Beta

Source: OJ L, 2024/1689, 12.7.2024

EN

Annex XI Technical documentation referred to in Article 53(1), point (a) — technical documentation for providers of general-purpose AI models

  1. Section 1 Information to be provided by all providers of general-purpose AI models

    1. The technical documentation referred to in Article 53(1), point (a) shall contain at least the following information as appropriate to the size and risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; profile of the model:

      1. A general description of the general-purpose AI model including:

        1. the tasks that the model is intended to perform and the type and nature of AI systems in which it can be integrated;

        2. the acceptable use policies applicable;

        3. the date of release and methods of distribution;

        4. the architecture and number of parameters;

        5. the modality (e.g. text, image) and format of inputs and outputs;

        6. the licence.

      2. A detailed description of the elements of the model referred to in point 1, and relevant information of the process for the development, including the following elements:

        1. the technical means (e.g. instructions of use, infrastructure, tools) required for the general-purpose AI model to be integrated in AI systems;

        2. the design specifications of the model and training process, including training methodologies and techniques, the key design choices including the rationale and assumptions made; what the model is designed to optimise for and the relevance of the different parameters, as applicable;

        3. information on the data used for training, testing and validation, where applicable, including the type and provenance of data and curation methodologies (e.g. cleaning, filtering, etc.), the number of data points, their scope and main characteristics; how the data was obtained and selected as well as all other measures to detect the unsuitability of data sources and methods to detect identifiable biases, where applicable;

        4. the computational resources used to train the model (e.g. number of floating point operations), training time, and other relevant details related to the training;

        5. known or estimated energy consumption of the model.

        With regard to point (e), where the energy consumption of the model is unknown, the energy consumption may be based on information about computational resources used.

  2. Section 2 Additional information to be provided by providers of general-purpose AI models with systemic risk

    1. A detailed description of the evaluation strategies, including evaluation results, on the basis of available public evaluation protocols and tools or otherwise of other evaluation methodologies. Evaluation strategies shall include evaluation criteria, metrics and the methodology on the identification of limitations.

    2. Where applicable, a detailed description of the measures put in place for the purpose of conducting internal and/or external adversarial testing (e.g. red teaming), model adaptations, including alignment and fine-tuning.

    3. Where applicable, a detailed description of the system architecture explaining how software means the part of an electronic information system which consists of computer code; components means software or hardware intended for integration into an electronic information system; build or feed into each other and integrate into the overall processing.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod