Data Governance Procedure

Purpose

This procedure establishes the mandatory, step-by-step process for the governance of data used in our high-risk AI systems, in compliance with Article 10 of the EU AI Act. Its purpose is to ensure that all data used for training, validation, and testing is of high quality, is relevant and representative, and is managed in a way that minimizes the risk of bias, discrimination, and inaccuracy. This procedure ensures that data governance is integrated throughout the entire AI system lifecycle, from initial data collection through final decommissioning. **Regulatory Basis:** EU AI Act Article 10 establishes comprehensive requirements for training, validation, and testing data governance. This procedure implements all six paragraphs of Article 10, ensuring: - High-quality data governance practices (Article 10(2)) - Relevant, representative, and complete datasets (Article 10(3)) - Systematic bias examination (Article 10(4)) - Special categories of personal data safeguards (Article 10(5)) - Appropriate data minimization (Article 10(6))

Applies To

• All datasets used for the training, validation, and testing of high-risk AI systems classified per AI System Classification Procedure (PROC-AI-CLS-001)
• The entire data lifecycle, from data collection and preparation to data use, monitoring, and retention/deletion
• All data sources, whether internal, external, third-party, or synthetic
• Both structured and unstructured data
• Special categories of personal data (Article 10(5))

Does Not Apply To

• Data not used for AI systems
• The governance of data for non-high-risk AI systems (though these principles are recommended as best practice)
• General data management and data protection (covered by separate GDPR compliance procedures)