?asOf= parameter to see the current catalog state.Retrieval-Augmented Generation (RAG)
retrieval-augmented-generation · Frontier safety
An AI system pattern in which a model's outputs are conditioned on external content retrieved at inference time from a knowledge source — combining the parametric knowledge of the model with the up-to-date or domain-specific knowledge of the retrieval index.
Definition & scope
Retrieval-augmented generation was formalised by Lewis et al. (2020, 'Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks,' NeurIPS) and is now the dominant pattern for deploying LLMs against proprietary, current, or specialised knowledge. The architecture pattern: at inference time, the user query is used to retrieve k documents from an index (vector store, search engine, structured database); those documents are appended to the prompt context; the model generates an answer conditioned on both its parametric memory and the retrieved context. RAG is the substrate for most enterprise LLM deployments — legal assistants citing case law, customer-support agents citing product docs, medical-AI citing clinical guidelines. Governance relevance opens a distinct surface from pure-LLM outputs. (a) Provenance — retrieved content has its own source attribution that must flow into the output; this is the technical substrate for citation-verifiability requirements (EU AIA Art. 50 transparency for AI-generated content). (b) Hallucination mitigation — RAG reduces but does not eliminate hallucination, because the model may still misquote or compositionally fabricate from retrieved sources. (c) Indirect prompt injection — the retrieval corpus is a primary adversarial-input vector (Greshake et al. 2023); an attacker who can plant content in the retrievable index can hijack the model. (d) Downstream-misinformation risk — RAG systems that surface low-quality sources amplify them with authoritative voice. (e) IP + training-data overlap — RAG creates a deployment-time analogue of training-data attribution questions, since retrieved-and-paraphrased content may infringe copyright at use-time. NIST AI RMF GenAI Profile §2.7 'Value Chain and Component Integration' is the closest binding frame; EU AI Act Art. 53 GPAI obligations apply to the model but the retrieval-index layer is largely unregulated.
Use in governance
How instruments operationalise this concept
| Instrument | Jurisdiction | Status |
|---|---|---|
| EU AI Act | EU | in force |
| NIST AI RMF Generative AI Profile | US | in force |
Appears in topic articles
Editorial note
When citing RAG in policy contexts, distinguish the model-layer governance surface (EU AIA Art. 53 model-card obligations) from the retrieval-index-layer governance surface (largely unregulated). The retrieval layer is where most enterprise deployments concentrate risk in 2025-2026 because it sees less regulatory scrutiny than the underlying model.
See also
Further reading
Sources on the broader topics this concept relates to — complementing, not standing in for, the primary sources cited inline above. 81 academic & grey-literature sources; catalogued metadata with a primary link; one-line findings are ✦ AI-generated summaries, labeled as such (charter §7.9). Browse the full literature index.
- Open Foundation Models and TDM Exceptions to Copyright – Building Blocks for an AI Ecosystem Peer-reviewed✦ AIArgues Art. 3 CDSM Directive's scientific-research TDM exception 'does not grant rightsholders any control' and can be a 'safe harbor' for training openly released foundation models without licensing data.
- An interdisciplinary account of the terminological choices by EU policymakers ahead of the final agreement on the AI Act: AI system, general purpose AI system, foundation model, and generative AI Peer-reviewed✦ AITraces how the AI Act's legal text shifted across versions among the terms 'AI system, general purpose AI system, foundation model, and generative AI', exposing definitional instability in the regime.
- The EU model of AI governance: regulating artificial intelligence through law and policy Peer-reviewed✦ AIAnalyses how the AI Act's risk-based model handles general-purpose and foundation models whose 'autonomous content generation challenges legal categories of authorship, accountability, and control'.
- Generative AI and data protection Peer-reviewed✦ AIExamines friction between foundation-model training and the GDPR, noting models that 'memorize and leak pieces of training data' cannot be treated as anonymous.
- Identifying Algorithmic Decision Subjects' Needs for Meaningful Contestability Peer-reviewed✦ AIEmpirically elicits what decision subjects need for contestation to be 'meaningful', informing the design of effective remedies and appeal mechanisms for ADM.
- Two Means to an End Goal: Connecting Explainability and Contestability in the Regulation of Public Sector AI Preprint✦ AIInterview study with 14 regulation experts distinguishes judicial vs non-judicial and individual vs collective contestation channels for public-sector AI remedies.
- Copyright and AI in the UK: Opting-In or Opting-Out? Peer-reviewed✦ AIContends the UK opt-in/opt-out framing is a 'missed opportunity'; a broadened research exception plus market-entry transparency and creator remuneration would better serve both innovation and rightsholders.
- Technical Challenges of Rightsholders' Opt-out From Gen AI Training after Robert Kneschke v. LAION Peer-reviewed✦ AIExamines post-LAION practical obstacles to the EU TDM opt-out (robots.txt, machine-readability, memorisation): 'While the TDM exceptions may seem workable in theory, implementing them in practice presents a variety of practical…
- GPTs are GPTs: Labor market impact potential of LLMs Peer-reviewed✦ AIFinds around 80% of the U.S. workforce "could have at least 10% of their work tasks affected" by LLMs, which exhibit "traits of general-purpose technologies".
- Generative AI in EU law: Liability, privacy, intellectual property, and cybersecurity Peer-reviewed✦ AIExamines how the EU AI Act, liability regimes, GDPR, copyright and cybersecurity rules apply to generative AI, identifying gaps and proposing targeted regulatory refinements.
- A large-scale audit of dataset licensing and attribution in AI Peer-reviewed✦ AIAudit of 1,800+ AI training datasets finds "licence omission rates of more than 70% and error rates of more than 50%" on popular hosting sites.
- Evaluating Frontier Models for Dangerous Capabilities Preprint✦ AIPilots dangerous-capability evaluations (persuasion, cyber, self-proliferation) on frontier models, finding 'early warning signs' but no strong present danger — grounding evaluation-based gating.
+ 69 more across this concept's topics — see the literature index.
References
The primary instrument sources behind the article's classifications.
Cite this article 8 formats · BibTeX, RIS, APA, Chicago, … · 1-click copy
Persistent identifier: https://policywindow.org/wiki/retrieval-augmented-generation — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.
Article tools — track changes, suggest an edit
View history — every captured revision of this article · What links here