Tag: ai governance framework

  • AI Act Regulation: Penalties for Research Bodies

    AI Act regulation penalises non-compliance on a three-tier scale: up to €35 million or 7% of global annual turnover for prohibited AI practices, up to €15 million or 3% for high-risk and general-purpose AI failures, and up to €7.5 million or 1% for supplying false information to regulators — whichever figure is higher in each case. For a university, spinout, or research consortium, the exposure is rarely the maximum headline number; it is the cost of misclassifying an admissions algorithm, an exam-proctoring tool, or a recruitment screen as “low risk” when the law says otherwise.

    The EU Artificial Intelligence Act (Regulation (EU) 2024/1689) is the harmonised EU law setting risk-based obligations and penalties for AI systems, and it applies to research institutions as deployers whenever an AI system’s output affects people in the EU.

    What actually counts as an AI Act violation for a research institution?

    Universities and consortia rarely build the AI systems they use — they deploy them. Under the Act, a deployer is any organisation using an AI system in a professional capacity, and deployers carry real obligations even when a vendor built the underlying model. A learning-management platform that scores exam integrity, an HR tool that ranks job applicants, or an admissions filter all fall within scope if they touch people inside the EU, regardless of where the institution is based.

    Non-compliance is not a single offence. It spans failing to conduct a fundamental rights impact assessment, deploying an unregistered high-risk system, ignoring human-oversight requirements, or running a system the Act classifies as prohibited. Each failure mode sits on a different penalty tier.

    How much can an AI Act fine cost, tier by tier?

    Article 99 of Regulation (EU) 2024/1689 sets three fine bands. The final figure is whichever is higher — the flat euro cap or the percentage of worldwide annual turnover — which matters enormously for a university with a large total budget but a tiny AI-specific footprint.

    Violation type Maximum fine Turnover percentage Typical trigger for a research institution
    Prohibited AI practices (Art. 5) €35,000,000 7% Emotion-recognition in exams; covert biometric categorisation of students or staff
    High-risk system / GPAI obligation breaches €15,000,000 3% Recruitment or admissions AI deployed without a rights impact assessment
    Supplying incorrect, incomplete or misleading information €7,500,000 1% Inaccurate disclosures to a market surveillance authority or notified body

    Regulators must apply fines proportionately, weighing the nature, gravity and duration of the breach against the size of the organisation. Article 99(6) directs authorities to consider the interests of small and medium-sized enterprises and start-ups — relevant for university spinouts on constrained budgets — but this softens the number, not the underlying obligation.

    • Fines apply per infringement, so a consortium running several non-compliant systems faces cumulative, not capped, exposure.
    • Turnover is calculated on the whole legal entity’s global turnover, not just the department’s AI-related revenue or grant income.
    • National market surveillance authorities, not the EU AI Office, issue most fines against deployers; the AI Office focuses on general-purpose AI providers.

    Which of your institution’s AI systems could be “prohibited” outright?

    Article 5 bans a specific list of practices regardless of sector, and several map directly onto tools already used in higher education and research settings. A prohibited AI practice cannot be risk-managed into compliance — it must be withdrawn.

    The clearest overlaps for a research institution are:

    • Emotion recognition in educational institutions or workplaces, except for narrow medical or safety purposes — implicating some exam-proctoring and staff-monitoring software.
    • Biometric categorisation systems inferring race, political opinion, trade union membership, religion, or sexual orientation from biometric data.
    • Untargeted scraping of facial images from the internet or CCTV to build a recognition database — relevant to campus security systems built on scraped datasets.
    • Social-scoring-style evaluation of individuals by behaviour or personal traits leading to detrimental treatment unrelated to the original context.

    From 2 December 2026, two further prohibited categories take effect under the Digital Omnibus agreement: AI systems that generate or manipulate non-consensual intimate imagery (“nudifier” applications) and systems used to produce child sexual abuse material. Institutions running student-safeguarding or content-moderation tooling should confirm vendor compliance well ahead of that date.

    Has the Digital Omnibus changed the deadlines that matter?

    Yes, but selectively. The Act’s obligations phase in from its 1 August 2024 entry into force: prohibited practices became enforceable on 2 February 2025 (six months later), and general-purpose AI model obligations followed on 2 August 2025 (twelve months later). Both dates already passed and remain in force.

    In November 2025, the Council and Parliament agreed a “Digital Omnibus” simplification package — analysed by law firms including DLA Piper, Gibson Dunn and White & Case — pushing back the two remaining high-risk deadlines. Stand-alone high-risk systems under Annex III (covering most education, employment and public-service AI) now face obligations from 2 December 2027 rather than August 2026, a sixteen-month reprieve. High-risk AI embedded in regulated products under Annex I moves to 2 August 2028.

    Two dates were not delayed: Article 50 transparency obligations — labelling AI-generated content and disclosing chatbot interactions — still apply from 2 August 2026, the same date the Commission gains full penalty-enforcement powers over general-purpose AI providers. Institutions assuming the whole Act slipped to 2027 risk missing this transparency deadline.

    What should a research institution do now?

    The Digital Omnibus buys time on high-risk classification work, not on everything. A defensible position by August 2026 requires:

    • Inventory every AI system touching students, staff, applicants, or research subjects, tagged against the Article 5 prohibited list and Annex III high-risk categories.
    • Confirm any generative AI or chatbot-facing tool meets the Article 50 transparency requirement before 2 August 2026, independent of the high-risk delay.
    • Assign a named owner — typically in research administration or data governance — to track phased deadlines rather than treat the Act as one compliance date.
    • Apply vendor due diligence to procured AI tools, since deployer obligations do not disappear because a third party built the system.

    Answer-first: common questions on AI Act penalties

    Is the AI Act a regulation?

    Yes. The Artificial Intelligence Act is Regulation (EU) 2024/1689, meaning it applies directly and uniformly across all EU member states without needing national transposing legislation. It entered into force on 1 August 2024, and its obligations phase in over a multi-year timeline extending to 2028.

    What is the EU AI Act in 2026?

    By mid-2026, the prohibited-practice and general-purpose AI rules are already fully enforceable, while most high-risk system obligations have been pushed to December 2027 and August 2028 under the November 2025 Digital Omnibus agreement. Article 50 transparency duties and full GPAI enforcement powers still take effect on 2 August 2026 as originally scheduled.

    Does the UK have to comply with the EU AI Act?

    The UK has no domestic equivalent to the AI Act, but the regulation’s extraterritorial scope reaches UK institutions whenever their AI system’s output is used by, or affects, people in the EU. A UK university running an EU-facing admissions or research-collaboration platform can fall within scope despite being outside the bloc.

    Does the UK have any AI regulation of its own?

    Not a single statute. The UK relies on a sector-by-sector, principles-based approach enforced by existing regulators (ICO, EHRC, Ofcom) rather than one AI Act. This is why UK institutions with EU-facing systems must track both the domestic guidance and the EU regulation’s extraterritorial reach separately.

    What this means for institutional risk management

    The headline €35 million figure will rarely apply to a university outright, but the reputational cost of a prohibited-practice finding is not confined to the fine itself. A finding against emotion-recognition exam software invites scrutiny of every other AI-enabled assessment tool on campus, and funders increasingly expect institutions to demonstrate AI governance maturity, mirroring assurance expectations already familiar from research administration compliance frameworks.

    Treating AI Act regulation as a procurement and governance discipline — inventory, classification, named ownership, phased deadline tracking — converts an open-ended legal risk into a manageable operational programme.

    Where this is heading

    The Digital Omnibus shows the EU will adjust timelines under pressure, but it has not softened the penalty structure, and it has added prohibited categories rather than removed any. Research institutions should expect further phased deadlines and continued extraterritorial reach, and should treat every delay as a planning window, not a reason to deprioritise compliance work.

  • AI Governance UK: What Universities Hire For

    AI governance UK hiring is real but narrow: employers are advertising standalone “AI governance” titles mainly in consultancies and tech firms, while UK universities and research funders are folding AI oversight into existing research-governance, integrity and data-protection roles rather than minting a new job category. Certifications such as IAPP’s AIGP and the ISO/IEC 42001 Lead Auditor credential map to genuinely different parts of that work — one to policy and compliance, the other to formal audit.

    AI governance is the set of policies, controls and accountability structures an organisation uses to ensure AI systems are developed, procured and used safely, lawfully and transparently across their lifecycle.

    What is driving the AI governance UK hiring wave?

    Search interest in AI governance credentials has accelerated sharply. Keyword-demand data tracked into June 2026 shows “ai governance certification” search volume in the UK up 129% year-on-year, and “ai governance job” postings now surface daily on LinkedIn, Indeed and Totaljobs for roles spanning “Director AI Governance” to “Responsible AI Specialist.”

    The trigger is regulatory, not academic. Under the government’s 2023 White Paper AI regulation: a pro-innovation approach, the UK deliberately chose not to pass a single AI statute. Instead, existing regulators — the Information Commissioner’s Office, Ofcom and the Competition and Markets Authority — enforce five cross-sector principles: safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress.

    That distributed model pushes the compliance burden into individual organisations, which is exactly the vacuum “AI governance” job titles are appearing to fill. Employers with EU exposure are also hiring against the EU AI Act, whose obligations extend to UK organisations that deploy AI systems into EU markets.

    What are UK research institutions actually hiring for?

    A survey of current academic job boards shows standalone “AI Governance Officer” titles remain rare in UK higher education. What is expanding instead is AI content grafted onto established research-governance and research-integrity posts.

    • The University of Oxford has run a postdoctoral researcher post inside its Oxford AI Governance Initiative, focused on AI and risk research rather than institutional compliance.
    • The University of Bristol advertises a Head of Research Governance role — the University’s lead officer for research regulation, ethics and integrity across human participants, tissue and data, a remit now stretching to cover AI-enabled research methods.
    • The Alan Turing Institute’s AI Ethics and Governance in Practice programme, an eight-workbook resource for project teams, functions as the de facto training reference most UK research-intensive institutions point staff toward, in place of a dedicated internal certification.
    • The Russell Group published sector-wide principles on generative AI in education in January 2025, giving member universities a shared policy baseline rather than each hiring separate AI governance specialists.

    The pattern is consistent: research institutions are governing AI through their existing research-integrity, ethics-committee and data-governance infrastructure, supplemented by sector guidance from the Turing Institute and Russell Group, rather than building a parallel AI governance function from scratch.

    Which certifications map to the job?

    Two credentials dominate current job advertisements, and they are not interchangeable. IAPP’s AIGP is a policy and compliance credential; ISO/IEC 42001 Lead Auditor is a formal management-systems audit qualification built on the international AI management system standard published in 2023.

    Certification Body Format Best fit
    IAPP AIGP International Association of Privacy Professionals 100 multiple-choice questions, 180 minutes Privacy, legal and policy staff who need to interpret AI law and risk, not audit systems
    ISO/IEC 42001 Lead Auditor Accredited training bodies (e.g. PECB, BSI) against the ISO/IEC 42001:2023 standard Multi-day course plus exam Auditors and compliance managers validating a formal AI management system (AIMS)
    Vendor foundational courses (e.g. Securiti) Commercial vendors Short on-demand modules, 2–3 hours Awareness-level onboarding, not a substitute for either credential above

    Neither certification is a licence to practise. Both function as evidence that a candidate has studied a defined body of knowledge — AIGP for law and policy, ISO/IEC 42001 Lead Auditor for management-system audit method — which is why job advertisements almost always list them as “desirable,” not mandatory.

    Genuine career pathway or rebadged compliance role?

    The honest answer is both, depending on sector. In consultancies and large tech employers, “AI governance” is emerging as a distinct, senior, well-paid track — UK job boards currently list Director-level AI governance roles paying well above general compliance-officer rates. In research institutions, it is largely a rebadged extension of research integrity, data protection and ethics-committee work that already existed.

    That does not make it hollow. It means the credential value differs by employer type: a corporate AI governance hire benefits most from IAPP’s AIGP or an ISO/IEC 42001 audit qualification, while a university research-governance officer gains more from Turing Institute and Russell Group sector guidance, since their day job already sits inside an ethics and integrity framework those resources were built for.

    Which is the best AI governance certification?

    There is no single “best” credential; fit depends on function. IAPP’s AIGP suits policy, legal and privacy specialists working across jurisdictions and the EU AI Act. ISO/IEC 42001 Lead Auditor suits professionals who must formally audit an organisation’s AI management system rather than advise on policy.

    Is AI governance certification worth it?

    It is worth it for candidates whose work already touches AI policy, compliance, risk management or privacy, where it demonstrates structured knowledge to employers. It adds little on its own without underlying domain experience, since UK job advertisements consistently list these credentials as desirable evidence rather than a mandatory gate.

    How to become an AI governance professional?

    Most current UK postholders arrive via data protection, legal, risk or research-integrity backgrounds, then add AI-specific knowledge through a credential such as AIGP or ISO/IEC 42001. Direct entry-level “AI governance” hiring remains limited; experience in an adjacent regulated function is the more common route in.

    What skills are needed for AI governance?

    Core skills include risk assessment, regulatory interpretation, bias and fairness evaluation, and stakeholder communication across legal, technical and leadership teams. Employers also expect familiarity with the AI lifecycle and enough technical literacy to question a model’s design without needing to build one.

    What this means for research institutions

    For UK research administrators and institutional leaders, the near-term implication is not to create a new “AI Governance Officer” post by default. It is to audit whether existing research-integrity, data-governance and ethics-committee functions already cover AI risk, and where they do not, to close the gap with targeted training — Turing Institute workbooks or an IAPP AIGP course — rather than an immediate new hire.

    Over the next 12–24 months, expect the corporate and research-sector paths to converge somewhat as funders begin asking institutions to document AI oversight within grant compliance and wider research administration processes. Institutions that get ahead of that by mapping certifications to real duties now, rather than hiring a title, will be better placed when funders start asking for evidence.

  • Foundation Model vs General-Purpose AI Systems Under the EU AI Act

    A foundation model is a large-scale AI model trained on broad data that can be adapted to many downstream tasks; a general-purpose AI system is the deployed product built on top of it. The foundation model vs general-purpose AI distinction is not academic under EU Regulation 2024/1689 (the AI Act): “general-purpose AI model” obligations attach to the model itself under Chapter V, while “AI system” obligations attach to a deployed application under Title III and depend entirely on how that application is used. For a university lab that fine-tunes an open-weight model into a research tool and releases it publicly, which category applies — and when — determines a materially different compliance workload.

    The AI Act defines a general-purpose AI model (Article 3(63)) as one that “displays significant generality” and can “competently perform a wide range of distinct tasks”, regardless of how it is placed on the market. A general-purpose AI system (Article 3(66)) is an AI system based on such a model that can serve a variety of purposes, whether used directly or integrated into other systems. The two terms are frequently conflated, but the Act’s compliance architecture depends on keeping them separate.

    What is a foundation model? A working definition

    A foundation model is an AI model trained on large, broad datasets — often using self-supervised learning — that generalises to a wide range of downstream tasks rather than being built for one narrow purpose. Large language models are the most cited example, but the concept also covers text-to-image, text-to-video, and multimodal models.

    The term originated in AI research (Stanford’s Center for Research on Foundation Models coined it in 2021) and is not itself a defined legal term in the AI Act. The Act’s operative category, general-purpose AI model, captures the same phenomenon in enforceable language, and in practice most models researchers call “foundation models” meet that legal definition.

    AI Act definitions: general-purpose AI model vs AI system

    The AI Act runs two separate regulatory tracks that a research team must understand independently, because passing one does not exempt a project from the other.

    The general-purpose AI model track (Chapter V, Articles 51–56) regulates the model layer. Under Article 53(1), providers must draw up technical documentation, inform downstream integrators, publish a training-content summary, and maintain a copyright policy. The Commission’s AI Office guidance is explicit that these “provisions… apply to the model itself, regardless of what is or will be its ultimate use.” Models trained with over 1025 FLOP are presumed to pose systemic risk under Article 51(1)(a), triggering evaluation and incident-reporting duties under Article 55.

    The AI system track (Title III, Articles 6–49) regulates the application layer. Obligations here — including the high-risk conformity-assessment regime under Annex III — depend entirely on context of use: what the system does, who it affects, and which domain it operates in. A system built on a fully documented foundation model can still be high-risk; one built on an under-documented model can still sit outside Title III if its use case is low-risk.

    Crucially, Article 2(8) excludes “any research, testing or development activity regarding AI systems or AI models prior to their being placed on the market or put into service” from the Act’s scope. This is the single most important provision for university labs: internal experimentation is largely unregulated, but that exemption ends the moment a tool is placed on the market — including released publicly under an open licence.

    When does fine-tuning create a new “provider”?

    Recital 97 clarifies that a model is still “placed on the market” if its provider integrates it into their own AI system, unless use is purely internal, third parties’ rights are unaffected, and the model carries no systemic risk. The Commission’s guidelines on scope (Section 3.2) add an indicative criterion: a downstream entity that fine-tunes an existing model becomes provider of a new general-purpose AI model once the modification’s training compute exceeds one-third of the original model’s training compute. Below that threshold, the original provider keeps Article 53 responsibility, and the lab’s own duties attach mainly at the system layer.

    Why the distinction matters for research software

    University labs increasingly build research tools — literature-screening assistants, peer-review triage systems, integrity checkers, grant-matching recommenders — on foundation models. Getting the model/system distinction wrong creates two risks: over-compliance (treating a low-risk tool as needing Annex III conformity assessment) or under-compliance (releasing a public tool without required Article 53 documentation).

    Two provisions reduce the burden for academic and open-source releases. First, Article 53(2) exempts providers from the Article 53(1)(a) and (b) documentation duties if the model is released open-source with public weights, architecture, and usage information — though this never extends to systemic-risk models. Second, Recital 109 requires that provider obligations “take due account of the size of the provider,” with simplified routes for SMEs and start-ups, a category many university spin-outs fall into.

    Neither exemption touches the AI system track. A tool that screens grant applicants or assesses researcher performance may still fall under Annex III’s high-risk categories regardless of how the underlying model is licensed.

    Worked examples for university labs

    The scenarios below show how the two tracks diverge depending on what is built and how it is released.

    Scenario General-purpose AI model duties AI system duties
    Fine-tunes an open-weight model for internal literature screening only, never released Not applicable — Article 2(8) research exemption while internal Not applicable — no placing on the market
    Releases the fine-tuned model publicly, open licence, weights published; fine-tuning compute under one-third of base compute Base-model provider keeps Article 53 duties; lab is not a new provider (one-third-compute criterion) Must assess use case under Title III; low-risk screening unlikely to trigger Annex III
    Substantially retrains a model (compute over one-third of base) and releases it as a research-assessment tool used in hiring-adjacent decisions Lab becomes provider of a new general-purpose AI model; full Article 53 duties apply Likely high-risk under Annex III (employment use); conformity assessment and human oversight required from 2 August 2026

    Frequently asked questions

    Are foundation models general purpose?

    Most, but not all. A model must display significant generality and competently perform a wide range of distinct tasks to meet the AI Act’s Article 3(63) definition; models fine-tuned to be narrowly specialised for one domain can fall outside it even if built on a general-purpose base.

    Is a chatbot built on a foundation model itself a foundation model?

    No. A chatbot is a deployed AI system; the language model behind it is the general-purpose AI model. The chatbot’s obligations run through Title III based on use case, while the model’s obligations run through Chapter V regardless of that use case.

    What is the difference between a foundation model and an AI agent?

    A foundation model is the underlying trained model; an AI agent is a system that uses one or more models to pursue goals with some autonomy, such as planning or calling tools. Under the AI Act, an agent built on a foundation model is assessed as an AI system, with obligations set by context of use, not by which model powers it.

    Compliance implications and what comes next

    For research offices evaluating an AI-powered tool before release, four checks separate compliant projects from exposed ones:

    • Confirm whether the tool is still covered by the Article 2(8) research exemption, or whether release plans amount to “placing on the market.”
    • Calculate whether fine-tuning compute crosses the one-third-of-original-compute threshold that can make the lab a new model provider.
    • Check the Article 53(2) open-source exemption conditions — weights, architecture, and usage information must all be public.
    • Assess the deployed system separately against Title III and Annex III; model-layer compliance never substitutes for system-layer risk classification.

    The compliance calendar is tightening. Prohibited AI practice rules have applied since 2 February 2025, general-purpose AI model obligations since 2 August 2025, and high-risk AI system obligations under Annex III take effect from 2 August 2026 — weeks away for any lab planning to release research software touching employment, education, or other Annex III domains. Labs that map tools against both tracks before release, not after, avoid finding out the hard way through a market-surveillance enquiry. Institutional research administration offices are increasingly the first checkpoint for that mapping.

  • AI Research, Innovation, and Accountability Act: What Research Offices Need to Know

    The AI Research, Innovation, and Accountability Act (AIRIA, S.3312) was a bipartisan US Senate bill that would have created federal risk tiers, transparency reporting, and certification duties for high-impact AI systems. It cleared the Senate Commerce Committee in July 2024 but died when the 118th Congress adjourned in January 2025. Its framework has not disappeared, however: near-identical risk-tier and disclosure ideas now surface in state AI statutes, in federal agency guidance, and in follow-on bills before the 119th Congress — several of which already touch how NIH and NSF handle AI in grant review.

    AIRIA is a defined legislative proposal, not a law currently in force: it is the bill that proposed classifying AI systems as “high-impact” or “critical-impact” and tasking the National Institute of Standards and Technology (NIST) with testing, evaluation, validation, and verification standards for the highest-risk category.

    What is the AI Research, Innovation, and Accountability Act?

    The AI Research, Innovation, and Accountability Act is a US Senate bill introduced on 15 November 2023 by Senators John Thune (R-SD), Amy Klobuchar (D-MN), Roger Wicker (R-MS), John Hickenlooper (D-CO), Shelley Moore Capito (R-WV), and Ben Ray Luján (D-NM). It proposed a risk-based federal framework rather than blanket rules for all AI.

    Core provisions included:

    • A two-tier risk classification for “high-impact” and “critical-impact” AI systems used in consequential decisions.
    • Mandatory transparency reports and risk assessments from developers and deployers of the highest-risk systems.
    • A NIST-led programme to develop testing, evaluation, validation, and verification (TEVV) standards.
    • A certification and enforcement structure housed at the Department of Commerce.
    • A consumer-education and industry working-group mandate to support voluntary compliance ahead of formal rules.

    Unlike the EU’s comprehensive AI Act, AIRIA targeted only the highest-risk use cases and left most research and low-risk commercial AI activity outside its scope.

    What happened to AIRIA in Congress?

    AIRIA advanced further than most AI bills of its era but still did not become law. The Senate Committee on Commerce, Science, and Transportation ordered it reported on 31 July 2024, and the Congressional Budget Office published a cost estimate on 6 December 2024. Under standard congressional procedure, any bill not enacted before a Congress ends is considered dead; AIRIA lapsed with the close of the 118th Congress on 3 January 2025 and was not carried forward automatically.

    That is not the end of the story. Several bills before the 119th Congress (2025–2026) reuse AIRIA’s building blocks — including the AI Accountability Act (H.R.1694), which directs a federal study of AI accountability measures, and the Future of Artificial Intelligence Innovation Act of 2026 (S.3952), which revives the NIST standards-and-evaluation mandate AIRIA proposed. None of these has replicated AIRIA in full, but the pattern is consistent: risk tiers, NIST-run testing standards, and disclosure duties keep reappearing in federal drafting, which is why the original bill remains a useful reference text even though it never passed.

    How does AIRIA interact with NIH and NSF grant compliance?

    AIRIA itself never reached the funding agencies, but the compliance gap it targeted — undisclosed or unaccountable AI use in high-stakes review processes — is already being filled through agency policy rather than statute. Research offices do not need AIRIA to pass to feel its logic in practice.

    • NIH issued NOT-OD-23-149, prohibiting NIH scientific peer reviewers from uploading grant application or critique content into generative AI tools, to protect peer-review confidentiality and integrity.
    • NSF issued a parallel notice on 14 December 2023 barring reviewers from entering proposal or review information into non-approved generative AI tools, with corresponding updates folded into the Proposal & Award Policies and Procedures Guide (PAPPG).
    • OMB Memorandum M-24-10, issued 28 March 2024, requires every CFO Act agency — including the parent departments of NIH and NSF — to designate a Chief AI Officer, convene an AI governance board, inventory AI use cases annually, and publish compliance plans.

    Research administrators should read AIRIA less as a future obligation and more as the missing statutory layer above rules that funders have already implemented administratively. If AIRIA-style provisions are eventually enacted, they would most plausibly formalise — not replace — the NIH and NSF confidentiality prohibitions and the OMB governance-board model that are already operating today.

    How does AIRIA compare with state AI laws and the EU AI Act?

    Research institutions rarely operate under one AI framework. Multi-state university systems, international co-investigators, and federally funded projects with EU partners are simultaneously exposed to federal inaction, an unsettled state landscape, and a phased EU regime.

    Framework Jurisdiction Status as of July 2026 Relevance to research offices
    AIRIA (S.3312) US federal (Senate) Died with the 118th Congress, 3 Jan 2025; ideas recur in newer bills Reference model for future federal risk-tier and disclosure rules
    OMB M-24-10 US federal (executive) In effect since 28 Mar 2024 Directly governs how NIH, NSF, and other agencies use AI internally
    NIH / NSF AI notices US federal agency policy In effect since Jun–Dec 2023 Bars generative AI use in peer review of grant applications
    Colorado AI Act (SB 24-205) US state Repealed by SB 26-189 (14 May 2026); never took effect Cautionary example — comprehensive state AI law can collapse before compliance deadlines
    Texas TRAIGA US state In effect 1 Jan 2026 Intent-based liability model; applies to any AI system touching Texas residents
    EU AI Act European Union Phased in Aug 2024–Aug 2026 Relevant to Horizon Europe co-investigators and EU-based research partners

    The Colorado reversal is the clearest recent signal: SB 24-205 was the first comprehensive US state AI law, but Colorado Governor Jared Polis signed its full replacement, SB 26-189, on 14 May 2026 — meaning the original statute never actually took effect. State AI law is moving fast and is not stable enough to treat any single statute as a durable compliance target.

    Common questions research administrators ask

    What is the AI Research, Innovation, and Accountability Act?

    It is a 2023 US Senate bill (S.3312) that proposed risk-tiered federal oversight of “high-impact” and “critical-impact” AI systems, including NIST-led testing standards and mandatory transparency reporting. It advanced through Senate Commerce Committee review in 2024 but was never enacted.

    What is the AI legislation situation in 2026?

    No single comprehensive federal AI statute exists in the United States as of mid-2026. Oversight instead comes from a patchwork of agency guidance (OMB M-24-10, NIH and NSF notices), a shifting set of state statutes (Texas TRAIGA in effect, Colorado’s law repealed and replaced), and several competing federal bills still in committee.

    What are the seven principles referenced in AI regulatory frameworks?

    Frameworks such as the EU AI Act commonly cite human agency and oversight, technical robustness and safety, privacy and data governance, transparency, non-discrimination and fairness, societal and environmental wellbeing, and accountability. AIRIA did not adopt this exact list but pursued the same accountability and transparency goals through US-specific risk tiers.

    Why research offices should track this now

    Waiting for a federal AI bill to pass before building internal AI-use policy is the wrong sequencing. NIH and NSF already enforce confidentiality rules on generative AI in peer review, OMB already requires agency AI governance boards, and state rules are changing faster than any single institution can absorb reactively — Colorado’s reversal took less than two years from enactment to repeal.

    Research offices should treat AIRIA as a design template, not a deadline. Institutions that map their existing AI-use disclosure practices against AIRIA’s risk-tier and TEVV concepts now will be positioned to adapt quickly if a successor bill — whether H.R.1694, S.3952, or a future proposal — advances further than AIRIA did. The direction of travel across federal agency guidance, state law, and the EU AI Act is consistent even where the US federal statute itself has stalled: more disclosure, more documented risk assessment, and more named institutional accountability for AI used in decisions that affect people’s funding, careers, and research records.

    For related compliance context, see CASRAI’s research administration resources and the CASRAI Dictionary for definitions of adjacent governance and compliance terms.

  • AI Governance Framework for Research Offices: NIST, ISO 42001 and In-House Approaches Compared

    A research office building an AI governance framework can choose from three broad templates: a NIST-aligned risk profile (Govern, Map, Measure, Manage), an ISO/IEC 42001-informed management system (certifiable, PDCA-based), or a McKinsey-style operating model built around strategic alignment and cross-functional leadership. Most research offices need a hybrid: NIST’s risk logic, ISO’s audit trail, and an operating model that assigns clear ownership to a research-integrity or grants office.

    An AI governance framework is a structured set of policies, roles, and controls that determines how an organisation approves, monitors, and audits its use of artificial intelligence. For a university research office, that means one coherent document — not three disconnected policies bolted together after a compliance scare.

    What is an AI governance framework, and why do research offices need one now?

    An AI governance framework sets out who approves an AI tool, what risk tier it sits in, how its use is documented, and who is accountable if it goes wrong. Research offices are being asked to produce one with no established house style, because most published templates were written for enterprise IT or financial services, not for grant review panels, ethics boards, or manuscript preparation.

    The pressure has three sources. Funders including UKRI now expect disclosure of generative-AI use in grant applications and peer review. Publishers following ICMJE‘s updated recommendations and COPE‘s 2023 position statement require that AI tools never be listed as authors, since they cannot take responsibility for a work’s accuracy. And institutional research-integrity offices increasingly sit between both obligations, needing one internal policy that satisfies funder disclosure rules and publisher authorship rules simultaneously.

    What is the NIST framework for AI governance?

    The NIST AI Risk Management Framework (AI RMF 1.0), published by the US National Institute of Standards and Technology in January 2023, is a voluntary, non-certifiable framework built around four functions: Govern (culture, policy, accountability), Map (context and risk identification), Measure (assessment and monitoring tools), and Manage (mitigation and incident response). NIST extended it with a Generative AI Profile (NIST AI 600-1) in July 2024, addressing risks specific to large language models — hallucination, confidentiality leakage, and content provenance — which is directly relevant to research offices vetting AI writing or coding assistants.

    NIST’s advantage for a research office is flexibility: the four functions map cleanly onto existing committee structures (a research-integrity committee can own “Govern”, an ethics board can own “Map”) without requiring a new certification budget.

    What does ISO/IEC 42001 add that NIST does not?

    ISO/IEC 42001:2023, published in December 2023, is the world’s first international standard for an AI management system (AIMS). Unlike NIST’s RMF, it is certifiable, structured around the Plan-Do-Check-Act cycle, and shares the Annex SL high-level structure used by ISO 9001 and ISO 27001 — meaning an institution that already runs an ISO 27001 information-security management system can extend the same audit infrastructure to cover AI.

    ISO 42001 requires documented objectives, an AI policy statement, competence records, and internal audits — heavier than NIST, but it produces an external certificate a funder, publisher, or partner university can verify without reading the underlying policy.

    Feature NIST AI RMF ISO/IEC 42001 McKinsey-style operating model
    Legal status Voluntary, non-certifiable Certifiable international standard Not a formal standard
    Structure Govern, Map, Measure, Manage Plan-Do-Check-Act (Annex SL) Steering committee + risk-tiered use-case pipeline
    Published January 2023 (v1.0) December 2023 Synthesised industry practice
    Best fit for a research office Fast-start policy with existing committees Cross-institution or multi-site consortium needing an auditable certificate Research office already running agile grant/portfolio management

    How does a McKinsey-style operating model differ?

    A McKinsey-style operating model is not a codified standard like NIST or ISO — it is a way of organising governance around strategic value rather than compliance alone. It typically features a cross-functional steering committee (research administration, legal, IT, and academic leadership), a risk-tiered pipeline that prioritises AI use cases by potential value and harm, and an emphasis on iterative, agile policy revision rather than a fixed annual review cycle.

    For a research office, this approach fits best where AI adoption is already fast-moving — for example, where multiple departments are independently piloting AI-assisted literature review, grant-matching, or peer-review triage tools and need one visible decision body rather than a static rulebook.

    A hybrid template research administrators can adapt

    Most research offices do not need to choose exactly one template. A workable hybrid borrows NIST’s risk logic, ISO’s documentation discipline, and an operating-model steering committee:

    • Governance body: a standing AI governance committee reporting to the research-integrity office, with named leads from ethics, grants, IT security, and library/scholarly-communications teams.
    • Risk tiers: classify each AI use case (e.g., grant-matching tool, AI writing assistant, peer-review triage) as low, moderate, or high risk, following NIST’s Map function.
    • Policy register: a single living document recording each approved tool, its risk tier, approval date, and named accountable owner — the ISO-style audit trail.
    • Disclosure rules: a mandatory statement in every grant application and manuscript describing any generative-AI assistance, aligned with ICMJE and funder disclosure requirements.
    • Review cadence: quarterly light-touch review for low-risk tools, annual full review for high-risk tools, consistent with NIST’s Manage function and ISO’s continual-improvement clause.

    Where AI tools contribute to a manuscript’s preparation without meeting authorship criteria, research offices should record that contribution distinctly from the CRediT contributor roles assigned to human authors — CASRAI originated the CRediT taxonomy in 2014, and the standard is now stewarded by NISO as ANSI/NISO Z39.104-2022, with no AI-specific role currently defined within it.

    Common questions research administrators ask

    What is the NIST framework for AI governance?

    The NIST AI Risk Management Framework is a voluntary US framework, published January 2023, built around four functions — Govern, Map, Measure, and Manage. It is not certifiable but gives organisations a structured, adaptable process for identifying and mitigating AI risk without requiring an external audit.

    What are the six pillars of AI governance?

    Most governance frameworks converge on six pillars: accountability, ethics and fairness, risk management, transparency and explainability, compliance and security, and human oversight. A research office’s framework should assign a named owner to each pillar rather than treating them as abstract principles.

    What is the AI governance framework in the UK?

    The UK follows a pro-innovation, principles-based approach set out in its 2023 AI white paper, enforced through existing sector regulators rather than a single AI Act. This contrasts with the EU AI Act, which entered into force in August 2024 with a risk-tiered, legally binding structure and phased obligations running into 2026.

    What this means for research offices

    No single template is complete on its own. NIST gives research offices a fast, low-cost starting structure; ISO/IEC 42001 gives multi-site consortia and partner universities an externally verifiable certificate; a McKinsey-style operating model gives fast-moving institutions a decision body that can keep pace with new AI tools arriving faster than annual policy cycles can absorb them.

    The practical move for most research administrators is to start with NIST’s four functions as the policy skeleton, borrow ISO’s documentation discipline for the audit trail, and add a steering committee only once AI use cases multiply beyond what one compliance officer can track. As funder disclosure rules and publisher authorship policies continue to tighten through 2026 and beyond, the institutions that move first from ad hoc guidance to a documented, ownership-assigned framework will be the ones able to demonstrate compliance without reconstructing their records after the fact.

  • Generative AI Academic Integrity Policy 2026: Why University Rules Still Don’t Agree

    Generative AI academic integrity policy in 2026 remains fragmented: new peer-reviewed research from Springer and Cambridge University Press argues that universities cannot credibly enforce integrity standards while their own AI rules stay incoherent, even as searchers hunt for a mythical “30% rule” that does not exist in higher-education policy. Disclosure-threshold rules are proliferating faster than any shared standard — and convergence needs a common taxonomy, not more institution-specific thresholds.

    Academic integrity policy on generative AI is the set of institutional rules governing when, how, and whether students and researchers must disclose the use of AI tools in coursework, assessment, and scholarly output. As of mid-2026, no cross-institutional consensus exists on disclosure thresholds, detection reliability, or enforcement — only a widening patchwork of course-by-course and department-by-department rules.

    What does 2026 research actually say about AI and academic integrity?

    Two major 2026 publications converge on the same diagnosis, even though they approach it from different angles. Taylor et al., writing in Higher Education (Springer, 2026), conclude that universities cannot credibly enforce integrity standards in the age of AI without first ensuring coherence between their stated policies — a coherence that, in practice, rarely exists across a single institution’s own departments and courses.

    Gallant et al.’s Cambridge University Press Element, Academic Integrity in the Age of AI (2026), frames the same problem in sharper terms: generative AI “has rapidly and universally disrupted teaching, learning, and assessing with integrity.” Neither publication treats this as a temporary adjustment problem. Both treat it as a structural governance gap.

    That gap is not merely academic. A systematic literature review published in MDPI Information (Bittle et al., 2025) — now cited in well over 250 subsequent papers — found the evidence base on generative AI’s impact on academic integrity in higher education growing far faster than any agreed institutional response to it. The research volume has outpaced the policy convergence it was meant to inform.

    Why are disclosure-threshold policies multiplying instead of converging?

    University AI policy has moved past outright bans, but what replaced them is not one model — it is at least four, operating simultaneously, often within the same institution. The result is a patchwork where a rule that applies in one seminar room is void in the next.

    Policy model Example What it requires Enforcement
    Prohibition University of Cambridge, Faculty of History and Philosophy of Science AI may not be used as a source or quoted directly Academic misconduct procedure
    Disclosure-with-permission University of Kent; Solent University AI use permitted if declared, aligned with “fairness, transparency, accountability” Declaration checked at marking
    Course-level discretion Carnegie Mellon University Individual instructors set the rule per assignment, from total ban to full permission Devolved to instructor/department
    Integrated-tool model Emerging across STEM and data-science departments AI treated as a citable tool, akin to a calculator or search engine Attribution required, not a use-threshold

    The Office of the Independent Adjudicator for Higher Education, which handles student complaints across UK universities, notes that almost all AI-related complaints it receives come from students already subject to a misconduct procedure — evidence that disputed detection and inconsistent policy, not deliberate misuse, drive much of the caseload.

    Three structural forces keep these models from converging:

    • Decentralised governance — departments and individual instructors set their own rules, so no single institutional policy actually governs a student’s experience.
    • Detection unreliability — AI-detection tools produce enough false positives that no institution can safely anchor discipline to a single similarity or probability score.
    • A moving technical target — a policy calibrated to one model generation is frequently obsolete by the next; UNESCO-cited research highlights how generative AI is disrupting assessment methods that rely on final written output, such as essays, faster than institutions can rewrite their rules.

    Is there really a “30% rule” for AI use at university?

    No. Search interest in a “30% rule for AI” in academic-integrity contexts is real, but the rule itself is not an education-sector standard — it is a general AI-automation heuristic, describing a guideline that AI should handle roughly 70% of repetitive or preparatory work while humans retain the remaining 30% for oversight, creativity, and judgement in business and knowledge-work settings. No UK, US, or Australian university academic-integrity policy has adopted a codified 30% (or any single-number) disclosure threshold as of 2026.

    What some institutions have instead is a detection-review band: similarity or AI-probability scores that trigger human review of a submission, rather than an automatic misconduct finding. This is a procedural safeguard against detector false positives, not a permitted-use quota, and it varies by tool and by institution rather than following any shared figure. Searchers conflating the two are importing a business-automation concept into a governance vacuum that genuinely has no numeric answer yet.

    What would workable policy convergence actually require?

    A workable convergence needs a shared disclosure taxonomy, not another round of institution-specific thresholds. Three elements are prerequisites, based on where the Springer and Cambridge research locates the current failure points:

    • A common vocabulary for AI-use tiers — categories such as “AI-assisted drafting,” “AI-assisted research,” and “AI-generated content requiring full disclosure,” defined once and adopted consistently, rather than redefined by every syllabus.
    • Separation of detection from adjudication — using AI-detection scores only to flag cases for human review, never as standalone evidence of misconduct, addressing the false-positive problem identified in current casework.
    • Sector-level reference points, comparable to how research-integrity bodies such as COPE and ICMJE set shared expectations for publication ethics, giving individual universities a common baseline rather than each rebuilding policy from first principles.

    Institutional research-administration teams evaluating their own policy coherence can compare their current rules against a structured framework for research administration governance rather than treating AI-use policy as a standalone, one-off document.

    Common questions on AI and academic integrity

    Is using AI considered plagiarizing?

    It depends entirely on the institution’s specific policy and whether the use was disclosed. Using AI-generated content without proper attribution is treated as academic dishonesty at most universities, similar to unattributed use of another author’s work, but disclosed and permitted AI assistance is not automatically classed as plagiarism.

    What is the 30% rule for AI?

    The “30% rule” is a general AI-automation heuristic — AI handles roughly 70% of routine work, humans retain 30% for oversight and judgement — not an academic-integrity standard. No university has adopted a codified 30% disclosure or permitted-use threshold as of 2026; the term is being misapplied from business contexts into education searches.

    Can my university tell if I use AI?

    Sometimes, but not reliably. AI-detection tools can flag likely AI-generated text, and instructors often notice sudden shifts in writing style or fabricated citations, but detection software produces enough false positives that most institutions treat a flag as grounds for review, not automatic proof of misconduct.

    Is it plagiarizing if you use ChatGPT?

    It can be, depending on context and disclosure. Using ChatGPT-generated text without citation or acknowledgement is flagged as plagiarism under most current academic-integrity policies, while properly disclosed and permitted use — for example, brainstorming or editing assistance under a disclosure-with-permission model — typically is not.

    Implications for institutions, publishers, and standards bodies

    For research administrators, the near-term risk is reputational and legal, not just academic: enforcing a misconduct finding on an unreliable detector, against a policy a different department contradicts, is a weak position in an appeal — exactly the scenario the OIA’s casework note describes. Publishers and funders face an adjacent problem downstream, where undisclosed AI assistance in manuscript preparation raises the same coherence question long faced by human-authorship attribution: disclosure only functions as a standard when categories are shared, not improvised per venue.

    CASRAI originated the CRediT contributor role taxonomy in 2014 to solve a structurally similar problem — inconsistent, non-comparable attribution practices across journals. The standard is now stewarded by NISO as ANSI/NISO Z39.104-2022. AI-use disclosure in both teaching and research settings is heading toward the same fork: either a shared taxonomy emerges by deliberate convergence, or institutions continue absorbing the cost of policy fragmentation one appeal at a time.

    Until a sector body publishes a reference taxonomy for AI-use disclosure tiers, institutions should treat internal policy coherence — not a numeric threshold — as the actual compliance target for 2026.

  • AI Act Annex III Education Systems Explained

    Annex III of the EU AI Act (Regulation (EU) 2024/1689) classifies four specific education uses as high-risk: admissions and access decisions, evaluation of learning outcomes, assessment of the appropriate level of education for an individual, and monitoring students for prohibited behaviour during tests. That fourth category covers most commercial exam-proctoring software. Because these systems influence a person’s access to education, providers and institutions face conformity-assessment, documentation and human-oversight duties — and, as of mid-2026, a revised compliance timeline that most procurement guidance has not yet caught up with.

    Annex III is the section of the AI Act that lists the stand-alone use cases treated as high-risk regardless of sector, and education is one of eight listed domains. Under Article 6(2), any system matching an Annex III description is high-risk unless it falls within a narrow set of Article 6(3) exemptions for purely preparatory or narrow procedural tasks.

    What Annex III Actually Classifies as High-Risk in Education

    Annex III, point 3, lists four education and vocational-training use cases. Each is high-risk in its own right, not as a bundled “education AI” category:

    Annex III, point 3 What it covers Typical real-world system
    3(a) Access and admission Determining access, admission, or assignment of people to educational and vocational institutions at any level Admissions-ranking algorithms; automated place-allocation tools
    3(b) Evaluating learning outcomes Assessing outcomes, including where results steer a person’s subsequent learning path Automated essay and short-answer scoring; adaptive-learning placement engines
    3(c) Assessing appropriate education level Determining the level of education a person will receive or can access Streaming and tracking tools; aptitude-based course-eligibility systems
    3(d) Monitoring prohibited behaviour Detecting prohibited conduct by students during tests Remote exam-proctoring software with anomaly or gaze detection

    This structure matters for procurement: a vendor’s product might satisfy only one limb (proctoring under 3(d)) while a different module of the same platform — an automated grading feature, say — separately triggers 3(b). Each function needs its own classification check rather than a single institution-wide judgement.

    Why Proctoring and Admissions AI Meet the High-Risk Threshold

    The AI Act treats education systems as high-risk because their outputs shape a person’s access to opportunity, not because the underlying technology is novel. Recital 56 explains that AI in education can determine “the educational and professional course of a person’s life” and, where biased or opaque, can perpetuate discrimination on grounds such as disability, ethnic origin or sexual orientation.

    Two features push a system firmly into the high-risk tier. First, if the tool performs profiling of natural persons — building a behavioural or performance profile used in a decision — Article 6(3) removes the narrow-task exemptions entirely, so the system is automatically high-risk. Most commercial proctoring tools that flag “suspicious behaviour” patterns over time perform exactly this kind of profiling. Second, where a system’s error directly changes an admission, grading or progression outcome, it cannot credibly claim the “preparatory task only” or “improves a human decision” carve-outs in Article 6(3), because the human reviewer rarely has the practical capacity to re-examine every flagged case in full.

    Conformity-Assessment Duties That Follow

    Classification as high-risk is the trigger, not the end point. Providers placing an Annex III education system on the market must run it through conformity assessment under Article 43 before deployment, and both providers and deploying institutions then carry ongoing obligations:

    • Establish and maintain a risk-management system across the tool’s lifecycle
    • Use training, validation and test data that is relevant, representative and checked for bias
    • Produce technical documentation demonstrating compliance, and enable automatic logging for traceability
    • Complete a declaration of conformity, affix the CE marking, and register the system in the EU high-risk AI database under Article 49
    • Deployers must run a fundamental rights impact assessment before first use, keep human oversight with real override authority, and tell students and applicants that a high-risk system is involved

    None of these duties can be delegated to the software vendor by contract alone. An institution that deploys a high-risk admissions tool is a deployer under the Act and carries deployer-specific obligations even where the vendor, as provider, has already completed its own conformity assessment.

    The compliance timeline itself has shifted since most existing guidance was written. Article 113 originally set 2 August 2026 as the date the Annex III obligations became applicable. On 7 May 2026, the European Parliament and the Council reached a provisional political agreement on the Digital Omnibus on AI, replacing that date with fixed extensions: 2 December 2027 for stand-alone Annex III systems (including education), and 2 August 2028 for Annex I product-embedded systems. Separately, the marking obligations under Article 50(2) now fall due on 2 December 2026. Until the agreed text is formally adopted and published in the Official Journal, the original 2 August 2026 date remains the legally binding one — institutions should treat the extension as highly likely, not yet certain.

    Obligation Original deadline Revised deadline (Digital Omnibus, agreed 7 May 2026)
    Annex III stand-alone high-risk systems (education, employment, essential services) 2 August 2026 2 December 2027
    Annex I product-embedded high-risk systems 2 August 2027 2 August 2028
    Article 50(2) transparency/marking obligations 2 August 2026 2 December 2026

    What This Means for Procurement of Proctoring and Admissions AI

    For institutions and publishers buying exam-proctoring, admissions-ranking or automated-scoring tools, the practical question is no longer “is this AI regulated eventually” but “which Annex III limb applies, and can the vendor prove it.” A procurement checklist built around Annex III should require vendors to confirm, in writing, before contract renewal:

    • Whether each distinct feature of the product (scoring, proctoring, ranking) falls under Annex III, point 3(a)-(d), and if so, which limb
    • Evidence of a completed or in-progress conformity assessment and EU database registration, or a documented Article 6(3) exemption assessment
    • What training data was used, and what bias-testing was performed against protected characteristics
    • What logging and traceability the institution will have access to for its own record-keeping duties as deployer
    • Whether the tool performs any form of profiling, since this removes access to the narrow-task exemptions

    Institutions with any EU touchpoint — joint degrees, EU-based applicants, satellite campuses — should apply the same checklist even where their primary jurisdiction sits outside the EU, because the Act’s extraterritorial scope catches systems whose output is used within the EU.

    Common Questions on Annex III Education Systems

    What Is Considered a High-Risk AI System Under the AI Act?

    An AI system is high-risk if it is a safety component of a product covered by Annex I legislation, or if its use case appears in Annex III — covering biometrics, education, employment, essential services, law enforcement, migration and justice — unless it genuinely poses no significant risk under the narrow Article 6(3) exemptions.

    Which Education Apps Are High-Risk Under the AI Act?

    Annex III, point 3 names four categories: admissions and access tools, learning-outcome evaluation systems, tools assessing a person’s appropriate education level, and software monitoring students for prohibited behaviour in tests. Automated essay scoring and exam proctoring fall squarely within these limbs.

    Can an Exam Proctor Be AI?

    Yes — many institutions already use AI-based remote proctoring that analyses movement, gaze and audio to flag suspected cheating. Under the AI Act, this function sits within Annex III, point 3(d), making the software high-risk and subject to conformity-assessment and human-oversight duties, not a substitute human decision-maker.

    Are Any Education AI Practices Banned Outright, Not Just High-Risk?

    Yes. Since 2 February 2025, Article 5 has banned emotion-recognition systems in educational settings outright, with no research or institutional exemption, except narrow medical or safety uses. This sits above the high-risk tier — a banned practice cannot be brought into compliance through conformity assessment.

    The classification logic behind Annex III will not soften even as its application date moves. Institutions and publishers procuring proctoring, admissions or scoring AI gain a longer runway to 2 December 2027, but the underlying duties — bias-tested data, documented conformity assessment, human override authority, and registration in the EU database — remain the fixed reference point for any system that touches a student’s access to education.

  • AI Act Researcher Access to High-Risk Systems

    Article 92 of the EU AI Act does not create a DSA-style “vetted researcher” scheme for high-risk AI systems. It gives the European Commission’s AI Office — supported by Commission-appointed independent experts — power to demand evaluation access, including source code, to general-purpose AI models with systemic risk. Outside academics cannot yet apply for access under Article 92 itself.

    Article 92 is the provision of Regulation (EU) 2024/1689 that lets the AI Office conduct compliance and systemic-risk evaluations of general-purpose AI (GPAI) models, requesting access “through APIs or further appropriate technical means and tools, including source code” from the model’s provider. It becomes applicable on 2 August 2026, under the Article 113 staggered-application timetable.

    What Article 92 actually grants

    Article 92(1) gives the AI Office, after consulting the AI Board, the power to evaluate a general-purpose AI model in two circumstances: where information already gathered under Article 91 is insufficient to assess a provider’s compliance, or to investigate systemic risks following a qualified alert from the scientific panel under Article 90.

    Under Article 92(3), the Commission may request access to the model “through APIs or further appropriate technical means and tools, including source code.” Article 92(4) requires each request to state its legal basis, purpose, and the fine under Article 101 that applies if the provider refuses. This is a regulator-to-provider compliance channel, not an open door for the research community.

    Who can request access — and who cannot

    The Commission may itself request access, or it may appoint independent experts to carry out the evaluation on its behalf, drawn in particular from the scientific panel established under Article 68. Those experts must meet the Article 68(2) criteria before they can touch any model.

    • Particular expertise and competence in AI, demonstrated through up-to-date scientific or technical knowledge.
    • Independence from any provider of AI systems or general-purpose AI models.
    • A demonstrated ability to carry out evaluation activities diligently, accurately, and objectively.

    There is no equivalent of the DSA’s open application route. A university researcher cannot submit a “duly substantiated application” to a national authority and be awarded status; the Commission selects panel members, and the AI Office decides when to deploy them. Article 68(4) further binds experts to confidentiality and impartiality, and requires each to file a public declaration of interests.

    What data, logs, and systems are in scope

    Article 92 targets general-purpose AI models — not the full universe of “high-risk AI systems” listed under Annex III (recruitment tools, credit-scoring systems, education-admission systems, and the like). The provision is narrower and sits in Chapter V’s enforcement toolkit for GPAI providers, with particular focus on models presenting systemic risk.

    A GPAI model is presumed to carry systemic risk once its cumulative training compute exceeds 1025 floating-point operations (FLOPs), per the AI Act’s Article 51 threshold; the Commission can also designate a model systemic on the scientific panel’s advice. Once access is requested, the scope can include:

    • API-level access to the model’s outputs and behaviour under specified test conditions.
    • Source code, where API access is insufficient to complete the evaluation.
    • Prior “structured dialogue” under Article 92(7), where the AI Office first discusses the provider’s internal testing and risk-mitigation measures before formally requesting access.

    Article 92(6) leaves the fine-grained detail — expert-selection procedure, evaluation arrangements, timelines — to a future Commission implementing act, so several operational details remain unsettled ahead of the 2 August 2026 application date.

    Article 92 vs the DSA’s vetted-researcher regime

    Commentary that describes Article 92 as “modelled on the DSA” understates a structural difference: the Digital Services Act’s Article 40(8) builds a standing, application-based pathway for named external researchers, while the AI Act channels evaluation through a Commission-controlled expert panel. The table below sets out the contrast.

    Feature AI Act Article 92 DSA Article 40
    Who gets access AI Office directly, or independent experts appointed by the Commission External “vetted researchers” who apply and are approved
    Application route None — experts are selected by the Commission from the Article 68 scientific panel Duly substantiated application to a Digital Services Coordinator
    Eligibility test Article 68(2): AI expertise, independence, diligence Article 40(8): research-organisation affiliation, independence, funding disclosure, data-security capability, proportionality, public-results commitment
    Subject matter General-purpose AI models, especially those with systemic risk Data held by very large online platforms and search engines
    Trigger Insufficient Article 91 information, or a systemic-risk alert Research into systemic risks under Article 34(1)
    Legal instrument Regulation (EU) 2024/1689 Regulation (EU) 2022/2065

    For a researcher hoping to independently audit a high-risk AI system deployed by a university, employer, or public body, Article 92 currently offers no comparable entry point. The closer analogue for that kind of scrutiny remains national market-surveillance authority activity under Chapter IX of the AI Act, not a researcher-access clause.

    Answer-first Q&A

    Does the AI Act give researchers open access to high-risk AI systems?

    No. Article 92 grants access powers to the AI Office and Commission-appointed independent experts, not to self-nominating academic researchers. Unlike the DSA, there is no statutory application process through which an outside researcher can request evaluation access to a high-risk AI system or a general-purpose AI model.

    What is the difference between AI Act Article 92 and DSA Article 40?

    Article 92 lets the Commission compel access to general-purpose AI models for compliance and systemic-risk evaluation, using its own appointed experts. DSA Article 40 instead lets external “vetted researchers” apply to a Digital Services Coordinator for access to platform data, a genuinely open external-researcher pathway that Article 92 does not replicate.

    Who qualifies as an independent expert under Article 68?

    Under Article 68(2), experts must show up-to-date AI expertise, complete independence from any AI system or model provider, and the ability to work diligently and objectively. The Commission selects the panel, sets its size, and must ensure fair gender and geographical representation among members.

    When does Article 92 take effect?

    Article 92 becomes applicable on 2 August 2026, in line with the AI Act’s staggered timetable under Article 113. The supporting scientific panel under Article 68 was already applicable from 2 August 2025, giving the Commission a year to establish the panel before evaluation powers activate.

    Implications for research administrators and institutions

    Research administration teams should separate two distinct exposures. First, if their institution deploys AI systems that fall under Annex III — admissions or assignment tools for educational institutions, recruitment and candidate-evaluation systems, or emergency-services triage tools — those systems are “high-risk” under the AI Act’s own Chapter III framework and carry provider or deployer obligations regardless of Article 92.

    Second, if their institution’s researchers want to study a general-purpose AI model with systemic risk, Article 92 does not currently give them a route to request evaluation access in the way DSA Article 40 lets accredited researchers request platform data. Institutions monitoring AI governance developments in research administration should track the Commission’s pending Article 92(6) implementing act, since it may eventually broaden how external expertise is brought into the evaluation process.

    Outlook

    The gap between Article 92’s provider-facing evaluation power and the DSA’s researcher-facing access regime is likely to remain a live policy debate through 2026 and 2027, as the AI Office builds out its scientific panel and issues the implementing acts required by Article 92(6). Until then, claims that the AI Act “grants researcher access to high-risk systems” overstate what the text currently delivers: a regulator’s evaluation tool, not a researcher’s request mechanism.

  • General-Purpose AI Model Rules for Universities

    A general-purpose AI model is defined in Article 3(63) of the EU AI Act as an AI model that displays significant generality, can competently perform a wide range of distinct tasks, and can be integrated into varied downstream systems, regardless of how it is placed on the market. A university prototype never placed on the market or put into service falls outside these duties under the Article 2(8) research exemption; the moment that model, or a fine-tuned derivative, is published or supplied to a third party, Article 53 obligations on technical documentation, downstream information, copyright policy, and a training-content summary can attach.

    A general purpose ai model is not defined by branding — it is defined by a compute-and-capability test in the Act’s recitals and the Commission’s guidelines. That test matters for universities, because the same model can sit inside the research exemption one day and carry a regulated “provider” obligation the next, depending on what happens to it.

    What is a general-purpose AI model under the AI Act?

    Under Article 3(63) of the AI Act, a general-purpose AI model is one that “displays significant generality and is capable of competently performing a wide range of distinct tasks… and that can be integrated into a variety of downstream systems or applications.” Recital 98 anchors this operationally: models trained with at least a billion parameters using large-scale self-supervision are presumed to meet the generality bar.

    The Commission’s guidelines on the scope of GPAI obligations add a practical marker: an indicative threshold of 10^23 FLOP of training compute, combined with the ability to generate language, images, or video, points to GPAI status. A narrow classifier trained on one labelled dataset for one task — say, detecting a specific cell morphology in a pathology dataset — meets neither bar and is not a GPAI model; it is a narrow AI system governed, if at all, by the Act’s risk-based system rules in Chapters II–IV, not the model-layer rules in Chapter V.

    Foundation model vs general-purpose AI vs narrow research tool: the definitional test

    “Foundation model” is not a term the AI Act defines — it originates from the 2021 Stanford Center for Research on Foundation Models literature. What most people call a foundation model is simply a species of general-purpose AI model; the Act creates no separate legal category for it and regulates instead at the model layer (Chapter V) and the system layer (Chapters II–IV).

    A narrow research tool is not a defined legal term either. It survives through Article 2(8), which states the AI Act “does not apply to any research, testing or development activity regarding AI systems or AI models prior to their being placed on the market or put into service.” The three-way distinction that matters for universities is:

    Category Legal basis Obligation trigger
    General-purpose AI model Article 3(63), Recital 98 Placed on the market or put into service (any use case, any modality)
    “Foundation model” (industry term) No AI Act definition — a subset of GPAI in practice Same as GPAI: placement on the market
    Narrow research tool Article 2(8) exemption Never triggered while confined to pre-market research, testing or development

    The trigger is not architecture, size, or pedigree — it is whether the model has been placed on the market, defined in Article 3(9) as first supply for distribution or use in the Union, paid or free. A lab training a model for internal experiments stays inside Article 2(8); publishing its weights publicly, or licensing it to a partner, places it on the market and can trigger Article 53.

    What are the Article 53 obligations for GPAI providers?

    Article 53(1) of the AI Act sets four core obligations for any provider of a general-purpose AI model placed on the EU market, regardless of size or academic status:

    • Technical documentation (Article 53(1)(a)) — training/testing processes and evaluation results, available on request to the AI Office and national authorities.
    • Information for downstream providers (Article 53(1)(b)) — capabilities, limitations, and foreseeable misuse, so downstream builders can meet their own duties.
    • A copyright policy (Article 53(1)(c)) — how the provider complies with EU copyright law and respects rights reservations in training data.
    • A public training-content summary (Article 53(1)(d)) — using the Commission’s template, describing what content trained the model.

    These obligations have applied since 2 August 2025 under Article 113(b), with transitional rules for pre-existing models under Article 111(3). A heavier tier applies only to GPAI models posing systemic risk — an indicative 10^25 FLOP training-compute threshold under Article 51(1)(a)-(2), costing tens of millions of euros to reach per the Commission — triggering adversarial evaluation, risk mitigation, incident reporting, and cybersecurity duties under Article 55. Almost no university-trained model approaches 10^25 FLOP, so this tier rarely applies academically; base Article 53 duties can still apply well below it.

    How does the research exemption apply to universities that fine-tune models?

    Universities interact with the GPAI rules from two directions, and conflating them is the single most common compliance error. First, a university training its own large model purely for internal research stays inside Article 2(8) for as long as the model is neither placed on the market nor put into service — a threshold not crossed the moment a paper is published, but more likely triggered by supplying the model for use or distribution.

    Second, and less understood, is what happens when a university fine-tunes an existing GPAI model from a commercial lab. Recital 109 and the Commission’s guidelines indicate fine-tuning can make the modifier a “provider” of a new model — but only for the modification, not the underlying base model. The indicative criterion: if fine-tuning compute exceeds roughly one-third of the original model’s training compute, the university takes on provider obligations for that modification, typically discharged by supplementing existing documentation with what changed.

    Two further carve-outs matter for university open-model releases:

    • The open-source exemption (Article 53(2)) removes the documentation and downstream-information duties (53(1)(a)-(b)) for models released free and open-source with public parameters, weights, architecture and usage information — not the copyright-policy or training-summary duties, and never for a systemic-risk model.
    • Downstream system duties are separate. A university embedding a GPAI model in a chatbot, decision-support tool, or admissions-screening application must separately assess that system against the Act’s risk-based rules in Chapters II–IV, whether or not it is also a GPAI “provider.”

    Answer-first Q&A

    Is general purpose AI the same as generative AI?

    No. Generative AI describes output type — models producing text, images, audio or video — while general-purpose AI is a legal classification under Article 3(63) based on generality and integration potential. Most large generative models qualify as GPAI, per Recital 99, but the two terms describe different properties and are not interchangeable in the regulation.

    What is an example of general-purpose AI?

    Large language and multimodal models generating text, images, or code across many tasks — commonly called foundation models — are the Act’s typical example under Recital 99. A university-trained model only qualifies once it meets Recital 98’s generality and compute markers, not merely because it shares similar architecture.

    Is ChatGPT general-purpose AI?

    Yes. Widely used commercial assistants built on large generative models meet the Article 3(63) generality test and are treated as general-purpose AI models, subject to Article 53 obligations from their provider. This differs from a university’s narrow, single-task research classifier, which would not meet the same test.

    Implications for universities releasing open models

    The practical stakes are documentation discipline, not automatic prohibition. A university planning to publish a fine-tuned or original model should map, before release, whether Article 2(8) still applies, whether the one-third fine-tuning threshold has been crossed, and whether Article 53(2)’s open-source exemption covers the intended licence. Institutions publishing under permissive open licences with full weights and architecture disclosure can shed the heaviest documentation duties while still owing a copyright policy and training-content summary — obligations echoing the transparency practices research administrators already apply to funder mandates such as UKRI’s and Horizon Europe’s.

    As the AI Office refines its guidelines and the General-Purpose AI Code of Practice — assessed as adequate by the Commission and AI Board in 2025 — becomes the default route to demonstrating compliance, universities treating model-release governance as a standing institutional process, not a one-off legal review, will be best placed to keep publishing openly without falling foul of Article 53.