Article 10 - Data Governance (ART10)

Article 10 deals with the data and data governance practices required for EC AIA compliance. All activities related to data are detailed as part of this article. In this article, on the Seclea Platform there are seventeen defined categories with relevant checks.
Following is the article text with relevant category numbers (10.##) from the Seclea Platform.
High-risk AI systems which make use of techniques involving the training of models with data shall be developed on the basis of training, validation and testing data sets (10.01).
Training, validation and testing data sets shall be subject to appropriate data governance and management practices (10.02). Those practices shall concern in particular:
  1. 1.
    the relevant design choices (10.03)
  2. 2.
    data collection (10.04)
  3. 3.
    relevant data preparation processing operations, such as annotation (10.05), labelling (10.06), cleaning (10.07), enrichment (10.08) and aggregation (10.09)
  4. 4.
    the formulation of relevant assumptions, notably with respect to the information that the data are supposed to measure and represent (10.10, 10.11)
  5. 5.
    a prior assessment of the availability, quantity and suitability of the data sets that are needed (10.12, 10.13)
  6. 6.
    examination in view of possible biases (10.14)
  7. 7.
    the identification of any possible data gaps or shortcomings, and how those gaps and shortcomings can be addressed (10.15)
To the extent that it is strictly necessary for the purposes of ensuring bias monitoring, detection and correction in relation to the high-risk AI systems (10.16), the providers of such systems may process special categories of personal data (10.17) referred to in Article 9(1) of Regulation (EU) 2016/679, Article 10 of Directive (EU) 2016/680 and Article 10(1) of Regulation (EU) 2018/1725, subject to appropriate safeguards for the fundamental rights and freedoms of natural persons, including technical limitations on the re-use and use of state-of-the-art security and privacy-preserving measures, such as pseudonymisation, or encryption where anonymisation may significantly affect the purpose pursued.
Below is the list of controls/checks part of Article 10.