AI Transparency and User Disclosure

Tier 1 APPLICATION
ISO A.7 NIST GV-2 OWASP LLM09 OWASP ASI08

What This Requires

Inform all users when they are interacting with an AI system, disclose the system's capabilities and limitations, and provide clear guidance on appropriate reliance. Disclosure must be provided at the point of interaction, not buried in terms of service, and must be understandable to the target audience without technical expertise.

Why It Matters

Users who are unaware they are interacting with AI may place unwarranted trust in generated outputs, fail to apply appropriate skepticism, or make consequential decisions based on AI responses they believe came from a human expert. Transparency requirements are increasingly mandated by regulation, including the EU AI Act's Article 52 disclosure obligations and emerging state-level AI transparency laws in the United States.

How To Implement

Disclosure Design Standards

Define a standard disclosure format for all AI-powered interfaces. Include a persistent visual indicator (badge, banner, or label) that the user is interacting with AI. Provide a concise capability statement explaining what the AI can and cannot do, accessible via a single click or tap from the interaction surface.

Limitation Communication

Document known limitations for each AI deployment (hallucination risks, knowledge cutoff dates, domains where accuracy is unverified) and surface these to users contextually. When the AI generates responses in high-risk domains, display inline warnings about the need for professional verification.

Regulatory Compliance Mapping

Map disclosure requirements to applicable regulations (EU AI Act, state transparency laws, sector-specific rules). Maintain a compliance matrix that tracks which disclosures are required for each AI deployment based on jurisdiction, use case risk level, and user population.

Disclosure Effectiveness Testing

Conduct user comprehension testing quarterly to verify that disclosures are noticed and understood. Use A/B testing or surveys to measure whether users correctly identify AI interactions and understand stated limitations. Adjust disclosure design based on findings.

Evidence & Audit

  • Disclosure design standards document with visual mockups
  • Screenshots or recordings of disclosure implementation across AI interfaces
  • Capability and limitation documentation for each AI deployment
  • Regulatory compliance matrix mapping disclosures to applicable laws
  • User comprehension testing reports with sample sizes and findings
  • A/B testing results for disclosure effectiveness
  • Inline warning implementation records for high-risk domain outputs

Related Controls

Agent and Plugin Permission Governance AI Acceptable Use Policy AI Output Reliability and Hallucination Mitigation