Model cards
A model card documents a model’s technical and ethical characteristics in one place. Where an AI system record describes a use of AI, a model card describes the model itself, and the two are linked.
What a model card captures
Section titled “What a model card captures”A model card is created against a workspace and linked to a system. It records:
- Model name and the linked system it belongs to.
- Model type and provider.
- Deployment environment.
- Purpose: what the model is for.
- Data sources: the data it relies on, at an appropriate level.
- Human oversight model and autonomy level.
- Risk tier: the model’s own risk classification.
Because a model card can be created directly from a system record, its fields are pre-filled from the system, the model type, provider, environment, purpose, data sources, oversight and autonomy flow through, so the card stays consistent with the system that uses it rather than drifting.
Why model cards matter
Section titled “Why model cards matter”Model cards give reviewers and decision-makers a consistent, comparable view of the models the organisation depends on. They support:
- Assessment: grounding control conclusions in documented model characteristics.
- Reporting: giving boards and auditors a clear view of model-level risk.
- Procurement: comparing vendor models on a like-for-like basis.
Relationship to assessments and frameworks
Section titled “Relationship to assessments and frameworks”Model cards complement assessments: the assessment evaluates a system against controls, while the model card documents the model that system uses. Several frameworks, including ISO/IEC 42005 and the EU AI Act, expect model and system documentation of this kind, and model cards help you meet those expectations. Model-level detail can also be pulled into reports.
- Assessments & control testing: evaluate systems against controls.
- Registry & Discovery: the systems model cards link to.
- Reporting & exports: include model-level detail in outputs.