v2.4.0 | Report Errata
docs artefact-taxonomy

Artefact Taxonomy

Five-category classification of all compliance artefacts: Engineering, Compliance, Governance, Assessment, and Regulatory.

76 articles in this section

1.
Artefact Taxonomy The AISDP(
2.
Five-Category Classification Taxonomy Overview The 61 artefacts sit along a spectrum from pure engineering output to formal legal instrument. Five…
3.
Category A — Engineering Work-Product A1. Pipeline Execution Logs(
4.
A1. Pipeline Execution Logs A1. Pipeline Execution Logs Immutable records of every CI/CD pipeline(
5.
A2. Model Registry Entries A2. Model Registry Entries Central catalogue of all model versions. Each entry contains provenance metadata linking the…
6.
A3. Model Card A3. Model Card Standardised summary of a model version's architecture, training data, performance metrics…
7.
A4. Composite Version Identifier (Version Quad) A4. Composite Version Identifier (Version Quad) A single immutable reference linking code commit, data version, model…
8.
A5. Deployment Ledger A5. Deployment Ledger Immutable, append-only record of every deployment event. Each entry records the deployment date,…
9.
A6. SBOM (Software/ML Bill of Materials) A6. SBOM (Software/ML Bill of Materials) Complete dependency inventory for each build: all software libraries, ML…
10.
A7. Data Lineage Records A7. Data Lineage Records End-to-end provenance chain tracing raw data sources through every transformation to the…
11.
A8. Feature Registry A8. Feature Registry Central catalogue of all features used by the system. Each entry records the feature name, source…
12.
A9. Override and Escalation Logs A9. Override and Escalation Logs Immutable records of every operator override, escalation, and human review decision.…
13.
A10. Third-Party Data Quarantine Log A10. Third-Party Data Quarantine Log Records of supplier data deliveries that fail intake validation. Each entry…
14.
A11. Vulnerability Management Register A11. Vulnerability Management Register Centralised register of all identified security vulnerabilities with severity…
15.
A12. Operational Dashboard A12. Operational Dashboard Real-time or near-real-time display of system behaviour: current metric values, alert…
16.
A13. Evaluation Reports A13. Evaluation Reports Per-build records of all performance, fairness, robustness, and calibration metrics declared in…
17.
A14. Cumulative Baseline Tracking Record A14. Cumulative Baseline Tracking Record Drift metrics comparing each candidate model version against both the…
18.
A15. Dead-Letter Queue Investigation Records A15. Dead-Letter Queue Investigation Records Records of non-conforming data records caught by ingestion boundary…
19.
A16. Governance Dashboard A16. Governance Dashboard Summary views for the AI Governance…
20.
Category B — Compliance Evidence B1. Evidence Pack(
21.
B1. Evidence Pack B1. Evidence Pack The complete collection of supporting artefacts substantiating every material claim in the AISDP. An…
22.
B2. Evidence Register B2. Evidence Register Structured catalogue of every artefact in the evidence pack. Each entry records a unique artefact…
23.
B3. Distributional Analysis Reports B3. Distributional Analysis Reports Consolidated report per dataset combining the distributional analysis output matrix…
24.
B4. Fairness Evaluation Report B4. Fairness Evaluation Report Central fairness evidence document. Contains per-subgroup metrics (TPR, FPR, selection…
25.
B5. Dataset Documentation B5. Dataset Documentation Per-dataset documentation(
26.
B6. Data Retention Plan B6. Data Retention Plan Per-data-category specification of retention periods, justifications, storage tiers and cost…
27.
B7. Threat Model B7. Threat Model Living document mapping the system's threat landscape using combined STRIDE, MITRE ATLAS, OWASP Top 10…
28.
B8. Penetration Testing Reports B8. Penetration Testing Reports Results of security testing including AI-specific attack scenarios (adversarial inputs,…
29.
B9. Substantial Modification Assessment B9. Substantial Modification Assessment Formal assessment of whether a system change crosses quantitative thresholds,…
30.
B10. PMM Feedback Loop Records B10. PMM Feedback Loop Records Traceable records demonstrating the complete cycle for each monitoring finding:…
31.
B11. Operator Training and AI Literacy Records B11. Operator Training and AI Literacy Records LMS-based records of operator training on system capabilities,…
32.
B12. Archived Model and Documentation Package B12. Archived Model and Documentation Package Complete preservation of model artefacts, AISDP modules, evidence…
33.
B13. Inspection Readiness Pack B13. Inspection Readiness Pack Pre-assembled documentation package enabling rapid response to competent authority…
34.
B14. Cross-Reference Index B14. Cross-Reference Index Consolidated mapping of every cited EU AI Act article, annex, and AISDP module to the…
35.
Category C — Governance Decision Record C1. Classification Decision Record (CDR)(
36.
C1. Classification Decision Record (CDR) C1. Classification Decision Record (CDR) Records whether the system falls within the AI Act's scope, its risk tier, and…
37.
C2. Risk Register C2. Risk Register Central living document recording all identified risks. Each entry records risk ID, description,…
38.
C3. Residual Risk Acceptance Sign-offs C3. Residual Risk Acceptance Sign-offs Formal records of the AI Governance…
39.
C4. Model Selection Record C4. Model Selection Record Documents the full model evaluation, the compliance criteria…
40.
C5. Compliance Criteria Scoring Matrix C5. Compliance Criteria Scoring Matrix Quantitative comparison of candidate architectures across six compliance…
41.
C6. Model Origin Risk Assessment C6. Model Origin Risk Assessment Evaluation of provenance, governance quality, and inherited risk for each model…
42.
C7. IP and Licensing Analysis C7. IP and Licensing Analysis Assessment of copyright exposure, licence compatibility, and IP risk for all model…
43.
C8. Fine-Tuning Provider Boundary Determination C8. Fine-Tuning Provider Boundary Determination Documents whether fine-tuning a GPAI model constitutes a substantial…
44.
C9. Quarterly PMM Review Minutes C9. Quarterly PMM Review Minutes Governance record of the primary post-market monitoring forum. Documents monitoring…
45.
C10. D&O and Insurance Coverage Review C10. D&O; and Insurance Coverage Review Assessment of whether D&O; insurance covers Article 99 regulatory fines,…
46.
C11. Regulatory Guidance Monitoring Log C11. Regulatory Guidance Monitoring Log Quarterly tracking of published guidance, interpretive statements, and…
47.
C12. Decommission Plan C12. Decommission Plan Structured plan for system…
48.
Category D — Assessment Record D1. Assessment Plan(
49.
D1. Assessment Plan D1. Assessment Plan Defines the conformity assessment(
50.
D2. Assessment Checklist D2. Assessment Checklist Granular per-sub-requirement checklist mapping every requirement of Articles 8–15, Article…
51.
D3. Non-Conformity Register D3. Non-Conformity Register Records all non-conformities identified during assessment, classified by severity…
52.
D4. Internal Conformity Assessment Report D4. Internal Conformity Assessment Report The assessment's formal concluding document: scope, methodology, assessor…
53.
D5. Assessor Records Archive D5. Assessor Records Archive Documentation demonstrating that the assessment was conducted by competent, independent…
54.
D6. Readiness Assessment Checklist D6. Readiness Assessment Checklist Pre-assessment gate confirming that governance, technical, and documentation…
55.
D7. Annual Oversight Audit Report D7. Annual Oversight Audit Report Independent annual audit of monitoring infrastructure, escalation pathways,…
56.
D8. Regulatory Interaction Log D8. Regulatory Interaction Log Record of every substantive communication with competent authorities, notified bodies,…
57.
Category E — Regulatory Instrument E1. Declaration of Conformity(
58.
E1. Declaration of Conformity E1. Declaration of Conformity Legally binding statement under Article 47 that the system conforms to all applicable…
59.
E2. EU Database Registration Entry E2. EU Database Registration Entry Formal submission to the EU database under Articles 49/71. Annex VIII Section A…
60.
E3. CE Marking E3. CE Marking Visible declaration that the system conforms to all applicable requirements. Affixed on the system's…
61.
E4. Instructions for Use (IFU) E4. Instructions for Use (IFU) Deployer-facing documentation required under Article…
62.
E5. AISDP (Twelve-Module Documentation Package) E5. AISDP (Twelve-Module Documentation Package) The master compliance document comprising twelve modules: System…
63.
E6. Serious Incident Reports E6. Serious Incident Reports Formal notifications to the market…
64.
E7. FRIA Report E7. FRIA Report Fundamental Rights Impact Assessment examining the system's impact on all potentially affected EU…
65.
E8. Data Protection Impact Assessment (DPIA) E8. Data Protection Impact Assessment (DPIA) Assessment of risks to individuals' rights and freedoms from personal data…
66.
E9. Affected Person Notification Templates E9. Affected Person Notification Templates Templates and processes for informing individuals of the system's…
67.
E10. Regulator Contact Register E10. Regulator Contact Register Per-jurisdiction register of authority contacts for incident notification and…
68.
E11. Break-Glass Procedure Documentation E11. Break-Glass Procedure Documentation Emergency override and shutdown procedures implementing Article…
69.
Cross-Cutting Analysis Regulatory Mapping(
70.
Regulatory Mapping Regulatory Mapping The 61 artefacts address obligations across ten legal instruments: the EU AI Act (Regulation (EU)…
71.
Retention Requirements Retention Requirements Article 18(
72.
Update Frequencies Update Frequencies Artefact update frequencies fall into four bands. Continuous artefacts (most of Category A) are…
73.
Collection Method Patterns Collection Method Patterns Three collection patterns cover the 61 artefacts. Automated collection (28 artefacts,…
74.
Responsible Party Distribution Responsible Party Distribution All ten roles from the AISDP governance framework own artefacts. The CI/CD…
75.
Artefact Interdependencies Artefact Interdependencies The 61 artefacts form a dependency graph rather than an independent list. Six artefacts…
76.
Official Template Sources Official Template Sources Seven artefacts have official or authoritative template sources as of February 2026. The…
On This Page