DARR
MR-080 Regulatory compliance Both scope

Provider fails to supply adequate GPAI model documentation

The provider of a procured GPAI model does not supply the model documentation and information the deployer needs, leaving the deployer unable to assess the model or to meet its own transparency and risk-assessment obligations.

Risk family
Regulatory compliance
MIT domain
n/a (EU-derived)
MIT subdomain
n/a
AI type
GPAI, Agentic
Scope
Both
Source standard
GPAI Code of Practice 2025 (gap analysis)

Provenance

Source standard
GPAI Code of Practice 2025 (gap analysis)
Source frameworks
GPAI Code of Practice 2025
GPAI Code of Practice
GPAI Code of Practice, Transparency Chapter, Commitment 1 (Measures 1.1-1.3)
Nearest MIT-derived risk
MR-045 Insufficient documentation / MR-065 Vendor churn (deployer-side and change-side; not the provider documentation-supply dependency).

Framework crosswalk

Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.

Sourcesframeworks that contributed to the register
EU AI Act1
  • CoP GPAI Code of Practice, Transparency Chapter, Commitment 1 (Measures 1.1-1.3)

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.