Preliminary sketch of best practice around chatbots having to identify what models they use, and link to model card

chatbots-identify-models.md

Chatbots should identify the LLMs the use

When requested by the user, or as part of any standard pattern of self-identification, AI-powered chatbots should be able to clearly and accurately identify what LLM or other technology they are using. If the models are proprietary or open-source, they should be identified as such.

Chatbots should link to model cards for LLMs used

Where an AI-powered chatbot is based on an LLM or similar technology, they should be able to link to model cards or other equivalent official documentation that describes the models abilities, limitations, risks, etc.

Chatbots should link to their Terms, Privacy Policy & Acceptable Use policies

AI-powered chatbots should also be able to link to (and answer questions about, if requested & results can be returned with a high degree of accuracy) their Terms of Service, Privacy Policies, and Acceptable Use guidelines.

Model cards should include human impact assessments

Based on the known abilities and limitations of the model and the chatbot, the developer should undertake to create a meaningful human impact assessment

Where requested prompts or generations might violate Acceptable Use guidelines, the model should identify the potential violation.

If a chatbot is unable to complete a generation due to the prompt or the potential generation violating platform rules, it should be able to granularly identify which rule might be at risk of infringement, in addition to linking to the full policy.

Chatbots should not hallucinate or invent model cards, links, or policies that don't exist

If requested by the user, and the above information has not been made available or does not exist, the chatbot should not invent or "hallucinate" any of the above. If it does not have access to verified accurate information regarding the above, it should clearly indicate that the data is not available. Further, it ought to indicate how users who need access to this information can go about contacting the developers to gain access to it.

the bots should also give accurate contact info to contact support, speak to a human, or to exercise one's legal rights (such as data protection)

identify example human impact assessments to include as references

trying to find where the above intersects with EU AI Act, it might be this, article 52 transparency requirements?

https://artificialintelligenceact.com/title-iv/article-52/
https://lexparency.org/eu/52021PC0206/ART_52/

its a little light on specifics:

Providers shall ensure that AI systems intended to interact with natural persons are designed and developed in such a way that natural persons are informed that they are interacting with an AI system, unless this is obvious from the circumstances and the context of use.

Some other relevant clauses here potentially:

https://lexparency.org/eu/52021PC0206/ART_13/

High-risk AI systems shall be designed and developed in such a way to ensure that their operation is sufficiently transparent to enable users to interpret the system’s output and use it appropriately.

and all of 3 from that same section (i clipped off the last few), especially as it intersects with information typically conveyed in ML/AI model cards:

https://lexparency.org/eu/52021PC0206/ART_13/#3

The information referred to in paragraph 2 shall specify:

(a) the identity and the contact details of the provider and, where applicable, of its authorised representative;

(b) the characteristics, capabilities and limitations of performance of the high-risk AI system, including:

(i) its intended purpose;

(ii) the level of accuracy, robustness and cybersecurity referred to in Article 15 against which the high-risk AI system has been tested and validated and which can be expected, and any known and foreseeable circumstances that may have an impact on that expected level of accuracy, robustness and cybersecurity;

(iii) any known or foreseeable circumstance, related to the use of the high-risk AI system in accordance with its intended purpose or under conditions of reasonably foreseeable misuse, which may lead to risks to the health and safety or fundamental rights;

(iv) its performance as regards the persons or groups of persons on which the system is intended to be used;

(v) when appropriate, specifications for the input data, or any other relevant information in terms of the training, validation and testing data sets used, taking into account the intended purpose of the AI system.

https://syntheticmedia.partnershiponai.org/

Section 2:

Be transparent to users about tools and technologies’ capabilities, functionality, limitations, and the potential risks of synthetic media.

points towards things like model cards as transparency tool

provide information about third party bodies able to receive complaints about the system