The MPAI Ecosystem is composed of the following cooperating entities:
- MPAI
- Acts as the root of trust of the MPAI Ecosystem.
- Defines the rules of Governance.
- Develops the 4 components of an MPAI Standard.
- Establishes the MPAI Store.
- Appoints Performance Assessors.
- MPAI Store
- Operates on a cost-recovery basis based on a mandate received from MPAI.
- Identifies implementers of MPAI Standards (see Annex 4).
- Establishes distribution agreements with Implementers.
- Tests implementations submitted by implementers for:
- Security Validation.
- Conformance with MPAI-AIF.
- Conformance with an Application-Oriented Technical Specification.
- Conformance with an Accessory Specification (if applicable).
- May receive notifications from Performance Assessors.
- Labels Implementations as:
- Level 1, if d.i and d.ii tests have been passed.
- Level 2, if d.iii tests have been passed.
- Level 3, if a Performance Assessor has notified that the Implementation has a Grade above the minimum level.
- Posts software Implementations for download.
- Manages a reputation system where the MPAI Store publishes report of their user experience of an Implementation, after moderation, if this becomes necessary.
- Manages the Implementer ID Registration Authority (IIDRA).
- The MPAI Store is a not-for-profit commercial organisation.
- However, the MPAI Store may recover the costs (e.g., ICT infrastructure, personnel, consultants) deriving from MPAI Store operation from Implementers, Service Providers and Users.
- Implementers
- Obtain an Implementer ID (IID).
- Make implementations.
- Submit implementations to the MPAI Store.
- May submit Implementations to Performance Assessors.
- Performance Assessors assess the Grade of an Implementation.
- May be implementers or qualified companies.
- May not Assess the Performance of their Implementations if Implementers.
- Are appointed for a particular domain and Performance category (Reliability, Replicability, Robustness, and Fairness) for an indefinite duration but MPAI may revoke the appointment.
- May charge Implementers, Service Providers, and Users for their services.
- The Performance Assessment process is confidential, unless the Implementor and the Assessor decide otherwise.
Table 2 gives the operations of the actors enabling the MPAI ecosystem to operate.
Table 2 – The players of the MPAI ecosystem
Player | Role |
MPAI Store | 1. Independent commercial not-for-profit entity established by MPAI.
2. Assigns ImplementerID’s to Implementers as ImplementerID Registration Authority. 3. Charges Implementers, Service Providers and Users on a cost recovery basis. 4. Receives Implementations from Implementers. 5. Tests Implementations submitted by Implementers for security and Conformance. 6. Receives results of Performance Assessment of Implementations from Performance Assessors. 7. AIWs and AIMs may be implementations of MPAI standards or independently developed but suitable to be executed in AIFs. 8. Assigns AIWs and AIMs to security experts for testing (either employees or consultants). 9. Receives commercial distribution licences of AIFs, AIWs and AIMs Implementations from Implementers. 10. Distributes to Service Providers and Users Implementations that are approved by security experts and Tested for Conformance after assigning: a. A Level 1 label to non-MPAI-specified AIWs and AIMs. b. A Level 2 label to AIWs and AIMs Conforming to an MPAI Application Standard. c. Assign a Level 3 label to AIWs and AIMs Conforming to an MPAI Application Standard and whose Performance has been Assessed. 11. Undertakes to make Implementations available through high availability ICT infrastructure. |
Standard developer | An expert contributing to the development of MPAI Standards. |
Implementer | An entity providing Implementations of AIFs, AIWs and AIMs. |
Performance Assessor | An entity certified by MPAI to determine whether an AIW or AIM:
1. Conforms with one or more MPAI standards. 2. Offers a Performance Grade. |
Security expert | An entity authorised by MPAI to develop tests establishing whether an AIF or an AIW or an AIM presents security issues. |
Service Provider | An entity running AIWs e.g., a private or public cloud. A Service Provider does not acquire the right to redistribute Implementations. |
End User | The ultimate beneficiary of the execution of AIWs. They may execute AIWs and AIMs in a local environment. |