×
Uncategorized

What Must Companies Disclose As Per EU’s AI Code of Practice?

AI companies will have to provide details of how they obtained data for model training, methods to curb bias and detect unsuitable data sources to the European Union’s AI Office, as per the recently released general-purpose AI Code of Practice. This code is a voluntary tool, meant to help the AI industry comply with their legal obligations under the EU AI Act concerning copyright, transparency, and security. 

To make it easier for companies to fulfil their transparency requirements, the code provides a Model Documentation Form which describes all the information AI companies will have to provide to the AI Office, downstream service providers who build on top of a general-purpose model, and national competent authorities within the EU. For context, the AI office will monitor and enforce the requirements under the AI Act. The requirements for all three players vary to a certain extent, with companies being required to provide less granular information to downstream players. 

Companies that sign up have to provide information on the methods/resources they used to annotate data and the models and methods they used to generate synthetic data, where applicable. For data previously obtained from third-party sources, the company has to provide a description of how it obtained the rights to said data if it has not already disclosed this information as part of the public data summary it is expected to publish under the EU AI Act. 

Other key details AI companies must document:

As part of the model documentation, general-purpose AI model providers have to ensure that they have documented:

  • The name of the model, model architecture, design specifications, type of license and its details, type of input used to train the model, and the types of output it generates. 
  • Companies must also include a list of distribution channels through which they have made the model available in the EU. For example, public or subscription-based access through an Application Programming Interface (API); or public or proprietary access through Integrated Development Environments (IDEs). 
  • Acceptable use policy, intended uses of the AI model, and the types and nature of AI systems within which the general-purpose model can be integrated.
  • General description of the main steps involved in the training process, including methodologies, key design choices, and assumptions.
  • Measures to detect unsuitable data sources, including but not limited to child sexual abuse material (CSAM), non-consensual intimate imagery (NCII), and personal data leading to its unlawful processing. AI model providers must also prepare documentation of any methods they implemented (at the data acquisition/processing stage) to address the prevalence of identifiable biases in the training data. 

Disclosure requirements:

Companies will only have to submit information to the AI office upon its request. The office could potentially make such an information request on behalf of national authorities for supervisory purposes, particularly when assessing high-risk AI systems where the system provider differs from the model provider.

Companies that sign up for the code have to update model documentation to reflect changes in information. They also have to publicly disclose contact information so that the AI Office and downstream service providers can request access to relevant information from the model documentation.

The code encourages AI companies to consider making documented information publicly available to promote transparency. Companies may have to include some of this information in a summarised form as part of publicly required training content summaries.

Advertisements

Factors AI companies must consider when providing information:

AI companies that create general-purpose models must recognise their responsibility, given that their models are the basis of a range of downstream AI systems. When providing information to the EU’s AI Office or downstream AI system developers, the company will need to take market and technological developments into account, so that the information provided helps the AI Office and other national authorities in fulfilling their obligations under the AI Act. This information should also assist the downstream developer in integrating the general-purpose model into their systems and in complying with their obligations under the Act.

The code specifies that in case of fine-tuning or modification of a general-purpose model, the person who fine-tunes becomes the model provider and is subject to the obligations of a provider. The documentation requirements notably do not apply to providers of general-purpose AI models released under free and open-source licenses, unless the model is classified as having systemic risk.

Related Posts

Post Comment

You May Have Missed

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None