v2.4.0 | Report Errata
docs resources

Resources

Core artefacts, technical infrastructure summaries, templates, checklists, maturity model, code examples, and glossary.

79 articles in this section

1.
Governance Structure Seven Roles Summary & Multi-Role Assignment Seven functional governance roles thread through every domain. AI…
2.
Core Artefacts to Produce CDR — Content & Process Summary(
3.
CDR — Content & Process Summary CDR — Content & Process Summary The Classification Decision Record(
4.
AISDP — 12 Module Overview AISDP — 12 Module Overview The AISDP is structured as twelve modules, each mapping to specific Annex IV requirements.…
5.
Module 1: System Description & Intended Purpose Module 1: System Description & Intended Purpose Module 1 identifies the system (name, version, provider, intended…
6.
Module 2: Development Process Module 2: Development Process Module 2 documents the development methodology, coding standards, testing requirements,…
7.
Module 3: Model Documentation Module 3: Model Documentation Module 3 provides the complete model description: architecture, training methodology,…
8.
Module 4: Data Governance & Dataset Documentation Module 4: Data Governance & Dataset Documentation Module 4 documents training data (source, size, period, coverage),…
9.
Module 5: Testing & Validation Module 5: Testing & Validation Module 5 documents the test strategy, unit and integration tests, performance…
10.
Module 6: Risk Management System Module 6: Risk Management System Module 6 documents the risk identification methodology (five methods, ), the complete…
11.
Module 7: Human Oversight Module 7: Human Oversight Module 7 documents the oversight architecture (six-level pyramid, ), operator interface…
12.
Module 8: Transparency & User Information Module 8: Transparency & User Information Module 8 contains the Instructions for Use, deployer guidance, explanation…
13.
Module 9: Robustness & Cybersecurity Module 9: Robustness & Cybersecurity Module 9 documents the AI-specific threat assessment, cybersecurity controls,…
14.
Module 10: Version Control & Change Management Module 10: Version Control & Change Management Module 10 records the versioning scheme (composite version quad, ),…
15.
Module 11: Fundamental Rights Impact Assessment Module 11: Fundamental Rights Impact Assessment Module 11 contains the FRIA methodology, Charter rights assessed with…
16.
Module 12: Post-Market Monitoring & Change History Module 12: Post-Market Monitoring & Change History Module 12 contains the PMM plan(
17.
AISDP Assembly Timeline (Incremental, Phase 1 to Phase 5) AISDP Assembly Timeline (Incremental, Phase 1 to Phase 5) The AISDP is assembled incrementally across the seven…
18.
Evidence Pack — Traceability & Currency Requirements Evidence Pack — Traceability & Currency Requirements Every material claim in the AISDP must trace to a specific,…
19.
Risk Register — Living Document Requirements Risk Register — Living Document Requirements The risk register is maintained as a living document throughout the system…
20.
Declaration of Conformity — Eight Points & Legal Significance Declaration of Conformity — Eight Points & Legal Significance The Declaration of…
21.
FRIA Report — Scope & Separation Requirement FRIA Report — Scope & Separation Requirement The FRIA examines the impact on all potentially affected EU Charter…
22.
PMM Plan — Five Dimensions & Proportionality PMM Plan — Five Dimensions & Proportionality The PMM plan(
23.
Technical Infrastructure Version Control Summary(
24.
Version Control Summary Version Control Summary Five version-controlled artefact categories: code (Git), data (DVC/LakeFS), models…
25.
CI/CD Pipeline with Four Compliance Gates CI/CD Pipeline with Four Compliance Gates The CI/CD pipeline(
26.
Monitoring Infrastructure Summary Monitoring Infrastructure Summary Five-layer monitoring infrastructure: data collection layer (asynchronous streaming…
27.
Security Stack Summary Security Stack Summary Eight security domains: SAST (Semgrep/SonarQube), SCA (Dependabot/Snyk), container scanning…
28.
Fairness & Bias Tooling Summary Fairness & Bias Tooling Summary Four-stage fairness tooling: pre-training (data distribution analysis, representation…
29.
Explainability Summary Explainability Summary Model-agnostic methods: SHAP (feature attribution), LIME (local surrogate models).…
30.
LLM / Generative AI Tooling Summary LLM / Generative AI Tooling Summary Five monitoring domains for LLM/generative AI systems: hallucination detection (NLI…
31.
Evidence & Document Management Evidence & Document Management Four management components: evidence repository (SharePoint/Confluence/GitLab with…
32.
Break-Glass Mechanisms Summary Break-Glass Mechanisms Summary Three independent halt mechanisms: in-application stop button (prominent UI control, ),…
33.
Production Monitoring Reference Five Monitoring Dimensions Summary Performance (accuracy metrics, ground truth handling, disaggregated and temporal…
34.
Conformity Assessment Reference Route Determination (Annex VI, NB, Voluntary) Three conformity assessment(
35.
Regulatory Interaction Reference EU Database Registration Summary EU database registration is completed before the system is placed on the market. Annex…
36.
Human Oversight Framework Reference Six-Level Pyramid Summary Level 1: Technical Monitoring (engineering team, continuous automated monitoring, emergency…
37.
End-of-Life Reference Plan During Architecture Phase End-of-life planning(
38.
Brownfield Systems Gap Assessment Approach For systems already in production, the AI System…
39.
Templates & Checklists Templates and checklists provide practical tools for implementing the…
40.
Three Core Templates (Appendix A) A.1: AISDP Module Structure Template The AISDP module structure template provides a standardised format for each of the…
41.
Readiness Assessment Checklist Governance Readiness All ten governance and technical roles appointed: AI Governance…
42.
Eleven Common Pitfalls Retrospective Documentation(
43.
Retrospective Documentation Retrospective Documentation Attempting to reconstruct the development process from memory after the system is built…
44.
Legal Document Syndrome Legal Document Syndrome Treating the AISDP as a legal document (vague, hedged, written to minimise exposure) when it…
45.
Empty Evidence Pack Empty Evidence Pack Producing an AISDP narrative without assembling the supporting evidence. Every material claim must…
46.
Human Oversight as Checkbox Human Oversight as Checkbox Documenting that human oversight "exists" without designing the operational reality:…
47.
Compliance-at-Deployment Compliance-at-Deployment Treating compliance as a gate to pass at deployment, overlooking ongoing obligations. The…
48.
Cybersecurity as Afterthought Cybersecurity as Afterthought Bolting security on as a final pre-deployment gate instead of embedding it from the…
49.
Oversight Designed After Deployment Oversight Designed After Deployment Building the operational oversight framework after the system is live, when…
50.
Suppressed Escalation Suppressed Escalation Creating formal escalation pathways but cultivating a culture where using them carries career…
51.
Scope Creep Without Reclassification Scope Creep Without Reclassification Gradually expanding the system's use beyond its documented intended purpose…
52.
Ignoring Cumulative Change Ignoring Cumulative Change Making individually sub-threshold changes that collectively constitute a substantial…
53.
Decommissioning as Afterthought Decommissioning as Afterthought Treating end-of-life as an operational task with no governed process risks orphaned…
54.
Maturity Model L1 Awareness(
55.
L1 Awareness L1 Awareness The organisation is aware of the EU AI Act. AI systems are identified but not classified. No AISDP, no…
56.
L2 Foundational L2 Foundational Systems classified; governance roles assigned; AISDP preparation begun for highest-risk systems; basic…
57.
L3 Structured L3 Structured AISDPs under preparation for all high-risk systems; version control(
58.
L4 Operational L4 Operational Conformity assessment(
59.
L5 Optimising L5 Optimising Compliance is a natural byproduct of engineering and governance workflow; evidence generated…
60.
Target: Level 4 Before August 2026 Target: Level 4 Before August 2026 Most organisations in early 2026 are between Level 1 and Level 2. The gap to Level 4…
61.
Cross-Reference Index (Appendix B) Article-to-Section Mapping The cross-reference index maps every EU AI Act Article cited in this documentation to the…
62.
Code Examples Data Validation Examples Code examples are provided for data validation including Great Expectations data quality…
63.
Architectural Diagrams Risk Classification Diagram(
64.
Risk Classification Diagram Risk Classification Diagram The risk classification decision flowchart traces the assessment pathway from "Is it an AI…
65.
Oversight Pyramid Diagram Oversight Pyramid Diagram The six-level oversight pyramid(
66.
Incident Response Diagram Incident Response Diagram The serious incident response(
67.
Feedback Loop Diagram Feedback Loop Diagram The PMM feedback loop diagram shows the cycle from PMM finding through decision authority (with…
68.
Delivery Timeline Diagram Delivery Timeline Diagram The seven-phase delivery(
69.
Additional Diagrams (Remaining 11) Additional Diagrams (Remaining 11) Additional Mermaid diagrams are included: the end-of-life workflow (seven…
70.
Glossary (Appendix C) Regulatory Terms(
71.
Regulatory Terms Regulatory Terms Key regulatory terms defined in the glossary: AI system (Article 3(1)), high-risk AI system (Article…
72.
Document Terms Document Terms Key document terms: AISDP (AI System Documentation Package), CDR (Classification Decision Record),…
73.
Roles Roles Ten governance and technical role definitions: AI Governance Lead, AI System Assessor, Business Owner,…
74.
Cross-Regulatory Instruments Cross-Regulatory Instruments Key cross-regulatory instruments: CRA (Cyber Resilience Act, Regulation (EU) 2024/2847),…
75.
Standards & Bodies Standards & Bodies Key standards: ISO/IEC 42001 (AI Management System), ISO/IEC 23894 (AI Risk Management), ISO/IEC…
76.
Technical Terms Technical Terms Key technical terms defined: automation bias, concept drift, data drift, data lineage, data poisoning,…
77.
Tools Tools Key tools referenced: Fairlearn, Aequitas (fairness); SHAP, LIME (explainability); RAGAS, Trulens, Lakera Guard,…
78.
Abbreviations Abbreviations Key abbreviations: AISDP (AI System Documentation Package), AUC-ROC (Area Under the Receiver Operating…
79.
Report Errata ← Back to Documentation(<) Report an Issue Documentation Errata Found an error, inaccuracy, or outdated section in our…
On This Page