Article 10 of the AI Act, explained

Article 10 of the AI Act governs the data governance of high-risk AI systems. It therefore does not concern every AI system — that’s the first thing to clarify before doing any work.

What Article 10 requires

Three requirements recur for training, validation and test datasets.

Representative and relevant

Data must reflect the real-world context of use: target population, time period, geographic scope. A biased or outdated sample is not enough.

As error-free as possible

Duplicates, missing values, inconsistencies, outliers: quality is measured and documented, not assumed.

Traceable (provenance and governance)

Where the data comes from, under which legal basis, with which licences, and who is accountable. This is the most frequently missing link.

Who it applies to

Only systems classified as high-risk carry the obligation of a data dossier under Article 10. Many organisations overestimate their obligations: if your system is not high-risk, Article 10 does not apply — even though GDPR still might.

What you need to produce

The output: auditable documentation — datasheet, provenance register, quality and bias report, governance log — that an auditor can review.

Indicative guidance, not legal advice. The AI Act is evolving (Digital Omnibus); check the rules that apply to your case.