T334 · EU AI Act · Article 10 · Data Governance · AP2 Export

EU AI Act Article 10 Data Governance Requirements Mapper

Map training and testing data governance obligations for high-risk AI systems in financial services under EU AI Act Article 10. Covers bias examination methodologies, data provenance and lineage documentation, geographic representativeness checks, Art. 10(5) special-category processing for bias monitoring, and interaction with GDPR Art. 22 automated decision-making requirements. Effective August 2 2026.

Effective 2 August 2026 EU AI Act (EU) 2024/1689 Art. 10 GDPR Art. 22 · Art. 9 Interaction Client-Side · Zero PII · CC BY 4.0

2 August 2026 Art. 10 data governance obligations effective for high-risk AI ● Critical deadline

Now — GDPR applies GDPR Art. 22 interaction: automated individual decisions already regulated ● Already live

Scope & Reliance — All inputs are processed locally in your browser. No data is transmitted. Static regulatory thresholds as of 2026-06-01. Verify against current primary sources before relying on outputs for legal or compliance decisions. Deterministic logic · zero PII · CC BY 4.0.

🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.

Step 01 Training Data Profile

AI system use case (Annex III context)

Training data type Structured financial data carries different bias risks than unstructured data — Art. 10 requirements apply to both.

Data source / provenance Art. 10(3): Data governance practices must cover origin of data, collection methods, and intended purpose.

GDPR legal basis for training data processing GDPR applies to training data containing personal data. Legal basis must be established before processing.

Step 02 Bias, Representativeness & Special Category Data

Known protected characteristics in training data? Art. 10(2)(f): Data governance must examine potential biases including from protected characteristics.

Bias testing performed? Art. 10(2)(f) requires examination of possible biases. Bias testing is the primary compliance method.

Geographic representativeness of training data Art. 10(2)(e): Training data must be sufficiently representative and as far as possible free of errors.

Art. 10(5) special-category processing for bias detection? Art. 10(5) permits processing of special category personal data strictly for detecting and correcting biases, subject to safeguards.

Data lineage / provenance documented? Art. 10(3): Providers must implement data governance practices covering collection methods, origin, and intended purpose.

GDPR Art. 22 automated decision-making flag GDPR Art. 22 prohibits solely automated decisions producing legal or similarly significant effects unless specific conditions are met.

Art. 10 Data Governance Assessment

—

Art. 10 Data Governance Readiness

Data provenance & lineage

—

Bias examination

—

Representativeness

—

Special category (Art. 10(5))

—

GDPR Art. 22 alignment

Overall data governance readiness —

Art. 10 Requirements Mapping

Requirement	Art. ref	Status	Action required

Data Governance Gap Analysis

AP2 v1.0 · @ainumbers.co/eu-ai-act-art10-data-v1

Regulatory Sources

[1]EU AI Act (EU) 2024/1689 Art. 10 — Data and data governance: training, validation, testing data requirements

[2]EU AI Act Art. 10(2) — Data quality criteria: relevance, representativeness, freedom from errors, completeness

[3]EU AI Act Art. 10(5) — Special category data processing strictly for detecting and correcting biases

[4]EU AI Act Art. 11 — Technical documentation requirements (includes data governance documentation for technical file)

[5]GDPR (EU) 2016/679 Art. 22 — Automated individual decision-making including profiling

[6]GDPR Art. 9 — Processing of special categories of personal data; interaction with AI Act Art. 10(5)

[7]EU AI Act Recital 44 — Bias and discrimination risks in AI systems; obligation to examine biases in training data