Developers using Cohere's API are required to identify and document the potential harms their application could cause before accessing the API.
This analysis describes what Cohere's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The harm documentation requirement creates an affirmative pre-deployment obligation that functions as a form of AI impact assessment, which aligns with emerging regulatory requirements for AI governance documentation under frameworks such as the EU AI Act.
Interpretive note: The policy does not specify the required format, depth, or retention period for harm documentation, creating uncertainty about what constitutes adequate compliance with this obligation.
This obligation requires developers to consider and record how their Cohere-powered application might harm end users before the application is deployed, providing a procedural safeguard that benefits individuals who will ultimately interact with the product.
Cross-platform context
See how other platforms handle Harm Documentation Obligation and similar clauses.
Compare across platforms →Monitoring
Cohere has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Developers must outline and get approval for their use case to access the Cohere API, understanding the models and limitations. They should refer to model cards for detailed information and document potential harms of their application.— Excerpt from Cohere's Cohere Usage Policy
(1) REGULATORY LANDSCAPE: The harm documentation obligation aligns with EU AI Act requirements for technical documentation and risk assessments for high-risk AI systems. It also engages emerging FTC guidance on responsible AI development and accountability frameworks. Where the application processes personal data, this documentation obligation intersects with GDPR Article 35 Data Protection Impact Assessment requirements for high-risk processing activities. (2) GOVERNANCE EXPOSURE: Medium. The policy does not specify the format, scope, or retention period for harm documentation, which means compliance with this obligation is difficult to audit and assess externally. Organizations subject to the EU AI Act's technical documentation requirements may need to ensure their harm documentation meets the more prescriptive requirements of that regulation in addition to satisfying this contractual obligation. (3) JURISDICTION FLAGS: EU developers face heightened exposure where harm documentation obligations overlap with GDPR DPIA requirements and EU AI Act technical documentation mandates. US federal contractors subject to Executive Order guidance on AI governance should also consider whether this documentation obligation aligns with their internal AI use policies. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should treat harm documentation as a required deliverable in the API onboarding process and integrate it into existing product risk assessment workflows. Organizations with established AI governance frameworks should map this obligation to existing internal documentation requirements to avoid duplicative processes. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should develop a standardized harm assessment template that satisfies this contractual requirement and, where applicable, also meets GDPR DPIA and EU AI Act technical documentation standards. Documentation should be versioned and updated when application functionality changes materially.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The harm documentation requirement creates an affirmative pre-deployment obligation that functions as a form of AI impact assessment, which aligns with emerging regulatory requirements for AI governance documentation under frameworks such as the EU AI Act.
This obligation requires developers to consider and record how their Cohere-powered application might harm end users before the application is deployed, providing a procedural safeguard that benefits individuals who will ultimately interact with the product.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cohere.