AI Safety Frameworks Should Include Procedures for Model Access Decisions
Edward Kembery, Tom Reed
TL;DR
The paper argues that safety frameworks for frontier AI must explicitly govern access decisions, not only model deployment. It introduces Responsible Access Policies (RAPs) as a framework that requires empirical evaluation of different access styles, risk profiling of user groups, and robust pre-commitments to grant or revoke access, complemented by an Access Assessment Matrix to organize decisions. The authors define core terminology—Model Aspects, Access Styles, and Access Regimes—and outline procedures for pre-commitments, evaluation protocols, and transparent governance. Adoption of RAPs is presented as essential for credible, auditable governance that can guide regulators, researchers, and industry as AI capabilities evolve and expand the global access landscape.
Abstract
The downstream use cases, benefits, and risks of AI models depend significantly on what sort of access is provided to the model, and who it is provided to. Though existing safety frameworks and AI developer usage policies recognise that the risk posed by a given model depends on the level of access provided to a given audience, the procedures they use to make decisions about model access are ad hoc, opaque, and lacking in empirical substantiation. This paper consequently proposes that frontier AI companies build on existing safety frameworks by outlining transparent procedures for making decisions about model access, which we term Responsible Access Policies (RAPs). We recommend that, at a minimum, RAPs should include the following: i) processes for empirically evaluating model capabilities given different styles of access, ii) processes for assessing the risk profiles of different categories of user, and iii) clear and robust pre-commitments regarding when to grant or revoke specific types of access for particular groups under specified conditions.