Disclosure of training data, model cards, system-card requirements.
Definition & scope
The cross-jurisdiction picture below shows how each of 45 tracked instruments treats this topic. The patterns vary substantially — explicit conflicts exist where instruments take incompatible positions, and 4 regimes are silent, leaving gaps that future policy work could address.
Regulatory approaches
Beyond which instruments govern, the operative question is *who must disclose what, to whom, and in what form*. The major regimes cluster into four distinct modalities. (1) **Public registration**: the EU AI Act requires providers and public-authority deployers of high-risk systems to enter the system in a Commission-run EU database before market placement (Art. 49, referencing the Art. 71 database), though law-enforcement, migration and border-control systems register in a non-public section accessible only to authorities (Art. 49(4)); critics caution that such registers can become "ethics theater" when they decontextualise the systems they list 1. (2) **Interaction and content marking**: Art. 50 imposes duties to inform people they are interacting with an AI system and to mark synthetic audio, image, video and text in a machine-readable, detectable format, with deepfakes labelled even absent intent to deceive (Art. 50(2), (4)). (3) **Documentation summaries**: for general-purpose models, Art. 53(1)(d) requires a publicly available summary of training-data content, operationalised by the AI Office's mandatory Training Data Summary Template (published 24 July 2025; WilmerHale 2025) — a format prefigured by the dataset-documentation and model-reporting templates such mandates reference 23. (4) **Capability/safety reporting**: voluntary frontier frameworks and California's SB 53 (TFAIA, signed 29 Sept 2025) require large developers to publish a risk-management framework and transparency reports (White & Case 2025). China's Labelling Measures (effective 1 Sept 2025) mandate both explicit user-facing labels and implicit metadata labels (Loeb & Loeb 2025) — a marking model parallel to Art. 50 but enforced through platform-level state oversight rather than a public database. China's earlier Deep Synthesis Provisions already established this dual marking model: Art. 16 requires technical identifiers that do not impede use to be added to generated or edited content, while Art. 17 mandates conspicuous labelling alerting the public to deep-synthesis content. A fifth, workforce-facing modality appears in the EU Platform Work Directive (2024/2831), whose Article 9 requires digital labour platforms to inform platform workers and their representatives about the use, categories, parameters and effects of automated monitoring and decision-making systems.
Key fault lines
Transparency design fractures along several contested axes that the coverage verdicts alone obscure. The sharpest is **public versus regulator-only disclosure**: the EU AI Act's database (Art. 49) and training-data summary (Art. 53(1)(d)) push information toward the general public, whereas China's Interim Measures for Generative AI route disclosure to the Cyberspace Administration rather than the public — the basis of the conflict the coverage table flags between the two regimes. A second fault line is **transparency versus trade secrecy**: Art. 78 of the AI Act preserves intellectual-property rights and trade secrets, including source code, when authorities request information, and scholarship maps precisely which technical details lack trade-secret eligibility and so could still be disclosed without hollowing out the mandate 4. A third is **mandatory versus voluntary architecture** — the US federal baseline shifted from EO 14110's reporting duties to their revocation by EO 14148 (Jan 2025; Federal Register 2025), leaving frontier transparency to voluntary RSPs and to states such as California (90 Fed. Reg. 9088). A fourth, more technical dispute concerns **whether disclosure conveys decision-relevant information at all**: scholarship distinguishes inscrutability from non-intuitiveness (Selbst & Barocas 2018), shows the GDPR confers only a right to be informed rather than a right to explanation of specific decisions 5, and catalogues the broader limits of transparency as a route to accountability 6. These are design choices, not mere coverage gaps, and they explain why nominally aligned 'governs' verdicts can rest on incompatible philosophies.
Trajectory — what is changing (2025–2026)
Transparency obligations are among the fastest-moving corners of AI governance, with several binding deadlines now imminent. In the EU, GPAI training-data summary obligations took effect 2 August 2025, with a grace period to 2 August 2027 for models already on the market (Latham & Watkins 2025); the Art. 50 synthetic-content marking and deepfake-labelling duties become applicable 2 August 2026, though the proposed AI Omnibus contemplates a transitional extension to 2 December 2026 (Greenberg Traurig 2026). The Commission published a voluntary Code of Practice on the marking and labelling of AI-generated content on 10 June 2026, widely expected to become the de facto compliance benchmark for Art. 50 (TechPolicy.Press 2026). As these mandates mature, scholarship warns that statutory access alone may underdeliver: freedom-of-information regimes "generally only grant access to existing documents," so without a mature standard for documenting models, public-sector transparency stays shallow 7, and the audit mandates layered on top can entrench rather than constrain power absent governance of the audit market itself 8. In Asia, China's mandatory labelling regime and national standard GB 45438-2025 took effect 1 September 2025, the first state-mandated content-labelling standard globally (Loeb & Loeb 2025). In the United States, the trajectory diverged from the EU: EO 14110's foundation-model reporting was rescinded by EO 14148 (20 January 2025), with EO 14179 (23 January 2025) setting the deregulatory posture (Federal Register 2025), shifting the locus of binding transparency to the states — California's SB 53 (signed 29 September 2025) now requires large frontier developers to publish risk frameworks and report critical safety incidents (White & Case 2025). The net pattern through 2026 is a widening EU–US gap on *binding* public disclosure, with content-marking obligations converging across the EU and China even as their enforcement architectures differ.
Coverage across jurisdictions
Historical primacy & cross-jurisdiction tension
First addressed by General Data Protection Regulation (GDPR) on (governs). Subsequent regimes have either codified, diverged from, or remained silent on this baseline.
Compare jurisdictions: EU vs US · EU vs UK · EU vs CN
Enforcement & impact
Conflicts and divergence
Instruments that take explicitly conflicting positions on Transparency Obligations.
- conflictsInterim Measures for Generative AI Service Management— Art. 4 + Algorithm Recommendation Rules — disclosure to CAC, not public; conflicts with EU public-disclosure model
Silent regimes — gap signal
Instruments that do not address Transparency Obligations — candidates for future policy work.
- Executive Order 14179 — Removing Barriers to American Leadership in AIUS
- African Union Continental AI StrategyAfrican_Union
- DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting)US
- TAKE IT DOWN Act (Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act)US
See also
Further reading
27 academic & grey-literature sources bearing on this topic — catalogued metadata with a primary link; one-line findings are ✦ AI-generated summaries, labeled as such (charter §7.9). Browse the full literature index.
- The Right to Transparency in Public Governance: Freedom of Information and the Use of Artificial Intelligence by Public Agencies Peer-reviewed✦ AIFinds freedom-of-information regimes "generally only grant access to existing documents" and that with "no mature standard for documenting AI models," public-sector AI transparency is limited.
- On the Quest for Effectiveness in Human Oversight: Interdisciplinary Perspectives Peer-reviewed✦ AISynthesises interdisciplinary evidence to argue that legally mandated human oversight of AI is often ineffective ('rubber-stamp') unless effectiveness conditions are explicitly designed for.
- Law and the Emerging Political Economy of Algorithmic Audits Peer-reviewed✦ AIAnalyses how AI-audit mandates create a new political economy of auditing, warning that audit markets can entrench rather than constrain power without underlying governance.
- Transparent AI? Navigating Between Rules on Trade Secrets and Access to Information Peer-reviewed✦ AIExamines the tension between AI Act disclosure duties and trade-secret protection, identifying which technical details lack trade-secret eligibility to enable transparency.
- Dutch Comfort: The Limits of AI Governance through Municipal Registers Peer-reviewed✦ AICritiques Amsterdam/Helsinki AI registers as risking "ethics theater" by decontextualising and depoliticising algorithmic systems used in the digital welfare state.
- Datasheets for Datasets Peer-reviewed✦ AIProposes "that every dataset be accompanied with a datasheet that documents its motivation, composition, collection process, recommended uses" for transparency and accountability.
- Algorithmic Impact Assessments and Accountability: The Co-construction of Impacts Peer-reviewed✦ AIArgues algorithmic impact assessments depend on how "impacts" are co-constructed, and that AIA regimes must define who measures impacts and to whom accountability is owed.
- Algorithmic impact assessments under the GDPR: producing multi-layered explanations Peer-reviewed✦ AIProposes that GDPR algorithmic impact assessments be combined with individual rights to produce layered, system-and-individual explanations of automated decisions.
- Model Cards for Model Reporting Peer-reviewed✦ AIProposes "model cards" — short documents accompanying trained models with benchmarked evaluation across conditions — the template transparency mandates reference.
- Seeing without knowing: Limitations of the transparency ideal and its application to algorithmic accountability Peer-reviewed✦ AICritiques accountability models resting on "ideals and logics of transparency", presenting ten limitations of transparency as a route to algorithmic accountability.
- Why a Right to Explanation of Automated Decision-Making Does Not Exist in the General Data Protection Regulation Peer-reviewed✦ AIArgues the GDPR mandates only "meaningful, but properly limited, information" about automated decisions — a right to be informed, not a right to explanation of specific decisions.
- Model Card PreprintMitchell et al. (2019), 'Model Cards for Model Reporting,' FAccT '19
- Scalable Oversight PreprintChristiano, P., Shlegeris, B., Amodei, D. (2018), 'Supervising Strong Learners by Amplifying Weak Experts.'
- Capability Elicitation PreprintQi, X., Zeng, Y., Xie, T., Chen, P.-Y., Jia, R., Mittal, P., Henderson, P. (2023), 'Fine-tuning Aligned Language Models Compromises Safety, Even When Users Do Not Intend To!'
- Dual-Use Research Norms (DURC for AI) PreprintSolaiman, I., et al. (2019), 'Release Strategies and the Social Impacts of Language Models' — the canonical articulation of structured-access norms for foundation models.
- Policy Instrument Peer-reviewedLascoumes, P. & Le Galès, P. (2007). Introduction: Understanding Public Policy through Its Instruments — From the Nature of Instruments to the Sociology of Public Policy Instrumentation. Governance 20(1): 1-21. See also Hood (1983) The Tools of Government, ch. 1-2; Salamon (2002) The Tools of Government: A Guide to the New Governance, pp. 1-47; Howlett (2011) Designing Public Policies, ch. 3-5.
- Training-Data Attribution PreprintGrosse, R., et al. (2023), 'Studying Large Language Model Generalization with Influence Functions' (Anthropic) — the canonical articulation of scalable influence-function-based attribution for foundation models.
- Prompt Injection PreprintGreshake, K., Abdelnabi, S., Mishra, S., Endres, C., Holz, T., Fritz, M. (2023), 'Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection.'
- Agentic AI System PreprintYao, S., Zhao, J., Yu, D., Du, N., Shafran, I., Narasimhan, K., Cao, Y. (2022), 'ReAct: Synergizing Reasoning and Acting in Language Models.'
- Multi-Turn Evaluation PreprintZheng, L., et al. (2023), 'Judging LLM-as-a-Judge with MT-Bench and Chatbot Arena' — operationalises the multi-turn evaluation protocol for foundation models.
- Data Poisoning PreprintCarlini, N., et al. (2024), 'Poisoning Web-Scale Training Datasets is Practical' — establishes practical feasibility of poisoning frontier-model training corpora.
- Jailbreak Resistance PreprintZou, A., Wang, Z., Kolter, J. Z., Fredrikson, M. (2023), 'Universal and Transferable Adversarial Attacks on Aligned Language Models' — the canonical demonstration that gradient-based suffix attacks transfer across aligned LLMs.
- Hallucination PreprintJi, Z., et al. (2023), 'Survey of Hallucination in Natural Language Generation,' ACM Computing Surveys 55(12): 1-38.
- In-Context Learning PreprintBrown, T., et al. (2020), 'Language Models are Few-Shot Learners' (GPT-3 paper) — the canonical articulation of in-context learning as an emergent capability.
- Retrieval-Augmented Generation (RAG) PreprintLewis, P., et al. (2020), 'Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks,' NeurIPS — the canonical articulation of RAG.
- Policy Brief: Our recommendations for strengthening data access for public interest research Civil society✦ AIRecommends stronger platform data-access rules so independent researchers can study automated systems in the public interest.
- A Systematic Review of Responsible Artificial Intelligence Principles and Practice Peer-reviewed✦ AIPRISMA systematic review (553 of 22,711 screened studies) of responsible-AI principles and practice, including transparency and accountability.
References
Sources cited inline in the analysis (linked from the superscript markers), then the primary instrument sources behind the classifications.
- Corinne Cath, Fieke Jansen (2022) Dutch Comfort: The Limits of AI Governance through Municipal Registers, Techné: Research in Philosophy and Technology. 10.5840/techne202323172 — Critiques Amsterdam/Helsinki AI registers as risking "ethics theater" by decontextualising and depoliticising algorithmic systems used in the digital welfare state. ↩
- Gebru, Morgenstern, Vecchione, et al. (2021) Datasheets for Datasets, Communications of the ACM. 10.1145/3458723 — Proposes "that every dataset be accompanied with a datasheet that documents its motivation, composition, collection process, recommended uses" for transparency and accountability. ↩
- Mitchell, Wu, Zaldivar, et al. (2019) Model Cards for Model Reporting, ACM FAT* '19. 10.1145/3287560.3287596 — Proposes "model cards" — short documents accompanying trained models with benchmarked evaluation across conditions — the template transparency mandates reference. ↩
- Ulla-Maija Mylly (2023) Transparent AI? Navigating Between Rules on Trade Secrets and Access to Information, IIC - International Review of Intellectual Property and Comp. 10.1007/s40319-023-01328-5 — Examines the tension between AI Act disclosure duties and trade-secret protection, identifying which technical details lack trade-secret eligibility to enable transparency. ↩
- Wachter, Mittelstadt & Floridi (2017) Why a Right to Explanation of Automated Decision-Making Does Not Exist in the General Data Protection Regulation, International Data Privacy Law. 10.1093/idpl/ipx005 — Argues the GDPR mandates only "meaningful, but properly limited, information" about automated decisions — a right to be informed, not a right to explanation of specific decisions. ↩
- Ananny & Crawford (2018) Seeing without knowing: Limitations of the transparency ideal and its application to algorithmic accountability, New Media & Society. 10.1177/1461444816676645 — Critiques accountability models resting on "ideals and logics of transparency", presenting ten limitations of transparency as a route to algorithmic accountability. ↩
- Henrik Palmer Olsen, Thomas Troels Hildebrandt, Cornelius Wiesener, Matthias Smed Larsen, Asbjørn William Ammitzbøll Flügge (2024) The Right to Transparency in Public Governance: Freedom of Information and the Use of Artificial Intelligence by Public Agencies, Digital Government: Research and Practice. 10.1145/3632753 — Finds freedom-of-information regimes "generally only grant access to existing documents" and that with "no mature standard for documenting AI models," public-sector AI transparency is limited. ↩
- Petros Terzis, Michael Veale, Noëlle Gaumann (2024) Law and the Emerging Political Economy of Algorithmic Audits, Proceedings of the 2024 ACM Conference on Fairness, Accounta. 10.1145/3630106.3658970 — Analyses how AI-audit mandates create a new political economy of auditing, warning that audit markets can entrench rather than constrain power without underlying governance. ↩
- EU-AIA-2024: Arts. 13, 50 (transparency obligations)
- US-EO-14110: §4.2(a)(i) (reporting includes red-team results)
- UK-WHITEPAPER-2023: Principle 4 (transparency + explainability)
- CN-GENAI-2023: Art. 4 + Algorithm Recommendation Rules — disclosure to CAC, not public; conflicts with EU public-disclosure model
- G7-HIROSHIMA: Code §2 (publicly report capabilities, limitations)
- OECD-AI-PRIN: Principle 1.3 (transparency + explainability)
- COE-AI-CONV: Art. 8 (transparency + oversight)
- UN-RES-2024: Calls for trustworthy AI broadly
- NIST-AI-RMF: Trustworthy characteristics 5 (transparency) + 6 (explainability)
- BLETCHLEY-2023: Declaration §6 endorses transparency to evaluators; no operative requirements
- SEOUL-2024: Declaration §4 + Commitments §3 (publish safety frameworks)
- NIST-AI-RMF-GENAI: Govern + Map cross-cutting documentation requirements applied to GenAI
- CA-SB-1047: Required safety determinations are public; full safety case is to regulator only
- IN-DPDP-2023: DPDPA §5 notice requirements + MEITY Mar-2024 Advisory transparency mandates
- BR-AIBILL-2024: PL 2338/2023 Art. 7 (right to information about AI use + algorithmic explanation)
- ASEAN-AI-GUIDE-2024: ASEAN Guide §4 (transparency + explainability principle)
- ANTHROPIC-RSP-2024: RSP v2 §5 — public publication of safety determinations + capability eval methodology
- OPENAI-PREPAREDNESS-2023: Public Preparedness Reports + Safety Advisory Group decisions; full evaluation methodology partially disclosed
- DEEPMIND-FSF-2024: FSF publication discloses framework + thresholds; per-evaluation outputs not consistently public
- META-FRONTIER-2024: Open-weight release + framework publication is itself a transparency posture; trade-off discussed in framework text
- UK-US-AISI-MOU-2024: Information sharing between AISIs; not public-facing transparency obligations
- WH-VOLUNTARY-2023: Commitments §6 (public reporting on capabilities, limitations, appropriate use)
- SG-MODEL-AI-2024: Framework Dimension 7 (Content Provenance) + Dimension 5 (Testing + Assurance) — pairs with AI Verify toolkit
- JP-METI-AI-2024: Guidelines Principle 5 (Transparency) — model documentation + capability disclosure
- EU-GDPR-2016: Arts. 12-14 (information to data subjects); Art. 13(2)(f) + 14(2)(g) meaningful information about ADM logic; Art. 22(3) suitable safeguards
- EU-GPAI-COP-2025: Chapter 1 (Transparency) — 13 commitments + ~40 measures operationalising Art. 53(1)(a)-(c) model documentation + training-data summary
- OMB-M-24-10: §3(a)(iv) public AI use-case inventory; Attachment 1 §5(c)(v) plain-language public notice + explanation for rights-impacting AI
- GSA-AI-GUIDE-2024: Due-diligence questions call for vendor disclosure of training-data provenance, evaluation results, and model documentation
- DOD-RAI-2022: Ethical Principle 'Traceable' + Tenet 2 (Warfighter Trust) — documentation + explainability requirements integrated into T&E + V&V lifecycle
- FEDRAMP-AI-2024: FedRAMP authorisation requires System Security Plan + control documentation; GenAI guidance extends to vendor disclosure of training-data provenance, evaluation results, model documentation
- CA-SB-53: Bus. & Prof. Code § 22757.12 — frontier developers must publish a frontier AI framework + a pre-deployment transparency report
- CA-SB-243: Cal. Bus. & Prof. Code § 22602(a) (added by SB 243) — operator must issue a clear-and-conspicuous notification that the companion chatbot is artificially generated and not human where a reasonable person would be misled; § 22602(c) adds, for known minors, a default every-three-hours AI-reminder + break notification
- CA-SB-942: Cal. Bus. & Prof. Code § 22757.2(a) (added by SB 942) — a covered provider must make available, free and publicly accessible, an AI detection tool that lets a user assess whether image/video/audio content was created or altered by that provider's GenAI system; reinforced by § 22757.3(a) manifest-disclosure user option
- EU-PLD-2024: Art. 9 — court-ordered disclosure of relevant evidence in the defendant's control, reinforced by the Art. 10(2)(a) adverse presumption for non-disclosure
- UNESCO-AI-ETHICS-2021: Principle 'Transparency and explainability', para 38 — people informed of AI-based decisions + right to request explanation
- EU-PWD-2024: Directive (EU) 2024/2831, Article 9 (with Arts. 7-8)
- CN-DEEPSYN-2022: Art. 16 & Art. 17
- NY-RAISE-2025: N.Y. Gen. Bus. Law § 1421(1)(C) — a large developer must conspicuously publish (with appropriate redactions) its written safety and security protocol and transmit a copy to the attorney general
- IT-AILAW-2025: Multiple operative disclosure duties: Art. 4(3) clear-language information on AI data processing + right to object; Art. 7(3) patient information; Art. 11(2) worker notification; Art. 13(2) professional's duty to disclose AI use to the client.
- JP-AIPROMO-2025: Act No. 53 of 2025, Art. 3(4)
- UN-GDC-2024: GDC Objective 5, para 55(d) (A/RES/79/1, Annex I)
Cite this article 8 formats · BibTeX, RIS, APA, Chicago, … · 1-click copy
Persistent identifier: https://policywindow.org/wiki/transparency — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.
Article tools — track changes, suggest an edit
View history — every captured revision of this article · What links here
41 instruments tracked.
Does governance work? — the social-science evidence
What the peer-reviewed social science shows: whether the harm this topic addresses is empirically real, and whether governance of it works. The badge is the epistemic status of the evidence(not the policy debate) — “thin” or “absent” efficacy evidence is itself a finding (the “second silence”). Each epistemic-status label is Policy Window's editorial assessment of the cited evidence base (a structured classification), not a verdict any single source issues.
Documentation artifacts (model cards, datasheets) are well-specified as proposals and are genuinely adopted, but the empirical premise that mandated disclosure produces meaningful transparency is contested. Selbst & Barocas (2018) argue inscrutability and non-intuitiveness are distinct problems and that disclosing rules does not resolve the latter, and large-scale audits find documentation is sparsely and unevenly completed: a systematic analysis of 32,111 Hugging Face model cards (Liang et al. 2024) found environmental-impact, limitations and evaluation sections least often filled, and Bhat et al. (2023, 45 practitioners) found a substantial gap between the documentation proposal and actual practice. Honest caveat: the documentation frameworks themselves are real and adopted, so the dispute is about whether disclosure conveys decision-relevant information, not whether the artifacts exist.
Sources: Selbst & Barocas 2018 (Fordham Law Review 87:1085-1139); Liang et al. 2024 (Nature Machine Intelligence, s42256-024-00857-z, 'Systematic analysis of 32,111 AI model cards'); Bhat et al. 2023 (CHI '23, 'Aspirations and Practice of ML Model Documentation', DOI 10.1145/3544548.3581518); Mitchell et al. 2019 (FAccT, Model Cards for Model Reporting); Gebru et al. 2021 (CACM 64(12):86-92, Datasheets for Datasets)
There is no rigorous impact evaluation showing that AI transparency mandates (model cards, training-data summaries) measurably reduce bias, misuse or accidents — the central regulatory assumption is empirically untested, partly because flagship mandates like EU AI Act Art. 53(1)(d) GPAI training-data summaries are only subject to AI Office enforcement/verification from 2 August 2026 (the obligation itself began 2 August 2025 for new models). The closest analogue, mandated consumer disclosure, shows small and context-dependent effects: Bollinger, Leslie & Sorensen (2011) found mandatory calorie posting cut average calories per transaction by about 6%, while Loewenstein, Sunstein & Golman (2014) review evidence that disclosure effects are frequently diminished or even reversed by limited attention and often change provider rather than recipient behavior. These are analogues, not AI studies; no study demonstrates that AI transparency disclosure achieves its stated downstream safety aims.
Sources: Bollinger, Leslie & Sorensen 2011 (AEJ: Economic Policy 3(1):91-128); Loewenstein, Sunstein & Golman 2014 (Annual Review of Economics 6:391-419, 'Disclosure: Psychology Changes Everything'); EU AI Act Art. 53(1)(d) GPAI training-data summary (obligation from 2 Aug 2025; AI Office enforcement from 2 Aug 2026)