.
- Using granular AMI data for purposes customers never consented to, creating a privacy exposure that outweighs any operational gain.
- Skipping equity review on customer-facing models, then discovering a disparate impact on protected groups after disconnection decisions have already been made.
Measure whether governance is real or nominal
- Share of production models with a complete, current model card and documented prudence rationale.
- Number of safety-critical AI recommendations with a logged human sign-off versus any that executed autonomously (target zero autonomous).
- Data access audit findings: unauthorized or unexplained accesses to AMI or CIS data per quarter.
- Percentage of customer-impacting models that passed documented disparate-impact testing before deployment.
Frequently asked questions
Can we recover the cost of AI systems in our rate base?
Generally yes, if you can demonstrate prudence and that the investment is used and useful, but the burden is on the utility to document it. That is why governance and rate recovery are linked: the model card, decision records, and assumptions you maintain for governance are the same evidence you present to justify recovery. Utilities that deploy models with no documentation risk a commission disallowing the cost.
Should AI ever make autonomous decisions in a utility?
For low-stakes operational tasks such as ranking a leak-survey list or drafting a customer message, autonomous or near-autonomous operation can be acceptable. For anything safety-critical (gas leak classification, electric switching, water quality) or anything that affects a customer's service or credit, keep a qualified human in the loop. The regulatory and safety exposure of an autonomous bad call far outweighs the marginal efficiency.
How do we handle privacy for granular smart-meter data?
Treat AMI interval data as sensitive personal data. Minimize what you collect and retain, restrict access to those with a documented need, log every access, honor tariff and consent terms, and confirm your use aligns with state utility privacy rules. Interval data can reveal occupancy and behavior patterns, so the privacy bar is higher than for monthly meter reads.
Related reading
Go deeper on this sector and topic.