Register Owner: CTO and General Counsel
Effective Date: May 8, 2026
Reviewed: On each material model change and at least annually
Next Review: May 8, 2027
Effective Date: May 8, 2026
Reviewed: On each material model change and at least annually
Next Review: May 8, 2027
Operational mirror: the technical artifacts (training datasets, eval scripts, model weights) live in the engineering data lake / model store. This registry is the human-readable summary referenced from the policy and from external trust-center materials.
Model-card schema
Every entry captures the following sections:- Model identity — name, version, intended customer use, owner.
- Provider — own-trained / Anthropic / OpenAI / AWS Bedrock / other (cite specific model and version).
- Training data summary — for own-trained models, source data categories and licensing. For third-party models, refer to the provider’s published documentation and Neuroscale’s enterprise terms.
- Evaluation — benchmarks used, metrics, current scores, evaluation date. Include any fairness / bias evaluations relevant to the use case.
- Known limitations — failure modes, situations where the model should not be used.
- Recommended uses to avoid — explicit list (e.g., “Do not use for medical diagnosis,” “Do not use as the sole basis for a hiring decision”).
- Data flow — what customer data flows to / from the model, what is logged, and what retention applies.
- EU AI Act classification — provisional tiering (prohibited / high-risk / limited-risk / minimal-risk) plus GPAI / systemic-risk flag where applicable. Confirmed by counsel before EU launch. Mandatory Annex III screen: every feature card must record an explicit yes/no determination of whether the feature is an Annex III(4) high-risk AI system (recruitment or selection of natural persons, including placing targeted job ads, screening or filtering applications, or evaluating/ranking candidates), with a one-line rationale. A “limited-risk” or “minimal-risk” tag is not valid without this recorded screen. Where the feature is recruitment/screening/ranking, the default is high-risk unless an Art. 6(3) derogation is documented and counsel-approved. High-risk features carry the provider obligations in the AI Acceptable Use Policy and a FRIA per the DPIA Procedure.
- Customer disclosures required — text used in product UI and in customer DPAs.
- DPIA reference — link to the DPIA covering the processing.
- AI review record — link to the AI Review Log entry that approved this version.
- Re-review date — default 24 months; sooner on material change.
Active models (customer-facing)
The four entries below are third-party AI provider integrations that power customer-facing product features (and are also approved for internal workforce use). They are listed publicly on the Sub-processor List as of 2026-05-07.| Model / provider | Approved tier | Customer-facing use | Data flow | Customer-facing? | EU AI Act tier (provisional) | DPIA | Review record | Re-review |
|---|---|---|---|---|---|---|---|---|
| Anthropic — Claude (API + Team / Enterprise) | Enterprise / API | Production AI features in Neuroscale products; internal workforce assistant | Customer prompts + retrieved context → Anthropic API → response back to product. Inputs are not used to train Anthropic models per enterprise terms. Full data-flow detail per feature lives in the corresponding DPIA. | Yes | Limited-risk (Neuroscale’s use, under Art. 50 transparency obligations); provider operates a GPAI model. | Customer-facing AI DPIA, DPIA Register | AI Review Log 2026-05-07 | 2028-05-07 |
| OpenAI — ChatGPT / API (Enterprise + API) | Enterprise / API | Production AI features in Neuroscale products; internal workforce assistant | Same as above with OpenAI | Yes | Same as above | Customer-facing AI DPIA, DPIA Register | AI Review Log 2026-05-07 | 2028-05-07 |
| xAI — Grok (API + Enterprise) | Enterprise / API | Production AI features in Neuroscale products; internal workforce assistant | Same as above with xAI | Yes | Same as above | Customer-facing AI DPIA, DPIA Register | AI Review Log 2026-05-07 | 2028-05-07 |
| Cerebras — cerebras.ai inference (API) | Enterprise / API | Production AI features (fast inference); internal workforce assistant | Same as above with Cerebras | Yes | Same as above | Customer-facing AI DPIA, DPIA Register | AI Review Log 2026-05-07 | 2028-05-07 |
Per-feature model cards
A feature card identifies the specific model and version invoked by a named Neuroscale product feature and is the artifact cross-referenced from the corresponding customer-facing DPIA. Provider terms set forth at Active models apply to each feature card by reference and shall not be restated.| Feature | Model and version | Provider row | Intended use | Inputs and outputs logged | Bias and fairness evaluation | EU AI Act tier (provisional) | DPIA | Review record | Re-review |
|---|---|---|---|---|---|---|---|---|---|
| Aurora — customer-facing synthetic media of authenticated user. Governed by AI Acceptable Use → Synthetic media of persons. | Aurora synthesis pipeline (Neuroscale-operated); exact model identifier and version recorded by Engineering at the corresponding AI Review Log entry created at DPIA approval (see DPIA column). | Own-trained / self-hosted — governed by Own-trained and self-hosted models. | Generate AI-synthesized video, audio, and lip-synced media of the authenticated user, from in-person crew-captured source material (no user-uploaded source). | Inputs: in-person video and audio capture of the subject; identity-verification record at the session start; signed release. Outputs: synthesized media files carrying a persistent AI-generated label at the point of display and a C2PA-style provenance manifest on file export where supported. Logged: generation events, output metadata, abuse-monitoring signals; retention per the Records Retention Schedule. | Subgroup-parity evaluation across skin-tone, voice-pitch, and gender-presentation cohorts (artifact-rate parity, lip-sync-quality parity) prior to launch and annually thereafter; methodology, date, and results recorded in the AI Review Log entry. | Limited-risk — EU AI Act Art. 50(4) deep-fake disclosure obligation attaches; not Annex III high-risk because synthesis of a consenting, authenticated subject is not employment / recruitment / education / consequential-decision decisioning. The General Counsel re-confirms tiering prior to placement on the EU market and on each material feature change. | Required before first production deployment — DPIA pending filing per DPIA Procedure; owner General Counsel + CTO. Aurora is not yet a production-available service; the filing gate is first production deployment, so no in-window control gap exists for the initial SOC 2 observation period. The DPIA is filed before Aurora launches. Filed in the DPIA Register. | Pending — AI Review Log entry created at DPIA approval. | 24 months from approval (default); sooner on material change. |
Own-trained and self-hosted models
This section governs (i) models that Neuroscale fine-tunes; (ii) open-source models that Neuroscale self-hosts, including without limitation Llama, Qwen, Mistral, and DeepSeek, where surfaced through a customer feature; and (iii) any model trained from scratch by Neuroscale. Each entry shall comprise the twelve schema fields specified at Model-card schema together with the additional fields tabulated below. Fine-tunes and from-scratch training are subject to the dataset-card requirement set forth in the AI Acceptable Use Policy → Training data. Where a model qualifies as a general-purpose AI model, the training-content summary required by EU AI Act Art. 53(1)(d) shall be prepared and approved by the General Counsel prior to placement on the EU market.| Model identity | Base model and license | Training or fine-tune dataset (dataset card) | Hosting | Provider role | Bias and fairness evaluation | EU AI Act tier; GPAI flag | DPIA | Review record | Re-review |
|---|---|---|---|---|---|---|---|---|---|
Template — to be completed upon first own-trained or self-hosted entry. <internal name; version> | <base model; license (e.g., Llama 3.1 70B; Llama 3 Community License)> | <dataset-card link(s); for inference-only deployments of upstream weights, state "Not applicable; see upstream model card"> | <deployment surface and region> | Neuroscale operates the deployed model; upstream weight licensor identified separately | <method; date; subgroup metrics; link> | <tier>; GPAI: <yes / no>; counsel confirmation required prior to EU placement on market | <DPIA link> | <AI Review Log entry> | <date; default 24 months from approval> |
Provider terms — current state
All four approved providers operate under enterprise / API terms that prohibit training on Neuroscale-submitted inputs. Customer-facing AI processing is disclosed in the Sub-processor List and in the Customer DPA template. Adding a new provider, or moving any data category not previously covered to an existing provider, requires a new AI Risk Review and a DPIA addendum before launch.Adding a model
- Product owner drafts the model card using the schema above.
- Engineering attaches evaluation results.
- General Counsel reviews EU AI Act tiering and customer-disclosure language.
- AI risk-review group approves per the AI Review Log procedure.
- The card is added here; a launch is not authorized until the entry is in this registry.
Retiring a model
When a model is retired or replaced:- The current entry is moved to the Retired table below with the retirement date and the replacement model (if any).
- Customers affected are notified per the relevant DPA notice obligations.
Retired models
| Model identity | Retired on | Replaced by | Notes |
|---|---|---|---|
| None. |
Cross-references
Version history
| Version | Date | Description | Author | Approved by |
|---|---|---|---|---|
| 1.0 | May 8, 2026 | Initial version | Cameron Wolfe | Ishan Jadhwani |