C1: Safety & Security Framework

Establish the governance policies and risk assessment processes.

Step 1 of 10

Commitment Progress0% (0/12)

REQ-1.1-01Measure 1.1 (Page 6)

Has the provider created a state-of-the-art Safety and Security Framework?

"Signatories will create a state-of-the-art Framework, taking into account the models they are developing, making available on the market, and/or using."

REQ-1.1-02Measure 1.1 (Page 6)

Does the Framework define trigger points for lighter-touch model evaluations?

"The Framework will contain: (1) a description and justification of the trigger points and their usage, at which the Signatories will conduct additional lighter-touch model evaluations along the entire model lifecycle."

REQ-1.1-03Measure 1.1 (Page 6)

Are systemic risk acceptance criteria and tiers defined and justified?

"The Framework will contain: (a) a description and justification of the systemic risk acceptance criteria, including the systemic risk tiers, and their usage."

REQ-1.1-04Measure 1.1 (Page 6)

Are timelines estimated for models exceeding currently reached risk tiers?

"The Framework will contain: (c) for each systemic risk... estimates of timelines when Signatories reasonably foresee that they will have a model that exceeds the highest systemic risk tier already reached."

REQ-1.1-05Measure 1.1 (Page 6)

Is the allocation of systemic risk responsibility documented?

"The Framework will contain: (3) a description of how systemic risk responsibility is allocated for the processes by which systemic risk is assessed and mitigated."

REQ-1.1-06Measure 1.1 (Page 6)

Is the Framework update process defined?

"The Framework will contain: (4) a description of the process by which Signatories will update the Framework, including how they will determine that an updated Framework is confirmed."

REQ-1.2-01Measure 1.2 (Page 6)

Are lighter-touch evaluations conducted at defined trigger points?

"Signatories will continuously: (a) conducting lighter-touch model evaluations... at appropriate trigger points."

REQ-1.2-02Measure 1.2 (Page 6)

Is a full systemic risk assessment completed before market placement?

"Signatories will conduct such a full systemic risk assessment and mitigation process at least before placing the model on the market."

REQ-1.3-01Measure 1.3 (Page 6)

Is the Framework updated following an adequacy assessment or material change?

"Signatories will update the Framework as appropriate... to ensure the information in Measure 1.1 is kept up-to-date and the Framework is at least state-of-the-art."

REQ-1.3-02Measure 1.3 (Page 6)

Has a Framework assessment been conducted within the last 12 months?

"Signatories will conduct an appropriate Framework assessment... every 12 months starting from their placing of the model on the market, whichever is sooner."

REQ-1.3-03Measure 1.3 (Page 6)

Have remediation plans been created for identified risks of non-adherence?

"If point(s) (a) and/or (b) give rise to risks of future non-adherence, Signatories will make remediation plans as part of their Framework assessment."

REQ-1.4-01Measure 1.4 (Page 10)

Has the unredacted Framework been shared with the AI Office?

"Signatories will provide the AI Office with (unredacted) access to their Framework, and updates thereof, within five business days of either being confirmed."