The Open Spectrum: Weights, Data, and Trust
What 'open' actually means for a base model — the distinction between open-weights, open-data, and open-recipe releases, and why it is load-bearing the moment you deploy in a regulated domain where a regulator can ask 'what did this model see?'
Openness has three tiers, not a binary. Open-weights-only (Llama 3.x) lets you use the model but you trust the publisher's word about what it saw. Open-data (MiniCPM, OLMo, Tülu, SmolLM3) lets you audit what it saw. Open-recipe (OLMo, Tülu 3, SmolLM3) lets you reproduce and prove the whole thing end to end.
OSAID v1.0 (2024-10-28) is a deliberate compromise, not a reproducibility guarantee. It requires 'sufficiently detailed information about the data,' not the data itself. A Llama-style release can be OSAID-compliant without being reproducible or auditable. Treat 'OSAID-compliant' and 'open-data/recipe' as different claims.
The NTIA 2024 report is the government authority for the sensitive-data argument. Open-weight models 'provide security benefits by allowing firms, researchers, and users to use potentially sensitive data' locally and on-premises. This is why IL5/IL6, HIPAA-covered, and air-gapped environments require an open-weight base.
Open-data is a compliance asset, not an ideology. Auditability (prove what it saw), reproducibility (pin a commit, rebuild, no silent drift), and supply-chain trust (rule out hidden training-time exfiltration) each map to a requirement a regulator can name — and each is satisfiable only when you can see the data and the recipe.