AI Governance & Compliance

The world's first comprehensive AI law. Entered into force August 2024, with obligations phasing in through 2027. Mandates transparency, traceability, and human oversight for AI systems involved in decision-making.

• Article 13 — Technical documentation and traceability. Provenance logs every step from question to output as a reviewable execution plan
• Article 14 — Human oversight. The Receipt is designed for human review before any output enters a decision workflow
• Article 9 — Risk management and monitoring. Deterministic execution means the same query always produces the same plan — auditable and reproducible
• Article 50 — Transparency obligations. Every Provenance output explicitly documents that AI was used for intent parsing, while execution is deterministic

The General Data Protection Regulation governs how personal data is processed. When analytics queries touch personal data, GDPR requires explainability, documentation, and purpose limitation.

• Article 22 — Right to explanation for automated decisions. Provenance's Receipt shows exactly which data was queried, how it was joined, and what parameters drove the result
• Article 35 — Data Protection Impact Assessments. Full lineage and parameter logging provide the documentation DPIAs require
• Article 25 — Privacy by design. Provenance runs inside your data perimeter — queries execute on your infrastructure, not ours
• Articles 13-14 — Transparency. Every output includes the complete execution path, making it clear how personal data was processed

The international standard for AI management systems. Requires structured documentation, risk treatment, and accountability throughout the AI lifecycle.

• AI risk assessment — Deterministic execution eliminates the "black box" risk class. The plan is inspectable before it runs
• Lifecycle documentation — Every query generates a persistent, exportable artifact (Receipt) covering inputs, plan, parameters, and outputs
• Continuous monitoring — Reproducible reruns let you verify that outputs remain consistent as underlying data changes
• Accountability — The Receipt creates a chain of evidence from the person who asked the question to the data that answered it

The NIST AI Risk Management Framework provides voluntary guidance for managing AI risks. Increasingly referenced by US and international regulators as a baseline for trustworthy AI systems.

• Govern — Provenance embeds governance into the analytics workflow itself, not as an external review layer
• Map — Dataset lineage and parameter capture map exactly which data sources contributed to each output
• Measure — Deterministic execution creates a stable baseline. Re-run any query to verify consistency
• Manage — The exportable Receipt gives risk and compliance teams a concrete artifact to review, approve, or escalate