What Is an AI Model? Types, Examples, and How to Govern One

Key takeaways

• An AI model is a program made of parameters learned from data; it turns inputs like text, images, or numbers into predictions, classifications, or generated content.
• A model is not the same as an algorithm (the method) or an AI system (the deployable product). European law now regulates models and systems under separate rules.
• The main families are supervised, unsupervised, reinforcement, and deep learning models, split by output into discriminative and generative types, with foundation models on top.
• Most organizations already run more AI models than they can name, through embedded features and third-party tools, which is where governance risk hides.
• Knowing what an AI model is matters less than knowing how to inventory, document, and control it under the EU AI Act, ISO/IEC 42001, and the NIST AI RMF.

What is an AI model?

An AI model is a software program whose behavior is learned from data rather than written by hand. During training, the model adjusts millions or billions of internal values, called parameters or weights, until it can map an input to a useful output. IBM describes a model as a program that applies algorithms to data to recognize patterns and make predictions or decisions without step-by-step human instructions (IBM). Microsoft frames it as the engine inside an AI system that combines algorithms, training data, and parameters (Microsoft Azure).

A quick note on terminology. This article covers the technical sense of “AI model,” the trained program. It does not cover the unrelated use of the phrase to mean a synthetic fashion or social-media persona, which fills a separate slice of search results.

The practical definition has two phases. Training is when the model learns patterns from large datasets. Inference is when the trained model receives new, unseen input and produces an output based on what it learned. Almost everything an organization needs to govern, from data lineage to output risk, traces back to one of these two phases. You can see how a single model connects to systems, risks, and controls on the AI Sigil platform.

AI model vs algorithm

The two words are often used interchangeably, but they are not the same. An algorithm is the procedure: a set of rules, such as gradient descent or a decision-tree split. A model is the result of running that algorithm over data. Linear regression is an algorithm; the specific equation it produces after training on your sales figures is a model. The distinction matters for governance because risk lives in the trained model and its data, not in the generic method.

AI model vs AI system

This is the distinction almost no definition makes, and it now carries legal weight. Under the EU AI Act, a general-purpose AI model and an AI system are governed as separate things. A model is a component. A system is the deployable product that puts a model to work for a concrete purpose, with an interface, inputs, and outputs. The Act dedicates an entire chapter to general-purpose AI models, distinct from its rules for AI systems (EU AI Act, Chapter V). Getting this right decides who is accountable for what, a point we return to below.

How AI models work: training, inference, and parameters

Training feeds the model large volumes of examples. With each pass, an optimization algorithm nudges the weights to reduce the gap between the model’s output and the correct answer. After enough passes, the weights encode the statistical patterns of the training data. Google Cloud summarizes this as an algorithm trained on a large dataset (Google Cloud).

A few terms recur across every credible explanation:

• Parameters (weights): the adjustable values inside the model. More parameters generally mean more capacity and more cost.
• Context window: how much input a model can consider at once during inference, which matters most for language models.
• Foundation model: a large model trained broadly on unlabeled data that can be adapted to many downstream tasks.

A trained model is only as good as it generalizes. A model that memorizes its training data but fails on new input is overfitted, while one that never learned the pattern is underfitted. This is why training data quality and representativeness are governance concerns, not just engineering ones: a model trained on skewed data will make skewed decisions at scale. For governed AI, the parameters are not the only artifact that matters. The training data, the evaluation results, and the intended use are what regulators and auditors ask to see, which is why AI governance treats documentation as part of the model rather than an afterthought.

The main types of AI models

Models are grouped in two complementary ways: by how they learn and by what they output.

By learning method

• Supervised learning: trained on labeled examples to predict a known target, such as classifying an email as spam.
• Unsupervised learning: finds structure in unlabeled data, such as clustering customers by behavior.
• Reinforcement learning: learns by trial and error against a reward signal, common in robotics and recommendation.
• Deep learning: uses multi-layer neural networks and underpins most modern language and image models.

By output: discriminative vs generative

Discriminative models separate inputs into categories or predict a value. Generative models produce new content. IBM draws the same line between discriminative and generative families (IBM). The generative side now splits into recognizable subtypes: large language models for text, diffusion models for images and video, and reasoning models that work through intermediate steps before answering.

Foundation models and general-purpose AI

Foundation models are trained once at scale and then adapted to many uses. In European law, the closest regulated category is the general-purpose AI (GPAI) model, which the Act singles out for specific obligations because a single model can flow into countless downstream systems. Stanford HAI, which runs the Foundation Model Transparency Index, defines a model in AI as an algorithm trained on data to classify, predict, or generate (Stanford HAI).

Examples of AI models in production

• Large language models: OpenAI’s GPT family, Anthropic’s Claude, and Google’s Gemini power chat, drafting, and coding assistants.
• Image and video models: diffusion systems such as Midjourney and DALL-E generate visuals from text prompts.
• Open vs proprietary: proprietary models are hosted by their vendor, while open-weight models such as Llama or Mistral can be downloaded and run privately, a choice with direct compliance consequences.
• Enterprise predictive models: classification and regression models score credit risk, forecast demand, and flag fraud, often embedded invisibly inside business software.

That last category is the one most organizations underestimate. The predictive model inside a vendor’s SaaS feature is still an AI model your governance program is accountable for. The AI Sigil resources hub tracks how these embedded models surface in real inventories.

Why AI models need governance

The pages that rank for this query stop at “what” and “how.” The harder question for any regulated organization is “who is responsible, and how do we prove it.” Three forces make model governance unavoidable.

First, shadow models. Teams adopt AI features faster than any central function can track, so models enter the business through tools nobody registered. An inventory that misses them is an inventory that misleads.

Second, model risk is specific and measurable: bias inherited from training data, performance drift after deployment, security exposure through the model interface, and opaque decisions that are hard to contest. Each of these is a failure mode a control can address, but only once the model is known.

Third, regulation has arrived, and it attaches obligations to models directly, not only to the systems built on them. The model-versus-system distinction is the hinge. Under the EU AI Act, the provider of a GPAI model carries documentation and transparency duties, while the deployer who builds a system on that model carries its own. Misread the boundary and accountability falls through the gap. A clear view of AI model governance is what keeps that gap closed.

How to govern an AI model: a practical framework

Governance does not require slowing innovation. It requires a repeatable loop that the NIST AI Risk Management Framework structures as Govern, Map, Measure, and Manage. Five steps make it concrete, and an AI governance platform exists to run them in one place.

Inventory every model

You cannot govern what you cannot see. Build a single register of every model in use, including models embedded in third-party tools and pilots that never went through procurement. Capture owner, purpose, data sources, and whether your organization built or merely deploys the model. The inventory is the foundation every other control depends on.

Document each model

Documentation is the regulatory artifact, not paperwork. A model card records capabilities, limitations, intended uses, and predeployment test results, a practice the NIST AI RMF treats as core to transparency (NIST AI RMF). For GPAI models, the EU AI Act makes this mandatory: Annex XI lists the technical documentation a provider must maintain, from training data and architecture to energy consumption (EU AI Act, Annex XI).

Assess and manage model risk

Map each model to the harms it could cause, measure those risks with tests and metrics, then manage them with controls and sign-offs. For generative models, NIST AI 600-1 catalogs twelve risks unique to or amplified by generative AI, with more than two hundred recommended actions (NIST AI 600-1). Risk assessment is not a one-time gate; it is repeated whenever the model, its data, or its use changes.

Assign accountability

Decide, per model, whether your organization is the provider, the deployer, or both, because the obligations differ. The EU AI Act even specifies what information a model provider must pass to downstream providers so they can meet their own duties (EU AI Act, Annex XII). Naming an accountable owner for each model turns abstract duties into something an audit can verify.

Monitor across the lifecycle

A model that was compliant at launch can drift out of compliance as data, usage, and regulation change. Re-evaluate on a schedule, log incidents, and refresh documentation when the model is updated. Continuous monitoring is what turns a one-time assessment into a management system.

AI model regulations you should know

• EU AI Act: Article 53 sets four baseline obligations for providers of general-purpose AI models, namely technical documentation, downstream information, an EU copyright-compliance policy, and a public summary of training content (EU AI Act, Article 53). Models classified as carrying systemic risk face added duties for evaluation, adversarial testing, and incident reporting.
• NIST AI Risk Management Framework: a voluntary US framework that organizes model documentation, testing, and monitoring under Govern, Map, Measure, and Manage, with the Generative AI Profile (NIST AI 600-1) extending it to generative models.
• ISO/IEC 42001: the first certifiable AI management system standard, which asks organizations to run their models under documented governance, risk assessment, and continual improvement (ISO).

Together these define a converging expectation: every AI model should be inventoried, documented, risk-assessed, and monitored across its life. That is precisely the workflow an AI governance platform exists to operate.

FAQ

What is a model in AI? An AI model is a software program that has learned patterns from data so it can perform a task like classifying images, predicting a number, analyzing language, or generating content. Its behavior comes from parameters tuned during training, not from rules a developer wrote by hand.

What are the four types of AI models? The most common grouping is by learning method: supervised, unsupervised, reinforcement, and deep learning models. Models are also grouped by output into discriminative models, which categorize or predict, and generative models, which create new content.

What are the top AI models right now? In 2026 the most used general-purpose models include OpenAI’s GPT family, Anthropic’s Claude, and Google’s Gemini for language, with diffusion models such as Midjourney and DALL-E for images. Open-weight families like Llama and Mistral are widely deployed where organizations need to run a model privately.

How do you make an AI model? You define the task, gather and prepare a representative dataset, choose an algorithm or a foundation model to fine-tune, train it while validating on held-out data, then test, deploy, and monitor it. In a governed environment, documentation and risk assessment run alongside every step, not after.

What is the difference between an AI model and an AI system? A model is the trained component. An AI system is the product that puts a model to work for a specific purpose, with inputs, an interface, and outputs. The EU AI Act regulates general-purpose AI models and AI systems under separate rules, which is why the boundary decides who is accountable.

Do AI models have to be documented by law? In the European Union, providers of general-purpose AI models must keep the technical documentation set out in Annex XI of the EU AI Act and share information with downstream providers under Annex XII. Even where documentation is not yet legally required, frameworks like the NIST AI RMF and ISO/IEC 42001 treat it as standard practice.

Conclusion

The definition of an AI model is no longer contested: it is a program of learned parameters that turns data into predictions or content. What separates organizations now is not whether they can define a model, but whether they can name every model they run, prove how each one was built and tested, and show who is accountable when it fails. That is the shift from knowing what an AI model is to governing one. AI Sigil gives compliance and risk teams a single place to inventory models, hold their documentation, and map each one to the EU AI Act, ISO/IEC 42001, and the NIST AI RMF. See how it works on the AI Sigil platform.