Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AI Cards: Towards an Applied Framework for Machine-Readable AI and Risk Documentation Inspired by the EU AI Act

Delaram Golpayegani, Isabelle Hupont, Cecilia Panigutti, Harshvardhan J. Pandit, Sven Schade, Declan O'Sullivan, Dave Lewis

TL;DR

This paper analyzes the EU AI Act's documentation requirements with a focus on technical and risk-management documentation, and proposes AI Cards as a holistic framework that combines human-readable overviews with machine-readable specifications. It introduces a semantic, ontology-driven machine-readable model (extending AIRO) to represent AI Card information in RDF, enabling querying, updating, and automation for compliance tasks using SHACL and policy languages like ODRL. A nine-element AI Card structure covers general information, intended use, components, data processing, human involvement, risk profile, quality, pre-determined changes, and regulatory alignment, supported by a proof-of-concept proctoring system and a validation study. The framework aims to enhance interoperability, traceability, and regulator-friendly automation across the AI value chain, with planned expansion to standards alignment (GDPR, DSA, DGA) and tool support for RegTech and FRIA activities.

Abstract

With the upcoming enforcement of the EU AI Act, documentation of high-risk AI systems and their risk management information will become a legal requirement playing a pivotal role in demonstration of compliance. Despite its importance, there is a lack of standards and guidelines to assist with drawing up AI and risk documentation aligned with the AI Act. This paper aims to address this gap by providing an in-depth analysis of the AI Act's provisions regarding technical documentation, wherein we particularly focus on AI risk management. On the basis of this analysis, we propose AI Cards as a novel holistic framework for representing a given intended use of an AI system by encompassing information regarding technical specifications, context of use, and risk management, both in human- and machine-readable formats. While the human-readable representation of AI Cards provides AI stakeholders with a transparent and comprehensible overview of the AI use case, its machine-readable specification leverages on state of the art Semantic Web technologies to embody the interoperability needed for exchanging documentation within the AI value chain. This brings the flexibility required for reflecting changes applied to the AI system and its context, provides the scalability needed to accommodate potential amendments to legal requirements, and enables development of automated tools to assist with legal compliance and conformity assessment tasks. To solidify the benefits, we provide an exemplar AI Card for an AI-based student proctoring system and further discuss its potential applications within and beyond the context of the AI Act.

AI Cards: Towards an Applied Framework for Machine-Readable AI and Risk Documentation Inspired by the EU AI Act

TL;DR

This paper analyzes the EU AI Act's documentation requirements with a focus on technical and risk-management documentation, and proposes AI Cards as a holistic framework that combines human-readable overviews with machine-readable specifications. It introduces a semantic, ontology-driven machine-readable model (extending AIRO) to represent AI Card information in RDF, enabling querying, updating, and automation for compliance tasks using SHACL and policy languages like ODRL. A nine-element AI Card structure covers general information, intended use, components, data processing, human involvement, risk profile, quality, pre-determined changes, and regulatory alignment, supported by a proof-of-concept proctoring system and a validation study. The framework aims to enhance interoperability, traceability, and regulator-friendly automation across the AI value chain, with planned expansion to standards alignment (GDPR, DSA, DGA) and tool support for RegTech and FRIA activities.

Abstract

With the upcoming enforcement of the EU AI Act, documentation of high-risk AI systems and their risk management information will become a legal requirement playing a pivotal role in demonstration of compliance. Despite its importance, there is a lack of standards and guidelines to assist with drawing up AI and risk documentation aligned with the AI Act. This paper aims to address this gap by providing an in-depth analysis of the AI Act's provisions regarding technical documentation, wherein we particularly focus on AI risk management. On the basis of this analysis, we propose AI Cards as a novel holistic framework for representing a given intended use of an AI system by encompassing information regarding technical specifications, context of use, and risk management, both in human- and machine-readable formats. While the human-readable representation of AI Cards provides AI stakeholders with a transparent and comprehensible overview of the AI use case, its machine-readable specification leverages on state of the art Semantic Web technologies to embody the interoperability needed for exchanging documentation within the AI value chain. This brings the flexibility required for reflecting changes applied to the AI system and its context, provides the scalability needed to accommodate potential amendments to legal requirements, and enables development of automated tools to assist with legal compliance and conformity assessment tasks. To solidify the benefits, we provide an exemplar AI Card for an AI-based student proctoring system and further discuss its potential applications within and beyond the context of the AI Act.
Paper Structure (31 sections, 5 figures, 2 tables)

This paper contains 31 sections, 5 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Previous Studies on the AI Act's Documentation and Risk Management Requirements
  4. Alignment of Existing Documentation Practices with the AI Act
  5. Machine-Readable Data, Model, and AI System Documentation
  6. Provisions of the EU AI Act Regarding Documentation of AI Systems
  7. Article 11 and Annex IV - Technical Documentation
  8. Article 9 - Risk Management System Documentation
  9. AI Cards
  10. Development Process
  11. Information Elements
  12. (1) General Information
  13. (2) Intended Use
  14. (3) Key Components
  15. (4) Data Processing
  16. ...and 16 more sections

Figures (5)

  • Figure 1: High-risk AI systems' documentation requirements as per the AI Act.
  • Figure 2: Information elements identified for AI risk management system documentation (note they are inspired by ISO/IEC 42001 and 23894, and therefore will be updated according to the AI Act's future official harmonised standards).
  • Figure 3: Visual representation of AI Cards.
  • Figure 4: An extension of AIRO for AI Cards.
  • Figure 5: An example of AI Card for an AI-based proctoring system.