What is a model card?
AI governance and risk
A model card is a short, structured document that explains a specific AI or machine learning model. It sets out what the model is meant to do, how it was trained and tested, how well it performs in relevant conditions, where it is likely to fail, and what uses are out of scope. For a non specialist leader, it is a practical transparency document that helps you judge whether a model is understood well enough to trust, buy, adapt, or deploy.
What this means
In plain English, a model card is the label and operating notes for one model. It is not the full technical file, and it is not the full product manual. It is the concise explanation that should travel with the model so that other people can understand what it is, what it was built for, and what its known limits are.
The key phrase is "one model". A model card normally describes a single trained model, or a clearly defined model version within a family. It might cover a classifier, a speech model, a forecasting model, a large language model, or an image model. It should say what kind of input the model takes, what kind of output it produces, what training data shaped it at a high level, what evaluations were run, and what caveats matter in practice.
That single model focus is what separates a model card from a system card. A model card is about the model itself. A system card is wider. It describes a deployed system built around one or more models, plus the surrounding controls such as prompts, retrieval, policies, access controls, monitoring, red teaming, and human review. If you are reviewing an AI assistant for customer service, the model card explains the underlying model. The system card explains the assistant as it actually operates in the real world.
A helpful mental model is this. If the model is an engine, the model card tells you the engine type, performance tests, service limits, and known weak points. If the product is a vehicle, the system card explains the whole vehicle, including the steering, brakes, safety features, road conditions it should not be used in, and how people are expected to operate it.
Good model cards make vague claims inspectable. Instead of hearing that a model is "advanced" or "enterprise ready", you can ask better questions. Ready for what, tested against what, strong in which languages or domains, weak in which edge cases, and updated when?
Why it matters
Leaders usually encounter model cards in two situations. The first is buying or approving third party AI. The second is asking an internal team to document a model before it moves from experiment to live use. In both cases, the same risk appears. Without structured documentation, it is easy to mistake a capable demo for a dependable component.
A model card helps with procurement because it gives you something concrete to review. You can compare intended use against your real use, check whether the evaluation setting resembles your operating environment, and see whether known limitations would create operational pain. That can stop a poor fit before it becomes an expensive integration.
It also helps with assurance. If a model affects customer communications, staff workflows, financial decisions, safety processes, or sensitive data, you need a record of what was known at the point of approval. A model card does not remove risk, but it creates a useful evidence trail. It shows whether the team thought seriously about purpose, testing, limitations, and version control.
There is another practical point. Models change. Vendors refresh versions, internal teams fine tune them, benchmark claims move, and failure patterns shift. A model card gives you a baseline. Without one, every conversation starts from marketing language. With one, you can track changes between versions and ask whether a new release is genuinely better for your use case.
How it works
A model card usually starts with basic identity information. What is the model called, which version is being described, who produced it, what inputs does it accept, what outputs does it return, and where is it available. That sounds simple, but it matters. Many organisations end up discussing a model family in general terms when the only thing that really counts is the exact version being used in production.
The next part is purpose. A good card says what the model is intended to do, and just as importantly, what it is not intended to do. This is one of the most valuable sections for a leader because it turns broad possibility into clear scope. A summarisation model may be suitable for drafting notes but not for final legal review. An image classifier may work for routing quality checks but not for clinical diagnosis. If the intended use is vague, the rest of the card becomes less useful because the evaluation has no clear target.
Then comes model data and training information. This does not have to reveal every proprietary detail. It should, however, explain enough for a reader to understand the shape of the training process. What kinds of data informed the model. Whether it was pre trained, fine tuned, or adapted from a base model. Whether there were filters, safety tuning steps, or notable exclusions. For open models, this section may be detailed. For commercial models, it is often more limited. Limited is not the same as useless, but a very thin description should lower your confidence.
Evaluation is usually the heart of the card. This is where the developer reports how the model performed in testing. Strong cards do more than display a single headline score. They explain what was measured, on which benchmarks or test sets, in which languages or domains, under what conditions, and with what caveats. For business use, this is where you should slow down. A model can look excellent on general benchmarks and still be a poor fit for your documents, terminology, customers, or risk profile.
The best cards also include slice based or context based results. In other words, not just average performance, but performance under conditions that matter. For instance, results may differ by language, speech accent, image quality, task type, or safety category. This part matters because serious operational failures often hide inside averages. A high overall score can cover a weak edge case that appears every day in your workflow.
A useful model card also states known limitations and failure modes plainly. This section should describe where the model is brittle, where it tends to hallucinate, where it over refuses, where it performs less well, or where the developer lacks confidence. Leaders sometimes treat limitations as a warning sign. In reality, the absence of a limitations section is often the bigger warning sign. Mature teams know where their model is likely to struggle.
Safety, bias, and ethical considerations often appear near the end of the card. The exact format varies. Some cards discuss content safety and misuse. Some discuss subgroup performance or harmful bias. Some set out acceptable use restrictions. Some also describe energy use, licensing, or downstream requirements. The format differs across providers, and current practice is still evolving, but the practical point is the same. The developer should make material trade offs and constraints visible.
Finally, a card should be maintained, not written once and forgotten. A model card is most useful when it is versioned, dated, and updated as the model changes. If a vendor releases a new major version, adjusts safety tuning, or changes deployment channels, you should expect the card to reflect that. If you are building internally, treat the model card as a living control document rather than a launch day extra.
Examples
A finance team might be considering a model for invoice extraction. The model card helps them see whether the model was tested on scanned documents, multilingual forms, low quality images, or only on clean benchmark data. That tells them whether a pilot is likely to reveal minor gaps or major ones.
An operations team might be reviewing a speech to text model for call summaries. The model card can show whether the model was evaluated across accents, noisy audio, mixed language speech, or domain specific vocabulary. If the card is silent on those points, the team knows it must test them itself before rollout.
A software team might fine tune an internal language model for policy search or drafting assistance. Their own model card becomes the shared document that explains what changed from the base model, what internal data was used, what safety checks were run, and where the fine tuned version should not be trusted. That makes handover, audit, and future maintenance far easier.
Common misunderstandings
One common misunderstanding is that a model card proves a model is safe. It does not. A card is evidence of documentation, not a guarantee of quality.
Another is that one benchmark number is enough. It rarely is. Business risk usually comes from mismatch between the test setting and real use, not from a lack of headline metrics.
A third misunderstanding is that a model card tells you everything you need to know about the finished product. It does not. If the model sits inside a larger assistant or workflow, you also need system level documentation.
A fourth misunderstanding is that model cards are only for public or open models. Internal models need them as well, often more so, because internal teams tend to rely on shared assumptions that are never written down.
Risks and boundaries
Model cards have limits. Some are thin, selective, or written mainly for public relations. Some describe a whole model family when you really need details for the specific version you are using. Some go stale quickly after fine tuning, policy changes, or silent vendor updates.
They also do not replace local testing. Even an excellent card cannot tell you how a model will behave on your documents, your customers, your languages, your workflows, or your controls. It should shorten your testing burden, not remove it.
There is also a disclosure trade off. Vendors may legitimately limit very detailed information about training data, weights, or safety methods for security, intellectual property, or abuse prevention reasons. That is understandable, but it means leaders should learn to distinguish between "not disclosed for a justified reason" and "not disclosed because no one did the work".
Finally, a model card is not legal, privacy, security, or professional advice. If a model touches regulated processes, employment decisions, health information, financial judgement, or significant rights, it should feed into wider review rather than stand in for it.
What to do next
First, define the exact business use before you ask for documentation. A model card is only useful when you know what you want the model to do, for whom, and under what level of risk.
Second, ask for the card for the precise model and version being proposed, not a generic family brochure. If the answer is vague, treat that as a signal.
Third, read four sections closely: intended use, evaluation, limitations, and update history. Those sections will usually tell you more than a long feature list.
Fourth, compare the card to your own operating conditions. Look for language coverage, data type, workflow context, safety behaviour, and known weaknesses that would matter in your environment. Where the card is silent, write down test cases for your pilot.
Fifth, if the model will be deployed inside a broader product or assistant, ask for system level documentation as well. A strong model card without a strong system card still leaves major blind spots.
FAQs
Is a model card only for machine learning experts?
No. The best model cards are written so non specialists can understand purpose, tests, limits, and appropriate use, while still giving technical readers enough detail to go deeper.
What is the difference between a model card and a benchmark report?
A benchmark report focuses mainly on test scores. A model card should also cover intended use, data background, limitations, safety considerations, and version specific context.
Should every model have a model card?
In practice, yes, but the depth should match the risk and importance of the model. A low impact internal model may need a short card. A high impact model needs a far fuller one.
Can a vendor refuse to share one?
Yes, but that does not remove your need for documentation. If a vendor will not provide a proper model card or equivalent, you should assume you will need extra validation and stronger contractual checks.
If I have a model card, do I still need a pilot?
Almost always. The card should help you design a better pilot by showing what to test, not replace real testing in your own environment.
Sources
Model Cards for Model Reporting (arXiv and FAT* 2019). Primary source. Introduced the model card concept and defined model cards as short documents accompanying trained models, including intended use, evaluation, and limitations. cite.
Artificial Intelligence Risk Management Framework Generative Artificial Intelligence Profile (NIST). Secondary standards source. Supported the leadership guidance to review transparency artefacts for third party models and document sources, training processes, and adaptations. cite.
The CLeAR Documentation Framework for AI Transparency (Harvard Shorenstein Center). Secondary framework source. Supported the point that AI documentation practices vary by context and that documentation for models and systems is still evolving rather than fixed in one universal format. cite.