Use: complete one per AI feature at validation (before deployment) and on each re-evaluation (default 24 months; sooner on material change). Owner: product owner with CISO + General Counsel. File the completed record as the AI Review Log entry referenced by the feature’s model card. Frameworks: ISO/IEC 42001 A.6.2.4; EU AI Act Arts. 9–15; supports NYC LL144 / state bias-audit obligations.
Replace every {{var}} placeholder. Do not deploy a high-risk feature until this record is complete and, where required, an independent bias-audit summary is attached.
1. System identification
- Feature / system: {{feature_name}}
- Model and version: {{model_and_version}} (link the model card)
- Intended use / users: {{intended_use_users}}
- EU AI Act tier + Annex III screen result: {{eu_ai_act_tier}}
- Evaluation date / evaluator: {{evaluation_date}} / {{evaluator}}
2. Performance evaluation
| Metric | Method / dataset | Result | Threshold | Pass? |
|---|---|---|---|---|
| {{perf_metric_1}} | {{perf_method_1}} | {{perf_result_1}} | {{perf_threshold_1}} | {{perf_pass_1}} |
| {{perf_metric_2}} | {{perf_method_2}} | {{perf_result_2}} | {{perf_threshold_2}} | {{perf_pass_2}} |
3. Bias & fairness evaluation (for people-affecting features)
- Method: {{bias_method}}
- Cohorts tested: {{bias_cohorts}}
- Results: {{bias_results}}
- Independent auditor (if high-risk / AEDT): {{bias_auditor}}
- Outcome: {{bias_outcome}}
4. Robustness, safety & limitations
- Known failure modes: {{failure_modes}}
- Adversarial / edge-case testing: {{adversarial_testing}}
- Hallucination / error handling: {{hallucination_handling}}
- Recommended uses to avoid: {{uses_to_avoid}}
5. Privacy evaluation
- Training-data basis & deidentification: {{training_data_deid}}
- Re-identification audit result (if applicable): {{reidentification_result}}
- Data minimization in inputs/outputs/logging: {{data_minimization}}
6. Transparency & human oversight
- AI-interaction / AI-content disclosure shipped: {{disclosure_shipped}} (EU AI Act Art. 50)
- Human-in-the-loop for consequential decisions: {{human_in_the_loop}}
- Customer-facing instructions for use: {{instructions_for_use}}
7. Validation confirmation
- All gates passed: {{all_gates_passed}} — if N, list blockers and remediation owners/dates.
- Approved for deployment by: {{approved_by}} — {{approval_date}}
- Conditions / monitoring requirements: {{monitoring_requirements}}
Variables
| Variable | Description |
|---|---|
{{feature_name}} | Feature / system name |
{{model_and_version}} | Provider/model and version |
{{intended_use_users}} | Intended use / users |
{{eu_ai_act_tier}} | EU AI Act tier + Annex III screen result (limited-risk / high-risk; rationale) |
{{evaluation_date}} | Evaluation date |
{{evaluator}} | Evaluator name; independence basis if bias audit |
{{perf_metric_1}} | Performance row 1 — metric (accuracy / task metric) |
{{perf_method_1}} | Performance row 1 — method / dataset (benchmark / held-out set) |
{{perf_result_1}} | Performance row 1 — result |
{{perf_threshold_1}} | Performance row 1 — threshold |
{{perf_pass_1}} | Performance row 1 — pass? (Y/N) |
{{perf_metric_2}} | Performance row 2 — metric (latency / availability) |
{{perf_method_2}} | Performance row 2 — method / dataset |
{{perf_result_2}} | Performance row 2 — result |
{{perf_threshold_2}} | Performance row 2 — threshold |
{{perf_pass_2}} | Performance row 2 — pass? (Y/N) |
{{bias_method}} | Bias-evaluation method (4/5ths-rule disparate-impact; subgroup-parity) |
{{bias_cohorts}} | Cohorts tested (protected-class proxies / cohorts) |
{{bias_results}} | Bias results (adverse-impact ratios; subgroup metrics) |
{{bias_auditor}} | Independent auditor (if high-risk / AEDT) — auditor; date; summary link |
{{bias_outcome}} | Bias-evaluation outcome (pass / remediate / do-not-deploy) |
{{failure_modes}} | Known failure modes |
{{adversarial_testing}} | Adversarial / edge-case testing |
{{hallucination_handling}} | Hallucination / error handling |
{{uses_to_avoid}} | Recommended uses to avoid |
{{training_data_deid}} | Training-data basis and deidentification (Deidentification Standard stage; parameters) |
{{reidentification_result}} | Re-identification audit result (link / N/A) |
{{data_minimization}} | Data minimization in inputs/outputs/logging |
{{disclosure_shipped}} | AI-interaction / AI-content disclosure shipped (Y/N; mechanism) |
{{human_in_the_loop}} | Human-in-the-loop oversight control for consequential decisions |
{{instructions_for_use}} | Customer-facing instructions for use (link) |
{{all_gates_passed}} | Whether all gates passed (Y/N) |
{{approved_by}} | Approver — AIMS Owner / AI review group |
{{approval_date}} | Date of approval |
{{monitoring_requirements}} | Conditions / monitoring requirements (post-market monitoring cadence; re-eval trigger) |