Use: complete one per AI feature at validation (before deployment) and on each re-evaluation (default 24 months; sooner on material change). Owner: product owner with CISO + General Counsel. File the completed record as the AI Review Log entry referenced by the feature’s model card. Frameworks: ISO/IEC 42001 A.6.2.4; EU AI Act Arts. 9–15; supports NYC LL144 / state bias-audit obligations.
Replace every {{var}} placeholder. Do not deploy a high-risk feature until this record is complete and, where required, an independent bias-audit summary is attached.

1. System identification

  • Feature / system: {{feature_name}}
  • Model and version: {{model_and_version}} (link the model card)
  • Intended use / users: {{intended_use_users}}
  • EU AI Act tier + Annex III screen result: {{eu_ai_act_tier}}
  • Evaluation date / evaluator: {{evaluation_date}} / {{evaluator}}

2. Performance evaluation

MetricMethod / datasetResultThresholdPass?
{{perf_metric_1}}{{perf_method_1}}{{perf_result_1}}{{perf_threshold_1}}{{perf_pass_1}}
{{perf_metric_2}}{{perf_method_2}}{{perf_result_2}}{{perf_threshold_2}}{{perf_pass_2}}

3. Bias & fairness evaluation (for people-affecting features)

  • Method: {{bias_method}}
  • Cohorts tested: {{bias_cohorts}}
  • Results: {{bias_results}}
  • Independent auditor (if high-risk / AEDT): {{bias_auditor}}
  • Outcome: {{bias_outcome}}
See the Employment-AI Bias-Audit and Disparate-Impact Testing Procedure.

4. Robustness, safety & limitations

  • Known failure modes: {{failure_modes}}
  • Adversarial / edge-case testing: {{adversarial_testing}}
  • Hallucination / error handling: {{hallucination_handling}}
  • Recommended uses to avoid: {{uses_to_avoid}}

5. Privacy evaluation

  • Training-data basis & deidentification: {{training_data_deid}}
  • Re-identification audit result (if applicable): {{reidentification_result}}
  • Data minimization in inputs/outputs/logging: {{data_minimization}}

6. Transparency & human oversight

  • AI-interaction / AI-content disclosure shipped: {{disclosure_shipped}} (EU AI Act Art. 50)
  • Human-in-the-loop for consequential decisions: {{human_in_the_loop}}
  • Customer-facing instructions for use: {{instructions_for_use}}

7. Validation confirmation

  • All gates passed: {{all_gates_passed}} — if N, list blockers and remediation owners/dates.
  • Approved for deployment by: {{approved_by}} — {{approval_date}}
  • Conditions / monitoring requirements: {{monitoring_requirements}}

Variables

VariableDescription
{{feature_name}}Feature / system name
{{model_and_version}}Provider/model and version
{{intended_use_users}}Intended use / users
{{eu_ai_act_tier}}EU AI Act tier + Annex III screen result (limited-risk / high-risk; rationale)
{{evaluation_date}}Evaluation date
{{evaluator}}Evaluator name; independence basis if bias audit
{{perf_metric_1}}Performance row 1 — metric (accuracy / task metric)
{{perf_method_1}}Performance row 1 — method / dataset (benchmark / held-out set)
{{perf_result_1}}Performance row 1 — result
{{perf_threshold_1}}Performance row 1 — threshold
{{perf_pass_1}}Performance row 1 — pass? (Y/N)
{{perf_metric_2}}Performance row 2 — metric (latency / availability)
{{perf_method_2}}Performance row 2 — method / dataset
{{perf_result_2}}Performance row 2 — result
{{perf_threshold_2}}Performance row 2 — threshold
{{perf_pass_2}}Performance row 2 — pass? (Y/N)
{{bias_method}}Bias-evaluation method (4/5ths-rule disparate-impact; subgroup-parity)
{{bias_cohorts}}Cohorts tested (protected-class proxies / cohorts)
{{bias_results}}Bias results (adverse-impact ratios; subgroup metrics)
{{bias_auditor}}Independent auditor (if high-risk / AEDT) — auditor; date; summary link
{{bias_outcome}}Bias-evaluation outcome (pass / remediate / do-not-deploy)
{{failure_modes}}Known failure modes
{{adversarial_testing}}Adversarial / edge-case testing
{{hallucination_handling}}Hallucination / error handling
{{uses_to_avoid}}Recommended uses to avoid
{{training_data_deid}}Training-data basis and deidentification (Deidentification Standard stage; parameters)
{{reidentification_result}}Re-identification audit result (link / N/A)
{{data_minimization}}Data minimization in inputs/outputs/logging
{{disclosure_shipped}}AI-interaction / AI-content disclosure shipped (Y/N; mechanism)
{{human_in_the_loop}}Human-in-the-loop oversight control for consequential decisions
{{instructions_for_use}}Customer-facing instructions for use (link)
{{all_gates_passed}}Whether all gates passed (Y/N)
{{approved_by}}Approver — AIMS Owner / AI review group
{{approval_date}}Date of approval
{{monitoring_requirements}}Conditions / monitoring requirements (post-market monitoring cadence; re-eval trigger)

Cross-references