The Data Flow Diagram traces the path of data through the system from ingestion to output, showing raw input data entering the system, validation and preprocessing steps, feature computation, model inference, post-processing and threshold application, explanation generation, output delivery to the human oversight interface, and logging at each stage. This diagram is essential for demonstrating Article 12 compliance and for enabling traceability analysis.

The Deployment Diagram shows the physical or cloud infrastructure: the container orchestration platform, the cloud provider and region, node types and resource allocations, the network topology (VPC, subnets, security groups), and external service endpoints. It supports Annex IV’s requirement to describe the hardware and software environment and feeds directly into the cybersecurity documentation in Module 9.

Both diagrams must use consistent notation (C4, UML, or ArchiMate) and be version-controlled. Infrastructure-as-code definitions (Terraform, Pulumi) can generate deployment diagrams automatically, ensuring the documentation remains current. The data flow diagram should annotate each stage with the logging events that are captured, demonstrating that the Article 12 traceability requirement is satisfied end-to-end.

Key outputs

• Data Flow Diagram with logging annotations at each stage
• Deployment Diagram showing infrastructure topology
• Version-controlled diagram files
• Module 3 and Module 10 AISDP evidence