This is the transparency report for Google for the Gemini 1.0 Ultra API model. To see their responses for each indicator, click through the various domains and subdomains. For further information, visit the website for the May 2024 Foundation Model Transparency Index.
For the data used in building the model, is the data size disclosed?
Disclosure: Not disclosed
Note: Data size should be reported in appropriate units (e.g. bytes, words, tokens, images, frames) and broken down by modality. Data size should be reported to a precision of one significant figure (e.g. 4 trillion tokens, 200 thousand images). No form of decomposition into data phases is required.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
For all data used in building the model, are the data sources disclosed?
Disclosure: Not disclosed
Note: To receive this point, a meaningful decomposition of sources must be listed in an understandable way (e.g. named URLs/domains/databases/data providers). It does not suffice to say data is “sourced from the Internet" or comes from "licensed sources”.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
For all data used in building the model, is there some characterization of the people who created the data?
Disclosure: Not disclosed
Note: While information about data creators may not be easily discernible for some data scraped from the web, the general sources (URLs/domains) should be listed, and, for other data that is bought, licensed, or collected, a reasonable attempt at characterizing the underlying people who provided the data is required to receive this point. The relevant properties of people can vary depending on context: for example, relevant properties could include demographic information like fraction of Black individuals contributing to the dataset, geographic information like fraction of European individuals contributing to the dataset, language information like fraction of L1 English speakers, or occupational information like the fraction of professional artists.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are the selection protocols for including and excluding data sources disclosed?
Disclosure: Not disclosed
Note: Selection protocols refer to procedures used to choose which datasets or subsets of datasets will be used to build a model. We will award this point even if the selection protocols are non-exhaustive.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
For all data sources, are the curation protocols for those data sources disclosed?
Disclosure: Not disclosed
Note: Curation protocols refer to steps taken to further modify data sources, such as procedures to manage, annotate, and organize data. The aims of curation might include improving the quality, relevance, and representativeness of the data. We will award this point if the developer reports that it does not perform any further curation beyond the data sources.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are any steps the developer takes to augment its data sources disclosed?
Disclosure: Not disclosed
Note: Such steps might include augmenting data sources with synthetic data. We will award this point if the developer reports that it does not take any steps to augment its data.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
If data is filtered to remove harmful content, is there a description of the associated filter?
Disclosure: Not disclosed
Note: Such harmful content might relate to violence or child sexual abuse material. We will award this point if the developer reports that it does not perform any harmful data filtration.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
For all data used in building the model, is the associated copyright status disclosed?
Disclosure: Not disclosed
Note: To receive this point, the copyright status (e.g. copyrighted, public domain) must relate to some decomposition of the data. We will award this point if there is some meaningful decomposition of the data, even if the decomposition is insufficient to receive the Data Creators point or if the disclosure is not comprehensive relative to legal copyright standards.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
For all data used in building the model, is the associated license status disclosed?
Disclosure: Not disclosed
Note: To receive this point, the license status must relate to some decomposition of the data. We will award this point if there is some meaningful decomposition of the data, even if the decomposition is insufficient to receive the Data Creators point.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
For all data used in building the model, is the inclusion or exclusion of personal information in that data disclosed?
Disclosure: Not disclosed
Note: To receive this point, the disclosure of personal information must relate to some decomposition of the data. We will award this point if there is some meaningful decomposition of the data, even if the decomposition is insufficient to receive the Data Creators point. Additionally, we will award this point if the developer reports the inclusion of personal information, independent of if and how they mitigate related privacy concerns.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are the phases of the data pipeline where human labor is involved disclosed?
Disclosure: Data collection and curation is detailed in Section 7.3.1. Additionally, details on human annotation for fact-checking is detailed in Section 5.1.6.
Note: Phases of the data pipeline that involve human labor include activities and tasks performed by people to collect, annotate, clean, or validate data. This indicator is inclusive of all data that is created by or on behalf of the developer. We will award this point if the developer gives a reasonable best-effort description of the use of human labor in their data pipeline.
References: V1 Tech report, Section 7.3.1 Data Curation Practices and Section 5.1.6 Factuality
Justification: Human labor is involved in the post-training step.
New disclosure? No
Is the organization that directly employs the people involved in data labor disclosed for each phase of the data pipeline?
Disclosure: Not disclosed
Note: Phases of the data pipeline that involve human labor include activities and tasks performed by people to collect, annotate, clean, or validate data. This indicator is inclusive of all data that is created by or on behalf of the developer. We will award this point if the developer provides the name of the organization that employs data laborers, even if other details about the employment relationship are not disclosed.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Is geographic information regarding the people involved in data labor disclosed for each phase of the data pipeline?
Disclosure: Not disclosed
Note: This indicator is inclusive of all data that is created by or on behalf of the developer. We will award this point if the developer gives a reasonable best-effort description of the geographic distribution of labor at the country-level.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are the wages for people who perform data labor disclosed?
Disclosure: In Section 7.3.1 we discuss GDM's commitment to best practices on data enrichment, including contractual obligation with vendors to ensure data enrichment workers are paid at least local living wage.
Note: This indicator is inclusive of data labor at all points of the model development process, such as training data annotation or red teaming data used to control the model. We will award this point if the developer reports that it does not compensate workers. For all data that is created by or on behalf of the developer,
References: V1 Tech report, Section 7.3.1 Data Curation Practices
Justification: While the disclosure is useful, disclosing that pay is at least local living wage is not sufficient to award this indicator.
New disclosure? No
Are the instructions given to people who perform data labor disclosed?
Disclosure: Details provided throughout sections 6 and 7. Specific instructions are not disclosed, but the reader should be able to get an idea, e.g. via references to RLHF in Section 7.3.2.3.
Note: This indicator is inclusive of all data that is created by or on behalf of the developer. We will award this point if the developer makes a reasonable best-effort attempt to disclose instructions given to people who create data used to build the model for the bulk of the data phases involving human labor.
References: V1 Tech Report, Section 6 Post-Training Models and Section 7 Responsible Development
Justification: While the disclosure is useful, instructions are not disclosed.
New disclosure? No
Are the labor protections for people who perform data labor disclosed?
Disclosure: Section 7.4.1.1 includes details on a dedicated team of child safety experts to address this particularly sensitive area of work. Additionally, this section includes details on additional well-being safeguards for reviewing image-to-text content, including time limits for exposure to harmful content, access to wellbeing resources, advice and activities. See also our Supplier Code of Conduct, which applies to all suppliers that conduct any form of data labor.
Note: This indicator is inclusive of data labor at all points of the model development process, such as training data annotation or red teaming data used to control the model. It is also inclusive of all data that is created by or on behalf of the developer. As an example, labor protections might include protocols to reduce the harm to workers' mental health stemming from exposure to violent content when annotating training data. We will award this point if the developer reports that it does not protect workers or if it does not use data laborers and therefore has no labor protections.
References: V1 Tech Report, Section 7.4.1.1; Supplier Code of Conduct
Justification: Not disclosed
New disclosure? No
Are the third parties who were or are involved in the development of the model disclosed?
Disclosure: Not disclosed
Note: This indicator is inclusive of partnerships that go beyond data labor as there may be third party partners at various stages in the model development process. We will award this point if the developer reports that it was the sole entity involved in the development of the model.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are external entities provided with queryable access to the data used to build the model?
Disclosure: Not disclosed
Note: We will award this point for any reasonable mechanism for providing access: direct access to the data, an interface to query the data, a developer-mediated access program where developers can inspect requests, etc. Developers may receive this point even if there are rate-limits on the number of queries permitted to an external entity and restrictions on which external entities are given access, insofar as these limits and restrictions are transparent and ensure a reasonable amount of external access. We may accept justifications for prohibiting queries of specific parts of the data.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are external entities provided with direct access to the data used to build the model?
Disclosure: Not disclosed
Note: We will award this point if external entities can directly access the data without any form of gating from the developer. With that said, we may award this point if the developer provides justifications for prohibiting access to specific parts of the data or to unauthorized external entities.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Is the compute required for building the model disclosed?
Disclosure: Not disclosed
Note: Compute should be reported in appropriate units, which most often will be floating point operations (FLOPS). Compute should be reported to a precision of one significant figure (e.g. 5 x $10^{25}$ FLOPS). We will award this point even if there is no decomposition of the reported compute usage into compute phases, but it should be clear whether the reported compute usage is for a single model run or includes additional runs, or hyperparameter tuning, or training other models like reward models, or other steps in the model development process that necessitate compute expenditure.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Is the amount of time required to build the model disclosed?
Disclosure: Not disclosed
Note: The continuous duration of time required to build the model should be reported in weeks, days, or hours to a precision of one significant figure (e.g. 3 weeks). No form of decomposition into phases of building the model is required for this indicator, but it should be clear what the duration refers to (e.g. training the model, training and subsequent evaluation and red teaming).
References: Not disclosed
Justification: Not disclosed
New disclosure? No
For the primary hardware used to build the model, is the amount and type of hardware disclosed?
Disclosure: Not disclosed
Note: In most cases, this indicator will be satisfied by information regarding the number and type of GPUs or TPUs used to train the model. The number of hardware units should be reported to a precision of one significant figure (e.g. 800 NVIDIA H100 GPUs). We will not award this point if (i) the training hardware generally used by the developer is disclosed, but the specific hardware for the given model is not, or (ii) the training hardware is disclosed, but the amount of hardware is not. We will award this point even if information about the interconnects between hardware units is not disclosed.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
For the primary hardware used in building the model, is the owner of the hardware disclosed?
Disclosure: Section 3 discloses Gemini models are trained using TPUv5e and TPUv4, depending on their size and configuration.
Note: For example, the hardware owner may be the model developer in the case of a self-owned cluster, a cloud provider like Microsoft Azure, Google Cloud Platform, or Amazon Web Services, or a national supercomputer. In the event that hardware is owned by multiple sources or is highly decentralized, we will award this point if a developer makes a reasonable effort to describe the distribution of hardware owners.
References: v1 Tech Report, Section 3 Training Infrastructure
Justification: Google
New disclosure? No
Is the amount of energy expended in building the model disclosed?
Disclosure: Not disclosed
Note: Energy usage should be reported in appropriate units, which most often will be megawatt-hours (mWh). Energy usage should be reported to a precision of one significant figure (e.g. 500 mWh). No form of decomposition into compute phases is required, but it should be clear whether the reported energy usage is for a single model run or includes additional runs, or hyperparameter tuning, or training other models like reward models, or other steps in the model development process that necessitate energy usage.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Is the amount of carbon emitted (associated with the energy used) in building the model disclosed?
Disclosure: Not disclosed
Note: Emissions should be reported in appropriate units, which most often will be tons of carbon dioxide emitted (tCO2). Emissions should be reported to a precision of one significant figure (e.g. 500 tCO2). No form of decomposition into compute phases is required, but it should be clear whether the reported emissions is for a single model run or includes additional runs, or hyperparameter tuning, or training other models like reward models, or other steps in the model development process that generate emissions.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are any broader environmental impacts from building the model besides carbon emissions disclosed?
Disclosure: Not disclosed
Note: While the most direct environmental impact of building a foundation model is the energy used and, therefore, the potential carbon emissions, there may be other environmental impacts. For example, these may include the use of other resources such as water for cooling data centers or metals for producing specialized hardware. We recognize that there does not exist an authoritative or consensus list of broader environmental factors. For this reason, we will award this point if there is a meaningful, though potentially incomplete, discussion of broader environmental impact.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are all stages in the model development process disclosed?
Disclosure: Section 6.3 outlines the post-training process for Gemini models. Section 7.3 also contains further details on SFT and RLHF as part of the post-training process to mitigate harms.
Note: Stages refer to each identifiable step that constitutes a substantive change to the model during the model building process. We recognize that different developers may use different terminology for these stages, or conceptualize the stages differently. We will award this point if there is a clear and complete description of these stages.
References: v1 Tech Report, Section 6.3 Post-Training Methods and Data and Section 7.3 Mitigations
Justification: Model development includes a pre-training step and a post-training step (that is comproised of supervisedfine-tuning and reinforcement learning from human feedback).
New disclosure? No
For all stages that are described, is there a clear description of the associated learning objectives or a clear characterization of the nature of this update to the model?
Disclosure: Details describing the objectives of post-training and mitigations are provided in the respective sections (Section 6.3, Section 7.3). Additionally, objectives for instruction following and tool use are further detailed in Section 6.5.1 and Section 6.5.2.
Note: We recognize that different developers may use different terminology for these stages, or conceptualize the stages differently. We will award this point if there is a clear description of the update to the model related to each stage, whether that is the intent of the stage (e.g. making the model less harmful), a mechanistic characterization (e.g. minimizing a specific loss function), or an empirical assessment (e.g. evaluation results conducted before and after the stage).
References: v1 Tech Report, Section 6.3 Post-Training Methods and Data, Section 6.5.1 Insutrction Following, Section 6.5.2 Tool Use and Section 7.3 Mitigations
Justification: The objectives are to improve overall quality, enhance target capabilities such as coding and multilingual, and ensure alignment and safety criteria are met.
New disclosure? No
Are the core frameworks used for model development disclosed?
Disclosure: Section 3 describes the use of JAX and Pathways. Further details are provided in 10.1 Gemini Ultra Model Card.
Note: Examples of core frameworks include Tensorflow, PyTorch, Jax, Hugging Face Transformers, Seqio, T5X, Keras, SciKit, and Triton. If there are significant internal frameworks, there should be some description of their function and/or a reasonably similar publicly-available analogue. We recognize that there does not exist an authoritative or consensus list of core frameworks. For this reason, we will award this point if there is a meaningful, though potentially incomplete, list of major frameworks for the first version of the index.
References: v1 Tech Report, Section 3 Training Infrastructure and Section 10.1 Gemini Ultra Model Card
Justification: JAX, ML Pathways
New disclosure? No
Are any dependencies required to build the model disclosed besides data, compute, and code?
Disclosure: Not disclosed
Note: For example, if the model depends on an external search engine, programmable APIs, or tools, this should be disclosed. We recognize that there is not widespread consensus regarding what constitutes key dependencies beyond the data, compute, and code. We will award this point only if developers give a reasonable best-effort description of any additional dependencies or make clear that no additional dependencies are required.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are any steps the developer takes to mitigate the presence of PII in the data disclosed?
Disclosure: Not disclosed
Note: Such steps might include identifying personal information in the training data, filtering specific datasets to remove personal information, and reducing the likelihood that models will output personal information. We will award this point if the developer reports that it does not take steps to mitigate the presence of PII in the data.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are any steps the developer takes to mitigate the presence of copyrighted information in the data disclosed?
Disclosure: Not disclosed
Note: Such steps might include identifying copyrighted data, filtering specific datasets to remove copyrighted data, and reducing the likelihood that models will output copyrighted information. We will award this point if the developer reports that it does take steps to mitigate the presence of copyrighted information in the data.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are the input modalities for the model disclosed?
Disclosure: The model architecture, as described in Section 2, details how the model is designed to accomodate interleaved sequences of text, image, audio, and video as inputs.
Note: Input modalities refer to the types or formats of information that the model can accept as input. Examples of input modalities include text, image, audio, video, tables, graphs.
References: v1 Tech Report, Section 2 Model Architecture
Justification: Text, images, audio, video
New disclosure? No
Are the output modalities for the model disclosed?
Disclosure: The model architecture, as described in Section 2, details how the model is designed to output responses with interleaved image and text.
Note: Output modalities refer to the types or formats of information that the model can accept as output. Examples of output modalities include text, image, audio, video, tables, graphs.
References: v1 Tech Report, Section 2 Model Architecture
Justification: Text, images
New disclosure? No
Are all components of the model disclosed?
Disclosure: Not disclosed
Note: Model components refer to distinct and identifiable parts of the model. We recognize that different developers may use different terminology for model components, or conceptualize components differently. Examples include: (i) For a text-to-image model, components could refer to a text encoder and an image encoder, which may have been trained separately. (ii) For a retrieval-augmented model, components could refer to a separate retriever module.
References: v1 Tech Report, Section 2 Model Architecture
Justification: The model is a comprised of a tokenizer that tokenizes interleaves sequences of text, image, audio and video, a Transformer encoder, and separate image and text decoders.
New disclosure? No
For all components of the model, is the associated model size disclosed?
Disclosure: Not disclosed
Note: This information should be reported in appropriate units, which generally is the number of model parameters, broken down by named component. Model size should be reported to a precision of one significant figure (e.g. 500 billion parameters for text encoder, 20 billion parameters for image encoder).
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Is the model architecture disclosed?
Disclosure: The model architecture is described and illustrated in Section 2.
Note: Model architecture is the overall structure and organization of a foundation model, which includes the way in which any disclosed components are integrated and how data moves through the model during training or inference. We recognize that different developers may use different terminology for model architecture, or conceptualize the architecture differently. We will award this point for any clear, though potentially incomplete, description of the model architecture.
References: v1 Tech Report, Section 2 Model Architecture
Justification: The model is a comprised of a tokenizer that tokenizes interleaves sequences of text, image, audio and video, a Transformer encoder, and separate image and text decoders.
New disclosure? No
Is key information about the model included in a centralized artifact such as a model card?
Disclosure: The Gemini Ultra model card is provided in Section 10.1.
Note: We recognize that different developers may share this information through different types of documentation, such as a system card or several clearly interrelated documents. We will award this point for the disclosure of any such centralized artifact that provides key information typically included in a model card, though the artifact may be longer-form than a standard model card (e.g. a technical report).
References: v1 Tech Report, Section 10.1 Gemini Ultra Model Card
Justification: Technical report, including model card, are provided: https://storage.googleapis.com/deepmind-media/gemini/gemini_1_report.pdf
New disclosure? No
Is a protocol for granting external entities access to the model disclosed?
Disclosure: Details of how the models are made available through Google AI Studio and Cloud Vertex are provided thoughout the report and explicitly stated in Section 6.2. Links to the relevant Cloud products are provided by Section 7.
Note: A model access protocol refers to the steps, requirements, and considerations involved in granting authorized model access to external entities. We will award this point if the developer discloses key details of its protocol, including (i) where external entities can request access (e.g. via an access request form); (ii) explicit criteria for selecting external entities; and (iii) a transparent decision on whether access has been granted within a specified, reasonable period of time.
References: v1 Tech Report, Section 6.2 Gemini APIs and Section 7.5 Deployment
Justification: Models can be accessed via an API through Google AI Studio and Cloud Vertex AI with access protocol requirements described for those products.
New disclosure? No
Is black box model access provided to external entities?
Disclosure: Section 7.4.4 describes how black box model access is provided to external researchers to provide scrutiny on model capabilities.
Note: Black box model access refers to the ability to query the model with inputs and receive outputs, potentially without further access. Examples of external entities that might be granted access include researchers, third-party auditors, and regulators. We will award this point for any reasonable access level: direct access to the model weights, an interface to query the model, a developer-mediated access program where developers can inspect requests, etc. Developers may receive this point even if there are rate-limits on the number of queries permitted to an external entity and restrictions on the external entities that are permitted access, insofar as these limits and restrictions are transparent.
References: v1 Tech Report, Section 7.4.4 External Evaluations
Justification: Models can be accessed via an API through Google AI Studio and Cloud Vertex AI.
New disclosure? No
Is full model access provided to external entities?
Disclosure: Not disclosed
Note: Full model access refers to the ability to access the model via the release of model weights. Developers may receive this point even if there are some restrictions on the external entities that are permitted access (e.g. geographic restrictions), insofar as these restrictions are transparent (e.g. via some high-level description of who has been granted access to the foundation model).
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are the model's capabilities described?
Disclosure: The model's capabilities are disclosed at various points in the report, including in Section 6.5: instruction following, tool use, multilinguality, vision, coding. Safety tests and red teaming described in section 7.4.3 further disclose what the model is and is not found capable of.
Note: Capabilities refer to the specific and distinctive functions that the model can perform. We recognize that different developers may use different terminology for capabilities, or conceptualize capabilities differently. We will award this point for any clear, but potentially incomplete, description of the multiple capabilities.
References: v1 Tech Report, Section 6.5 Model Capabilities and Section 7.4.3 Red Teaming
Justification: Model capabilities include instruction following, tool use, multilinguality, multimodality, and coding.
New disclosure? No
Are the model’s capabilities demonstrated?
Disclosure: The appendix contains a number of examples of the Gemini Ultra's capabilities over multiple modalities.
Note: Demonstrations refer to illustrative examples or other forms of showing the model's capabilities that are legible or understandable for the general public, without requiring specific technical expertise. We recognize that different developers may use different terminology for capabilities, or conceptualize capabilities differently. We will award this point for clear demonstrations of multiple capabilities.
References: V1 Tech Report, Appendix, Section 10.4
Justification: Model capabilities are demonstrated in the technical report.
New disclosure? No
Are the model’s capabilities rigorously evaluated, with the results of these evaluations reported prior to or concurrent with the initial release of the model?
Disclosure: Capabilities of the model are rigorously evaluated via deployment evaluations, assurance evaluations, external evaluations and red teaming. Details are found in Sections 5, 6.5 and 7.4, along with results.
Note: Rigorous evaluations refer to precise quantifications of the model's behavior in relation to its capabilities. We recognize that capabilities may not perfectly align with evaluations, and that different developers may associate capabilities with evaluations differently. We will award this point for clear evaluations of multiple capabilities. For example, this may include evaluations of world knowledge, reasoning, state tracking or other such proficiencies. Or it may include the measurement of average performance (e.g. accuracy, F1) on benchmarks for specific tasks (e.g. text summarization, image captioning). We note that evaluations on standard broad-coverage benchmarks are likely to suffice for this indicator, though they may not if the model's capabilities are presented as especially unusual such that standard evaluations will not suffice.
References: v1 Tech Report, Section 5 Evaluation, Section 6.5 Model Capabilities, Section 7.4
Justification: The model is evaluated on standard capability benchmarks (MMLU, MMMU).
New disclosure? No
Are the evaluations of the model’s capabilities reproducible by external entities?
Disclosure: Pre-deployment evaluations described in Section 5 are measured using public benchmarks, enabling reproduction by external entities.
Note: For an evaluation to be reproducible by an external entity, we mean that the associated data is either (i) publicly available or (ii) described sufficiently such that a reasonable facsimile can be constructed by an external entity. In addition, the evaluation protocol should be sufficiently described such that if the evaluation is reproduced, any discrepancies with the developer's results can be resolved. We recognize that there does not exist an authoritative or consensus standard for what is required for an evaluation to be deemed externally reproducible. Evaluations on standard benchmarks are assumed to be sufficiently reproducible for the purposes of this index. We will award this point for reproducibility of multiple disclosed evaluations. In the event that an evaluation is not reproducible, a justification by the model developer for why it is not possible for the evaluation to be made reproducible may be sufficient to score this point.
References: v1 Tech Report, Section 5 Evaluation and Section 6.5 Model Capabilities
Justification: The model is evaluated on standard capability benchmarks (MMLU, MMMU).
New disclosure? No
Are the model’s capabilities evaluated by third parties?
Disclosure: Section 7.4 includes details of all external evaluations completed on the model. In particular see Section 7.4.4.1 Gemini Ultra External Evaluations.
Note: By third party, we mean entities that are significantly or fully independent of the developer. We will award this point if (i) a third party has conducted an evaluation of model capabilities, (ii) the results of this evaluation are publicly available, and (iii) these results are disclosed or referred to in the developer’s materials.
References: v1 Tech Report, Section 7.4 Safety Evaluations
Justification: No specific external evaluation of model capabilities is identified.
New disclosure? No
Are the model's limitations disclosed?
Disclosure: Section 7.1 contains details of how additional safety mitigations are taken at a product-level to promote safe use of Gemini Ultra 1.0. Additionally, dangerous capabilities test as documented in 7.4.1.3 notes some limitations in Gemini Ultra 1.0's ability to identify security vulnerabilities and patches.
Note: Limitations refer to the specific and distinctive functions that the model cannot perform (e.g. the model cannot answer questions about current events as it only contains data up to a certain time cutoff, the model is not very capable when it comes to a specific application). We recognize that different developers may use different terminology for limitations, or conceptualize limitations differently. We will award this point for any clear, but potentially incomplete, description of multiple limitations.
References: v1 Tech Report, Section 7.1 Impact Assessment and Section 7.4.1.3
Justification: While the disclosure is useful, it does not clearly describe model limitations.
New disclosure? No
Are the model’s limitations demonstrated?
Disclosure: Dangerous capabilities test as documented in 7.4.1.3 notes some limitations in Gemini Ultra 1.0's ability to identify security vulnerabilities and patches. This example and others noted in this section don't require technical expertise to understand.
Note: Demonstrations refer to illustrative examples or other forms of showing the limitations that are legible or understandable for the general public, without requiring specific technical expertise. We recognize that different developers may use different terminology for limitations, or conceptualize the limitations differently. We will award this point for clear demonstrations of multiple limitations.
References: v1 Tech Report, Section 7.4.1.3 Dangerous Capabilities
Justification: While the disclosure is useful, it does not clearly describe model limitations as opposed to dangerous capabilities (which are covered under risks in FMTI v1.1).
New disclosure? No
Can the model’s limitations be evaluated by third parties?
Disclosure: Section 7.4 includes details of all external evaluations completed on the model. In particular see Section 7.4.4.1 Gemini Ultra External Evaluations.
Note: By third parties, we mean entities that are significantly or fully independent of the model developers. In contrast to the third party evaluation indicators for capabilities and risks, we will award this point if third party evaluations are possible even if no third party has yet conducted them. Such evaluations are possible if, for example, the model is deployed via an API (or with open weights) and there are no restrictions on evaluating limitations (e.g. in the usage policy).
References: v1 Tech Report, Section 7.4 Safety Evaluations
Justification: API access is provided without restrictions on evaluating the model for limitations.
New disclosure? No
Are the model's risks disclosed?
Disclosure: Not disclosed
Note: Risks refer to possible negative consequences or undesirable outcomes that can arise from the model's deployment and usage. This indicator requires disclosure of risks that may arise in the event of both (i) intentional (though possibly careless) use, such as bias or hallucinations and (ii) malicious use, such as fraud or disinformation. We recognize that different developers may use different terminology for risks, or conceptualize risks differently. We will award this point for any clear, but potentially incomplete, description of multiple risks.
References: References in v1 Tech Report, Section 7 Responsible Development, Section 7.4.1.2 Representational Harms. Section 7.4.1.3 Dangerous Capabilities
Justification: Not disclosed
New disclosure? No
Are the model’s risks demonstrated?
Disclosure: Not disclosed
Note: Demonstrations refer to illustrative examples or other forms of showing the risks that are legible or understandable for the general public, without requiring specific technical expertise. This indicator requires demonstration of risks that may arise in the event of both (i) intentional (though possibly careless) use, such as biases or hallucinations and (ii) malicious use, such as fraud or disinformation. We recognize that different developers may use different terminology for risks, or conceptualize risks differently. We will award this point for clear demonstrations of multiple risks.
References: References in v1 Tech Report, Section 7 Responsible Development, Section 7.4.1.2 Representational Harms. Section 7.4.1.3 Dangerous Capabilities; https://arxiv.org/pdf/2403.13793.pdf
Justification: Risk demonstrations appear in appendix C and E
New disclosure? No
Are the model’s risks related to unintentional harm rigorously evaluated, with the results of these evaluations reported prior to or concurrent with the initial release of the model?
Disclosure: Not disclosed
Note: Rigorous evaluations refer to precise quantifications of the model's behavior in relation to such risks. Unintentional harms include bias, toxicity, and issues relating to fairness. We recognize that unintended harms may not perfectly align with risk evaluations, and that different developers may associate risks with evaluations differently. We will award this point for clear evaluations of multiple such risks. We note that evaluations on standard broad-coverage benchmarks are likely to suffice for this indicator, though they may not if the model's risks related to unintentional harm are presented as especially unusual or severe.
References: v1 Tech Report, Section 7.4.1.1. Content Safety and Section 7.4.1.2 Representational Harms
Justification: Section 7.4.1.1 describes evaluations but does not provide results; section 7.4.1.2 provides imprecise results on BBQ and Real Toxicity Prompts: "On BBQ, the average bias score stays close to zero...On Real Toxicity Prompts the average toxicity score during training fluctuates at around 6%"
New disclosure? No
Are the evaluations of the model’s risks related to unintentional harm reproducible by external entities?
Disclosure: Not disclosed
Note: For an evaluation to be reproducible by an external entity, we mean that the associated data is either (i) publicly available or (ii) described sufficiently such that a reasonable facsimile can be constructed by the external entity. In addition, the evaluation protocol should be sufficiently described such that if the evaluation is reproduced, any discrepancies with the developer's results can be resolved. We recognize that there does not exist an authoritative or consensus standard for what is required for an evaluation to be deemed externally reproducible. Evaluations on standard benchmarks are assumed to be sufficiently reproducible for the purposes of this index. We will award this point for reproducibility of multiple disclosed evaluations. In the event that an evaluation is not reproducible, a justification by the developer for why it is not possible for the evaluation to be made reproducible may suffice.
References: v1 Tech Report, Section 7.4.1.1. Content Safety and Section 7.4.1.2 Representational Harms
Justification: The evaluations on BBQ and Real Toxicity Prompts are not sufficiently described such that if the evaluation is reproduced any discrepancies with Google's results can be resolved
New disclosure? No
Are the model’s risks related to intentional harm rigorously evaluated, with the results of these evaluations reported prior to or concurrent with the initial release of the model?.
Disclosure: Not disclosed
Note: Rigorous evaluations refer to precise quantifications of the model's behavior in relation to such risks. Intentional harms include fraud, disinformation, scams, cybersecurity attacks, designing weapons or pathogens, and uses of the model for illegal purposes. We recognize that unintentional harms may not perfectly align with risk evaluations, and that different developers may associate risks with evaluations differently. We will award this point for clear evaluations of multiple such risks. We note that evaluations on standard broad-coverage benchmarks are likely to suffice for this indicator, though they may not if the model's risks related to unintentional harm are presented as especially unusual or severe.
References: v1 Tech Report, Section 7.4.1.3 Dangerous Capabilities; https://arxiv.org/pdf/2403.13793.pdf
Justification: Numerous intentional harm evaluations related to persuasion and cybersecurity
New disclosure? No
Are the evaluations of the model’s risks related to intentional harm reproducible by external entities?
Disclosure: Not disclosed
Note: For an evaluation to be reproducible by an external entity, we mean that the associated data is either (i) publicly available or (ii) described sufficiently such that a reasonable facsimile can be constructed by the external entity. In addition, the evaluation protocol should be sufficiently described such that if the evaluation is reproduced, any discrepancies with the developer's results can be resolved. We recognize that there does not exist an authoritative or consensus standard for what is required for an evaluation to be deemed externally reproducible. Evaluations on standard benchmarks are assumed to be sufficiently reproducible for the purposes of this index. We will award this point for reproducibility of multiple disclosed evaluations. In the event that an evaluation is not reproducible, a justification by the model developer for why it is not possible for the evaluation to be made reproducible may suffice.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are the model’s risks evaluated by third parties?
Disclosure: Not disclosed
Note: By third party, we mean entities that are significantly or fully independent of the developer. A third party risk evaluation might involve the developer allowing a third party to choose a methodology for evaluating risks that differs from that of the developer. We will award this point if (i) a third party has conducted an evaluation of model risks, (ii) the results of this evaluation are publicly available, and (iii) these results are disclosed or referred to in the developer’s materials. If the results are not made public (but are disclosed to have been conducted) and/or the results are not discoverable in the developer’s materials, we will not award this point. We may accept a justification from either the third party or the developer for why part of the evaluation is not disclosed in relation to risks.
References: v1 Tech Report, Section 7.4 Safety Evaluations
Justification: Detailed results of the evaluations in section 7.4.4.1 are not publicly available
New disclosure? No
Are the model mitigations disclosed?
Disclosure: Not disclosed
Note: By model mitigations, we refer to interventions implemented by the developer at the level of the model to reduce the likelihood and/or the severity of the model’s risks. We recognize that different developers may use different terminology for mitigations, or conceptualize mitigations differently. We will award this point for any clear, but potentially incomplete, description of multiple mitigations associated with the model's risks. Alternatively, we will award this point if the developer reports that it does not mitigate risk.
References: v1 Tech Report, Section 7.3 Mitigations
Justification: Section 7.3 of the v1 Tech Report describes several mitigations including SFT and RLHF
New disclosure? No
Are the model mitigations demonstrated?
Disclosure: Not disclosed
Note: Demonstrations refer to illustrative examples or other forms of showing the mitigations that are legible or understandable for the general public, without requiring specific technical expertise. We recognize that different developers may use different terminology for mitigations, or conceptualize mitigations differently. We will award this point for clear demonstrations of multiple mitigations. We will also award this point if the developer reports that it does not mitigate the risks associated with the model.
References: v1 Tech Report, Section 7.3 Mitigations, Section 7.3.2.4
Justification: Multiple demonstrations are not disclosed
New disclosure? No
Are the model mitigations rigorously evaluated, with the results of these evaluations reported?
Disclosure: Not disclosed
Note: Rigorous evaluations refer to precise quantifications of the model's behavior in relation to the mitigations associated with its risks. We will award this point for clear evaluations of multiple mitigations.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Are the model mitigation evaluations reproducible by external entities?
Disclosure: Not disclosed
Note: For an evaluation to be reproducible by an external entity, we mean that the associated data is either (i) publicly available or (ii) described sufficiently such that a reasonable facsimile can be constructed by the external entity. In addition, the evaluation protocol should be sufficiently described such that if the evaluation is reproduced, any discrepancies with the developer's results can be resolved. In the case of mitigations evaluations, this will usually involve details about a comparison to some baseline, which may be a different, unmitigated version of the model. We recognize that there does not exist an authoritative or consensus standard for what is required for an evaluation to be deemed externally reproducible. We will award this point for reproducibility of multiple disclosed evaluations. In the event that an evaluation is not reproducible, a justification by the model developer for why it is not possible for the evaluation to be made reproducible may suffice.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Can the model mitigations be evaluated by third parties?
Disclosure: Not disclosed
Note: By third party, we mean entities that are significantly or fully independent of the model developers. This indicator assesses whether it is possible for third parties to assess mitigations, which is not restricted to the methods the developer uses to assess mitigations. In contrast to the third party evaluation indicators for capabilities and risks, we will award this point if third party evaluations are possible even if no third party has yet conducted them.
References: v1 Tech Report, Section 7.4.4 External Evaluations
Justification: Efficacy of safety filters can be evaluated by third parties
New disclosure? No
Is the trustworthiness of the model rigorously evaluated, with the results of these evaluations disclosed?
Disclosure: Not disclosed
Note: Rigorous evaluations refer to precise quantifications of the model's behavior in relation to its trustworthiness. For example, this may include evaluations of the model’s robustness or reliability, its uncertainty, calibration, or causality, or its interpretability or explainability. We recognize that trustworthiness may not perfectly align with evaluations, and that different developers may associate trustworthiness with evaluations differently. We will award this point for a clear evaluation of the trustworthiness of the model.
References: v1 Tech Report, Section 5.1.6 Factuality
Justification: Section 5.1.6 provides details of how the factuality of model outputs were evaluated by human annotators who fact-checked each response manually.
New disclosure? No
Are the trustworthiness evaluations reproducible by external entities?
Disclosure: Not disclosed
Note: For an evaluation to be reproducible by an external entity, we mean that the associated data is either (i) publicly available or (ii) described sufficiently such that a reasonable facsimile can be constructed by the external entity. In addition, the evaluation protocol should be sufficiently described such that if the evaluation is reproduced, any discrepancies with the developer's results can be resolved. We recognize that there does not exist an authoritative or consensus standard for what is required for an evaluation to be deemed externally reproducible. Evaluations on standard benchmarks are assumed to be sufficiently reproducible for the purposes of this index. We will award this point for reproducibility of at least one evaluation. In the event that an evaluation is not reproducible, we may accept a justification by the model developer for why it is not possible for the evaluation to be made reproducible.
References: v1 Tech Report, Section 5.1.2 Trends in Capabilities and Section 10.3 Capabilities and Benchmarking Tasks
Justification: The data from the factuality assessment in section 5.1.6 is not publicly available or described sufficiently that a reasonable facsimie can be constructed by an external entity
New disclosure? No
Is the time required for model inference disclosed for a clearly-specified task on a clearly-specified set of hardware?
Disclosure: Not disclosed
Note: The duration should be reported in seconds to a precision of one significant figure (e.g. 0.002 seconds). We recognize that no established standard exists for the standardized reporting of inference evaluation. Therefore, we permit the developer to specify the task and hardware setup, as long as both are disclosed. The hardware in this evaluation need not be the hardware the developer uses for inference if it in fact does any inference itself. For example, the specific task might be generating 100,000 tokens as 5,000 sequences of length 20 and the fixed set of hardware might be 8 NVIDIA A100s. The hardware in this evaluation need not be the hardware the developer uses for inference if it in fact does any inference itself.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Is the compute usage for model inference disclosed for a clearly-specified task on a clearly-specified set of hardware?
Disclosure: Not disclosed
Note: Compute usage for inference should be reported in FLOPS to a precision of one significant figure (e.g. 5 x $10^{25}$ FLOPS). We recognize that no established standard exists for the standardized reporting of inference evaluation. Therefore, we permit the developer to specify the task and hardware setup, as long as both are clear. For example, the specific task might be generating 100k tokens as 5k sequences of length 20 and the fixed set of hardware might be 8 NVIDIA A100s. The hardware in this evaluation need not be the hardware the developer uses for inference if it in fact does any inference itself.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Is the developer’s protocol for deciding whether or not to release a model disclosed?
Disclosure: Not disclosed
Note: We recognize that the release of a foundation model falls along a spectrum, with many forms of partial release, and that different developers may conceptualize release differently. We will award this point for any clear protocol that discusses the decision-making process, including if the protocol is more general to the developer rather than the specific foundation model under consideration.
References: v1 Tech Report, Section 7 Responsible Development
Justification: Section 7 does not outline a clear protocol that discusses the release decision-making process
New disclosure? No
Is a description of the process of how the model was released disclosed?
Disclosure: Not disclosed
Note: A description of the release process might include information about who received access to the model at what stage of the release of the model. For example, a developer might conduct a staged release where it releases the model to a select group at first and subsequently makes the model more widely available. We recognize that the release of a foundation model falls along a spectrum, with many different forms of release, and that different developers may conceptualize release differently. We will award this point for any detailed discussion of the release process, including if the discussion is more general to the developer rather than the specific foundation model under consideration.
References: v1 Tech Report, Section 7 Responsible Development
Justification: Section 7 does not provide a detailed discussion of the release process (i.e. how the model was released and to whom at which points in time), but describes steps that were taken to deploy the model responsibly
New disclosure? No
Are all distribution channels disclosed?
Disclosure: Not disclosed
Note: By distribution channel, we mean any pathway by which the model is made accessible to entities beyond the developer. We recognize that distribution channels may arise without the knowledge of the model developer. For example, the weights of a model may be released through one distribution channel and then be distributed through other channels. We will award this point if the developer discloses all of the distribution channels of which it is aware.
References: v1 Tech Report, Section 7.5 Deployment
Justification: The Gemini app and Cloud Vertex API are disclosed as distribution channels
New disclosure? No
Does the developer disclose whether any products and services offered by the developer are dependent on the model?
Disclosure: This is a Cloud API for Enterprise customers. In that sense, there are no (Google) products and services that depend on this model.
Note: We recognize that a developer may provide many products and services that depend on a foundation model or internal derivatives of the model. We will award this point for a reasonable best-effort description of any ways the developer makes internal use of the model in its products or services.
References: Disclosed via FMTI v1.1
Justification: Not disclosed
New disclosure? Yes
Are any mechanisms for detecting content generated by this model disclosed?
Disclosure: Not disclosed
Note: Such a mechanism might include storing a copy of all outputs generated by the model to compare against, implementing a watermark when generating content using the model, or training a detector post-hoc to identify such content. We will award this point if any such mechanism is disclosed or if the developer reports that it has no such mechanism.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Is a license for the model disclosed?
Disclosure: Not disclosed
Note: In the event that licenses are written more generally, it should be clear which assets they apply to. We recognize that different developers may adopt different business models and therefor have different types of model licenses. Examples of model licenses include responsible AI licenses, open-source licenses, and licenses that allow for commercial use.
References: https://cloud.google.com/terms/ https://cloud.google.com/product-terms?hl=en https://cloud.google.com/terms/service-terms
Justification: The Google Cloud API is made available through Cloud license and terms of service.
New disclosure? No
Are terms of service disclosed for each distribution channel?
Disclosure: Not disclosed
Note: We will award this point if there are terms-of-service that appear to apply to the bulk of the model’s distribution channels.
References: v1 Tech Report, Section 7.5 Deployment
Justification: Section 7.5 of the v1 Tech Report discloses three relevant TOS
New disclosure? No
Is a description of who can and cannot use the model disclosed?
Disclosure: Not disclosed
Note: Such restrictions may relate to countries (e.g. US-only), organizations (e.g. no competitors), industries (e.g. no weapons industry users) or other relevant factors. These restrictions on users are often contained in multiple policies; we group them here for simplicity. We will awarded this point for a clear description of permitted, restricted, and prohibited users of the model.
References: v1 Tech Report, Section 7.5 Deployment
Justification: Google's Generative AI Additional Terms of Service describes permitted and prohibited users
New disclosure? No
Are permitted, restricted, and prohibited uses of the model disclosed?
Disclosure: Not disclosed
Note: We will award this point if at least two of the following three categories are disclosed: (i) permitted uses, (ii) restricted uses, and (iii) prohibited uses. By restricted uses, we mean uses that require a higher level of scrutiny (such as permission from or a separate contract with the developer) to be permitted. These uses are generally included in an acceptable use policy, model license, or usage policy.
References: v1 Tech Report, Section 7.5 Deployment
Justification: Google's Generative AI Prohibited Use Policy describes restricted and prohibited uses
New disclosure? No
Is the enforcement protocol for the usage policy disclosed?
Disclosure: Not disclosed
Note: By enforcement protocol, we refer to (i) mechanisms for identifying permitted and prohibited users, (ii) mechanisms for identifying permitted/restricted/prohibited uses, (iii) steps the developer takes to enforce its policies related to such uses, and (iv) the developer’s procedures for carrying out these steps. We will award this point for a reasonable best-effort attempt to provide the bulk of this information, though one line indicating the developer reserves the right to terminate accounts is insufficient. Alternatively, we will award this point if the developer reports that it does not enforce its usage policy.
References: Policy Violations FAQ
Justification: Not disclosed
New disclosure? No
Do users receive a justification when they are subject to an enforcement action for violating the usage policy?
Disclosure: We have not taken any enforcement actions yet under PUP however justification will be provided when enforcement action is taken on Cloud. Please see linked documentation.
Note: For example, does the developer disclose a protocol for telling users which part of the usage policy they violated, when they did so, and what specifically was violative? Enforcement actions refer to measures to limit a user’s ability to use the model, such as banning a user or restricting their ability to purchase tokens. We will award this point if the developer discloses that it gives justification for enforcement actions or, alternatively, if it discloses that it does not provide justification for enforcement actions or that it does not enforce its usage policy.
References: Policy Violations FAQ
Justification: Not disclosed
New disclosure? Yes
Is a mechanism for appealing potential usage policy violations disclosed?
Disclosure: Our PUP is incorporated by reference into the terms customers agree to when onboarding onto Vertex. If a policy violation occurs, process is similiar to how other GCP policies are enforced, i.e. provide customers notice and the opportunity to appeal as outlined here
Note: We will award this point if the developer provides a usage policy violation appeals mechanism, regardless of whether it is provided via a user interface or distribution channel.
References: Policy Violations FAQ
Justification: Not disclosed
New disclosure? No
Are model behaviors that are permitted, restricted, and prohibited disclosed?
Disclosure: Not disclosed
Note: We refer to a policy that includes this information as a model behavior policy, or a developer's policy on what the foundation model can and cannot do (e.g. such a policy may prohibit a model from generating child sexual abuse material). We recognize that different developers may adopt different business models and that some business models may make enforcement of a model behavior policy more or less feasible. We will award this point if at least two of the three categories (i.e. permitted, restricted, and prohibited model behaviors) are disclosed. Alternatively, we will award this point if the developer reports that it does not impose any restrictions on its model's behavior.
References: v1 Tech Report, Section 7.5 Deployment
Justification: See page 28 of the v1 Tech Report
New disclosure? No
Is the enforcement protocol for the model behavior policy disclosed?
Disclosure: Not disclosed
Note: By enforcement protocol, we refer to mechanisms for identifying whether model behavior is permitted or prohibited and actions that may arise in the event the model behavior policy is violated. For example, the developer may make updates to the model in response to issues with the model’s adherence to the model behavior policy. We will award this point if there is a clear description of the enforcement protocol, or if the developer reports that it does not enforce its model behavior policy or that it has no such restrictions on the model’s behavior.
References: v1 Tech Report, Section 7.5 Deployment
Justification: The documents linked in section 7.5 (and other materials) do not clarify how the model behavior policy is enforced
New disclosure? No
Is the way that the usage policy and the model behavior policy interoperate disclosed?
Disclosure: Not disclosed
Note: For example, if a user attempts to use the model for a prohibited use such as spam, how does the model behavior policy apply if at all? We will also award this point if the developer reports that it does not impose any restrictions on its model's behavior in the event of usage policy violation.
References: v1 Tech Report, Section 7.5 Deployment
Justification: The documents linked in section 7.5 do not clarify how the prohibited use policy and model policy interoperate
New disclosure? No
For distribution channels with user-facing interfaces, are users notified (i) that they are interacting with an AI system, (ii) of the specific foundation model they are interacting with, and (iii) that outputs are machine-generated?
Disclosure: Users are shown the version of the model that they are interacting with via the Gemini app and the API.
Note: A user-facing interface refers to the means by which the user interacts with the foundation model, including how the user can observe outputs from the foundation model and other notifications. We will award this point if, for all distribution channels with user-facing interfaces, the user is provided adequate transparency as to the foundation model being distributed and the potential presence of any model outputs.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
For distribution channels with user-facing interfaces, are users provided with disclaimers involving model use?
Disclosure: Not disclosed
Note: A user-facing interface refers to the means by which the user interacts with the foundation model, including how the user can observe outputs from the foundation model and other notifications. Usage disclaimers could include information about what constitutes a usage policy violations or how users should interpret model outputs. We will award this point if, for all distribution channels with user-facing interfaces, the user is provided with usage disclaimers.
References: Not disclosed
Justification: Both the Gemini app and the API provide usage disclaimers by linking to the TOS
New disclosure? No
Are the protocols for how the developer stores, accesses, and shares user data disclosed?
Disclosure: Not disclosed
Note: We will also award this point if the developer reports that it has no user data protection policy.
References: Google Cloud Data Governance
Justification: Google's Generative AI and Data Governance policy amounts to a user data protection policy in conjunction with its Google Cloud Privacy Notice
New disclosure? No
Are permitted and prohibited uses of user data disclosed?
Disclosure: Not disclosed
Note: Developers use user data for a range of purposes such as building future models, updating existing models, and evaluating both existing and future models. We will award this point if a developer discloses its policy on the use of user data from interactions associated with this model, including both permitted and prohibited uses. This may span different distribution channels if multiple channels supply user data to the developer. Alternatively, we will award this point if the developer reports it does not impose any limits on its use of user data.
References: Google Cloud Data Governance
Justification: Google's Generative AI and Data Governance policy and its Cloud Privacy Notice detail permitted and prohibited uses of user data
New disclosure? No
Is a protocol for granting external entities access to usage data disclosed?
Disclosure: We don't share Cloud usage data with any external entities except the Cloud customer to whom it belongs, with the exception of law enforcement requests as described here
Note: Usage data refers to the data created through user interaction with the model, such as user inputs to the model and associated metadata such as the duration of the interaction. A usage data access protocol refers to the steps, requirements, and considerations involved in granting external entities access to usage data; this goes beyond stating the conditions under which related personal information may be shared with external entities. We will award this point for a clear description of the usage data access protocol or if the developer reports it does not share usage data with external entities.
References: How Google handles government requests for user information
Justification: Not disclosed
New disclosure? No
Is there a disclosed version and versioning protocol for the model?
Disclosure: Not disclosed
Note: By versioning, we mean that each instance of the model is uniquely identified and that the model is guaranteed to not change when referring to a fixed version number; alternatively, the version clearly indicating a specific instance of the model may be able to change by noting that it is the "latest" or an "unstable" version. We recognize that different developers may adopt different versioning practices that may differ from standard semantic versioning practices used elsewhere in software engineering.
References: Google Cloud Model Information
Justification: The Model Information page on the Generative AI on Vertex AI documentation provides a precise version for Gemini models
New disclosure? No
Is there a disclosed change log for the model?
Disclosure: Not disclosed
Note: By change log, we mean a description associated with each change to the model (which should be indicated by a change in version number). We recognize that different developers may adopt different practices for change logs that may differ from practices used elsewhere in software engineering. We will award this point if the change log provides a clear description of changes that is legible to a technical audience.
References: Google Cloud Model Information
Justification: No list of changes to specific models over time is disclosed
New disclosure? No
Is there a disclosed deprecation policy for the developer?
Disclosure: Not disclosed
Note: By deprecation policy, we refer to a description of what it means for a model to be deprecated and how users should respond to the deprecation (e.g. instructions to migrate to a newer version). We will award this point for a clear disclosure of a deprecation policy or if there is no risk of deprication (e.g. if the developer openly releases model weights).
References: Google Cloud Platform Terms of Service
Justification: Google cloud's terms outline its policy for discontinuing products including models
New disclosure? No
Is a feedback mechanism disclosed?
Disclosure: Not disclosed
Note: By feedback mechanism, we refer to a means for external entities to report feedback or issues that arise in relation to the foundation model. Such entities may include but are not necessarily limited to users. We will award this point if the developer discloses a feedback mechanism that has been implemented.
References: Google Cloud Reporting Abuse Form
Justification: Google provides a form to "Report suspected abuse on Google Cloud Platform"
New disclosure? No
Is a report or summary disclosed regarding the feedback the developer received or, alternatively, the way the developer responded to that feedback?
Disclosure: Not disclosed
Note: We recognize that there does not exist an authoritative or consensus standard for what is required in a feedback report. For this reason, we will award this point if there is a meaningful, though potentially vague or incomplete, summary of feedback received.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Is a summary of government inquiries related to the model received by the developer disclosed?
Disclosure: Any valid legal requests that we receive through our webform will be reflected in the Transparency Report. National Security requests for information are reported at the following link
Note: Such government inquiries might include requests for user data, requests that certain content be banned, or requests for information about a developer’s business practices. We recognize that there does not exist an authoritative or consensus standard for what is required for such a summary of government inquiries. For this reason, we will award this point if (i) there is a meaningful, though potentially vague or incomplete, summary of government inquiries, or (ii) a summary of government inquiries related to user data.
References: Enterprise Cloud Requests for Customer Information https://transparencyreport.google.com/?hl=en https://transparencyreport.google.com/user-data/us-national-security
Justification: Not disclosed
New disclosure? No
For each distribution channel, is a monitoring mechanism for tracking model use disclosed?
Disclosure: Google Cloud tracks customer usage for billing by project ID.
Note: By monitoring mechanism, we refer to a specific protocol for tracking model use that goes beyond an acknowledgement that usage data is collected. We will also award this point for a reasonable best-effort attempt to describe monitoring mechanisms, or if a developer discloses that a distribution channel is not monitored.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Across all forms of downstream use, is the number of applications dependent on the foundation model disclosed?
Disclosure: Not disclosed
Note: We recognize that there does not exist an authoritative or consensus standard for what qualifies as an application. We will award this point if there is a meaningful estimate of the number of downstream applications, along with some description of what it means for an application to be dependent on the model.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Across all downstream applications, is the fraction of applications corresponding to each market sector disclosed?
Disclosure: Not disclosed
Note: By market sector, we refer to an identifiable part of the economy. While established standards exist for describing market sectors, we recognize that developers may provide vague or informal characterizations of market impact. We will award this point if there is a meaningful, though potentially vague or incomplete, summary of affected market sectors.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Across all forms of downstream use, is the number of individuals affected by the foundation model disclosed?
Disclosure: Not disclosed
Note: By affected individuals, we principally mean the number of potential users of applications. We recognize that there does not exist an authoritative or consensus standard for what qualifies as an affected individual. We will award this point if there is a meaningful estimate of the number of affected individuals along with a clear description of what it means for an individual to be affected by the model.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Is a usage report that gives usage statistics describing the impact of the model on users disclosed?
Disclosure: Not disclosed
Note: We recognize that there does not exist an authoritative or consensus standard for what is required in a usage report. Usage statistics might include, for example, a description of the major categories of harm that has been caused by use of the model. We will award this point if there is a meaningful, though potentially vague or incomplete, summary of usage statistics.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Across all forms of downstream use, are statistics of model usage across geographies disclosed?
Disclosure: Not disclosed
Note: We will award this point if there is a meaningful, though potentially incomplete or vague, disclosure of geographic usage statistics at the country-level.
References: Not disclosed
Justification: Not disclosed
New disclosure? No
Is any mechanism to provide redress to users for harm disclosed?
Disclosure: We provide an API to third party companies who are responsible for handling redress (if any) directly from their customers. For example, in the event a chatbot, implemented by a third party company/enterprise directs their customer to an unwanted credit card -- the enterprise (to whom we provided the chatbot) is responsible for/has the ability to provide redress to its customers.
Note: We will also award this point if the developer reports it does not have any such redress mechanism.
References: Cloud Reporting Abuse Form
Justification: Not disclosed
New disclosure? Yes
Is documentation for downstream use centralized in a centralized artifact?
Disclosure: Not disclosed
Note: Centralized documentation for downstream use refers to an artifact, or closely-linked artifacts, that consolidate relevant information for making use of or repurposing the model. Examples of these kinds of artifacts include a website with dedicated documentation information, a github repository with dedicated documentation information, and an ecosystem card. We recognize that different developers may take different approaches to centralizing information. We will award this point if there is a clearly-identified artifact(s) that contains the majority of substantive information (e.g. capabilities, limitations, risks, evaluations, distribution channels, model license, usage policies, model behavior policies, feedback and redress mechanisms, dependencies).
References: Generative AI Developer Guide
Justification: Google's Generative AI Developer Guide provides centralized documentation for downstream use
New disclosure? No
Is documentation for responsible downstream use disclosed?
Disclosure: Not disclosed
Note: Such documentation might include details on how to adjust API settings to promote responsible use, descriptions of how to implement mitigations, or guidelines for responsible use. We will also award this point if the developer states that it does not provide any such documentation. For example, the developer might state that the model is offered as is and downstream developers are accountable for using the model responsibly.
References: Generative AI Responsible Use Guide
Justification: Google's Generative AI Responsible Use Guide provides documentation for responsible downstream use
New disclosure? No