Boomitra Responsible AI Policy

Harnessing intelligence, guided by ethics

SUMMARY

The proliferation of Artificial Intelligence (AI) has transformed organizations, accelerating innovation and operational efficiency. At Boomitra, the responsible and ethical application of AI is core to our vision: accelerating global carbon sequestration and enabling sustainable agricultural transformation. This policy articulates Boomitra’s standards, principles, and governance structures to guarantee that AI is used safely, reliably, transparently, equitably, and in a manner that upholds our commitment to data integrity while being aligned with human rights and environmental safeguards.

PURPOSE

This policy ensures that every AI system or AI-enabled process developed, procured, or used by Boomitra meets minimum standards of safety, fairness, transparency, privacy, and accountability, and that AI use amplifies the positive social, environmental, and economic impacts for our farmer-partners and stakeholders.

SCOPE

This policy applies to:

1. All Boomitra employees, contractors, consultants, and partners who design, build, procure, deploy, operate, or otherwise use AI systems in Boomitra products, services, HR, talent assessments, or operations.
2. All AI and ML models, datasets, toolchains, third-party APIs/LLMs, and automated decision systems used in Boomitra’s global programs.
3. All stages of the AI lifecycle including ideation, data collection, labeling, model training, validation, deployment, monitoring, maintenance, decommissioning, and third-party procurement.

Exemptions require written approval from the COO/CDO and must document compensating controls.

GUIDING PRINCIPLES

Boomitra commits to the following principles for all AI activities. These align with enterprise best practices and are tailored to our context of smallholder agriculture and carbon markets.

1. Farmer-first and Benefit-sharing: AI systems must support the welfare, agency, and autonomy of farmers. Decisions that affect farmers’ rights, incomes, or land-use must preserve farmer consent and be reversible within contractual agreements.
2. Safety and Environmental Integrity: AI outputs that inform agronomic interventions or carbon accounting must prioritize environmental safety and carbon permanence.
3. Transparency and Explainability: When decisions materially affect farmers or buyer transactions (e.g., credit issuance, eligibility, MRV outcomes, agronomic recommendations), Boomitra will provide meaningful explanations suitable for the audience (farmers, auditors, buyers). This also includes HR assessments or financial outcomes, which must be transparent and explainable to affected stakeholders.
4. Privacy and Data Minimization: Collect only what is necessary; protect personal and sensitive data (including geolocation and farm-level identifiers). Data used in AI systems will be securely handled, anonymized where appropriate, and never used for unauthorized profiling or manipulation.
5. Robustness and Reliability: Models must be tested and monitored for performance across geographies, crops, and soil types; performance degradation must trigger human review and rollback mechanisms.
6. Accountability and Human Oversight: Every deployed system must have an accountable human owner or an oversight body within Boomitra with authority to pause, modify, or retire the model.
7. Equity and Non-discrimination: Models and operational processes must not introduce or amplify unfair treatment across gender, caste, socio-economic status, or marginalized groups among our farmer network.
8. Compliance with Law and Standards: Adhere to applicable laws (e.g., privacy, export control), and relevant industry standards and registries (e.g., Verra, Social Carbon, CCB/CORSIA rules).
9. Data Sovereignty and Local Compliance: Boomitra commits to storing and securing Personally Identifiable Information (PII) in strict accordance with the local residency laws of the countries where our farmer-partners reside. We will ensure that our data infrastructure respects national borders and regional security mandates to protect the digital sovereignty of all stakeholders.
10. Secure by Design: Protect against data breaches, model theft, poisoning, and adversarial attacks.
11. Continuous Learning and Improvement: Maintain audit trails, post-deployment monitoring, and continuous improvement loops for corrective action. Carry out regular reviews and adapt to incorporate emerging risks, technologies, and stakeholder feedback.

INTEGRATION WITH BOOMITRA’S POLICY ECOSYSTEM

This Policy will be read in conjunction with Boomitra’s Whistleblowers Policy, Employee Code of Conduct, Partner Ethics Policy and Code of Conduct, Confidential Information and Invention Assignment Agreement, Sexual Harassment Policy, Third Party Harassment Policy, Grievance Policy for Partners and Enrolled Farmers and Landowners, Employee Grievance Policy, Data Protection and Retention Policy, Quality Assurance Policy, Disaster Recovery Policy, Health, Safety and Environment Policy, Environmental, Social and Governance Policy, Diversity, Equity and Inclusion Policy, Modern Slavery Policy, and any other related policies that may be published in future.

GOVERNANCE STRUCTURE AND ROLES

Executive Oversight

1. Board-level oversight: The Board will receive an annual Responsible AI report summarizing high-risk AI use-cases, incidents, audit outcomes, and mitigation plans.

2. Executive Committee: The EXCOM will review and approve all Medium- and High-risk models. High-risk models will require Board notification.

3. AI Ethics and Oversight Council: This council will be led by the Chief Data & AI Officer (CDO). The COO will hold the role of CDO, serving as policy owner, approving classification of AI risk, maintaining the AI catalogue, and owning escalation to the Board. The council will consist of representatives from HR, Legal, Product, Field Operations, Sales, Business Development, Technology, and an external AI ethics advisor (whenever necessary). They shall be responsible for:

   a) Vetting new AI initiatives before launch. b) Overseeing regular bias and impact audits. c) End-to-end lifecycle management from design, testing, deployment, monitoring, and incident response to documentation. d) Approving AI applications that have the potential for significant impact on individuals or the environment. e) Ensuring compliance with current and emerging regulations.

AI RISK CLASSIFICATION

Every AI initiative must be classified before resource allocation using the Boomitra AI Risk Matrix. Classification criteria include potential for physical harm, financial impact on farmers, legal/regulatory exposure, reputational risk, and reversibility.

1. Low Risk: Internal tooling, exploratory models with no direct farmer outcomes, developer productivity tools.
2. Medium Risk: Models that inform agronomic suggestions, resource allocation recommendations, extension messaging, or internal decision support that may influence farmer behaviour if followed.
3. High Risk: Models that materially affect farmer income or rights (e.g., eligibility for carbon payments, MRV-determined carbon estimates used in credits sold to buyers), automated enforcement actions, or operations in sensitive regions.

High risk requires extensive validation, third-party auditing where appropriate (e.g., alignment with Verra/Social Carbon MRV rules), and higher insurance/contractual safeguards with partners.

DECISION AUTHORITY MATRIX

1. Low-risk Models (e.g., internal analytics dashboards) will be approved by the CDO.
2. Medium-risk Models (e.g., agronomic recommendation engines that change inputs/timings) require review and approval by the EXCOM.
3. High-risk Models (e.g., automated eligibility determination for carbon credit issuance, credit quantification changes that directly affect payments) require review and approval by the EXCOM and Board notification. The EXCOM may decide to engage a third-party audit.

This layered approach creates a balance between speed and safety. A documented risk/benefit analysis and ethical impact analysis must be completed for all medium and high risk models as described below.

ACCEPTABLE AND UNACCEPTABLE USES

Acceptable Uses

1. Optimizing satellite and sensor data for robust carbon sequestration measurement and verification.
2. Enhancing HR operations by supporting, but not replacing, key human decision-making in recruitment, assessment, and development.
3. Improving supply chain and environmental reporting systems for greater transparency and accountability.
4. Summarizing and contextualizing scientific data to support sustainable agricultural transformation.

Prohibited Uses

1. Autonomous decision-making impacting employment, pay, or promotion without documented human oversight.
2. Any AI-powered activity that would result in discrimination or the exclusion of individuals based on protected characteristics, or that compromises the dignity of those affected.
3. Deepfake content, generative tools used to misinform, or AI systems intended to circumvent compliance and legal requirements.
4. AI systems that fail to meet transparency, explainability, or data security requirements outlined in this policy and external regulations.

DATA GOVERNANCE AND FARMER CONSENT

1. Data Minimization and Purpose Limitation

Collect only the data necessary for a stated, documented purpose. Data collected for MRV, agronomy, and project administration must be scoped and recorded in a Data Use Register.

2. Consent and Farmer Rights

a) Informed Consent: Farmers must receive clear, local-language explanations of what data is collected, why, how it will be used, who will access it, and the implications (including on carbon rights and payments). Consent must be recorded and versioned.

b) Opt-out and Redress: Farmers can opt out of non-essential data collection; we must provide mechanisms to correct data, request deletion (subject to contractual and regulatory constraints), and appeal model-based decisions that affect payments.

3. Data Provenance and Labeling

a) Maintain provenance metadata for all datasets (source, collection date, collector, version). b) Label training data to note any systematic biases and apply corrective sampling or weighting strategies.

4. Access Controls and Sharing

a) Enforce Role-Based Access Controls (RBAC) for all datasets. b) Sensitive location data and identities must be pseudonymized when used for model training or shared externally, unless explicit consent permits re-identification for audit/claims. c) Third-parties receiving data must sign data processing agreements that enforce Boomitra’s privacy, security, and benefit-sharing obligations.

5. Data Retention

a) Define retention periods per data category in the Data Retention Schedule. b) Older datasets required for carbon permanence or legal audit (e.g., MRV records) may be retained longer with enhanced protections and documented justification.

This farmer-centric consent and data governance approach is fundamental given our model of farmer-owned carbon rights and revenue-sharing commitments.

MODEL DEVELOPMENT LIFECYCLE (MDLC) REQUIREMENTS

All Boomitra models must follow the MDLC checklist below. Documentation for each step must be stored in the Model Registry.

1. Problem Definition and Impact Assessment

a) Document the purpose, intended users, decision boundary, and expected benefits. b) Conduct a Socio-Environmental Impact Assessment (SEIA) for medium/high-risk models covering livelihood, gender, equity, land-use, and long-term carbon permanence considerations.

2. Data Collection and Preprocessing

a) Ensure data quality checks, labeling guidelines, and offensive content filtering for imagery/metadata. b) Use techniques to mitigate sampling bias (stratified sampling across agroecological zones, gender, farm-size). c) Log dataset versions and any synthetic data creation.

3. Model Selection, Training, and Validation

a) Prefer interpretable models for high-impact decisions where possible; where black-box models are used, pair them with explainability techniques and rigorous human-in-the-loop controls. b) Maintain validation datasets that are geographically and temporally representative; withhold a test set for independent evaluation. c) Document performance metrics and threshold criteria for deployment, including uncertainty bounds in SOC estimates.

4. Pre-deployment Review

a) Medium-risk Models: EXCOM review and technical and socio-environmental sign-off. b) High-risk Models: Full EXCOM review, external audit (if required), legal sign-off on data/contractual implications, and field pilot with independent sampling.

5. Deployment and Human Oversight

a) All live decision systems must include escalation pathways to human experts. b) For agronomic recommendations: provide explainable advice with provenance (data and model version) and a recommended confidence score. Farmers must always have the final choice; Boomitra should avoid forced automation of farm management actions. c) For MRV and credit quantification: retain human auditors and sampling validation; automated estimates may be used for operational efficiency but final credit issuance must remain auditable and reversible where errors are detected.

6. Monitoring, Evaluation, and Feedback Loops

a) Implement continuous monitoring for model drift, performance degradation, bias indicators, and fairness measures. b) Establish automated alerts for metric breaches and require the Model Owner to initiate remediation (retrain, rollback, or restrict scope). c) Field validation cadence: quarterly checks for pilot regions; annual for mature projects; ad-hoc if anomalies are detected.

7. Decommissioning and Archival

a) Maintain decommissioning plans that include data archival, model governance handover, and notifications to impacted farmers and partners.

These MDLC stages follow best-practice assurance processes to ensure safe, auditable AI deployments.

THIRD-PARTY MODELS, LLMs, AND PROCUREMENT

1. Approved Procurement Process

a) Any procurement of third-party models, APIs, or LLM services must be routed through the CDO. b) Perform a vendor risk assessment covering data usage, model training practices, licensing/IP terms, capability to delete shared data, security posture, and compliance with local law.

2. Restrictions on Data Sharing with Public LLMs

a) No sensitive farmer-identifiable data, precise geolocation coordinates tied to individual owners, contract terms, or buyer pricing details shall be shared with public LLMs or consumer-grade AI tools (e.g., public chat interfaces) without explicit legal sign-off and documented consent. b) When public LLMs are used for prototyping or productivity, require pseudonymized, minimal examples and never reveal protected attributes.

3. Model Provenance and Licensing

a) Confirm training data provenance and licensing for any third-party model used in production. b) Avoid models where training data potentially infringes copyrighted material in ways that could create legal liability for Boomitra.

4. SLA and Exit Clauses

a) Ensure SLAs cover model availability, incident response, data breach notification, and rights to retrieve/delete data after contract termination.

This procurement discipline protects farmer data, corporate IP, and Boomitra’s legal exposure.

PRIVACY, SECURITY, AND IP

1. Privacy by Design

a) Embed privacy controls early: pseudonymization, data minimization, local-language consent flows, and Privacy Impact Assessments (PIAs) for applicable projects. b) AI development must comply with all applicable regulations regarding data privacy, including the General Data Protection Regulation (GDPR, EU), Indian Data Privacy Act, and sector-specific guidelines. c) Data Residency and Jurisdictional Security: Boomitra strictly adheres to local statutes governing the domestic storage and security of Personally Identifiable Information (PII) within its country of origin. Our data architecture is engineered to ensure that sensitive citizen data remains within national borders whenever mandated by regional law or sector-specific guidelines. d) All personal and sensitive data used for AI training or inference must be anonymized or pseudonymized unless explicit, auditable consent has been obtained.

2. Security Controls

a) Role-Based Access Controls (RBAC), encrypted data at rest and in transit, Multi-Factor Authentication (MFA) for sensitive systems, and regular penetration testing. b) Monitor model inference pipelines for data exfiltration or prompt injection attacks when integrating with LLMs. c) Employees must use only approved, secure data platforms for model development and must not transfer organizational, customer, or partner data to third-party AI tools without CDO approval.

3. Intellectual Property

a) Respect farmer-owned carbon rights: Boomitra will not unilaterally commercialize farm-level data outside agreed benefit-sharing arrangements. b) Ownership of models developed by Boomitra belongs to Boomitra, subject to contractual arrangements with implementation partners where co-development applies.

4. Incident Response and Breach Notification

a) Align incident response with the Corporate Investor Relations Plan. Notify affected stakeholders (farmers, buyers, partners) in a timely, transparent manner; legal counsel to advise on regulatory notifications. b) Incident response protocols will be triggered for any suspected data breach involving AI systems, requiring immediate investigation and reporting to the CDO and relevant authorities.

Security, privacy, and IP protections are non-negotiable given our stewardship of farmer livelihoods and carbon assets.

FAIRNESS, INCLUSION, AND GENDER SENSITIVITY

1. Equity Impact Assessment

a) For all medium/high-risk systems, assess differential impacts across gender, caste/status, farm-size, and marginalized groups. b) Use participatory design sessions with representative farmers and Field Compliance Liaisons to detect harms early.

2. Gender-responsive Design

a) Train models and UX to recognize and mitigate gender disparities (for example, many inputs historically collected only from male heads of household). Implement targeted data collection to close representation gaps.

3. Language and Accessibility

a) Provide model outputs and explanations in local languages and audio formats where literacy is limited. UX must be field-tested for low-bandwidth contexts and non-smartphone users.

Inclusion work and equitable model design align deeply with Boomitra’s SDG targets and benefit-sharing commitments.

TRANSPARENCY AND COMMUNICATION

1. Model Factsheets and Datasheets

a) Produce a public-facing Model Factsheet for any AI that materially affects farmer income or buyer-facing MRV outputs. Factsheets will include intended use, limitations, performance metrics, data provenance summary, and a contact for concerns.

2. Explainability and Farmer Communication

a) Provide concise, action-oriented explanations for recommendations and MRV outputs. Use visuals, audio, and community extension agents to deliver explanations and helplines for disputes.

3. Buyer and Partner Disclosures

a) When credit issuance is supported by automated estimates, clearly disclose the role of automation in credit quantification, the human oversight mechanisms in place, and the audit trail that supports the final credit claim.

Transparency is essential for trust with buyers, registries, and farmer partners and matches industry practice of publishing assurances and principles around AI.

HUMAN OVERSIGHT AND DECISION RIGHTS

1. Human-in-the-loop (HITL): All medium/high-risk models must operate with HITL controls. The Model Owner shall define decision thresholds at which human review is mandatory (e.g., SOC estimate variance beyond tolerance, automated rejection of credit claims).
2. Appeals and Redress: Farmers and partners can appeal model-driven decisions. Establish a transparent appeals process managed by Field Compliance and Corporate Legal with timelines for investigation and remediation.
3. Training and Capacity Building: Regular training modules for product, sales, field staff, and partner organizations on how to interpret model outputs, limitations, and escalation channels.

Human oversight ensures we preserve farmer agency and remedy errors swiftly.

AUDITING, VERIFICATION, AND EXTERNAL ASSURANCE

1. Internal Audit Cadence: Internal audit to perform annual reviews of high-risk AI systems and ad-hoc reviews following incidents.
2. Third-party Auditing: For MRV and credit-issuance systems (which directly impact carbon credits sold to buyers and registries), Boomitra will engage accredited third-party auditors and maintain records to support Verra, Social Carbon, and other registry audits.
3. External Transparency: Publish an annual Responsible AI report summarizing governance activities, high-risk use-cases, incidents, and mitigation actions (suitably anonymized to preserve privacy).

CONTRACTS, BENEFIT-SHARING, AND LEGAL PROTECTIONS

1. Farmer Contracts and Long-term Commitments: Ensure AI use and data practices are written into farmer contracts and long-term agreements (including durability guarantee clauses and group project structures). Contracts must clearly articulate data rights, carbon rights retention, revenue-sharing percentages, and dispute resolution mechanisms.
2. Partner and Buyer Contracts: Include model audit rights, data processing terms, liability allocation, indemnities for data misuse, and requirements for buyer transparency when automated estimates are used for credit purchases.
3. Insurance and Liability: For high-risk models, evaluate insurance or financial safeguards to manage potential errors that lead to financial loss for farmers or buyers.

Embedding AI clauses into contracts protects farmers and Boomitra’s market credibility.

REPORTING CONCERNS

1. Employees, contractors, partners, or external stakeholders may use anonymous or named channels to report concerns about AI misuse, bias, or ethical risks.
2. The Council is required to review all complaints, investigate, and provide resolution within a defined timeline, preserving confidentiality where appropriate.

ENFORCEMENT AND DISCIPLINARY PROCEDURES

1. Failure to comply with AI Policy requirements will result in disciplinary proceedings according to Boomitra’s employee handbook and partner agreements.
2. Disciplinary measures range from training remediation and restricted access to suspension or termination, based on severity and repeat offenses.

EXCEPTIONS AND POLICY CHANGE CONTROL

Exceptions to this policy must be documented, time-bound, and approved by the CDO and the Board. The policy will be reviewed annually or sooner if legal or technological changes require it.

Boomitra is committed to continuous improvement in risk management, ensuring that our approach remains responsive to the evolving landscape of global carbon markets, community needs, and climate realities.

FREQUENTLY ASKED QUESTIONS

Q: Will Boomitra stop using AI in farmer programs? A: No. We will continue to use AI to enhance farmer outcomes but with human oversight, clear consent, and auditability.

Q: Can farmers see how AI decided their carbon estimate? A: Farmers will receive explanations suitable for their context and can request an independent audit of the sampling and MRV pipeline.

Q: What happens if a model makes an error that affects payments? Boomitra will investigate via the appeal process, reverse incorrect payments where applicable, and provide remediation consistent with contract terms and insurance arrangements.