ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
IT Security

External Models and DPIA – Is It Possible to Assess Risk Without Full Knowledge of the AI?

ANSWER

Knowledge of the model

Most models are already supplied with documentation (known as a model card), although this typically does not provide a complete picture.

In part, the AI Act will provide tools for obtaining the most important information about a model (architecture, training methodology, personal data and copyright considerations).

For open-source models with open weights, a great deal of information about the model can be obtained independently. However, many open-source models do not disclose information such as the source of their training data.

Examples of open-source models compliant with the Open Source Initiative definition include: Pythia (Eleuther AI), OLMo (AI2), Amber and CrystalCoder (LLM360), and T5 (Google). These are models with open weights and an open training dataset.

DPIA

It is not necessary to know every parameter in order to assess risk; however, if adequate due diligence on a model cannot be conducted, that model should not be used.

In other cases, a rigorous DPIA is achievable. Nevertheless, it requires multidisciplinary collaboration within the organisation implementing or building the model.

Show all
PreviousNext

Read also:

07 June 2026

Przygotuj się na atak phishingowy, nim będzie za późno

07 June 2026

TikTok a RODO w sektorze publicznym – czego urzędy mogą dowiedzieć się z niemieckich zaleceń dla instytucji

02 June 2026

Czy do spełnienia wymogów ustawy o krajowym systemie cyberbezpieczeństwa (KSC / NIS2) potrzebne jest Security Operations Center (SOC)?

Kalkulator wagi naruszeń

Sprawdź, które naruszenia wymagają zgłoszenia do PUODO

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
External Models and DPIA – Assessing Risk Without Full AI Knowledge | ODO 24 | ODO 24