Data Governance & Lineage — Data Management
Data Governance & Lineage
EU AI Act Compliance Data Management EU/UK aligned
+ On this page
Key takeaways
- Track origin ➜ transformations ➜ model usage with verifiable lineage and licence status.
- Only ingest what you can legally and safely keep; automate expiry and deletion.
Principles & roles
- Named Data Owner, Steward, and Custodian per domain; RACI for approvals and changes.
- Purpose limitation; data minimisation; integrity; accountability; evidence of oversight meetings.
Data catalog & classification
- Central catalog with system-of-record; classification levels (Public, Internal, Confidential, Restricted).
- Automatic discovery (schemas, PII scanners); manual curation (business glossary, critical fields).
Lineage & provenance
- End-to-end lineage: source→staging→curated→training/eval/index→model release; immutable snapshots.
- Signed manifests per dataset/version; checksums; identity of uploader; approval references.
Quality controls
- Schema tests, null/outlier thresholds, label accuracy audits, dedup & leakage detection jobs.
- Data SLAs: freshness, completeness, acceptable error rates; break-glass rules when breached.
Privacy & lawful basis
- Map lawful basis per attribute; DPIA where needed; consent registry; sensitive data handling guidelines.
Security & access
- Attribute- and role-based access; least privilege; environment isolation; encryption in transit/at rest.
PII/PHI handling
- Redaction/pseudonymisation; purpose-bounded joins; tokenisation; sensitive cohort exclusions for training.
Licensing & IP
- Store licence text and scope; scrape policies to prohibit ingestion of barred sources; track derivative use rights.
Retention & deletion
- Automated retention per class; legal hold workflow; backed-up copies accounted; proof of deletion artefacts.
DSRs & audit
- Subject rights endpoints; request tracing to sources and indexes; export logs; audit queries and approvals.
GenAI corpora standards
- Document chunking policy; metadata schema (source, page, date, licence, sensitivity, hash, owner, version).
- Blue/green corpora with rollback; quarantine queue for flagged docs; re-index on change.
Governance checklist
- Owner named; lineage verifiable; licences stored; retention enforced; DSRs operable; evidence indexed.
© Zen AI Governance UK Ltd • Regulatory Knowledge • v1 05 Nov 2025 • This page is general guidance, not legal advice.
Related Articles
Data Governance — Data Governance
Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Data Governance — EU/UK aligned EU AI Act Compliance Data Governance EU/UK aligned + On this page On this page Provenance & licensing Lawful basis & ...
Logging & Traceability — Risk Management
Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Logging & Traceability — EU/UK aligned EU AI Act Compliance Risk Management EU/UK aligned + On this page On this page Telemetry schema Privacy & ...
Governance, Evidence & Records — Foundations
Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Governance, Evidence & Records EU AI Act Compliance Foundations EU/UK aligned + On this page On this page Org structure & roles Policies & decision ...
Bias & Fairness Playbook — Risk Management
Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Bias & Fairness Playbook EU AI Act Compliance Risk Management EU/UK aligned + On this page On this page Concepts & cohorts Metrics & parity Datasets ...
Accuracy, Robustness & Cybersecurity — Risk Management
Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Accuracy, Robustness & Cybersecurity — EU/UK aligned EU AI Act Compliance Risk Management EU/UK aligned + On this page On this page Accuracy & ...