Artificial Intelligence, Technology

Model Cards for LLMs — what they are, why they matter, and how the EU AI Act gives them a boost

TL;DR: Model cards are structured “fact sheets” for AI models. They document purpose, training data, performance, risks, limitations, and responsibilities — making them the fastest route to reliable transparency. Under the EU AI Act, exactly these information duties for general-purpose/LLM models are becoming binding in stages: since 2 August 2025, transparency and copyright obligations apply in the EU, including a public summary of training data; particularly capable models face additional safety and risk obligations. A well-crafted model card helps fulfill these duties efficiently.

What are model cards (for LLMs)?

Model cards were proposed in 2018/2019 as a standard for model-accompanying documentation: concise, structured documents that disclose a model’s intended use, performance metrics (including subgroups), known limits, and ethical considerations. For LLMs, this additionally means pretraining/finetuning details, the RLHF process, benchmarks (e.g., MMLU/MT-Bench), resilience to hallucinations and jailbreaks, privacy tests, and the energy footprint.

In practice, model cards have become a de facto standard — for example on the Hugging Face Hub as a README.md plus metadata.

What does this have to do with the EU AI Act?

1) Timeline and scope

The EU AI Act entered into force on 1 August 2024. For general-purpose AI (GPAI) — which includes LLMs — transparency and copyright obligations have applied in stages since 2 August 2025; models placed on the market earlier benefit from transition periods until 2 August 2027.

2) Concrete obligations for LLM/GPAI providers

  • Transparency and technical documentation: Provide information on capabilities, limitations, and safe use (Art. 53).
  • Copyright: Maintain policies/processes for copyright compliance.
  • Public training-data summary: Publish a “sufficiently detailed” summary of the content used for training — following the EU template made available by the Commission in 2025 (Art. 53(1)(d)).
  • Systemic risks (very large models only): For models above a compute threshold (e.g., 10^25 FLOPs), additional obligations apply, including risk assessment, red teaming, incident reporting, cybersecurity, and more.

The Act also requires transparency toward users — for example, labeling synthetic content and informing people when they interact with AI (Art. 50).

In short: The information the AI Act requires forms the core of a good model card.

How to build an “AI-Act-ready” model card for LLMs

Below is a practical structure — with an indication of which AI-Act idea it supports:

  1. Model profile (name, version, date, contact) — technical documentation/accountability.
  2. Intended uses and out-of-scope usessafe use, minimization of misuse.
  3. Training-data summary (source classes, curation logic, geographies/languages, licensing mix, exclusion criteria) — public summary per the EU template (link/appendix).
  4. Copyright policy (handling opt-outs/opt-ins, TDM exceptions, rights preservation) — copyright compliance.
  5. Model development (pretraining objective, finetuning, RLHF, safety filters) — transparency/technical documentation.
  6. Performance and evaluation (benchmarks, methodological notes, domains/languages, subgroup analyses) — traceability and fairness assessment.
  7. Risk profile (hallucinations, bias, privacy leakage, jailbreaks, known failure modes) — risk management/systemic-risk topics for large models.
  8. Red teaming and safety (test design, adversarial testing, content moderation, incident process) — safety obligations for systemic risks.
  9. Energy and operations (training compute, inference cost/footprint, efficiency measures) — best-practice transparency.
  10. User guidance (prompt examples, limitations, labeling duties for synthetic media, monitoring tips) — Art. 50 transparency toward end users.
  11. Governance and maintenance (versioning/changelog, deprecation policy, incident contact channels) — continuity and compliance evidence.

Common pitfalls (and how the model card helps)

  • “We can’t disclose our training data.” — You don’t have to: what’s required is a summary, not a raw data dump, and there is an official template.
  • “Our model is open source, so we’re exempt.” — Only partially: open GPAI models still need to provide a training-data summary and a copyright policy, among other things; exemptions do not apply where systemic risk is concerned.
  • “Transparency ≠ marketing brochure.” — A model card is technical documentation that should be audit-ready — not just nicely phrased.

Conclusion

Model cards were “good practice” for years. With the EU AI Act, they become an operational lever for implementing transparency, copyright, and safety requirements concretely and verifiably. Put more personally: a good model card ultimately saves time — because it answers the right questions up front.

https://arxiv.org/abs/1810.03993 “Model Cards for Model Reporting”
https://huggingface.co/docs/hub/en/model-cards “Model Cards”
https://commission.europa.eu/news-and-media/news/ai-act-enters-force-2024-08-01_en “AI Act enters into force – European Commission”
https://artificialintelligenceact.eu/article/53/ “Article 53: Obligations for Providers of General-Purpose AI …”
https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai “The General-Purpose AI Code of Practice”
https://digital-strategy.ec.europa.eu/en/faqs/general-purpose-ai-models-ai-act-questions-answers “General-Purpose AI Models in the AI Act – Questions & Answers”
https://digital-strategy.ec.europa.eu/en/news/eu-rules-general-purpose-ai-models-start-apply-bringing-more-transparency-safety-and-accountability “EU rules on general-purpose AI models start to apply, bringing …”
https://artificialintelligenceact.eu/article/50/ “Article 50: Transparency Obligations for Providers and …”
https://artificialintelligenceact.eu/high-level-summary/ “High-level summary of the AI Act”