Compliance Library Blog Product Sign In

EU-AI-Act

Regulation (EU) 2024/1689 — Artificial Intelligence Act

EU Version 1.0 334 obligations

Data Governance Obligations

19

Title I — General Provisions

Title II — Prohibited AI Practices

Title III — High-Risk AI Systems

Chapter 1 — Classification of AI Systems as High-Risk

Chapter 2 — Requirements for High-Risk AI Systems

Article 10. Data and data governance

12 obligations

EU-AIA-10-01 Data Governance

Use quality training, validation and testing data sets

High-risk AI systems using training techniques must be developed using training, validation and testing data sets that m
EU-AIA-10-02 Data Governance

Implement appropriate data governance and management practices

Training, validation and testing data sets must be subject to data governance and management practices appropriate for t
EU-AIA-10-07 Data Governance

Assess data availability, quantity and suitability

Data governance practices must include an assessment of the availability, quantity and suitability of the data sets that
EU-AIA-10-10 Data Governance

Identify and address data gaps and shortcomings

Data governance practices must include identification of relevant data gaps or shortcomings that prevent compliance with
EU-AIA-10-11 Data Governance

Ensure data sets are relevant, representative and error-free

Training, validation and testing data sets must be relevant, sufficiently representative, and to the best extent possibl
EU-AIA-10-12 Data Governance

Ensure data sets have appropriate statistical properties

Data sets must have appropriate statistical properties, including, where applicable, as regards the persons or groups of
EU-AIA-10-13 Data Governance

Account for geographical and contextual characteristics in data sets

Data sets must take into account, to the extent required by the intended purpose, the characteristics or elements partic
EU-AIA-10-14 Data Governance

Verify necessity before processing special categories of personal data

Providers may only process special categories of personal data if it is strictly necessary for bias detection and correc
EU-AIA-10-15 Data Governance

Apply technical limitations and security measures to special personal data

Special categories of personal data must be subject to technical limitations on re-use and state-of-the-art security and
EU-AIA-10-16 Data Governance

Implement access controls for special personal data

Special categories of personal data must be subject to measures ensuring they are secured, protected, with suitable safe
EU-AIA-10-18 Data Governance

Delete special personal data after bias correction or retention period

Special categories of personal data must be deleted once the bias has been corrected or the personal data has reached th
EU-AIA-10-20 Data Governance

Apply data requirements to testing data for non-training AI systems

For high-risk AI systems not making use of techniques involving training of AI models, paragraphs 2 to 5 apply only to t

Article 13. Transparency and provision of information to deployers

1 obligation

EU-AIA-13-09 Data Governance

Provide input data specifications and training data information

When appropriate, instructions must include specifications for input data or other relevant information about training,

Chapter 3 — Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties

Article 17. Quality management system

1 obligation

EU-AIA-17-08 Data Governance

Include comprehensive data management systems in QMS

The quality management system must include systems and procedures for data management, including data acquisition, data

Chapter 4 — Obligations of Deployers of High-Risk AI Systems

Article 26. Obligations of deployers of high-risk AI systems

2 obligations

EU-AIA-26-03 Data Governance

Ensure input data quality when controlling input data

To the extent the deployer exercises control over the input data, that deployer must ensure that input data is relevant

EU-AIA-26-12 Data Governance

Use provider information for DPIA compliance

Where applicable, deployers must use the information provided under Article 13 to comply with their obligation to carry

Chapter 5 — Notifying Authorities and Notified Bodies

Article 28. Notifying authorities

1 obligation

EU-AIA-28-07 Data Governance

Safeguard confidentiality per Article 78

Notifying authorities must safeguard the confidentiality of information they obtain in accordance with Article 78 requir

Title IV — Transparency Obligations for Providers and Deployers of Certain AI Systems

Title V — General-Purpose AI Models

Chapter 1 — Classification Rules

Chapter 2 — Obligations for Providers of General-Purpose AI Models

Article 55. Obligations for providers of general-purpose AI models with systemic risk

1 obligation

EU-AIA-55-06 Data Governance

Treat obtained information in compliance with confidentiality obligations

Any information or documentation obtained pursuant to this Article, including trade secrets, must be treated in complian

Title VIII — Post-Market Monitoring, Information Sharing and Market Surveillance

Chapter 1 — Post-Market Monitoring

Article 72. Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems

1 obligation

EU-AIA-72-02 Data Governance

Actively collect, document and analyse performance data

The post-market monitoring system must actively and systematically collect, document and analyse relevant data on the pe

Start your compliance assessment

Map obligations to your AI systems, identify gaps, and generate board-ready reports. Plans start at $149/mo.

Get Started