EU AI Act Compliance Guide

Article 10 requires that training datasets for high-risk AI systems meet standards of relevance, representativeness, and absence of errors. Providers must document the origin of each training dataset, the data collection methodology, and any pre-processing applied.

Synthetic datasets satisfy Article 10's provenance requirement when they are accompanied by a certification artifact documenting the generation algorithm, the synthetic sample size, and a cryptographic fingerprint of the output. This creates a verifiable record that the data was programmatically generated — not collected from real-world individuals.

Article 12 requires high-risk AI systems to automatically log events throughout their operational lifecycle. At the training data layer, this means retaining tamper-evident records of the dataset generation event — including the exact dataset bytes (via cryptographic fingerprint), the generation timestamp, and the authority that certified the artifact.

CertifiedData's Ed25519-signed certification artifacts are designed as Article 12 compliance records. Each artifact is appended to a public, append-only transparency log. The log is hash-chained so any retrospective modification of records would break the chain — making it tamper-evident by construction.

Article 19 requires providers of high-risk AI systems to retain documentation of training datasets, technical specifications, and conformity assessment results for a minimum of ten years following the system's placing on the market.

CertifiedData stores all certification artifacts indefinitely. Because each certificate is cryptographically bound to the exact dataset bytes via SHA-256 hash, retrieving the certificate ten years after issuance still provides verifiable evidence of what dataset was used and how it was generated — precisely the evidence Article 19 requires regulators to be able to audit.