C6. Model Origin Risk Assessment

v2.4.0 | Report Errata

docs artefact-taxonomy docs artefact-taxonomy

C6. Model Origin Risk Assessment Evaluation of provenance, governance quality, and inherited risk for each model component (open-source, commercial, GPAI). Reviews model cards, dataset descriptions, evaluation reports, adversarial evaluation history, licence terms, and governance practices. Common gaps include absent disaggregated fairness metrics and incomplete adversarial robustness evaluation. Responsible party: AI System Assessor conducts. Technical SME provides technical evaluation. Regulations addressed: Article 25(3) (information from GPAI providers); Article 53 (GPAI transparency obligations); Article 51(2) (systemic risk assessment). Key outputs

Per-component provenance risk rating
Upstream documentation gap analysis
Compensating control specification for inherited risks