Model Rating Report
Overview
Amazon Nova
Amazon Nova
Nova is a family of text and code generation models that comes in 3 sizes (Pro, Lite and Micro). The two larger sizes support image and video understanding.
Developer
Amazon
Country of Origin
USA
Systemic Risk
Open Data
Open Weight
API Access Only
Ratings
Overall Transparency
52%
Data Transparency
14%
Model Transparency
48%
Evaluation Transparency
59%
EU AI Act Readiness
51%
CAIT-D Readiness
33%
Transparency Assessment
The transparency assessment evaluates how clear and detailed the model creators are about their practices. Our assessment is based on the official documentation lists in Sources above. While external analysis may contain additional details about this system, our goal is to evaluate transparency of the providers themselves.
Sources
Paper: https://assets.amazon.science/4d/96/c72e5f634ee49bf341c89e50249a/the-amazon-nova-family-of-models-technical-report-and-model-card-2-11.pdf
User Guide: https://docs.aws.amazon.com/nova/latest/userguide/what-is-nova.html
Basic Details
December 2024
Date of Release
The Date of Release is the date when the model was made available to the public. Publishing these dates is especially important when multiple versions of the model are released over time.
EU AI Act Requirements
Annex XI Section 1.1c: date of release
CAIT-D Requirements
California’s AI Training Data Transparency Act- (11) The dates the datasets were first used during the development of the artificial intelligence system or service.
The Nova models are available through the BedRock API.
Methods of Distribution
The Methods of Distribution specify all the ways a model can be accessed. Common methods include: a direct model download, access through an API or a hybrid option where a private API endpoint is externally hosted.
EU AI Act Requirements
Annex XI Section 1.1c: methods of distribution
All three models can ingest and output text and code. Lite and Pro can, also, ingest images, video and various document formats.
Modality
The Modality specifies the types of data that the model can process and output. Common domains include text, images, video, audio and tabular data.
EU AI Act Requirements
Annex XI Section 1.1e: modality (e.g., text, image)
Pro and Lite have an input context window of 300k tokens; Lite has ones of 128k tokens. All 3 models have a max output of 5k tokens. Additional guidance is outlines in the User Guide.
Input and Output Format
The Input and Output Format are specifications for how the data should be provided to the model and the exact format output by the model. If applicable, the documentation should include maximum size of the data (e.g. context window length).
EU AI Act Requirements
Annex XI Section 1.1e: format of the inputs and outputs and their maximum size (e.g. context window length, etc.)
Proprietary. Users must follow AWS Terms of Service.
License
The License is the terms under which the model is released. It indicates whether the model can be used for commercial purposes and whether it can be modified and redistributed. Models released exclusively through an API may not have a license, but still be governed through a "Terms of Service".
EU AI Act Requirements
Annex XI Section 1.1f: the license
The User Guide has detailed instructions for use with examples.
Instructions for Use
Instructions for Use provide guidance for using the model. Ideally, these include specific examples and recommendations. If applicable, the instructions should specify any software/hardware dependencies needed to use the system, and how the model can interact with hardware/software that is not part of the model itself.
EU AI Act Requirements
Annex XI Section 1.2a: the technical means (e.g. instructions of use, infrastructure, tools) required for the general-purpose AI model to be integrated in AI systems.
Annex XII 1.d: how the model interacts, or can be used to interact, with hardware or software that is not part of the model itself, where applicable;
The Nova models are clearly and accessibly documented: The User Guide provides detailed guidance and examples for each of the Nova models. The report contains detailed explanations of the range of evaluations conducted.
Documentation Support
Documentation Support evaluates the accessibility and usefulness of the model's documentation. For a high score in this category, the key details required across the categories need to both exist and be easily accessible.
Rating Guide
Documentation is not available or limited to several broad sentences.
Documentation touches many key topics with some detail, but certain areas (e.g. training data) are missing entirely.
Documentation covers all topics that are necessary to use and evaluate the model, but some areas are described vaguely. Excellent documentation may be places in this category, if it is difficult to find and navigate.
Documentation covers almost all or all topics in detail and is easy to navigate.
No explanation provided for this rating.
Changelog
A Changelog is an artifact that lists out versions of the model with changes that were added in each version. Entries in the changelog should make it clear to a user how the system has changed, and what modifications need to be made for effective use. If a model was released once and no changes will be applied, the documentation should make this clear.
Policy
Guidelines for Responsible Use: https://docs.aws.amazon.com/nova/latest/userguide/responsible-use.html
Acceptable Use Policy
The Acceptable Use Policy specifies how a model can/can not be used. When a model is released under a fully open-source license, this policy may not be necessary.
EU AI Act Requirements
Annex XI Section 1.1b: acceptable use policies applicable
AWS does not use inputs and outputs generated from NOVA models for training.
User Data
Model developers should clearly state whether user data is used to train models. For models that are not accessed via an API, the documentation should make it clear, if user data from other products offered by the developer were used. Listing out an explicit set of external datasets is an allowed alternative to a “user data” statement, but it should be very clear that whether user-related data is in this set.
Data takedown requests can be submitted here: https://titan.aws.com/privacy
Data Takedown
Model providers should provide a clear mechanism for submitting takedown claims for copyrighted or personal data. The mechanism can include an online form, an email or an in-app button.
The Nova models are developed and tested in accordance with the following Responsible AI Dimensions: Fairness, Explainability, Privacy and Security, Safety, Controllability, Veracity and robustness, Governance and Transparency.
AI Ethics Statement
Model providers should publish an AI Ethics statement that captures the principles used during model development. Alternatively, a company can publish a set of RAI objectives.
Model and Training
The Nova models can be used for image, video, document and text understanding and text/code generation. They, also, support tool use for calling specific APIs or code functions. Key limitations are outlined in the User Guide. For example, the Nova models do not support people identification in images and may struggle with multi-lingual image understanding; in video inputs, audio and timestamps are not supported.
Task Description
The task description should clearly describe the intended uses for the model. Detailed documentation should, also, cover limitations and out-of-scope uses.
Transparency around model capabilities allows users to properly assess if the model is suitable for their task.
EU AI Act Requirements
Annex XI Section 1.1a: the tasks that the model is intended to perform and the type and nature of AI systems in which it can be integrated
Rating Guide
Model capabilities are not documented.
A general description of model capabilities is provided. For example, the documentation only states that the model can be used for "coding, math and reasoning" tasks.
Intended uses of the model are described in detail with examples. Some general limitations are mentioned.
Both model capabilities and limitations are described in detail and with examples.
No explanation provided for this rating.
Number of Parameters
The Number of Parameters indicates how large the model is.
EU AI Act Requirements
Annex XI Section 1.1d: number of parameters
Nova Pro, Lite and Micro are Transformed-based models.
Model Design
The Model Design should cover key components of the model and explain how the inputs get transformed into the outputs. Transparency around model architecture can help users understand the suitability of the model for a particular task.
Trustible Rating Explanation
The documentation provides no additional details about model design. While it is possible for a system to use a vanilla transformer model, the Lite and Pro models can ingest audio and video that would at a minimum require additional coding components that are not specified.
EU AI Act Requirements
Annex XI Section 1.2b: the design specifications of the model...the key design choices including the rationale and assumptions made
Rating Guide
Model design is not documented.
Model architecture is discussed in general terms.
Key components of the model are documented.
Model components are described in detail. Rationales and assumptions are documented.
The models were pretrained using a mixture of multilingual and multimodal data. Next, the models were post-trained using Supervised Fine-Tuning and reward model training on human preference data. Finally, methods like Direct Preference Optimization and Proximal Policy Optimization were used to ensure alignment with human preference.
Training Methodology
The Training Methodology should cover the key steps involved in training the model. This should involve both high-level steps and details of the process. For example, Foundation Models are often trained in multiple phases: pretraining, supervised fine-tuning and alignment with human preference/safety. Each step can be implemented via different techniques (e.g. alignment can be done via RLHF or Constitutional AI). Documenting this process can help the users understand the strengths and weaknesses of a particular model.
Trustible Rating Explanation
While the documentation references the types of techniques that were used during the training process, the references are fairly general and can apply to many types of models.
EU AI Act Requirements
Annex XI Section 1.2b: the design specifications of...training process, including training methodologies and techniques, the key design choices including the rationale and assumptions made; what the model is designed to optimise for
Rating Guide
Training methodology is not documented.
Training procedures and/or target objectives are mentioned in general terms.
Main steps of the training process are described in detail, including objectives.
Training process is described in detail, including a rationale for the design and any assumptions.
No explanation provided for this rating.
Computational Resources
Computational Resources can include training times, FLOPs (floating point operations) and other details that can be used to assess the magnitude of resources used to train the model.
EU AI Act Requirements
Annex XI Section 1.2d: the computational resources used to train the model (e.g. number of floating point operations – FLOPs-), training time, and other relevant details related to the training;
No explanation provided for this rating.
Energy Consumption
Energy Consumption refers to the carbon emission associated with training the model. It can be approximated based on GPUs used and training time (Calculator: https://mlco2.github.io/impact/#compute).
EU AI Act Requirements
Annex XI Section 1.2e: known or estimated energy consumption of the model...
With regard to [this] point, where the energy consumption of the model is unknown, the energy consumption may be based on information about computational resources used.
Input and output moderation models are used to detect unsafe prompts and generated content.
System Architecture
The System Architecture description should explain how the model is connected to the end-to-end system. For example, an LLM could be connected to a separate content filtering models for its inputs and/or outputs.
This rating only applies to API-only systems.
EU AI Act Requirements
Annex XI Section 2.3: Where applicable, a detailed description of the system architecture explaining how software components build or feed into each other and integrate into the overall processing.
The Nova family of models were trained on Amazon’s custom Trainium1 (TRN1) chips,10 NVidia A100 (P4d instances), and H100 (P5 instances) accelerators.
Training Hardware
The Training Hardware documentation can include exact GPU models or country of origin of the technology. This information may be necessary as part of vendor security vetting.
Data
No explanation provided for this rating.
Dataset Size
Dataset Size indicates how much data was used to train the model. This can be specified in terms of the number of documents, tokens or other measures.
EU AI Act Requirements
Annex XI Section 1.2c: the number of data points
CAIT-D Requirements
California’s AI Training Data Transparency Act- (3) The number of data points included in the datasets, which may be in general ranges, and with estimated figures for dynamic datasets.
No information provided.
Dataset Description
The Dataset Description provides an overview of the data used for training. It should include a description of individual datapoints, distinct subpopulations and the corpus as a whole. The characteristics described can include low-level properties like number of tokens from each data source and semantic properties like percent of documents in each language. While the Data Sources category focuses on the origins of the data, this category is used to review transparency of the final dataset.
EU AI Act Requirements
Annex XI Section 1.2c: information on the data used for training, testing and validation, including...the number of datapoints, their scope and main characteristics
CAIT-D Requirements
California’s AI Training Data Transparency Act- (4) A description of the types of data points within the datasets. For purposes of this paragraph, the following definitions apply: (A) As applied to datasets that include labels, “types of data points” means the types of labels used. (B) As applied to datasets without labeling, “types of data points” refers to the general characteristics.
Rating Guide
No description or analysis of the dataset is available.
Dataset is described in general terms.
Dataset is described in terms of multiple characteristics with some numeric analysis.
Dataset is analyzed across multiple dimensions, including a separate analysis for different subpopulations of the data (e.g. different sources).
The Nova models were trained on a variety of sources, including licensed data, proprietary data, open source datasets, and publicly available data. This included text data for over 200 languages including Arabic, Dutch, English, French, German, Hebrew, Hindi, Italian, Japanese, Korean, Portuguese, Russian, Simplified Chinese, Spanish, and Turkish. For post-training, new data were created to demonstrated safe behavior based on the Amazon RAI objectives.
Data Sources
The Data Source documentation covers the types of data used to train the model and how they were collected. Transparency around sources can help users to assess if a model is suitable for their task (e.g. was it trained on their language) and to gauge the risk profile of the model (e.g. was it trained on unrestricted internet data). The documentation should make it clear if the dataset was purchased or licensed.
When creating new datasets, documentation should cover the steps involved in creation and limitations, like missing data. In addition, documentation should state when the dataset was collected. If synthetic data was generated for the dataset, the documentation should make the process involved clear.
EU AI Act Requirements
Annex XI Section 1.2c: information on the data used for training, testing and validation ... including type and provenance of data ... how the data was obtained and selected. ... [and] all other measures to detect the unsuitability of data sources
CAIT-D Requirements
California’s AI Training Data Transparency Act- (1) The sources or owners of the datasets
- (2) A description of how the datasets further the intended purpose of the artificial intelligence system or service.
- (6) Whether the datasets were purchased or licensed by the developer
- (12) Whether the generative artificial intelligence system or service used or continuously uses synthetic data generation in its development. A developer may include a description of the functional need or desired purpose of the synthetic data in relation to the intended purpose of the system or service.
Rating Guide
Very few or no details are provided about the data sources. When this rating is applied, the user has little ability to determine if the data sources used are appropriate to use for their task.
The data sources and process for collecting them are described in general terms.
Data sources are enumerated, and the collection process is described in some detail. Justifications and limitations surrounding data curation are not addressed.
Data sources are documented in detail, including justifications and limitations for the choices. Data collection process is described in detail, including a discussion of any missing data, limitations and/or assumptions.
The curation of RLHF datasets is discussed, but no details on labor used were identified.
Data Collection - Human Labor
This category assesses the transparency surrounding the human labor involved in the generation of training data. For human labor, we refer to individuals outside of the development team that were employed to create, annotate or review datasets. Datasets include both original pre-training data and human preference data that is used iteratively during post-training. Transparency in this category can help assess potential biases in the data and hold developers accountable to fair labor practices.
If no manual annotation or review was used when constructing the dataset, this category may be marked as Not Applicable. This may occur if the dataset is composed entirely of off-the-shelf data from the Internet.
Rating Guide
No information is provided about labor used for dataset construction.
The documentation acknowledges that human labor was involved in the data collection or annotation process but lacks specific details.
The documentation describes the role of human labor in dataset creation, annotation, or review, including methods and scale (e.g., "data annotated by X number of workers from platform Y"). Some information about contributors demographics, compensations and biases/limitations is included but lacks comprehensiveness.
The human labor process is fully documented, including the number of contributors, their geographic or demographic diversity, and the specific tasks performed. The documentation includes the sourcing of data (e.g., platforms, partnerships) and a thorough description of labor practices, including payment rates and working conditions. Potential biases introduced by human labor practices are discussed.
The pre-training data was curated for alignment with RAI objectives. This included de-identifying or removing certain types of personal data.
Data Preprocessing
The Data Preprocessing documentation covers how data sources were preprocessed for training. This should include both filtering steps (i.e. how were datapoints excluded) and transformation steps (i.e. how were source datapoints modified before training). A clear description of this process is important for assessing risks. For example, it can indicate how personally identifying information (PII) was handled: were documents containing PII removed and/or were PII words, like emails, replaced with a placeholder. In addition, this documentation will enable users to set-up additional data correctly for fine-tuning.
Trustible Rating Explanation
This rating is borderline with Unknown, because it is not clear what curation entails.
EU AI Act Requirements
Annex XI Section 1.2c: information on the data used for training, testing and validation, where applicable, including ... curation methodologies (e.g. cleaning, filtering etc)
CAIT-D Requirements
California’s AI Training Data Transparency Act- (9) Whether there was any cleaning, processing, or other modification to the datasets by the developer, including the intended purpose of those efforts in relation to the artificial intelligence system or service.
Rating Guide
No data preprocessing techniques are documented.
Data filtering and/or cleaning is mentioned in very broad terms.
Detailed description of data preprocessing is provided. For filtering datapoints and/or excluding entire sources, procedures are clearly described. If data filtering is not performed, the documentation should provide a clear justification for the choice.
Detailed description of data preprocessing is provided with justifications and a discussion of limitations. Documentation should include a discussion of the data filtering criteria across multiple risk criteria (e.g removing duplicate data, handling toxic language and checking for data poisoning). While filtering may not be implemented for each dimension, the developers should show that they considered them and provide an explanation for their choice.
No explanation provided for this rating.
Data Bias Detection
The Data Bias Detection category assesses how developers reviewed the data for potential biases. We use Bias to refer to an incorrect or incomplete representation of human subpopulations (i.e. people of a certain race, gender or religion). Bias can appear in data both as text or images containing stereotypes and harmful content and/or as a lack of representation of a particular group. For this evaluation, we focus specifically on the training dataset, not on mitigations implemented during training during training like safety alignment.
EU AI Act Requirements
Annex XI Section 1.2c: information on the data used for training, testing and validation, including...methods to detect identifiable biases, where applicable
Rating Guide
No bias analysis was conducted, and potential biases in the data are not discussed.
The potential or realized biases in the training dataset are discussed, but no quantitative analysis is included. Biases towards individuals/groups should be referenced explicitly (e.g. an overall mention to unsafe/low-quality content is not sufficient).
In-depth bias analysis is conducted. For example, a demographic analysis was combined with some sentiment/bias analysis.
In-depth analysis for bias is combined with: a documented procedure to reduce bias, explanation for why bias is sufficiently low or justification for not modifying the dataset.
No explanation provided for this rating.
Data Deduplication
The Data Deduplication category assesses whether the documentation discusses how duplicate entries were treated in the training data.
No explanation provided for this rating.
Data Toxic and Hateful Language Handling
The Data Toxic and Hateful Language Handling category assesses whether the documentation discusses how toxic and hateful entries were treated in the training data. The developers may chose to not remove such language, but they should provide a clear explanation for their decision (e.g. better performance or allowing customization of the final model).
No explanation provided for this rating.
IP Handling in Data
This category assesses whether the documentation discusses how copyrighted entries and other types of IP were treated in the training data.
CAIT-D Requirements
California’s AI Training Data Transparency Act- (5) Whether the datasets include any data protected by copyright, trademark, or patent, or whether the datasets are entirely in the public domain.
Certain types of personal data were removed or de-identified.
Data PII Handling
The Data PII (Personally identifiable information) Handling category assesses whether the documentation discusses how PII entries were treated in the training data. While in general developers should take care to remove such data, a clear justification of why such data was not removed will suffice for this category.
CAIT-D Requirements
California’s AI Training Data Transparency Act- (7) Whether the datasets include personal information, as defined in subdivision (v) of Section 1798.140.
- (8) Whether the datasets include aggregate consumer information, as defined in subdivision (b) of Section 1798.140.
Evaluation
The Nova Technical Report includes the results from multiple benchmarks that cover multiple core capabilities, including text-only and multi-modal reasoning, agentic workflows and long-context text retrieval. While the exact evaluation code is not published, the prompts used included in the appendix. Qualitative examples of model performance on a multi-modal are included.
Performance Evaluation
The Performance Evaluation covers the quantitative and qualitative analysis of model capabilities. While many of the models considered can be used for many different applications, there exist many benchmarks and protocols for reviewing the overall capabilities of the model.
The following key documentation dimensions are reviewed:
The choice of metrics/benchmarks used is clearly explained.
Metrics on multiple dimensions of model performance are reported in an externally reproducible fashion (Links to evaluation code or externally hosted benchmarks are provided where possible, but are not required).
Qualitative examples are included to supplement the user’s understanding of model performance.
Gaps in analysis and/or an error analysis are documented to further enhance the user’s understanding of the model’s performance.
Trustible Rating Explanation
The Nova report provides high-quality details of how the benchmarks were evaluated. While the exact evaluation code is not published, the level of detail makes it more likely that an external party could reproduce the results. In addition, they include confidence intervals on the results, a detail that is not included in most other reports. While the documentation does not include an error analysis, we award a High Transparency rating for the depth of detail provided and use of confidence intervals.
EU AI Act Requirements
Annex XI Section 2.1: A detailed description of the evaluation strategies, including evaluation results, on the basis of available public evaluation protocols and tools or otherwise of other evaluation methodologies. Evaluation strategies shall include evaluation criteria, metrics.
Rating Guide
No quantitative metrics are reported.
Some quantitative metrics are reported, but evaluation methods are underspecified.
The documentation excels in one of the key documentation dimensions, but has significant gaps in other areas.
Documentations give the reader a clear and comprehensive sense of the model’s abilities. Almost all of the key documentation dimensions are discussed.
The Nova models are evaluated for Hallucinations and for alignment with RAI objectives. The Report explains the process for measuring alignment with RAI objectives, but does not include specific details.
Evaluation of Limitations
This category reviews the types of quantitative evaluations that were reported regarding the limitations of this model. For general--purpose models, limitations are multi-faceted and can include both traditional modes (e.g. misclassification) and novel ones (e.g. generating bias content).
This rating considers the breadth of analyses considered. The following categories key categories should be considered by most LLM developers, but are not a comprehensive list:
- Bias/Fairness (e.g. using DiscrimEval, BBQA, DecodingTrust or a custom benchmark)
- Factuality/Hallucination
- Safety (e.g. likelihood of generating content that violates an acceptable-use policy or evaluation related to a cybersecurity threat)
- Incorrect Refusal Rates (used to quantify the balance of safety and helpfulness)
Note: For this rating, we review whether the developers considered common limitations and published quantitative results for these categories. The broader risk assessment and adversarial testing procedure is evaluated by the ‘Adversarial Testing Procedure’ category.
EU AI Act Requirements
Annex XI Section 2.1: Detailed description of ...the methodology on the identification of limitations.
Rating Guide
No quantitative analysis of limitations is performed.
Evaluations on 1-2 metrics are reported, but details of the analysis or an explanation for not including additional criteria are not documented.
Evaluation related to 2-3 types of limitations is reported; details surrounding choice of metrics, implementation process and down-stream implications are limited.
Evaluation on at least 3 types of limitations is reported. Details of the implementation process and an explanation of results is included. If a major category of limitations is not assessed, an explanation is given for the reasoning.
No explanation provided for this rating.
Evaluation with Public Tools
Evaluations on benchmarks should be conducted using public tools. For many benchmarks, small changes in implementation can influence the metrics and result in figures that are not directly comparable to those published for other models.
EU AI Act Requirements
Annex XI Section 2.1: [Evaluation is conducted] on the basis of available public evaluation protocols and tools
The model developers framed the Adversarial Testing process around their 8 core Responsible AI dimensions: Fairness, Explainability, Privacy and Security, Safety, Controllability, Veracity and Robustness, Governance, and Transparency. Nova’s adherence to these principles was evaluated using automated benchmarks (public and new proprietary ones) and red-teaming (internal and external). The internal red-teaming exercise used a team of data analysts and subject-matter experts who tested the model’s robustness against adversarial prompts across all the RAI dimensions. The process resulted in a collection of over 300 adversarial prompting techniques that covered different languages and modalities. In addition, four external red-teaming groups (ActiveFence, Deloitte, Gomes Group and Nemysis) were employed to test the model in areas including hate speech, political misinformation and CBRN capabilities.
Adversarial Testing Procedure
Adversarial Testing is the process of intentionally evaluating the risks associated with the model. For general-purpose AI, the focus is usually on the likelihood of models producing harmful outputs. The testing may involve a predetermined set of inputs that are likely to produce bad outputs, manual testing by experts (i.e. red-teaming) or model assisted approaches. For this transparency evaluation, we focus on the depth of documentation. A developer may not be able to assess all risks, but they should clearly document the limitations of the implemented adversarial testing process.
The following aspects of documentation should be considered for this evaluation:
- Set of risks tested is documented and justified
- Testing process (e.g. benchmarks used or types of human red-teamers employed)
- Results from adversarial testing process are presented
- Discussion on implications of the findings and/or on limitations of the process is included.
Note: There is a small overlap between this rating and “Evaluation of Limitations”. This rating focuses on the transparency of the process; while the other one evaluates the transparency of metrics. Quantitative results from a red-teaming exercise can contribute to increased ratings in both categories, but the rest of the considerations are different.
Trustible Rating Explanation
While the documentation clearly copies the risks tested and the adversarial testing process, no results are included and implications of findings are not discussed.
EU AI Act Requirements
Annex XI Section 2.2: Where applicable, a detailed description of the measures put in place for the purpose of conducting internal and/or external adversarial testing (e.g., red teaming).
Rating Guide
No adversarial testing efforts are disclosed.
The adversarial testing process is described in broad terms OR the absence of an adversarial testing process is acknowledged, but no justification is provided.
The adversarial testing process is described in some detail including the types of risks that were evaluated and the general approach for testing. However, some details are missing for documentation that make it difficult to ascertain the full extent of testing. A model with no adversarial testing can earn this rating, if the decision is clearly justified and implications for downstream users are documented.
A detailed description of the adversarial testing process is included and covers all four aspects outlined above. To achieve 'High Transparency' the documentation should allow an external party to assess risk across multiple dimensions.
The developers used Supervised Fine Tuning (SFT) and Reinforcement Learning from Human Feedback (RLHF) methods to align the NOVA models with Amazon's RAI dimensions. The post-training datasets included single and multi-turn examples of expected safe behavior for each RAI dimension in multiple languages. In addition to alignment, the deployed Nova systems uses input and output moderation models that serve as an additional defense and allow the developers to respond more quickly to new threats.
Model Mitigations
Model mitigations are steps taken to reduce risks associated with a model. For example, a model can specifically be fine-tuned to recognize inappropriate inputs and refuse to respond. Understanding implemented adaptations is important for recognizing risks associated with the model.
The exact set of risks will depend on the type of model. Since risks will evolve over time, we consider if some set of mitigated and unmitigated risks was considered. We do not evaluate against a specific set of risks.
Because this is a transparency rating, we evaluate documentation for a description for clarity around both implemented mitigations and remaining risks. If adaptations were not implemented, developers should clearly disclose that and provide guidance to downstream users.
EU AI Act Requirements
Annex XI Section 2.2: Where applicable, a detailed description of ...model adaptations, including alignment and fine-tuning.
Rating Guide
No mitigations are documented, and no justification is given.
Implemented model mitigations are described in general terms. For example, the use of RLHF is mentioned, but no additional details are provided.
Specific model mitigations are documented but the effect of the adaptations is not measured. For risks that are not addressed by adaptations, some guidance is provided downstream users. A model with no adaptations can earn this rating, if the documentation clearly states that no adaptations were implemented and briefly makes the user aware of the implications.
Modal mitigations are documented in detail, and the effect of these adaptations is evaluated through examples and/or quantitative analysis. For risks that are not addressed by mitigations, detailed guidance is provided for downstream users. A model with no adaptations can earn this rating, if the documentation clearly states that no adaptations were implemented AND provides a detailed justification and guidance for downstream users.