BackAuditing

This page is still being polished. If you have thoughts, please share them via the feedback form.

Data on this page is preliminary and may change. Please do not share or cite these figures publicly.

Auditing

Gipiskis (2024)|LLM classified

Mitigation Taxonomy

2Organisation

2.2Risk & Assurance

2.2.3Auditing & Compliance

Independent audits, third-party reviews, and regulatory compliance verification.

Also in Risk & Assurance

2.2.1 Risk Assessment2.2.2 Testing & Evaluation2.2.4 Assurance Documentation

LLM Classification Details

Reasoning

Third-party audit verifies AI system compliance with safety standards and commitments.

Code: 2.2.3Version: v0.6Classified: Feb 6, 2026

Part of

Model evaluations

Sub-mitigations (2)

Pre-deployment access by third-party auditors

Prior to full deployment of general-purpose AI models, a group of third-party auditors who are not selected by the GPAI model provider could get early access to AI models in order to evaluate them from a variety of different perspectives and with diverse interests [30, 157]. This prevents cases where the developers of AI models select auditors that are especially favorable to the developers, which could result in biased or incomplete evaluations, or contribute to an unjustified public perception of the capabilities and risks of the model.

2.2.3 Auditing & Compliance

Lifecycle:Verify and ValidateActor:Governance ActorAIRM:Measure

Audits with specific scoped goals

Audits of AI systems will be easier to perform, and have clearer results if the scope and goals of the evaluation are formulated as precisely as possible [157], or have a connection to concrete existing policy.

2.2.3 Auditing & Compliance

Lifecycle:Verify and ValidateActor:Governance ActorAIRM:Measure

Other mitigations from Gipiskis (2024) (112)

Model development

2.4 Engineering & Development

Lifecycle:Build and Use ModelActor:DeveloperAIRM:Unable to classify

Model development > Data-related

1.1 Model

Lifecycle:Collect and Process DataActor:Unable to classifyAIRM:Unable to classify

Model evaluations

2.2.2 Testing & Evaluation

Lifecycle:Verify and ValidateActor:DeveloperAIRM:Measure

Model evaluations > General evaluations

2.2.2 Testing & Evaluation

Lifecycle:Verify and ValidateActor:DeveloperAIRM:Measure

Model evaluations > Benchmarking

3.2.1 Benchmarks & Evaluation

Lifecycle:Other (outside lifecycle)Actor:DeveloperAIRM:Measure

Model evaluations > Red teaming

2.2.2 Testing & Evaluation

Lifecycle:Verify and ValidateActor:DeveloperAIRM:Measure

View all 112 mitigations from this source →

Source Document

Risk Sources and Risk Management Measures in Support of Standards for General-Purpose AI Systems

Gipiškis, Rokas; San Joaquin, Ayrton; Chin, Ze Shen; Regenfuß, Adrian; Gil, Ariel; Holtman, Koen (2024)

Organizations and governments that develop, deploy, use, and govern AI must coordinate on effective risk mitigation. However, the landscape of AI risk mitigation frameworks is fragmented, uses inconsistent terminology, and has gaps in coverage. This paper introduces a preliminary AI Risk Mitigation Taxonomy to organize AI risk mitigations and provide a common frame of reference. The Taxonomy was developed through a rapid evidence scan of 13 AI risk mitigation frameworks published between 2023-2025, which were extracted into a living database of 831 distinct AI risk mitigations.

View source DOI: 10.48550/arXiv.2410.23472

Classification

AI Lifecycle Stage

Verify and Validate

Testing, evaluating, auditing, and red-teaming the AI system

Responsible Actor

Governance Actor

Regulator, standards body, or oversight entity shaping AI policy

NIST AI RMF Function

Measure

Quantifying, testing, and monitoring identified AI risks

Risk Domains

Primary

7 AI System Safety, Failures & Limitations

Other

6.5 Governance failure