Article 10 is the EU AI Act's data governance clause for high-risk systems. Stripped of legalese, it asks a simple question: do you actually know and manage the data your model learned from?
What it expects
Appropriate data governance practices across your training, validation and testing sets: relevant and representative data, examination for bias, identification of gaps, and documentation of how the data was collected and prepared.
Relevance, representativeness and bias
Article 10 is specific about data quality. Your training, validation and testing sets should be relevant to the task and representative of the people and situations the system will affect. You are expected to examine them for bias, identify gaps, and take steps to address what you find.
In practice that means documenting who and what your data covers, where it is thin, and what you did about it. Honest, documented limitations are a strength in a review, not a weakness.
How to meet it
The practical path is provenance plus process: know where each dataset came from, document how it was labelled and reviewed, examine it for bias and gaps, and keep the evidence. Do that as you work and Article 10 stops being a scramble.
A lightweight governance routine
You do not need a heavyweight programme. A workable routine: for each dataset, write a short data sheet (source, coverage, known gaps, labelling and review method); capture lineage automatically as work happens; and review high-risk datasets for representativeness before they ship. That is enough to evidence Article 10 without stalling the model team.
Make it a by-product
Pathwize builds this documentation into how the work is done. Book a demo to see how it maps to Article 10 and Annex IV.