Loading the catalogue…
Loading the catalogue…
Ai2 is a Seattle-based non-profit research institute and the leading institutional advocate for fully open AI: its OLMo, Tülu, and Molmo families are released under Apache 2.0 with weights, training code, full training datasets (Dolma), intermediate checkpoints, and evaluation logs all publicly available — one of the most transparent AI postures in the industry. As a US-incorporated entity with no EU legal presence it carries CLOUD Act and FISA 702 exposure; however, Apache 2.0 weights mean EU customers can fully self-host inference within their own jurisdiction, eliminating inference-side data transfer risk. The organisation is in a leadership transition following the March 2026 departure of CEO Ali Farhadi, with founding member Peter Clark serving as interim CEO and all 2026 programmes confirmed as funded and continuing; no formal EU AI Act compliance statement or GPAI Code of Practice signatory status has been identified as of June 2026.
Ai2 is US-incorporated and subject to CLOUD Act and FISA Section 702. US authorities can compel production of data held or processed on Ai2 infrastructure without EU judicial oversight. However, because Ai2 does not operate a hosted inference API and models are Apache 2.0 open weights, EU customers self-hosting inference fully mitigate this risk on the inference path.
No formal EU AI Act compliance statement, GPAI Code of Practice signatory status, or EU GPAI Office engagement has been identified as of June 2026. GPAI model obligations became applicable August 2025; EU Commission enforcement powers activate August 2026. Ai2's substantive training-data disclosure likely addresses Art. 53 in practice, but formal documentation per the Commission's template has not been confirmed.
CEO Ali Farhadi and COO Sophie Lebrecht both departed in March 2026. Peter Clark is serving as interim CEO for the second time in four years. A permanent CEO search is ongoing. This represents a period of leadership uncertainty that could affect model roadmap and strategic direction for the OLMo/Molmo families.
No DPA template, DPO contact, or EU-specific GDPR data processing documentation is publicly available. For EU regulated-sector customers wishing to formalise data controller/processor relationships, documentation will need to be requested directly from Ai2.
No SOC 2, ISO 27001, or equivalent security certifications are publicly disclosed. No bug bounty or formal responsible-disclosure policy was found; allenai.org/security returns HTTP 404. This is consistent with the research nonprofit profile but below the bar expected by many regulated-sector procurement functions.
OLMo model cards openly acknowledge limited safety filtering: models can be prompted to generate harmful and sensitive content. Customers in regulated sectors (healthcare, finance, legal) must implement their own safety layers and cannot deploy OLMo/Molmo models directly in production without additional guardrails.
Ai2 acknowledged structural financial constraints in competing at extreme-scale model development as a nonprofit. While existing 2026 programmes are funded, long-term capacity to maintain competitive frontier models relative to well-capitalised commercial labs is a qualitative consideration for customers planning multi-year deployments.
Stav AI Act assessment
Editorial assessment, not legal advice. Stav's risk ratings, scores, and verdicts are our own analysis of publicly available information and may be incomplete or out of date. Verify independently before making compliance or procurement decisions.
Ai2 releases full training data (Dolma/Dolma 3 under ODC-BY), model weights, training code, intermediate checkpoints, evaluation logs, and technical arXiv reports for all OLMo families — identified by multiple independent sources as the most comprehensive open-science posture of any major AI lab.
All OLMo, Tülu, and Molmo model families are released under the permissive Apache 2.0 licence, confirmed across multiple HuggingFace model cards; no custom restrictive licence or commercial usage gate.
Full public documentation of Dolma training data (sources, PII filtering methodology, ODC-BY licence) substantively addresses the EU AI Act Art. 53 training-data transparency requirement, even without a formal compliance statement.
Board chair confirmed all 2026 research programmes are fully funded following CEO departure, including the NSF/NVIDIA multi-year infrastructure partnership and Cancer AI Alliance participation.
Ai2 secured a major multi-year infrastructure investment from NSF and NVIDIA (announced August 2025) to build a national open AI ecosystem, providing medium-term financial stability alongside Allen family philanthropic funding.
Ai2 operates as an independent US non-profit with a published board and scientific advisory board; no for-profit parent company, no state-controlled shareholder, and no identified military or intelligence contracts.
1,000+ academic papers published; active HuggingFace org with daily model/dataset updates; strong university partnerships; published W&B training run logs; open GitHub repositories demonstrate genuine community engagement rather than performative openness.
Privacy policy review
Creator profile
Ai2 (Allen Institute for AI) is a US-headquartered non-profit research institute founded in 2014 and governed by a board of directors and scientific advisory board, with no commercial parent and no known government or state-ownership ties. It is CLOUD Act and FISA 702 exposed as a US organisation, meaning EU-regulated deployers must account for potential US government access to any data processed via its hosted services or APIs. Ai2's open-weights posture is among the most transparent in the industry — releasing full training data, code, intermediate checkpoints, and evaluation tooling under Apache 2.0 for models and ODC-BY for datasets — making its models among the most auditable available for EU regulated sectors, though formal EU AI Act compliance documentation (model cards meeting Article 53 obligations) and a dedicated GDPR/DPO contact have not been publicly verified.
Stav editorial summary
Ai2 is a United States entity. Training data and weights produced under United States-jurisdiction are covered by the CLOUD Act.
Exposed on training. Inference is unaffected when hosted on Stav infrastructure inside the EEA.
Stav compliance has not yet scored Ai2. Scores are published once the policy review and infrastructure assessment complete.
Model cards proactively disclose limitations including limited safety filtering and potential for harmful outputs, demonstrating intellectual honesty rather than marketing-first positioning — a key signal of trustworthy AI development practice.
No known data breaches, security incidents, or privacy enforcement actions identified across any source reviewed, consistent with a clean security track record.
Published safeguards & certifications