Chapter 2 — AI Life Cycle Risk Management — Part A: AI Design, Development/Procurement, and Documentation

On this page

2.1Planning and Design
2.2Data Requirements for AI Models
2.3Procurement of AI Solutions
2.4Build, Adapt, and Document Models

Part A: AI Design, Development/Procurement, and Documentation

The AI life cycle refers to the creation, implementation, operation, and decommissioning of AI solutions. This life cycle begins once the enterprise selects an AI solution to solve a business problem. Figure 2.1 shows the AI life cycle, as defined by the Organization for Economic Co-operation and Development (OECD).

Note

Enterprises may use some variation of this life cycle, with phases grouped or named differently.

A horizontal flow diagram shows the AI life cycle as defined by the OECD. — Figure 2.1—OECD AI Life Cycle

The phases are not too different from those of the system development life cycle (SDLC). It is important to consider risk through each phase of the AI life cycle and address each identified risk promptly, including design, development, deployment, monitoring, and recalibration. According to the NIST AI RMF, measuring risk at an earlier stage in the AI life cycle may yield different results than measuring risk at a later stage; some risk may be latent at a given point in time and increase as AI systems adapt and evolve.⁸⁸

Furthermore, different AI actors (or stakeholders) across the AI life cycle can have different risk perspectives. For example, an AI developer who makes AI software available, such as a pretrained model, might have a different risk perspective than someone deploying that pretrained model in a specific use case. Such AI deployers may not recognize that their particular uses could entail risk that differs from the risk perceived by the initial developer. All involved AI actors share responsibilities for designing, developing, deploying, operating, and decommissioning a trustworthy AI system that is fit for purpose. To best identify risk related to AI systems, it is important to understand the AI system life cycle and the stakeholders that might be affected within each phase. Figure 2.2 illustrates the different actors at each stage of the AI life cycle.

A cyclical diagram shows the different stakeholders at each stage of the AI life cycle. — Figure 2.2—AI Life Cycle Actors

2.1 Planning and Design

Planning and designing an AI solution involves articulating the system’s concept and objectives and underlying assumptions, context, and requirements and potentially building a prototype. During this phase, it is crucial to define clear goals and success metrics, which will guide the development process and ensure alignment with intended outcomes. It will also help to decide if AI is a necessary tool in the scenario in general. Without proper consideration of risk in the planning and design phase, organizations implementing AI solutions are at greater risk of an unsuccessful outcome or of introducing unnecessary risk to the organization due to a lack of ethical alignment, the introduction of bias, or a lack of accountability.

The identified problem and proposed AI solution should be documented in a business use case created by applicable stakeholders. Engaging stakeholders early can provide valuable insights into the needs and constraints of the system, fostering a shared understanding and commitment to the project. This includes establishing clear leadership roles and structures to guide decision-making processes, accountability, and adherence to ethical and legal standards. See 1.7 AI-related Roles and Responsibilities for more details.

An initial risk assessment of identified problems for proposed use cases, including potential ethical considerations and societal impacts, should be conducted. This involves identifying biases that may exist in the data or algorithms and developing strategies to mitigate them. The design phase also provides an opportunity to establish a robust framework for data governance, ensuring that data is collected, stored, and used in a manner that respects privacy and complies with relevant regulations.

Prototyping is a critical component of the planning and design phase, enabling teams to validate concepts and assumptions through iterative testing and feedback. By creating a functional prototype, AI developers can explore different approaches, identify potential issues early, and refine their designs before full-scale implementation. This iterative process helps to reduce the overall risk of the project and ensures that the final AI solution is effective in addressing the identified problem.

Ultimately, the planning and design phase sets the foundation for the entire AI life cycle, establishing the vision, strategy, and roadmap that will guide the development, deployment, and operation of the AI system. Investing time and effort in ensuring the risk team is engaged early can help the overall implementation team create a solid blueprint for success, increasing the likelihood of delivering a trustworthy and impactful AI solution.

2.1.1 Design Principles for AI

As with other software and system development projects, risk considerations need to be incorporated early and often. Enterprises can adapt traditional processes to their AI design and planning phases, such as secure by design (e.g., ensuring AI training data pipelines are encrypted and access-controlled). Another key concept is privacy by design, especially due to the large amounts of data used to train and validate AI solutions.

Secure by Design in AI

Secure by design is a process that ensures technology products are “built in a way that reasonably protects against malicious cyberactors successfully gaining access to devices, data, and connected infrastructure.”⁸⁹ This process ensures security concepts are embedded in development from inception through end of life.

The three principles of secure by design are:⁹⁰

Take ownership of customer security outcomes (e.g., proper consent management for AI datasets, securing data pipelines).
Embrace transparency and accountability (e.g., ensuring transparency and explainability for AI systems).
Build organizational structures and leadership to achieve security goals (e.g., ensure proper AI governance and oversight).

The framework for development, security, and operations (DevSecOps) and a secure development life cycle does not specifically change due to the use of AI, but it requires the enterprise to ensure that AI security is considered throughout the architecture. It considers both using AI to support development and the actual development of a new AI model or solution. To support the development of AI models and the use of AI technologies, the infrastructure must be built for AI secure by design. Specific processes for responsible design and development of AI systems need to be established, communicated, and reviewed. Figure 2.3 illustrates how AI can be infused across the DevSecOps continuum.

An infinity-loop diagram represents the continuous DevSecOps cycle, with AI infused at each phase. — Figure 2.3—Infusing AI Across the DevSecOps Continuum

Privacy by Design in AI

Privacy by design provides a framework for embedding privacy controls into the design of technology from the beginning of a project.⁹¹ This is a concept and framework that integrates privacy into the design and operation of IT and business systems, network infrastructure, and business practices. It ensures that privacy is considered and built into products, services, and processes from the very beginning, rather than added as an afterthought. Since its introduction, the focus of privacy by design has broadened beyond technologies to include business practices, physical design, and infrastructures.

The motivation behind privacy by design is not to stop data use, but to ensure that data can continue to be used by enterprises to deliver quality services, products, and marketing while remaining safe. By providing a foundation for ethical data management, privacy by design gives enterprises a blueprint for running systems smoothly and securely, limiting strain on consumers and offering default control without requiring them to go through complicated procedures.

The seven elements of privacy by design are:⁹²

Proactive, not reactive; preventative, not remedial—This element centers on the ability to anticipate and articulate cyberrisk and privacy risk from the earliest stage of the SDLC through implementation.
Privacy as the default setting—If users do not modify their settings, their privacy should be guaranteed and must remain intact because it is integrated into the system and constitutes the default setting.
Privacy embedded into design—Embedding privacy means focusing holistically on privacy (and security) and giving it the same attention as system performance, functionality, availability, and usability.
Full functionality: Positive-sum, not zero-sum—Privacy and security have equal footing with functionality and user experience.
End-to-end security: Full life cycle protection—Privacy originates in design, before the AI system is set in motion, and it must be guaranteed throughout the life cycle of the data.
Visibility and transparency: Keep it open—Transparency in data processing is essential for demonstrating diligence and accountability to regulators and as a measure of trust for data subjects.
Respect for user privacy: Keep it user-centric—Without forgetting the legitimate interests of the enterprise regarding the data processing it performs, the ultimate goal must be to guarantee the rights and freedoms of the users whose data is processed. Therefore, any adopted measure must focus on guaranteeing their privacy.

These principles aim to make privacy an integral part of organizational culture and operations, ensuring that privacy considerations are factored into every aspect of the development process. This approach helps build trust with users and aids compliance with regulatory requirements.

The privacy by design concept is recognized as a global privacy standard. The UK Information Commissioner’s Office (ICO) also created a privacy model consisting of seven privacy by design principles:⁹³

Lawfulness, fairness, and transparency—Processing personal data fairly and lawfully
Purpose limitation—Processing personal data for specified purposes
Data minimization—The amount of personal data that enterprises may hold
Accuracy—Keeping personal data accurate and up to date
Storage limitation—Retaining personal data
Integrity and confidentiality (security)—The rights of individuals (including subject access request, damage or distress recourse, preventing direct marketing, allowing for automated decision making, rights for correcting inaccurate personal data, and compensation for privacy harms)
Accountability—Information security

Privacy by design is an important concept for AI developers to know due to the large amounts of data used and processed by AI solutions. It also ensures that developers understand the privacy implications associated with the use of AI.

Privacy by design addresses the management of user consent, ensuring that AI systems obtain, record, and respect user permissions for data collection and processing. This includes mechanisms for users to access, correct, or delete their data, aligning with regulatory rights and fostering user trust.

Given the complexity and scale of AI data processing, privacy enhancing technologies (PETs) such as data anonymization, differential privacy, and secure data handling protocols are often employed to support privacy by design. These technologies help mitigate risk, such as unauthorized data disclosure and inference attacks, while maintaining AI model utility.⁹⁴

Machine Learning Security Operations (MLSecOps)

Machine learning security operations (MLSecOps) is an emerging concept that addresses vulnerabilities associated with machine learning (ML) models and focuses specifically on the building, deployment, and maintenance of ML models.⁹⁵ MLSecOps is another way to ensure that security and ML risk are considered throughout the AI life cycle. MLSecOps builds on secure and privacy by design principles and can leverage risk frameworks, such as the NIST AI RMF, and threat modeling tools, such as MITRE Adversarial Threat Landscape for Artificial Intelligence Systems (ATLAS).⁹⁶

By integrating the MITRE ATLAS framework, risk practitioners can map and align adversary tactics with the various stages of the AI life cycle. During the collect and process data phase, they would evaluate the risk associated with data poisoning and establish robust controls to maintain data integrity. In the operate and monitor phase, efforts are directed toward detecting signs of model evasion, ensuring ongoing protection against such threats. In the design phase of AI, MLSecOps can help enterprises consider areas such as data quality and the data pipeline, model security, and model drift.⁹⁷

2.1.2 Scalability Considerations for AI Solutions

Designing AI systems with scalability in mind is essential to ensure that they can efficiently accommodate increasing data volumes, user demands, and computational requirements without sacrificing performance or security. This includes moving from AI solutions being used by a single department to an enterprisewide digital transformation.⁹⁸ Often, failure to scale is found when an enterprise wants to move from proof of concept to production-ready models.⁹⁹ Scalability involves strategic planning and architectural decisions that enable the system to grow and adapt in response to evolving organizational needs and technological advancements. Figure 2.4 describes some challenges enterprises face when scaling their AI solutions.

Figure 2.4—Challenges in Scaling AI Solutions

Challenge	Solution
Data management	As artificial intelligence (AI) solutions scale, the volume, variety, and velocity of data increases significantly. Implementing robust data collection, cleaning, and preprocessing pipelines is vital to maintaining data quality and relevance. Data engineering is also key and requires specialized skills, which enterprises may be lacking, to ensure the quality and security of the data used in AI.
Collaboration and motivation	AI solution development is iterative in nature, involving multiple versions of a model or solution as well as collaboration among multiple teams across the enterprise. Challenges in managing the collaboration can impact the success of scaling AI to adequately address the needs of stakeholders. Likewise, as the project grows in scale, teams may struggle to maintain productivity levels.
Scope creep	As with any large-scale project, as an AI implementation moves from proof of concept to production or expands to include other areas, the scope of the project can grow. This can cause delays and disruptions in the schedule.
Time to deployment	Scaling efforts can add significant time to AI development and implementation—as much as 36 months. Teams may be pressured to reduce these timelines and skip important security checks or bypass other controls to speed to market.
Resources needed	The tools and skills needed to develop AI solutions and machine learning (ML) models at scale may be lacking and expensive to acquire. External resources, including contracting services, may be required.

Source: Finio, M.; Downie, A.; “How to scale AI in your organization,” IBM, 10 September 2024, link; Aue, G.; Cafferata, P.; et al.; “Scaling AI for success: Four technical enablers for sustained impact,” McKinsey & Company, 27 September 2023, link

Some considerations for effective AI scaling include:

Modular and flexible architecture—AI systems should be designed with modular components that can be independently scaled or upgraded. These can include reusable code packages and feature stores.¹⁰⁰ This approach facilitates easier integration with existing infrastructure and allows for targeted enhancements without disrupting the entire system. Modular design also supports interoperability with legacy systems and third-party solutions, which are critical for maintaining usability and minimizing operational disruptions during scaling efforts.
Hosting solutions—Cloud infrastructure offers inherent scalability benefits, such as the ability to dynamically allocate computing resources based on demand. Cloud hosting reduces upfront costs and operational overhead while providing flexibility to scale resources up or down efficiently. However, organizations must balance these benefits against potential risk, including vendor lock-in, data privacy concerns, and performance variability due to network latency or shared resource models. Hybrid hosting models can offer a compromise by combining on-premises control with cloud scalability.
Data management—Scalable AI systems should incorporate mechanisms to handle large datasets effectively, including distributed storage and parallel processing capabilities. Data privacy and security also need to be embedded into the solution.
Performance optimization and resource management—To maintain performance under growing workloads, AI solutions must optimize computational efficiency. This includes selecting appropriate algorithms and hyperparameters, leveraging hardware accelerators (e.g., graphics processing units [GPUs], tensor processing units [TPUs]), and employing techniques such as model pruning or quantization. Monitoring system performance and resource utilization enables proactive adjustments to prevent bottlenecks and ensure responsiveness.
Security and compliance—Scaling AI systems should not compromise security controls or regulatory compliance. Organizations must extend cybersecurity measures and privacy protections proportionally as the system grows. This includes continuous risk assessments, secure access controls, and adherence to data residency and privacy regulations. Vendor management practices should also address scalability-related risk, ensuring that vendors maintain security and compliance standards as usage expands.

2.1.3 AI Infrastructure Considerations

AI infrastructure encompasses the necessary hardware, software, and network components that collectively support the computational demands, data processing, and operational needs of AI systems.

This subsection outlines the critical considerations for establishing a secure, resilient, and efficient AI infrastructure aligned with organizational goals and risk management principles.

Hardware Components

AI solutions, particularly those involving ML and deep learning (DL) models, require substantial computational power. Organizations must provision high-performance computing resources such as:

Central processing units (CPUs) and GPUs optimized for parallel processing to accelerate model training and inference
Memory and storage systems capable of handling large datasets with low latency, including solid-state drives (SSDs) and high-capacity storage arrays
Specialized AI accelerators (e.g., TPUs) for specific AI tasks to improve efficiency

Software Components

AI infrastructure requires a software stack that supports AI model development, deployment, and management. This includes:

AI frameworks and libraries (e.g., TensorFlow, PyTorch) that facilitate model building and training
Data management platforms to handle data ingestion, preprocessing, labeling, and storage with adherence to privacy by design principles
Security software to enforce access controls, encryption, and monitoring aligned with secure by design practices
DevSecOps tools integrated with AI workflows to ensure continuous security and compliance throughout the AI life cycle

The software environment must be designed to support the transparency, explainability, and auditability of AI models, enabling effective governance and risk management.

Network Components

Reliable and secure network infrastructure is essential to support data transfer, model training, and AI service delivery. Key considerations include:

High-bandwidth, low-latency connectivity to facilitate rapid data movement between storage, compute nodes, and end users
Network segmentation and isolation to protect sensitive AI workloads and data from unauthorized access or lateral movement by threat actors
Robust encryption and key management protocols for data in transit to maintain confidentiality and integrity
Redundancy and failover mechanisms to ensure resilience and availability of AI services

When leveraging cloud services, organizations must understand the shared responsibility model and implement controls to mitigate risk such as unauthorized use, compromised credentials, and incomplete data deletion. Due diligence in selecting cloud service providers (CSPs) and ongoing oversight are critical to maintaining security and compliance.

Security, Resilience, and Efficiency Considerations

AI infrastructure must be designed with security and resilience as foundational principles. This includes:

Embedding security controls from inception (secure by design) to protect AI models, data pipelines, and infrastructure components against cyberthreats
Implementing privacy controls to comply with regulations such as the General Data Protection Regulation (GDPR) and to manage consent for data use in AI training and testing
Ensuring scalability to accommodate growing data volumes and computational demands without degradation of performance or security posture
Establishing monitoring and incident response capabilities to detect and respond to anomalies or breaches promptly, leveraging AI-powered security tools where appropriate

Efficiency in AI infrastructure not only reduces operational costs but also supports faster innovation cycles and improves AI solution quality. Organizations should adopt quality management systems and maintain comprehensive documentation to support compliance, transparency, and continuous improvement (see 2.1.1 Design Principles for AI for more information).

2.2 Data Requirements for AI Models

AI models require diverse data types, including structured data (e.g., relational databases with defined schemas) and unstructured data (e.g., text, images, audio, video) to capture the complexity of real-world scenarios. When designing an AI solution, it is important to consider what data is needed based on the type of model selected.

2.2.1 Structured Data vs. Unstructured Data

Data used in AI typically falls into two broad categories:

Structured data is organized into predefined formats, often stored in relational databases with schemas and data dictionaries that describe data types, sizes, formats, and relationships. This type of data is easier to query and manage, making it a common source for AI training and analytics.
Unstructured data lacks a predefined format or schema and includes diverse formats such as text files, audio, video, images, social media posts, and metadata. Collecting unstructured data requires specialized tools and processes to capture, store, and prepare it for AI use.
Semistructured data is in between structured and unstructured data. It lacks rigid schema but uses tags to separate elements. An example would be data in JSON files.

Unstructured data can be stored by an enterprise and fall under a variety of categories. Figure 2.5 shows categories of data that can be used for AI.

A diagram depicts the 8 data types for AI models. — Figure 2.5—Data Types for AI Models

Different model types require different types of data. Supervised learning models require large amounts of labeled training data. If an enterprise has large amounts of high quality, unstructured data available, the choice to use supervised learning could result in costly efforts to process and label data.

2.2.2 Privacy and Security Concerns

A major concern related to the large amounts of data used by AI solutions is the privacy and security of that data. Once a model is chosen and the data requirements are set, enterprises should review available data and ensure that: 1) it can be used for training AI models (e.g., GDPR purpose limitations) and 2) that its sensitivity level is properly classified (e.g., is it personally identifiable information [PII], propriety information). Privacy and security considerations need to persist with the data as it moves from its storage location to where it will be used for AI training and validation. See Part D: AI Data and Asset Management for more information.

2.2.3 Data Collection and Processing

Data collection and processing is a vital phase in the AI life cycle, as the quality of data directly impacts the performance and reliability of an AI solution. Without proper consideration of risk during the data collection and processing phase, the organization is at greater risk of poor AI solution outputs from an accuracy, bias, and general privacy/compliance perspective.

This phase begins with gathering data from various sources, which may include structured datasets, unstructured text, images, or sensor data. During data collection, consent should be obtained for collected data used in the creation of a new AI solution. Without proper consent and disclosure of the use of an AI solution, the organization implementing the AI solution may break multiple privacy-related laws and introduce unnecessary litigation risk.

The gathered data must then be cleaned, removing any inconsistencies, duplications, or errors, to ensure that it is accurate and usable for analysis. Performing checks for completeness and quality is essential to verify that the dataset covers the necessary scope and meets the requirements to fulfill the defined business case. This involves assessing the dataset for missing information, anomalies, and outliers that could skew the results. Some form of quality check should include evaluating the relevance and timeliness of the data, ensuring that it is up to date and pertinent to the AI solution’s business objectives.

Documenting the characteristics of the dataset is a critical step that helps to provide transparency and accountability. This documentation should include detailed information on how the dataset was created, such as the methods and tools used for data collection, the sources of the data, and any preprocessing steps performed. It should also describe the composition of the dataset, including the types of data, the number of records, and the distribution of key variables. Documentation should be auditable to ensure that proper data governance can be maintained.

The intended uses of the dataset should be clearly outlined, specifying the AI applications or use cases it supports. This helps to ensure that the data is fit for purpose and aligns with the goals of the AI project. Additionally, documenting how the dataset was maintained over time is important for tracking changes and updates, as well as for auditing purposes. Documentation should include information on version control, data retention policies, and any modifications made to the dataset.

By thoroughly addressing data collection and processing, AI developers can create a solid input for building robust and reliable AI models. Properly managed data contributes to the overall trustworthiness of the AI system and enhances its ability to deliver accurate and meaningful results.

See Part D: AI Data and Asset Management for more information.

2.3 Procurement of AI Solutions

As discussed in 1.4 AI Business Strategies, many enterprises choose to procure AI solutions (or portions of an AI solution) rather than build their own from the ground up. However, acquiring AI solutions also involves similar considerations during the planning and design phase as an enterprise that is building its own AI solution.

As with an AI project that is built in-house, enterprises will still need to ensure that a purchased solution meets the needs and objectives of the business. Some aspects of AI development that enterprises may procure include:¹⁰¹

Third-party AI models—Enterprises may choose to leverage a pretrained model, especially with generative AI (GenAI) solutions. Often, enterprises connect to these models via an application programming interface (API), with a user interface on the customer side. When procuring these services, it is important to consider intellectual property (IP) rights, fairness and bias testing, and responsibility for model outputs.
Datasets—Enterprises may also procure data from third parties to help train their models. Likewise, vendors will process the contracting organization’s data in the AI solution. It is important to establish data provenance in both cases to ensure data procured and used is able to be processed for this purpose. See Part D: AI Data and Asset Management for more information.

Some key considerations for contracting with an AI provider are listed in figure 2.6. See Part E: AI Supply Chain Risk Management for more information.

Figure 2.6—Contract Considerations for Procuring AI Solutions

Consideration	Description
Structure	Contracts should be flexible enough to allow for the iterative nature of artificial intelligence (AI) solution development and should consider AI life cycle phases.
Data	The contract should clearly define what customer data the vendor will have access to. Likewise, it should be clear if any data used to train the vendor’s model contains copyrighted information or any other intellectual property (IP) concerns.
Roles and responsibilities	Roles and responsibilities for training, testing, and validating the model should be defined in the contract. Metrics and processes (e.g., audit) for confirming that the model is working as expected should be included. Collaboration and shared responsibility should also be addressed.
Model performance	Service level agreements (SLAs) and model performance standards should be defined in the contract. AI decision making should be explainable and transparent.
Standards and regulations	Vendors should comply with the standards and regulations that the customer has identified as applicable to the enterprise. These should be regularly reviewed and updated as the regulatory landscape for AI evolves.
Security	In addition to traditional IT security considerations, the contract should include AI-specific threats, such as prompt injection, model inversion, data poisoning, etc. The vendor’s approach to monitoring for and protecting against emerging AI threats should also be identified.
Exit strategy	Vendor lock-in is a main concern when contracting with a third party providing a software solution. The complexity of AI solutions exacerbates this issue. This can be minimized by addressing explainability and transparency issues and understanding how the AI solution works. Require portability of data and models and clarity on IP rights transfer upon termination.

Source: Data from Joukador, P.; Thayalan, P.; “Procuring AI—Commercial considerations checklist,” RPC, 10 June 2025, link; Burge, D.; “You can’t AI-ways get what you want: Key considerations in procuring artificial intelligence,” Dentons, 7 January 2025, link

2.4 Build, Adapt, and Document Models

Model building and interpretation involves the creation or selection of models or algorithms, training and fine tuning, and interpretation of the outputs. This phase is crucial, as it takes the collected data and transforms it into actionable insights, and training can carry the risk of overfitting if validation datasets are not well-balanced. Without properly addressing risk during this phase, the implementing organization is at risk of lacking proper explainability and robustness of the AI solution.

The initial step in this process is to determine the appropriate model or algorithm that suits the AI project’s objectives. This selection is based on factors such as the nature of the data, the complexity of the problem, and the desired outcomes.

Once a model is chosen, it undergoes training and fine tuning of the model’s parameters to improve its performance and accuracy. This step is iterative, requiring numerous rounds of testing and adjustments to ensure the predictions of the model are as precise as possible. Training the model involves inputting large volumes of data so that it can learn from patterns and make informed predictions or decisions.

Explainability of the model is a vital aspect that involves understanding how the model arrives at its predictions or decisions. This includes analyzing the model’s behavior, identifying key variables that influence outcomes, and ensuring that the model operates transparently and ethically. This interpretation helps not only in refining the model but also in building trust with key stakeholders who will rely on the AI solution’s outputs.

In addition to model building and interpretation, a system should be designed to record key events automatically. This helps to ensure that there is a comprehensive record of all actions and decisions made by the AI solution. Automated event recording facilitates monitoring and auditing, enabling developers to track the AI solution’s performance and identify any anomalies or issues promptly to further enable human in the loop (HITL) oversight.

By meticulously building, training, and interpreting models, along with incorporating automated event recording and human oversight, AI developers can create systems that are not only accurate and effective but also trustworthy and secure. These practices contribute to the development of AI solutions that are robust, reliable, and aligned with ethical standards, ultimately leading to successful and impactful AI deployments.

2.4.1 Model Documentation

Documenting the design of a model is key to ensuring explainability and transparency throughout the AI life cycle. Documentation should include information on all AI models used by the organization (e.g., model cards), and it is a key aspect of responsible AI (RAI) use. It is a key source of information for various stakeholders in the enterprise, including developers, data scientists, incident response teams, and end users. Thorough AI model documentation is becoming increasingly important for compliance and audit and can help to retain knowledge in a centralized location (as opposed to in the minds of key employees) and ensure best practices are followed in development.

Key components of AI model documentation include:¹⁰²

The model used
The data used to develop it
Data preprocessing and cleansing steps taken
Testing and experiments performed
Intended use cases and assumptions
Performance metrics
Limitations
Stakeholders
Version history
Fairness and bias testing

2.4.2 Model Cards

Model cards are files that accompany AI models and provide concise information about the model details (e.g., architecture, training dataset), performance metrics, and use case limitations¹⁰³ in accordance with emerging regulatory expectations. They provide organizations with the information needed to start developing targeted and specific use cases to test the model’s performance to identify weaknesses, and they can help develop usage guidelines, making them a key governance tool. Development and use of model cards fosters greater transparency and trust in AI systems and models.

Key elements of a model card include:¹⁰⁴

Model details—Basic information about the model, such as the name of the model, a general description, version information, parameters, fairness constraints, license information, etc., and information on the people responsible and accountable for the model
Use case—A description of the intended uses, use cases, and users of the model
Architecture information—Information about the overall model design and any hardware that runs or hosts the model and its data. This also includes any underlying technologies required to run the model.
Training information—A summary of the training dataset, including what data was used; how, where, and when the data was obtained; statistical distribution; and any other information related to the data. Some organizations may choose to limit the level of detail in the section, as training data may include proprietary information.
Performance metrics—How the model performs against a testing dataset along with the intended performance of the model, including any internal or external factors that influence the model’s behavior
Limitations and biases—Any known variables, limitations, or potential biases that may affect the performance of the model
Ethical considerations—Details related to ethical concerns, such as privacy, fairness, and human and societal impacts related to the use of the model

Many commercially available AI models, such as Meta Llama 2 and OpenAI GPT-5, provide model cards for their tools. Model card templates are also commonly available, but it is important to validate these templates to require extensive customization as they can lack sufficient detail.

2.4.3 Considerations for Model Documentation

In many cases, AI model documentation is a time-consuming, manual process that requires collaboration among many teams to be complete. Often, these documents are saved as PDFs, slide decks, Confluence sites, or other static files, which may or may not be housed in a central location. Additional challenges for AI model documentation include:¹⁰⁵

Lack of real-time documentation—Many developers will create documentation after the fact, which can lead to incomplete information. Some developers will also fail to provide any documentation at all.
Errors and gaps in knowledge—Human error is a common issue in manual documentation. These errors, along with employee turnover, can lead to incomplete information and gaps in understanding.
Difficulty in scaling documentation—As enterprises leverage more and more AI solutions, it becomes difficult for teams to maintain current documentation.

Enterprises can address these concerns in a few ways:¹⁰⁶

Start documentation in the design phase.
Leverage templates like model cards.
Ensure documentation can be accessed by key stakeholders easily.
Update and review documentation on a regular basis.
Assign an owner to each model document.