YouTube Review

Towards Auditable Risk Management Frameworks for Advanced AI Developers

Towards auditable risk management frameworks for advanced AI developers is an OECD.AI panel from the Paris AI Action Summit side-event program, uploaded February 18, 2025. The panel brings together OECD, the European Commission, LNE, AI Verify Foundation, Frontier Model Forum, and SaferAI voices to ask what has to exist inside and around frontier labs before severe-risk governance can be inspected rather than merely promised.

The talk's premise comes from the AI Seoul Summit frontier safety commitments, where leading developers agreed to publish safety frameworks focused on severe risks before the France summit. The panel's useful move is to notice that publication is not enough. A safety framework has to name risk taxonomies, thresholds, evaluation methods, mitigation measures, governance owners, reporting duties, lifecycle records, and the conditions under which a model should be delayed, restricted, or re-reviewed. That belongs beside Frontier AI Safety Frameworks, AI Safety Cases, AI Evaluations, and AI Audits and Third-Party Assurance.

The European thread is especially concrete. The transcript discusses the then-emerging Code of Practice for general-purpose AI models under the AI Act. The current General-Purpose AI Code of Practice now separates transparency, copyright, and safety-and-security chapters; its safety-and-security chapter is aimed at providers of the most advanced models with systemic-risk obligations. The AI Act Article 55 service-desk summary names the legal spine: model evaluation, systemic-risk assessment and mitigation, serious-incident tracking and reporting, and cybersecurity. The talk is useful because it shows that these duties need operational artifacts, not only legal language.

The strongest downstream point comes from the certification and deployer discussion. Hospitals, banks, insurers, airlines, and public bodies experience frontier models through applications. They need usable model cards, fit-for-context evidence, known limits, information about training and evaluation, and help with domain-specific testing. A certificate or label is valuable only if the scheme is transparent, the assessor is independent, conflicts of interest are controlled, and the claim says exactly what was certified. This connects the panel to ISO/IEC 42001, NIST AI Risk Management Framework, EU AI Office Safety, and Independent Verification Organizations.

Evidence and limits: this is a high-level multi-stakeholder panel, not an audit report showing that any one developer's framework works under pressure. It maps the machinery that serious governance would require: thresholds that can be tested, evaluations that feed decisions, mitigations tied to capability levels, lifecycle documentation, external assessment, proportional reporting, regulator access, and certification schemes that do not collapse into marketing. The caveat is that the hardest parts remain unresolved in practice: how to set thresholds under uncertainty, how to disclose enough without creating information hazards, how to keep auditors independent, and how to make an international framework fit different legal systems without reducing it to lowest-common-denominator paperwork.


Return to YouTube