Home › Tracks › AI Safety, Alignment & Interpretability › AI Governance: Model Cards, the EU AI Act & NIST AI RMF
Week 10 concept
AI Governance: Model Cards, the EU AI Act & NIST AI RMF
The compliance layer that ships with a model: model cards and system cards, the EU AI Act risk tiers and its August 2026 transparency rules, and the NIST AI RMF Govern-Map-Measure-Manage core that frames responsible AI in practice.
Bridges to Information Security — policy, compliance, and audit-ready documentationBuilds on: Safety Evaluations & Dangerous-Capability Testing
Study notes
Master this concept.
AI Governance: Model Cards, EU AI Act & NIST AI RMF
What it is
AI Governance is the set of frameworks, laws, and documentation standards used to ensure AI systems are safe, transparent, and accountable. It moves AI development from "experimental code" to "regulated product" by requiring developers to document how a model works, how it was tested, and where it might fail.
Why it matters
In production, a model is not just an algorithm; it is a liability. Without governance, developers cannot prove a system is unbiased or safe to the public or regulators. These frameworks provide a standardized language for engineers to communicate risk to non-technical stakeholders and legal bodies, preventing costly recalls or legal penalties.
Core Concepts
- Model & System Cards: Standardized "nutrition labels" for AI. They disclose training data, intended use cases, limitations, and performance benchmarks so users know when the model is unreliable.
- EU AI Act: The world's first comprehensive AI law. It uses a risk-based approach, categorizing AI into tiers (Unacceptable, High, Limited, and Minimal risk). High-risk systems face strict requirements, and by August 2026, specific transparency rules for general-purpose AI will be mandatory.
- NIST AI RMF: A voluntary framework centered on four functions: Govern (creating a culture of risk management), Map (identifying context and risks), Measure (quantifying those risks), and Manage (implementing controls to mitigate them).
Common Mistakes
- Treating it as a checklist: Viewing governance as a "final step" rather than integrating it into the entire development lifecycle.
- Confusing RMF with Law: Thinking that following the NIST AI RMF automatically makes a system legal under the EU AI Act; the RMF is a guide for *how* to manage risk, while the Act is a legal mandate on *what* must be achieved.
- Vague Documentation: Writing model cards that use marketing language instead of concrete data and failure cases.
Track Connection
Governance is the operational layer of the AI Safety track. While *Alignment* focuses on the technical goal of making the model do what we want, and *Interpretability* focuses on understanding why it does it, *Governance* provides the formal structure to document, verify, and legally certify those safety and alignment efforts.
Go to the source
Read, watch, and practice.
Free, world-class material chosen for this concept.