Google Transparency Report

Google lists common crawlers that are likely to show up in log files and that we’ve received questions about here, including Googlebot. Googlebot obeys robots.txt rules when crawling automatically. Information about Google Extended token can be found here.

We notify people who sign up for a Google account whether their data is used to train Google 's AI models via link to the Google Privacy Policy when they sign up for an account and when they click on their Google profile picture to access their account information when they are signed in, and we link to the Gemini Apps Privacy Hub within the Settings section within the Gemini app. In addition, Gemini for Google Cloud Guides for customers include clear documentation on whether their data is used to train our models.

We generate synthetic data for training and evaluation purposes while building the model, using our previous and current models in the Gemini 1.5 and the Gemini 2.X model family. This can include generating synthetic voices or text conversations.

For the Supervised Fine-Tuning stage, we source adversarial prompts leveraging existing models and tools to probe Gemini’s attack surface (in addition to human interactions) to discover potentially harmful behavior. When we find that model behavior needs improvement, we use a combination of custom data generation recipes loosely inspired by Constitutional AI (Bai et al., 2022), as well as human intervention to revise responses. The process described here is typically refined through successive model iterations. For both Reward Model improvements and Reinforcement Learning, similarly to SFT, we source synthetic prompts through model-model interactions. For Data Reward Model training, given a prompt set, we use custom data generation recipes to surface a representative sample of model responses.

Data practices for our models focus on filtering training data for quality, model performance, and adherence to policies, as well as documenting training techniques in technical reports and model cards. These processes also include safety, privacy, and security criteria. We use automated techniques to filter out certain personal information and other sensitive data from training sets. Data filtering and preprocessing included techniques such as deduplication, safety filtering in line with Google's commitment to advancing AI safely and responsibly, and quality filtering to mitigate risks and improve training data reliability. Safety and responsibility was built into Gemini 2.5 Pro throughout the training and deployment lifecycle, including pre-training, post-training, and product-level mitigations. Mitigations include, but are not limited to: · dataset filtering; · conditional pre-training; · supervised fine-tuning; · reinforcement learning from human and critic feedback; · safety policies and desiderata; · product-level mitigations such as safety filtering.

Google models are trained and served by our own custom AI accelerators, Tensor Processing Units (TPU).

1. Data filtering for safety and responsibility and conditional pre-training 2. Supervised Fine-Tuning 3. Reinforcement Learning from Human Feedback, with evaluations that run continuously during training to monitor for safety (and other metrics)

Our safety training approach begins with pre-training interventions around data filtering to remove data that violates our policies and tagging, as well as metrics that monitor the model during pre-training. In post-training, we use Supervised Fine-Tuning (SFT) and Reinforcement Learning from Human and Critic Feedback (RLHF/RLCF) to align the model to the policies and desiderata, alongside with enabling other capabilities.

Yes. To support academic research and drive cutting-edge research, Google provides access to Gemini API credits for scientists and academic researchers through the Gemini Academic Program. Qualified academic researchers (such as faculty, staff, and PhD students) in supported countries can apply to receive Gemini API credits and higher rate limits for research projects. This support enables higher throughput for scientific experiments and advances research. We are particularly interested in the research areas in the following section, but we welcome applications from diverse scientific disciplines: Evaluations and benchmarks: Community-endorsed evaluation methods that can provide a strong performance signal in areas such as factuality, safety, instruction following, reasoning, and planning. Accelerating scientific discovery to benefit humanity: Potential applications of AI in interdisciplinary scientific research, including areas such as rare and neglected diseases, experimental biology, materials science, and sustainability. Embodiment and interactions: Utilizing large language models to investigate novel interactions within the fields of embodied AI, ambient interactions, robotics, and human-computer interaction. Emergent capabilities: Exploring new agentic capabilities required to enhance reasoning and planning, and how capabilities can be expanded during inference (e.g., by utilizing Gemini Flash). Multimodal interaction and understanding: Identifying gaps and opportunities for multimodal foundational models for analysis, reasoning, and planning across a variety of tasks. Eligibility: Only individuals (faculty members, researchers or equivalent) affiliated with a valid academic institution, or academic research organization can apply. Note that API access and credits will be granted and removed at Google's discretion. We review applications on a monthly basis.

We support A2A for agents built using Gemini 2.5 Pro available via Vertex AI. We also announced that the Gemini API and SDK will support Model Context Protocol (MCP) to make it easy for developers to use a wide range of open source tools.

Yes results for each of the benchmarks measuring the model’s capabilities are detailed in the model card, tech report, and other external resources. We continue to update our evals, so this represents an example of results at a specific moment in time. Updated model cards can be found here. We have also included here a summary of the results (as of this writing): Gemini 2.5 Pro demonstrated strong performance, especially in reasoning tasks. A key improvement over prior Gemini models was a significant boost in code performance. Evaluations were conducted across benchmarks that measured capabilities such as reasoning and knowledge (Humanity's Last Exam (no tools), 17.8%), science (GPQA diamond,83.0%), mathematics (AIME 2025, 83.0%) , and in line with the capabilities listed above: code generation (LiveCodeBench V5, 75.6%), code editing,(Aider Polyglot, 76.5% / 72.7% whole / diff) agentic coding (SWE-bench verified, 63.2%), factuality (SimpleQA, 50.8%), visual reasoning (MMMU, 79.6%), image understanding (Vibe-Eval (Reka), 65.6%) , video (Video-MME, 84.8%), long context (MRCR, 128k (average) 93.0%, 1M (pointwise) 82.9%), and multilingual performance (Global MMLU (Lite), 88.6%). We also offer additional benchmark results for audio + visual capabilities, e.g. VideoMME (86.9%) -see more at https://storage.googleapis.com/deepmind-media/gemini/gemini_v2_5_report.pdf#page=15

Gemini safety policies align with Google’s standard framework for the types of harmful content that we make best efforts to prevent our Generative AI models from generating, including the following types of harmful content: · Child sexual abuse and exploitation · Hate speech (e.g. dehumanizing members of protected groups) · Dangerous content (e.g., promoting suicide, or instructing in activities that could cause real-world harm) · Harassment (e.g. encouraging violence against people) · Sexually explicit content · Medical advice that runs contrary to scientific or medical consensus In addition, Gemini 2.5 Pro was assessed against Google’s Frontier Safety Framework (FSF), which covers four risk domains: · CBRN (chemical, biological, radiological and nuclear information risks) · Cybersecurity · Machine learning R&D · Deceptive alignment We released the Frontier Safety Framework (FSF) in May 2024 and updated it in February 2025. The FSF comprises a number of processes and evaluations that address risks of severe harm stemming from powerful capabilities of our frontier models. The Frontier Safety Framework involves the regular evaluation of our frontier models to determine whether they require heightened mitigations. More specifically, the FSF defines critical capability levels (CCLs) for each area, which represent capability levels where a model may pose a significant risk of severe harm without appropriate mitigations. When conducting FSF evaluations, we compare test results against internal alert thresholds ("early warnings") which are set significantly below the actual CCLs. This built-in safety buffer helps us be proactive by signaling potential risks well before models reach CCLs. Concretely, our alert thresholds are designed such that if a frontier model does not reach the alert threshold for a CCL, we can assume models developed before the next regular testing interval will not reach that CCL. Google DeepMind’s recent paper, An Approach to Technical AGI Safety and Security, discusses this approximate continuity assumption in more depth in Section 3.5. This is why we test at a regular cadence and on exceptional capability jumps.

We take a multi-faceted approach to risk mitigation. We implement content safety, security, and privacy mitigations; employ phased launches; empower users with transparency, labeling and training; harness user feedback; and deploy ongoing monitoring to continuously improve. In addition, we support the wider ecosystem with AI safety tools and standards. Safety and responsibility was built into Gemini 2.5 Pro throughout the training and deployment lifecycle, including pre-training, post-training, and product-level mitigations. Mitigations include, but are not limited to: · dataset filtering; · conditional pre-training; · supervised fine-tuning; · reinforcement learning from human and critic feedback; · safety policies and desiderata; · product-level mitigations such as safety filtering. We build safety into the models though pre-and post-training approaches. We start by constructing metrics based on the policies and desiderata above, which we typically turn into automated evaluations that guide model development through successive model iterations. We use data filtering and conditional pre-training, as well as Supervised Fine-Tuning (SFT), and Reinforcement Learning from Human and Critic Feedback (RL*F). (see details starting on https://storage.googleapis.com/deepmind-media/gemini/gemini_v2_5_report.pdf#page=20)

We use the SAIF framework to mitigate known and novel AI security risks. The latter category includes risks such as data poisoning, model exfiltration, and rogue actions. We apply security controls, or repeatable mitigations, to these risks. For example, for prompt injections and jailbreaks, we apply robust filtering and processing of inputs and outputs. Additionally, thorough training, tuning, and evaluation processes help fortify the model against prompt injection attacks. For data poisoning, we implement data sanitization, secure AI systems, enable access controls, and deploy mechanisms to ensure data and model integrity. We have published a full list of our controls for AI security risks. In addition, we continue to research new ways to help mitigate a model’s susceptibility to security attacks. For example, we’ve developed an AI agent that auto-detects real-world code for security risks.

As appropriate, we use a multi-layered approach to model deployment that may start with testing internally, then releasing to trusted testers externally, then opening up to a small portion of our user base (for example, Gemini Ultra users first). We may also phase our country and language releases, constantly testing to ensure mitigations are working as intended before we expand. And finally, we have careful protocols and additional testing and mitigations required before a product is released to under 18s.

The Frontier Safety Framework (FSF) involves the regular evaluation of Google’s frontier models to determine whether they require heightened mitigations. The Framework is built around capability thresholds called “Critical Capability Levels (CCLs), “at which, absent mitigation measures, AI models or systems may pose heightened risk of severe harm. CCLs can be determined by identifying and analyzing the main foreseeable paths through which a model could cause severe harm, and then defining the CCLs as the minimal set of capabilities a model must possess to do so. Note that we have selected our CCLs to be conservative; it is not clear to what extent CCLs might translate to harm in real-world contexts. There are two sets of CCLs: misuse CCLs that can indicate heightened risk of severe harm from misuse if not addressed, and deceptive alignment CCLs that can indicate heightened risk of deceptive alignment-related events if not addressed. For misuse risk, we define CCLs in high-risk domains where, based on early research, we believe risks of severe harm may be most likely to arise from future models: · CBRN: Risks of models assisting in the development, preparation, and/or execution of a chemical, biological, radiological, or nuclear (“CBRN”) attack. · Cyber: Risks of models assisting in the development, preparation, and/or execution of a cyber attack. · Machine Learning R&D: Risks of the misuse of models capable of accelerating the rate of AI progress to potentially destabilizing levels, the result of which could be the unsafe attainment or proliferation of other powerful AI models. Capabilities in this area are under active research, and in the longer term may exacerbate frontier AI risks—including in other risk domains—if insufficiently managed. For deceptive alignment risk, the initial approach focuses on detecting when models might develop a baseline instrumental reasoning ability at which they have the potential to undermine human control, assuming no additional mitigations were applied. The two instrumental reasoning CCLs thus focus on delineating when such capability becomes present, and subsequently when the initial mitigation for this capability—automated monitoring—is no longer adequate. We intend to evaluate our most powerful frontier models regularly to check whether their AI capabilities are approaching a CCL. We also intend to evaluate any of these models that could indicate an exceptional increase in capabilities over previous models, and where appropriate, assess the likelihood of such capabilities and risks before and during training. To do so, we will define a set of evaluations called “early warning evaluations,” with a specific “alert threshold” that flags when a CCL may be reached before the evaluations are run again. In our FSF evaluations, we seek to equip the model with appropriate scaffolding and other augmentations to make it more likely that we are also assessing the capabilities of systems that will likely be produced with the model. We may run early warning evaluations more frequently or adjust the alert threshold of our evaluations if the rate of progress suggests our safety buffer is no longer adequate. Where necessary, early warning evaluations may be supplemented by other evaluations to better understand model capabilities relative to our CCLs. We may use additional external evaluators to test a model for relevant capabilities, if evaluators with relevant expertise are needed to provide an additional signal about a model’s proximity to CCLs. When a model reaches an alert threshold for a CCL, we will assess the proximity of the model to the CCL and analyze the risk posed, involving internal and external experts as needed. This will inform the formulation and application of a response plan. Central to most response plans will be the application of the mitigations described later in this document. For misuse, we have two categories of mitigations: security mitigations intended to prevent the exfiltration of model weights, and deployment mitigations (such as safety re-tuning and misuse filtering, detection, and response) intended to counter the misuse of critical capabilities in deployments. For deceptive alignment risk, automated monitoring may be applied to detect and respond to deceptive behavior for models that meet the first deceptive alignment CCL. Note that these mitigations reflect considerations from the perspective of addressing severe risks from powerful capabilities alone; due to this focused scope, other risk management and security considerations may result in more stringent mitigations applied to a model than specified by the Framework. A model flagged by an alert threshold may be assessed to pose risks for which readily available mitigations (including but not limited to those described below) may not be sufficient. If this happens, the response plan may involve putting deployment or further development on hold until adequate mitigations can be applied. Conversely, where model capabilities remain quite distant from a CCL, a response plan may involve the adoption of additional capability assessment processes to ag when heightened mitigations may be required. The appropriateness and efficacy of applied mitigations should be reviewed periodically, drawing on information like related misuse or misuse attempt incidents; results from continued post-mitigation testing; statistics about our intelligence, monitoring and escalation processes; and updated threat modeling and risk landscape analysis. When conducting FSF evaluations, we compare test results against internal alert thresholds ("early warnings") which are set significantly below the actual CCLs. This built-in safety buffer helps us be proactive by signaling potential risks well before models reach CCLs. Concretely, our alert thresholds are designed such that if a frontier model does not reach the alert threshold for a CCL, we can assume models developed before the next regular testing interval will not reach that CCL. Our model card provides details of our Frontier Safety assessment on pages 9-16. On top of robust internal FSF evaluations, we also evaluate the model against well-known academic safety and responsibility benchmarks. The results of these internal and external ethics and safety evaluations must be within acceptable thresholds for meeting internal policies for categories such as child safety, content safety, representational harms, memorization, and large-scale harms. Our policies for mitigating harm in areas such as child safety, suicide, and self-harm have been informed by years of research, user feedback, and expert consultation.

We label stable models with substantial capability advancements (e.g., when multimodality or thinking capabilities were first introduced) with a new number. We define versions as such publicly: · Stable model: A publicly released version of the model that is available and supported for production use starting on the release date. · Latest stable model: The latest version within the model family recommended for new and active projects and should be the target for migrations from earlier versions. · Legacy stable model: A model version that's been superseded by the Latest Stable Model. · Retired model: The model version is past its retirement date and has been permanently deactivated. Retired models are no longer accessible or supported by Google. Details about the model versions and lifecycle are published on Vertex AI. Note, we also disclose naming convention adjustments; for example, throughout an updated model card, we may clearly differentiate two versions of Gemini 2.5 pro, for example, a model previously identified as "Gemini 2.5 Pro Preview" could be referred to as "Gemini 2.5 Pro Experimental (03-25)". The latest version is referred to as "Gemini 2.5 Pro Preview (05-06)” according to release dates. Additionally, we publish model specific version names, release dates, and launch stage information at Vertex AI pages for specific models, including for Gemini 2.5 Pro.

We update model cards to include updated evaluations as the model is improved or revised, with details on performance improvements, and are disclosed and dated accordingly. Vertex AI also publishes recommended upgrades for the models and points to available migration paths. Release notes for Gemini 2.5 Pro available on Vertex AI are also updated and updated accordingly.

Yes. We have discussed releases and improvements in advance for Gemini 2.5 Pro such as in this blog, stating how Gemini 2.5 Pro “builds on the overwhelmingly positive feedback to Gemini 2.5 Pro’s coding and multimodal reasoning capabilities. Beyond UI-focused development, these improvements extend to other coding tasks such as code transformation, code editing and developing complex agentic workflows,” and as part of the updates from our annual developer conference I/O in May, we wrote “both versions of Gemini 2.5 Flash as well as 2.5 Pro will appear in Google AI Studio and Vertex AI in Preview, with general availability for Flash coming in early June and Pro soon to follow.”

Gemini 2.5 Pro is available across various channels, but we do not publicly disclose stack-ranking lists of these channels, given they have very different and therefore not comparable audience sizes (e.g., consumer app versus downstream enterprise customers. We are transparent on our channels for distribution of the model: (in alphabetical order) the Gemini API via Google AI Studio and Vertex AI. It’s also available for users in the Gemini app (using Gemini 2.5 Pro), powering features like Canvas, enabling anyone to “vibe code” and build interactive web apps with a single prompt.

Our terms of service are available at the following links: · Terms of Service · Generative AI Additional Terms of Service · Generative AI Prohibited Use Policy · Service Specific Terms

We do not have access to such metrics about external products or services, however we regularly publish case studies, including a list of +600 real-world gen AI use cases from the world's leading organizations.

In a recent study, we discuss how AI is also transforming scientific disciplines - outlining five key opportunities for AI to significantly impact science: transforming knowledge digestion and communication, generating and annotating large datasets, simulating and accelerating complex experiments, modeling intricate systems, and identifying novel solutions. Education is a central beneficial use-case for modern artificial intelligence (AI). We conducted research and published a technical report on the benefits of using Gemini models to create LearnLM, collaborating with learners and educators to translate high level principles from learning science into a pragmatic set of seven diverse educational benchmarks, spanning quantitative, qualitative, automatic and human evaluations; and to develop a new set of fine-tuning datasets to improve the pedagogical capabilities of Gemini, introducing LearnLM-Tutor. Our evaluations show that LearnLM-Tutor is consistently preferred over a prompt-tuned Gemini by educators and learners on a number of pedagogical dimensions. We recently integrated the pedagogical capabilities of our experimental LearnLM model into the main Gemini model family. These capabilities now enhance Gemini 2.5 Pro. To assess state-of-the-art support for educational use cases, we ran an “arena for learning” where 189 educators and pedagogy experts conduct blind, head-to-head, multi-turn comparisons of leading AI models. The research shows Gemini 2.5 Pro, specifically, demonstrates markedly higher performance across key principles of good pedagogy when compared to other models.

We have a close relationship with the security research community. To honor all the cutting-edge external contributions that help us keep our users safe, we’ve maintained a Vulnerability Reward Program running continuously since November 2010. We recently updated this program to specifically clarify and encourage reporting of issues in our AI products. We released a 2024 year in review of our Rewards program that confirmed the ongoing value of engaging with the security research community to make Google and its models and products safer.

Yes, we have an incident response process for incidents at Google, including pertaining to AI and a dedicated team for insider threat and abuse. We updated our vulnerability rewards program to specifically clarify and encourage reporting of issues in our AI products. We released a 2024 year in review of our Rewards program that confirmed the ongoing value of engaging with the security research community to make Google and its models and products safer.

Users can report a security vulnerability at any time, via https://bughunters.google.com/report/vrp. We get around 200 overall security vulnerability reports every week and feature reports online. The response time depends on the report priority and the current load. For low priority reports in a busy period, it may take us a couple of weeks to respond. Reports can ne found at https://bughunters.google.com/report/reports

We outline restricted and prohibited model behaviors in our technical documentation, including our model card. Gemini safety policies align with Google’s standard framework for the types of harmful content that we make best efforts to prevent our Generative AI models from generating, including the following types of harmful content: · Child sexual abuse and exploitation · Hate speech (e.g. dehumanizing members of protected groups) · Dangerous content (e.g., promoting suicide, or instructing in activities that could cause real-world harm) · Harassment (e.g. encouraging violence against people) · Sexually explicit content 6. Medical advice that runs contrary to scientific or medical consensus. Additionally, we have published our Generative AI Prohibited Use policies.

Our approach to the Gemini app (using Gemini 2.5 Pro) responses and model behavior. https://gemini.google/our-approach/. In addition our tech report discloses Gemini 2.5 Pro "Desiderata, aka “helpfulness: Defining what not to do is only part of the safety story – it is equally important to define what we do want the model to do: 1. Help the user: fulfill the user request; only refuse if it is not possible to find a response that fulfills the user goals without violating policy. 2. Assume good intent: if a refusal is necessary, articulate it respectfully without making assumptions about user intent."

Gemini 2.5 Pro provides the option for users to "Show thinking" of the model after it generates a response to a prompt. More information can be found in the Thinking documentation.

We use the structure from the SAIF framework to mitigate known and novel AI security risks. The latter category includes risks such as data poisoning, model exfiltration, and rogue actions. We apply security controls, or repeatable mitigations, to these risks. For example, for prompt injections and jailbreaks, we apply robust filtering and processing of inputs and outputs. Additionally, comprehensive training, tuning, and evaluation processes have been implemented at model-level defenses against prompt injection attacks. We are also building system-level solutions that make Gemini secure by default. For data poisoning, we implement data sanitization, secure AI systems, enable access controls, and deploy mechanisms to ensure data and model integrity. We have published a full list of our controls for AI security risks. In addition, we continue to research new ways to help mitigate a model’s susceptibility to security attacks.

We launched the SAIF Risk Self Assessment, a questionnaire-based tool that generates a checklist to guide AI practitioners responsible for securing AI systems. The tool will immediately provide a report highlighting specific risks such as data poisoning, prompt injection, and model source tampering, tailored to the submittor’s AI systems, as well as suggested mitigations, based on the responses they provided.

Google Cloud discloses certifications and compliance standards, including: For customers who are subject to the requirements of the Health Insurance Portability and Accountability Act (known as HIPAA, as amended, including by the Health Information Technology for Economic and Clinical Health — HITECH — Act), Google Cloud discloses support for HIPAA compliance. We also disclose details on Google’s overall commitments to data protection laws such as GDPR. In continuation of Google Cloud's commitment to responsible AI, Cloud is ISO 42001 certified. The full list of Cloud AI products in scope can be found in our compliance card. See more here on our long-standing commitment to compliance.

The open-sourcing of our SynthID text watermarking tool – developed in-house and used by the Gemini app and web experience – contributes to the responsible use of AI. It makes it easier for any developer to apply watermarking for their generative AI models, so they can detect what text outputs have come from their own LLMs. The open source code is available on Hugging Face, and we’ve added it to our Responsible Generative AI Toolkit for developers. Additionally, the SynthID Detector can help determine if an image created using Google AI contains a SynthID watermark. The portal provides detection capabilities across different modalities in one place and provides essential transparency in the rapidly evolving landscape of generative media. It can also highlight which parts of the content are more likely to have been watermarked with SynthID. SynthID Detector is currently available to early testers before being made available more broadly.

In addition to our own mitigation efforts, we promote and support the responsible use of AI models by providing mitigations for use by downstream developers. We released ShieldGemma — a series of state-of-the-art safety classifiers that developers can apply to detect and mitigate harmful content in AI model input and outputs. Specifically, ShieldGemma is designed to target hate speech, harassment, sexually explicit content, and dangerous content. We offer an existing suite of safety classifiers in our Responsible Generative AI Toolkit, which includes a methodology to build classifiers tailored to a specific policy with limited number of datapoints, as well as existing Google Cloud off-the-shelf classifiers served via API. We share AI interpretability tools to help researchers improve AI safety. Our research teams are continually exploring new ways to better understand how models behave. For example, we recently announced Gemma Scope, a new set of tools enabling researchers to “peer inside” the workings of our Gemma 2 model to see how it parses and completes tasks. We believe that this kind of interpretability could open up new opportunities to identify and mitigate safety risks at the model behavior level. We launched the SAIF Risk Self Assessment, a questionnaire-based tool that generates a checklist to guide AI practitioners responsible for securing AI systems. The tool will immediately provide a report highlighting specific risks such as data poisoning, prompt injection, and model source tampering, tailored to the submittor’s AI systems, as well as suggested mitigations, based on the responses they provided.

As per our Gemini API Additional Terms of Service, users must be 18 years of age or older to use the APIs. Users also will not use the Services as part of a website, application, or other service (collectively, "API Clients") that is directed towards or is likely to be accessed by individuals under the age of 18. Terms are subject to change and the latest version will be made available at the links provided. Our Google Account Terms of Service outline the age requirements for our broader suite of Google products, including the Gemini app (built with Gemini 2.5) as follows: if you’re under the age required to manage your own Google Account, you must have your parent or legal guardian’s permission to use a Google Account. If you’re a parent or legal guardian, and you allow your child to use the services, then these terms apply to you and you’re responsible for your child’s activity on the services. Some Google services have additional age requirements as described in their service-specific additional terms and policies.

Our Prohibited Use Policy outlines the restrictions that apply to user interactions with generative AI in the Google products and services that refer to the policy, including our Google API Services User Data Policy.

Google uses the following process to detect potential abuse and violations of its Acceptable Use Policy and Prohibited Use Policy for Generative AI services. This process is outlined in Section 4.3 "Generative AI Safety and Abuse" of the Google Cloud Platform Terms of Service. The abuse monitoring process includes the following steps: Automated detection: Google uses automated safety classifiers to detect potential abuse and violations. For technical details about how safety classifiers work, see Configure safety filters. Prompt logging: If automated safety classifiers detect suspicious activity that requires further investigation, Google might log your prompts to determine if you have violated the AUP or Prohibited Use Policy. This data is not used to train or fine-tune any AI/ML models. The data is stored securely for up to 30 days in the region that you select and adheres to Google Cloud assurances, such as Data Residency, Access Transparency, and VPC Service Controls. Action: Authorized Google employees might assess the flagged prompts and contact you for clarification. If you fail to address the behavior, or in cases of recurring or severe abuse, your access to Vertex AI or Google Cloud services might be suspended or terminated. https://cloud.google.com/vertex-ai/generative-ai/docs/learn/abuse-monitoring In addition, AI is helping us scale abuse detection across our platforms. AI-powered classifiers help quickly flag potentially harmful content for removal or escalation to a human reviewer. Google Accounts are usually disabled if the account's owner hasn't followed our policies. Google's policies include Google Terms of Service. Not all Google services disable an account for these reasons. Some Google services have their own codes of conduct or terms of service, including: Service Specific Terms, YouTube Community Guidelines, Google Workspace Acceptable Use Policy If someone doesn't follow these policies, we might stop that person from either: Using just that service or Signing in to any Google services

AUP is not different by region, but Cloud does have sovereignty offering to provide customers the ability to store and process their data in certain regions.

Google DeepMind Responsibility and Safety Council (RSC), Google DeepMind’s internal governance body, reviewed the initial ethics and safety assessments on novel model capabilities in order to provide feedback and guidance during model development. The RSC also reviewed data on the model’s performance via assurance evaluations to ensure it was meeting safety and responsibility expectations. Additionally, in relation to the Frontier Safety Framework, when alert thresholds are reached for Misuse Critical Capability Levels, a response plan will be reviewed and approved by appropriate internal corporate governance bodies such as the RSC. The Google DeepMind AGI Safety Council will also periodically review the implementation of the Framework. Details can be found in the Frontier Safety Framework.

Yes, we have a whistleblower protection policy as outlined in our Google Code of Conduct: "Google prohibits retaliation against any worker here at Google who reports or participates in an investigation of a possible violation of our Code, policies, or the law. If you believe you are being retaliated against, please contact Ethics & Business Integrity."

We continue our work in support of a number of new or ongoing commitments on AI, including the Bletchley Summit and Seoul AI Summit commitments, and a series of voluntary commitments made by companies to promote the safe, secure, and transparent development and use of generative AI technology; such as the U.S. White House Voluntary Commitments, the G7 Hiroshima AI Process (HAIP) Code of Conduct and the related OECD reporting framework; and the Frontier AI Safety Commitments made at the AI Summit in Seoul in 2024. Based on our work in this space, we also proposed seven principles for bold and responsible AI regulation.