All resources AI Governance & Responsibility

Model Cards and Your Transparency Strategy

Three audiences, three model cards. Most companies write zero or one and serve none of the audiences well.

TL;DR

Three audiences, three transparency artifacts:

  1. Internal model card — for your team. Full technical detail. Living document.
  2. Customer-facing card — for B2B customers and procurement. Decision-relevant detail. Confidentiality-aware.
  3. Public card — for press, regulators, broader stakeholders. The high-level summary.

Most companies write zero or one of these and treat all audiences with the same artifact. The result: internal teams operate without information they need; customers can’t make informed decisions; the public-facing version reads as marketing.

Not one model card. Three — for three audiences. Most companies write zero, or one, and the audiences each get the wrong artifact.

The “model card” was popularized as a tool for ML researchers to document model properties. In enterprise AI in 2026, the model card has become a transparency artifact with three different audiences and three different jobs to do. Most companies still treat it as one artifact, which is why it doesn’t quite work for any of the three. This piece is the unbundling.

The three audiences

Internal model card

Audience: your engineering team, AI program lead, security, legal, executives.

Purpose: operational understanding of what’s deployed.

Contents:

  • Model identity (provider, version, configuration).
  • Training data sources and known limitations.
  • Performance metrics on hand-labeled eval sets.
  • Failure modes documented from drift monitoring.
  • Tool catalog (for agents) with risk classifications.
  • Audit log integration points.
  • Incident history and resolution.
  • Approved use cases and prohibited use cases.
  • Owner, maintainer, escalation path.

This is a living document, updated continuously as the model and its deployment evolve.

Customer-facing model card

Audience: B2B customers, procurement, customer security teams, customer counsel.

Purpose: enable informed decisions about whether and how to use the AI.

Contents:

  • Capabilities and intended use cases.
  • Out-of-scope use cases.
  • Performance characteristics relevant to customers.
  • Data handling and privacy posture.
  • Security certifications.
  • Known limitations that affect customer decisions.
  • Roadmap for known issues.
  • Support model.

This sits one layer above the internal card — same source of truth, customer-relevant subset, packaged for procurement use. Updates quarterly.

Public model card

Audience: press, regulators, broader stakeholders.

Purpose: external transparency posture.

Contents:

  • Capabilities and intended use cases (high-level).
  • Responsible AI commitments.
  • Governance posture summary.
  • Available technical reports or evals (with appropriate caveats).
  • Contact for inquiries.

This is the public summary; less granular than the customer card. Updates major-version-only.

Why the unbundling matters

Three reasons.

1. Different audiences need different detail. The engineering team wants tool calls, eval scores, drift signals. The customer wants capability matrix and security posture. The public wants the responsible-AI commitments. One artifact cannot serve all three without compromising each.

2. Different audiences have different confidentiality. Internal cards include implementation details that customers shouldn’t see. Customer cards include customer-segmented performance data that the public shouldn’t see. Public cards omit anything competitively sensitive.

3. Different audiences have different update cadences. Internal: continuous. Customer: quarterly. Public: major-version. One artifact has to either over-update (burdening external audiences) or under-update (failing internal teams).

How to ship the three artifacts

The 6-week plan:

Week 1–2: write the internal model card for one production agent. Use this as the source of truth.

Week 3–4: derive the customer-facing card from the internal card. Get input from sales, customer success, security on what customers actually ask. Get legal review.

Week 5–6: derive the public card from the customer card. Marketing and communications input. Legal review.

After the first agent: the second is faster (template established). Goal: every production agent has all three cards within 12 weeks of program start.

Counter: do most companies need all three?

Maybe not. Two scenarios where the unbundling is overkill:

1. Internal-only AI tools. No customer audience; no public audience. The internal card alone is enough.

2. Pre-product deployments. AI in pilot or early stage. The internal card alone, with public-card placeholder language for inquiries.

For everything else (B2B AI products, customer-facing features, regulated deployments): the three-artifact pattern is the working baseline.

What to do this quarter

  1. Pick one production agent. Write the internal card. Don’t try to do all agents at once.
  2. Identify your customer audience for the customer-facing card. Procurement, security, counsel — different organizations, different needs.
  3. Get legal review on the customer and public versions.
  4. Plan for the rollout. Each card has a different distribution path; plan accordingly.

FAQ

How long should each card be? Internal: 5–15 pages, depending on agent complexity. Customer: 2–4 pages. Public: 1–2 pages, usually with deeper technical reports linked.

Does this need to be a separate document or can it be in our docs? Either works. The key is that each audience can find their version easily. Internal in your wiki, customer in your trust center, public in a /transparency or /ai page.

What about model cards for foundation models we don’t train ourselves? You don’t need to recreate the foundation model’s card; reference the provider’s card. Your model card describes your deployment — what you’ve built on top, what data you’ve added, what’s in scope.

How does this interact with the EU AI Act’s documentation requirements? The Act requires technical documentation that overlaps with the internal model card content. Build the cards in formats that satisfy the regulatory requirement; you avoid maintaining two documentation systems.

Should our model cards be machine-readable? Increasingly yes. Standards like Hugging Face’s model card schema are emerging. For internal use, structured format helps with audit and inventory; for external, depends on your audience.

Working with JAIN on AI transparency? We help executive teams build the three-audience model card system that satisfies internal teams, customers, and regulators. Book a 30-minute call.

Related reading:

Want to talk through this for your team?

30 minutes, no slides. We'll work the specific call your company is facing.