Contributors: (ordered alphabetically) Arthit Suriyawongkul (ADAPT Centre, Trinity College Dublin), Beatriz Esteves (IDLab, IMEC, Ghent University), Delaram Golpayegani (ADAPT Centre, Trinity College Dublin), Georg P. Krog (Signatu AS), Harshvardhan J. Pandit (AI Accountability Lab (AIAL), Trinity College Dublin). NOTE: The affiliations are informative, do not represent formal endorsements, and may be outdated as this list is generated automatically from existing data.

Abstract

The EU-AIAct extension extends the Data Privacy Vocabulary (DPV) Specification to provide concepts such as systems, purposes, risks, roles, documentation, and assessments based on the Artificial Intelligence Act (AI Act). The canonical URL for EU-AIAct extension is https://w3id.org/dpv/legal/eu/aiact, the namespace for terms is https://w3id.org/dpv/legal/eu/aiact#, the suggested prefix is eu-aiact, and this document along with source and releases are available at https://github.com/w3c/dpv.

The concept AISystem represents AI systems as defined in the AI Act.

eu-aiact:AISystem: A machine-based system designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. go to full definition
- eu-aiact:BiometricCategorisationSystem: An AI system for the purpose of assigning natural persons to specific categories on the basis of their biometric data, unless it is ancillary to another commercial service and strictly necessary for objective technical reasons go to full definition
- eu-aiact:EmotionRecognitionSystem: An AI system for the purpose of identifying or inferring emotions or intentions of natural persons on the basis of their biometric data. go to full definition
- eu-aiact:GPAISystem: An AI system which is based on a general-purpose AI model and which has the capability to serve a variety of purposes, both for direct use as well as for integration in other AI systems go to full definition
- eu-aiact:RemoteBiometricIdentificationSystem: An AI system for the purpose of identifying natural persons, without their active involvement, typically at a distance through the comparison of a person’s biometric data with the biometric data contained in a reference database. go to full definition
  - eu-aiact:PostRemoteBiometricIdentificationSystem: A remote biometric identification system other than a real-time remote biometric identification system go to full definition
  - eu-aiact:RealtimeRemoteBiometricIdentificationSystem: A remote biometric identification system, whereby the capturing of biometric data, the comparison and the identification all occur without a significant delay, comprising not only instant identification, but also limited short delays in order to avoid circumvention go to full definition
eu-aiact:GPAIModel: An AI model, including where such an AI model is trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications, except AI models that are used for research, development or prototyping activities before they are placed on the market go to full definition
eu-aiact:SafetyComponent: A component of a product or of an AI system which fulfils a safety function for that product or AI system, or the failure or malfunctioning of which endangers the health and safety of persons or property go to full definition

These concepts represent the purposes and capabilities defined within the AI Act. The use of 'capability' here refers to the capability of the technology to produce, perform, or achieve something, which is expressed in the [TECH] extension as tech:Capability and extended in the [AI] extension as ai:Capability.

eu-aiact:BiometricCategorisation: Capability where assigning natural persons to specific categories happens on the basis of their biometric data unless ancillary to another commercial service and strictly necessary for objective technical reasons go to full definition
eu-aiact:BiometricIdentification: Capability where the automated recognition of physical, physiological, behavioural, and psychological human features are used for the purpose of establishing the identity of a natural person by comparing biometric data of that individual to to biometric data of individuals stored in a database go to full definition
eu-aiact:BiometricVerification: The automated, one-to-one verification, including authentication, of the identity of natural persons by comparing their biometric data to previously provided biometric data go to full definition
eu-aiact:DeepFakeGeneration: Capability to generate or manipulate image, audio or video content that resembles existing persons, objects, places, entities or events and would falsely appear to a person to be authentic or truthful;l go to full definition
eu-aiact:EmotionRecognition: Capability of a technology to identify or infer emotions or intentions of natural persons (on the basis of their biometric data) go to full definition
eu-aiact:HighImpactCapabilityGPAIModel: ‘High-impact Capabilities’ in general purpose AI models means capabilities that match or exceed the capabilities recorded in the most advanced general purpose AI models go to full definition

The AI Act has a specific definition of risk as "combination of the probability of an occurrence of harm and the severity of that harm", which is represented using the concept Risk within this extension. This definition is a more specific form of dpv:Risk , and hence the existing relations can be used to describe its severity and likelihood.

eu-aiact:Risk: The combination of the probability of an occurrence of harm and the severity of that harm go to full definition
- eu-aiact:SystemicRisk: Q risk that is specific to the high-impact capabilities of general-purpose AI models, having a significant impact on the Union market due to their reach, or due to actual or reasonably foreseeable negative effects on public health, safety, public security, fundamental rights, or the society as a whole, that can be propagated at scale across the value chain go to full definition
eu-aiact:RiskManagementSystem: A risk management system is a continuous iterative process planned and run throughout the entire lifecycle of a high-risk AI system, requiring regular systematic review and updating go to full definition
eu-aiact:SeriousIncident: an incident or malfunctioning of an AI system that directly or indirectly leads to any of the following: (a) the death of a person, or serious harm to a person’s health; (b) a serious and irreversible disruption of the management or operation of critical infrastructure; (c) the infringement of obligations under Union law intended to protect fundamental rights; (d) serious harm to property or the environment; go to full definition

The interpretation of the AI Act uses terminology referring to Risk Levels which determine the level of obligations under the Act. To represent these, the concept RiskLevel is defined and instantiated to represent the commonly used concepts for representing prohibited, high-risk, transparency required, and minimal risk levels. The taxonomy also contains two additional concepts to represent not-prohibited and not-high-risk to support documenting outcomes of assessments that test prohibited and high-risk categorisations respectively.

eu-aiact:RiskLevelPermitted: Concept representing "AI practices" are permitted i.e. not prohibited under the AI Act go to full definition
- eu-aiact:RiskLevelHigh: Risk Level categorising an AI system as "high-risk" as defined in the AI Act go to full definition
  - eu-aiact:RiskLevelHighAnnexI: Risk Level categorising an AI system as "high-risk" as defined in the AI Act Annex I go to full definition
  - eu-aiact:RiskLevelHighAnnexIII: Risk Level categorising an AI system as "high-risk" as defined in the AI Act Annex III go to full definition
- eu-aiact:RiskLevelNotHigh: Risk Level categorising an AI system as not being "high-risk" as defined in the AI Act go to full definition
  - eu-aiact:RiskLevelMinimal: Risk Level categorising an AI system as not being prohibited or high-risk or transparency required as defined in the AI Act go to full definition
  - eu-aiact:RiskLevelTransparencyRequired: Risk Level categorising an AI system as not high-risk but where transparency is require as defined in the AI Act go to full definition
eu-aiact:RiskLevelProhibited: Risk Level prohibiting "AI practices" as defined in the AI Act go to full definition

Example 1: Representing the Risk Level as per AI Act

The example shows how the risk level for the AI Act can be associated with a process or with a specific AI system.

# method 1: Process/Services
ex:SomeService a dpv:Process ;
  dpv:hasPurpose ex:SomePurpose ; # from DPV purpose taxonomy
  ai:hasTechnique ex:SomeTechnique ; # from AI technique taxonomy
  dpv:hasRiskLevel eu-aiact:RiskLevelHighAnnexIII .

ex:SomeSystem a eu-aiact:AISystem ;
  dpv:hasRiskLevel eu-aiact:RiskLevelHighAnnexIII .
ex:SomeProcess a dpv:Process ;
  ai:hasAISystem ex:SomeSystem . # uses high-risk AI

Note: Scope vs Risk Level

The AI Act defines different categories of data as used to develop and deploy AI systems, such as TrainingData and TestingData. It also uses BiometricData which is a special category of personal data under [GDPR].

eu-aiact:BiometricData: Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, such as facial images or dactyloscopic data go to full definition
eu-aiact:TestingData: Data used for providing an independent evaluation of the AI system in order to confirm the expected performance of that system before its placing on the market or putting into service go to full definition
eu-aiact:TrainingData: Data used for training an AI system through fitting its learnable parameters go to full definition
eu-aiact:ValidationData: Data used for providing an evaluation of the trained AI system and for tuning its non-learnable parameters and its learning process in order, inter alia, to prevent underfitting or overfitting go to full definition

AI Roles describe the categorisation of entities based on the role they take in developing, providing, deploying, or using an AI system as defined within the [AIAct].

eu-aiact:AIOffice: the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in the AI Act to the AI Office shall be construed as references to the Commission go to full definition
eu-aiact:AIOperator: A provider, product manufacturer, deployer, authorised representative, importer or distributor go to full definition
- eu-aiact:AIDeployer: A natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity go to full definition
- eu-aiact:AIDistributor: A natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the Union market go to full definition
- eu-aiact:AIImporter: A natural or legal person located or established in the Union that places on the market an AI system that bears the name or trademark of a natural or legal person established in a third country go to full definition
- eu-aiact:AIProductManufacturer: Entity that manufactures an AI Product go to full definition
- eu-aiact:AIProvider: A natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge go to full definition
  - eu-aiact:DownstreamAIProvider: A provider of an AI system, including a general-purpose AI system, which integrates an AI model, regardless of whether the AI model is provided by themselves and vertically integrated or provided by another entity based on contractual relations. go to full definition
- eu-aiact:AuthorisedRepresentative: A natural or legal person located or established in the Union who has received and accepted a written mandate from a provider of an AI system or a general-purpose AI model to, respectively, perform and carry out on its behalf the obligations and procedures established by the AI Act go to full definition
eu-aiact:ConformityAssessmentBody: A body that performs third-party conformity assessment activities, including testing, certification and inspection go to full definition
- eu-aiact:NotifiedBody: A conformity assessment body notified in accordance with the AI Act and other relevant Union harmonisation legislation go to full definition
eu-aiact:NationalCompetentAuthority: A notifying authority or a market surveillance authority; as regards AI systems put into service or used by Union institutions, agencies, offices and bodies, references to national competent authorities or market surveillance authorities in the AI Act shall be construed as references to the European Data Protection Supervisor go to full definition
- eu-aiact:MarketSurveillanceAuthority: The national authority carrying out the activities and taking the measures pursuant to Regulation (EU) 2019/1020 go to full definition
- eu-aiact:NotifyingAuthority: The national authority responsible for setting up and carrying out the necessary procedures for the assessment, designation and notification of conformity assessment bodies and for their monitoring go to full definition

The documentation associated with AI, AI systems, and other processes defined within the AI Act. These are described using tech:Documentation from the [TECH] extension.

eu-aiact:CommonSpecification: A set of technical specifications, as defined in point 4 of Article 2 of Regulation (EU) No 1025/2012 providing means to comply with certain requirements established under the AI Act go to full definition
eu-aiact:EUDeclarationOfConformity: Document providing the EU declaration of conformity, as required by the AI Act, Article 47 go to full definition
eu-aiact:InstructionForUse: The information provided by the provider to inform the deployer of, in particular, an AI system’s intended purpose and proper use go to full definition
eu-aiact:PostMarketMonitoringPlan: Description of the post-market monitoring plan, as required by the AI Act go to full definition
eu-aiact:PostMarketMonitoringSystemDocumentation: Documentation of the post-market monitoring system in place, as required by the AI Act go to full definition
eu-aiact:RealWorldTestingPlan: A document that describes the objectives, methodology, geographical, population and temporal scope, monitoring, organisation and conduct of testing in real world conditions. go to full definition
eu-aiact:SandboxPlan: A document agreed between the participating provider and the competent authority describing the objectives, conditions, timeframe, methodology and requirements for the activities carried out within the sandbox go to full definition
eu-aiact:SystemArchitectureDescription: Documentation specifying the software architecture go to full definition
eu-aiact:TechnicalDocumentation: Annex IV technical documentation go to full definition
eu-aiact:TestLog: Log of the tests performed go to full definition
eu-aiact:TestReport: A document that includes a summary of test activities and their results go to full definition

Different statuses are described or implied within the [AIAct], such as MarketAvailabilityStatus regarding whether the AI system is available on the market, and ServiceSupplyStatus regarding whether the AI system has been supplied. These statuses reflect the requirement to describe the state of the AI system and its use, which has implications in terms of requirements and obligations.

eu-aiact:ChangeCategory: A categorisation of the change associated with the AI system go to full definition
- eu-aiact:NonpredeterminedChange: Change associated with the AI system that has not been pre-determined go to full definition
- eu-aiact:PredeterminedChange: Change associated with the AI system that has been pre-determined go to full definition
eu-aiact:ChangeDescription: A description of the change associated with the AI system go to full definition
eu-aiact:MarketAvailabilityStatus: Status associated with whether the AI system or GPAI Model is available for distribution or use on the market in the course of a commercial activity go to full definition
- eu-aiact:AvailableOnMarket: Status associated with supply of an AI system or a general purpose AI model for distribution or use on the market in the course of a commercial activity, whether in return for payment or free of charge go to full definition
  - eu-aiact:AvailableOnEUMarket: Status associated with supply of an AI system or a general purpose AI model for distribution or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge go to full definition
  - eu-aiact:AvailableOnNonEUMarket: Status associated with supply of an AI system or a general purpose AI model for distribution or use on any market except the Union market in the course of a commercial activity, whether in return for payment or free of charge go to full definition
- eu-aiact:NotAvailableOnMarket: not available on a market anywhere in EU or otherwise go to full definition
eu-aiact:MarketPlacementStatus: Status associated with whether the AI system or GPAI Model has been 'first' made available on the market go to full definition
- eu-aiact:PlacedOnMarket: Status indicating the first making available of an AI system or a general purpose AI model on the market go to full definition
  - eu-aiact:PlacedOnEUMarket: Status indicating the first making available of an AI system or a general purpose AI model on the Union market go to full definition
eu-aiact:ServiceSupplyStatus: Status associated with whether the AI system has been supplied for use or put in to service or been recalled or withdrawn go to full definition
- eu-aiact:NotPutIntoService: Status associated with an AI system that has not been put into service go to full definition
- eu-aiact:PutIntoService: Status associated with the supply of an AI system for first use directly to the deployer or for own use for its intended purpose go to full definition
  - eu-aiact:PutIntoServiceInEU: Status associated with the supply of an AI system for first use directly to the deployer or for own use in the Union for its intended purpose go to full definition
- eu-aiact:RecalledFromService: An AI system that is returned to the provider or taken out of service or use go to full definition
- eu-aiact:WithdrawnFromService: An AI system that is prevented to be made available in the supply chain go to full definition

Compliance with requirements of the [AIAct], e.g affixing CEMarking or implementing a PostMarketMonitoringSystem, requires various types of assessments. These are described using [DPV] concepts such as dpv:CertificationSeal and dpv:ImpactAssessment.

eu-aiact:AIRegulatorySandbox: A controlled framework set up by a competent authority which offers providers or prospective providers of AI systems the possibility to develop, train, validate and test, where appropriate in real-world conditions, an innovative AI system, pursuant to a sandbox plan for a limited time under regulatory supervision go to full definition
eu-aiact:AISystemPerformance: The ability of an AI system to achieve its intended purpose go to full definition
eu-aiact:CEMarking: A marking by which a provider indicates that an AI system is in conformity with the requirements set out in Chapter III, Section 2 and other applicable Union harmonisation legislation providing for its affixing go to full definition
eu-aiact:ConformityAssessment: The process of demonstrating whether the requirements set out in Chapter III, Section 2 relating to a high-risk AI system have been fulfilled go to full definition
eu-aiact:FRIA: An assessment undertaken to evaluate how the AI use of an AI system might impact fundamental rights go to full definition
eu-aiact:HighRiskAIAssessment: An assessment undertaken to determine whether the AI system is classified as high-risk under the AI Act go to full definition
eu-aiact:InformedConsent: Informed consent means a (real world test) subject’s freely given, specific, unambiguous and voluntary expression of his or her willingness to participate in a particular testing in real world conditions, after having been informed of all aspects of the testing that are relevant to the subject’s decision to participate go to full definition
eu-aiact:PostMarketMonitoringSystem: All activities carried out by providers of AI systems to collect and review experience gained from the use of AI systems they place on the market or put into service for the purpose of identifying any need to immediately apply any necessary corrective or preventive actions go to full definition
eu-aiact:RealWorldTestSubject: A natural person who participates in testing in real world conditions go to full definition
eu-aiact:TestingRealWorldConditions: The temporary testing of an AI system for its intended purpose in real-world conditions outside a laboratory or otherwise simulated environment, with a view to gathering reliable and robust data and to assessing and verifying the conformity of the AI system with the requirements of the AI Act and it does not qualify as placing the AI system on the market or putting it into service within the meaning of the AI Act, provided that all the conditions laid down in Article 57 or 60 are fulfilled go to full definition

The concepts in this section reflect the status of processing operations being in compliance with AI Act, by extending the ComplianceStatus from DPV for AI Act. It does not define the requirements for compliance itself. To indicate these, the relation dpv:hasLawfulness can be used.

Example 2: Indicating status of AI Act lawfulness

This example shows the use of EU-AIAct to indicate the state of AIAct lawfulness associated with two processes. The first is asserted to be compliant, while the compliance status for the second is unknown at the moment. Both processes assert the applicability of AI Act for brevity.

ex:PDH1 a dpv:Process ;
  dpv:hasApplicableLaw legal-eu:AIAct ;
  dpv:hasLawfulness eu-aiact:AIActCompliant .

ex:PDH3 a dpv:Process ;
  dpv:hasApplicableLaw legal-eu:AIAct ;
  dpv:hasLawfulness eu-aiact:AIActComplianceUnknown .

eu-aiact:AIActLawfulness: Status or state associated with being lawful or legally compliant regarding AI Act go to full definition
- eu-aiact:AIActComplianceUnknown: State where lawfulness or compliance with AI Act is unknown go to full definition
- eu-aiact:AIActCompliant: State of being lawful or legally compliant for AI Act go to full definition
- eu-aiact:AIActNonCompliant: State of being unlawful or legally non-compliant for AI Act go to full definition

The [AIAct] implicitly refers to various sectors, such as when stating the high-risk uses of AI systems in Annex III. To enable referring to such implied sectors, this extension provides an ad-hoc taxonomy. This taxonomy may change in the future as sectors are also an important concept in other laws, such as [EU-NIS2]

eu-aiact:AsylumSector: Sector related to asylum management go to full definition
eu-aiact:BorderControlSector: Sector related to border control management go to full definition
eu-aiact:CriticalInfrastructureSector: Sector related to provision and maintenance of critical services go to full definition
eu-aiact:DemocraticProcessSector: Sector related to administration of democratic processes go to full definition
eu-aiact:EducationSector: Sector related to education and vocational training at any level and for any profession go to full definition
eu-aiact:EmploymentSector: Sector related to employment including workforce management and self-employment go to full definition
eu-aiact:JusticeSector: Sector related to administration of justice go to full definition
eu-aiact:LawEnforcementSector: Sector related to law enforcement go to full definition
eu-aiact:MigrationSector: Sector related to migration management go to full definition
eu-aiact:PrivateSector: Sector comprising of entities that are privately owned go to full definition
eu-aiact:PublicSector: Sector comprising of entities that are publicly owned e.g. by the government go to full definition

These concepts currently do not fit within the other stated categories, and are pooled together under a 'misc.' label while the vocabulary is being further developed.

eu-aiact:AILiteracy: Skills, knowledge and understanding that allow providers, deployers and affected persons, taking into account their respective rights and obligations in the context of this Regulation, to make an informed deployment of AI systems, as well as to gain awareness about the opportunities and risks of AI and possible harm it can cause go to full definition
eu-aiact:IntendedPurpose: The use for which an AI system is intended by the provider, including the specific context and conditions of use, as specified in the information supplied by the provider in the instructions for use, promotional or sales materials and statements, as well as in the technical documentation go to full definition
eu-aiact:PubliclyAccessibleSpace: Any publicly or privately owned physical place accessible to an undetermined number of natural persons, regardless of whether certain conditions for access may apply, and regardless of the potential capacity restrictions go to full definition
eu-aiact:ReasonablyForeseeableMisuse: The use of an AI system in a way that is not in accordance with its intended purpose, but which may result from reasonably foreseeable human behaviour or interaction with other systems, including other AI systems go to full definition
eu-aiact:SubstantialModification: A change to an AI system after its placing on the market or putting into service which is not foreseen or planned in the initial conformity assessment carried out by the provider and as a result of which the compliance of the AI system with the requirements set out in Chapter III, Section 2 is affected or results in a modification to the intended purpose for which the AI system has been assessed go to full definition

Term	AIActComplianceUnknown	Prefix	eu-aiact
Label	AI Act Compliance Unknown
IRI	https://w3id.org/dpv/legal/eu/aiact#AIActComplianceUnknown
Type	rdfs:Class, skos:Concept, dpv:Lawfulness
Broader/Parent types	eu-aiact:AIActLawfulness → dpv:Lawfulness → dpv:ComplianceStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasComplianceStatus, dpv:hasContext, dpv:hasLawfulness, dpv:hasStatus
Definition	State where lawfulness or compliance with AI Act is unknown
Date Created	2024-07-21
Contributors	Beatriz Esteves, Harshvardhan J. Pandit
See More:	section COMPLIANCE in EU-AIACT

Term	AIActCompliant	Prefix	eu-aiact
Label	AI Act Compliant
IRI	https://w3id.org/dpv/legal/eu/aiact#AIActCompliant
Type	rdfs:Class, skos:Concept, dpv:Lawfulness
Broader/Parent types	eu-aiact:AIActLawfulness → dpv:Lawfulness → dpv:ComplianceStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasComplianceStatus, dpv:hasContext, dpv:hasLawfulness, dpv:hasStatus
Definition	State of being lawful or legally compliant for AI Act
Date Created	2024-07-21
Contributors	Beatriz Esteves, Harshvardhan J. Pandit
See More:	section COMPLIANCE in EU-AIACT

Term	AIActLawfulness	Prefix	eu-aiact
Label	AI Act Lawfulness
IRI	https://w3id.org/dpv/legal/eu/aiact#AIActLawfulness
Type	rdfs:Class, skos:Concept, dpv:Lawfulness
Broader/Parent types	dpv:Lawfulness → dpv:ComplianceStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasComplianceStatus, dpv:hasContext, dpv:hasLawfulness, dpv:hasStatus
Definition	Status or state associated with being lawful or legally compliant regarding AI Act
Date Created	2024-07-21
Contributors	Beatriz Esteves, Harshvardhan J. Pandit
See More:	section COMPLIANCE in EU-AIACT

Term	AIActNonCompliant	Prefix	eu-aiact
Label	AI Act Non-compliant
IRI	https://w3id.org/dpv/legal/eu/aiact#AIActNonCompliant
Type	rdfs:Class, skos:Concept, dpv:Lawfulness
Broader/Parent types	eu-aiact:AIActLawfulness → dpv:Lawfulness → dpv:ComplianceStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasComplianceStatus, dpv:hasContext, dpv:hasLawfulness, dpv:hasStatus
Definition	State of being unlawful or legally non-compliant for AI Act
Date Created	2024-07-21
Contributors	Beatriz Esteves, Harshvardhan J. Pandit
See More:	section COMPLIANCE in EU-AIACT

Term	AIDeployer	Prefix	eu-aiact
Label	AI Deployer
IRI	https://w3id.org/dpv/legal/eu/aiact#AIDeployer
Type	rdfs:Class, skos:Concept
Broader/Parent types	eu-aiact:AIOperator → tech:Operator → tech:Actor → dpv:Entity
Broader/Parent types	tech:Deployer → tech:Actor → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor, tech:hasDeployer
Definition	A natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity
Source	AIA (Art. 3(4))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	AIDistributor	Prefix	eu-aiact
Label	AI Distributor
IRI	https://w3id.org/dpv/legal/eu/aiact#AIDistributor
Type	rdfs:Class, skos:Concept
Broader/Parent types	eu-aiact:AIOperator → tech:Operator → tech:Actor → dpv:Entity
Broader/Parent types	tech:Distributor → tech:Actor → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor
Definition	A natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the Union market
Source	AIA (Art. 3(7))
Date Created	2024-04-10
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	AIImporter	Prefix	eu-aiact
Label	AI Importer
IRI	https://w3id.org/dpv/legal/eu/aiact#AIImporter
Type	rdfs:Class, skos:Concept
Broader/Parent types	eu-aiact:AIOperator → tech:Operator → tech:Actor → dpv:Entity
Broader/Parent types	tech:Importer → tech:Actor → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor
Definition	A natural or legal person located or established in the Union that places on the market an AI system that bears the name or trademark of a natural or legal person established in a third country
Source	AIA (Art. 3(6))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	AILiteracy	Prefix	eu-aiact
Label	AI Literacy
IRI	https://w3id.org/dpv/legal/eu/aiact#AILiteracy
Type	rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types	dpv:AILiteracy → dpv:DigitalLiteracy → dpv:OrganisationalMeasure → dpv:TechnicalOrganisationalMeasure
Object of relation	dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition	Skills, knowledge and understanding that allow providers, deployers and affected persons, taking into account their respective rights and obligations in the context of this Regulation, to make an informed deployment of AI systems, as well as to gain awareness about the opportunities and risks of AI and possible harm it can cause
Source	AIA (Art. 3(56))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section MISC in EU-AIACT

Term	AIOffice	Prefix	eu-aiact
Label	Artificial Intelligence Office
IRI	https://w3id.org/dpv/legal/eu/aiact#AIOffice
Type	rdfs:Class, skos:Concept
Broader/Parent types	dpv:Authority → dpv:GovernmentalOrganisation → dpv:Organisation → dpv:LegalEntity → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasAuthority, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasParty, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf, eu-gdpr:hasEstablishment, eu-gdpr:hasMainEstablishment, eu-gdpr:isMainEstablishmentFor
Definition	the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in the AI Act to the AI Office shall be construed as references to the Commission
Source	AIA(Art. 3(47))
Date Created	2024-04-10
Date Modified	2027-07-30
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	AIOperator	Prefix	eu-aiact
Label	AI Operator
IRI	https://w3id.org/dpv/legal/eu/aiact#AIOperator
Type	rdfs:Class, skos:Concept
Broader/Parent types	tech:Operator → tech:Actor → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor
Definition	A provider, product manufacturer, deployer, authorised representative, importer or distributor
Source	AIA (Art. 3(8))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	AIProductManufacturer	Prefix	eu-aiact
Label	AI Product Manufacturer
IRI	https://w3id.org/dpv/legal/eu/aiact#AIProductManufacturer
Type	rdfs:Class, skos:Concept
Broader/Parent types	eu-aiact:AIOperator → tech:Operator → tech:Actor → dpv:Entity
Broader/Parent types	tech:Manufacturer → tech:Actor → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor, tech:hasManufacturer
Definition	Entity that manufactures an AI Product
Date Created	2024-04-10
Date Modified	2027-07-30
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	AIProvider	Prefix	eu-aiact
Label	AI Provider
IRI	https://w3id.org/dpv/legal/eu/aiact#AIProvider
Type	rdfs:Class, skos:Concept
Broader/Parent types	eu-aiact:AIOperator → tech:Operator → tech:Actor → dpv:Entity
Broader/Parent types	tech:Provider → tech:Actor → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor, tech:hasProvider
Definition	A natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge
Source	AIA (Art. 3(3))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	AIRegulatorySandbox	Prefix	eu-aiact
Label	AI Regulatory Sandbox
IRI	https://w3id.org/dpv/legal/eu/aiact#AIRegulatorySandbox
Type	rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types	dpv:RegulatorySandbox → dpv:Safeguard → dpv:OrganisationalMeasure → dpv:TechnicalOrganisationalMeasure
Object of relation	dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition	A controlled framework set up by a competent authority which offers providers or prospective providers of AI systems the possibility to develop, train, validate and test, where appropriate in real-world conditions, an innovative AI system, pursuant to a sandbox plan for a limited time under regulatory supervision
Source	AIA (Art. 3(55))
Date Created	2024-04-10
Date Modified	2024-07-30
Contributors	Delaram Golpayegani
See More:	section ASSESSMENT in EU-AIACT

Term	AISystem	Prefix	eu-aiact
Label	AI System
IRI	https://w3id.org/dpv/legal/eu/aiact#AISystem
Type	rdfs:Class, skos:Concept
Broader/Parent types	ai:AISystem → ai:AI → dpv:Technology
Broader/Parent types	ai:AISystem → tech:System → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, ai:hasAI, ai:hasAISystem, tech:hasSystem
Definition	A machine-based system designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.
Usage Note	Note All references to the AI Act referred to the provisional agreement published in Feb 2024
Source	AIA (Art. 3(1))
Date Created	2024-04-10
Contributors	Delaram Golpayegani
See More:	section SYSTEM in EU-AIACT

Term	AISystemPerformance	Prefix	eu-aiact
Label	AI System Performance
IRI	https://w3id.org/dpv/legal/eu/aiact#AISystemPerformance
Type	rdfs:Class, skos:Concept
Definition	The ability of an AI system to achieve its intended purpose
Source	AIA(Art. 3(18))
Date Created	2024-04-10
Contributors	Delaram Golpayegani
See More:	section ASSESSMENT in EU-AIACT

Term	AsylumSector	Prefix	eu-aiact
Label	Asylum Sector
IRI	https://w3id.org/dpv/legal/eu/aiact#AsylumSector
Type	rdfs:Class, skos:Concept, dpv:Sector
Broader/Parent types	dpv:Sector
Object of relation	dpv:hasSector
Definition	Sector related to asylum management
Source	Annex III, EU AI Act
Date Created	2024-12-01
Contributors	Delaram Golpayegani, Harshvardhan J. Pandit
See More:	section SECTOR in EU-AIACT

Term	AuthorisedRepresentative	Prefix	eu-aiact
Label	Authorised Representative
IRI	https://w3id.org/dpv/legal/eu/aiact#AuthorisedRepresentative
Type	rdfs:Class, skos:Concept
Broader/Parent types	eu-aiact:AIOperator → tech:Operator → tech:Actor → dpv:Entity
Broader/Parent types	dpv:Representative → dpv:LegalEntity → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasParty, dpv:hasPassiveEntity, dpv:hasRepresentative, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor, eu-gdpr:hasEstablishment, eu-gdpr:hasMainEstablishment, eu-gdpr:isMainEstablishmentFor
Definition	A natural or legal person located or established in the Union who has received and accepted a written mandate from a provider of an AI system or a general-purpose AI model to, respectively, perform and carry out on its behalf the obligations and procedures established by the AI Act
Source	AIA (Art. 3(5))
Date Created	2024-04-10
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	AvailableOnEUMarket	Prefix	eu-aiact
Label	Available on EU Market
IRI	https://w3id.org/dpv/legal/eu/aiact#AvailableOnEUMarket
Type	rdfs:Class, skos:Concept, eu-aiact:MarketAvailabilityStatus
Broader/Parent types	eu-aiact:AvailableOnMarket → eu-aiact:MarketAvailabilityStatus → tech:MarketAvailabilityStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasMarketAvailabilityStatus
Definition	Status associated with supply of an AI system or a general purpose AI model for distribution or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge
Source	AIA (Art. 3(10))
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	AvailableOnMarket	Prefix	eu-aiact
Label	Available on Market
IRI	https://w3id.org/dpv/legal/eu/aiact#AvailableOnMarket
Type	rdfs:Class, skos:Concept, eu-aiact:MarketAvailabilityStatus
Broader/Parent types	eu-aiact:MarketAvailabilityStatus → tech:MarketAvailabilityStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasMarketAvailabilityStatus
Definition	Status associated with supply of an AI system or a general purpose AI model for distribution or use on the market in the course of a commercial activity, whether in return for payment or free of charge
Source	AIA (Art. 3(10))
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	AvailableOnNonEUMarket	Prefix	eu-aiact
Label	Available on Non-EU Market
IRI	https://w3id.org/dpv/legal/eu/aiact#AvailableOnNonEUMarket
Type	rdfs:Class, skos:Concept, eu-aiact:MarketAvailabilityStatus
Broader/Parent types	eu-aiact:AvailableOnMarket → eu-aiact:MarketAvailabilityStatus → tech:MarketAvailabilityStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasMarketAvailabilityStatus
Definition	Status associated with supply of an AI system or a general purpose AI model for distribution or use on any market except the Union market in the course of a commercial activity, whether in return for payment or free of charge
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	BiometricCategorisation	Prefix	eu-aiact
Label	Biometric Categorisation
IRI	https://w3id.org/dpv/legal/eu/aiact#BiometricCategorisation
Type	rdfs:Class, skos:Concept, tech:Capability
Broader/Parent types	ai:BiometricCategorisation → ai:BiometricCapability → ai:HumanOrientedCapability → ai:Capability → ai:AI → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, ai:hasAI, ai:hasCapability
Definition	Capability where assigning natural persons to specific categories happens on the basis of their biometric data unless ancillary to another commercial service and strictly necessary for objective technical reasons
Source	AIA Art. 3(40)
Related	pd:Biometric
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section CAPABILITY in EU-AIACT

Term	BiometricCategorisationSystem	Prefix	eu-aiact
Label	Biometric Categorisation System
IRI	https://w3id.org/dpv/legal/eu/aiact#BiometricCategorisationSystem
Type	rdfs:Class, skos:Concept, eu-aiact:AISystem
Broader/Parent types	eu-aiact:AISystem → ai:AISystem → ai:AI → dpv:Technology
Broader/Parent types	eu-aiact:AISystem → ai:AISystem → tech:System → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, ai:hasAI, ai:hasAISystem, tech:hasSystem
Definition	An AI system for the purpose of assigning natural persons to specific categories on the basis of their biometric data, unless it is ancillary to another commercial service and strictly necessary for objective technical reasons
Source	AIA(Art. 3(40))
Related	pd:Biometric
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section SYSTEM in EU-AIACT

Term	BiometricData	Prefix	eu-aiact
Label	Biometric Data
IRI	https://w3id.org/dpv/legal/eu/aiact#BiometricData
Type	rdfs:Class, skos:Concept, dpv:PersonalData
Broader/Parent types	pd:Biometric → dpv:SpecialCategoryPersonalData → dpv:SensitivePersonalData → dpv:PersonalData → dpv:Data
Broader/Parent types	pd:Biometric → dpv:SpecialCategoryPersonalData → dpv:SensitivePersonalData → dpv:SensitiveData → dpv:Data
Broader/Parent types	pd:Biometric → pd:Identifying → pd:External → dpv:PersonalData → dpv:Data
Object of relation	dpv:hasData, dpv:hasPersonalData
Definition	Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, such as facial images or dactyloscopic data
Source	AIA(Art. 3(34))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section DATA in EU-AIACT

Term	BiometricIdentification	Prefix	eu-aiact
Label	Biometric Identification
IRI	https://w3id.org/dpv/legal/eu/aiact#BiometricIdentification
Type	rdfs:Class, skos:Concept, tech:Capability
Broader/Parent types	ai:BiometricIdentification → ai:BiometricCapability → ai:HumanOrientedCapability → ai:Capability → ai:AI → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, ai:hasAI, ai:hasCapability
Definition	Capability where the automated recognition of physical, physiological, behavioural, and psychological human features are used for the purpose of establishing the identity of a natural person by comparing biometric data of that individual to to biometric data of individuals stored in a database
Source	AIA Art. 3(35)
Related	pd:Biometric
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section CAPABILITY in EU-AIACT

Term	BiometricVerification	Prefix	eu-aiact
Label	Biometric Verification
IRI	https://w3id.org/dpv/legal/eu/aiact#BiometricVerification
Type	rdfs:Class, skos:Concept, tech:Capability
Broader/Parent types	dpv:IdentityVerification → dpv:Verification → dpv:EnforceSecurity → dpv:Purpose
Object of relation	dpv:hasPurpose
Definition	The automated, one-to-one verification, including authentication, of the identity of natural persons by comparing their biometric data to previously provided biometric data
Source	AIA Art.3 (36)
Related	pd:Biometric
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section CAPABILITY in EU-AIACT

Term	BorderControlSector	Prefix	eu-aiact
Label	Border Control Sector
IRI	https://w3id.org/dpv/legal/eu/aiact#BorderControlSector
Type	rdfs:Class, skos:Concept, dpv:Sector
Broader/Parent types	dpv:Sector
Object of relation	dpv:hasSector
Definition	Sector related to border control management
Source	Annex III, EU AI Act
Date Created	2024-12-01
Contributors	Delaram Golpayegani, Harshvardhan J. Pandit
See More:	section SECTOR in EU-AIACT

Term	CEMarking	Prefix	eu-aiact
Label	CE Marking
IRI	https://w3id.org/dpv/legal/eu/aiact#CEMarking
Type	rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types	dpv:CertificationSeal → dpv:OrganisationalMeasure → dpv:TechnicalOrganisationalMeasure
Object of relation	dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition	A marking by which a provider indicates that an AI system is in conformity with the requirements set out in Chapter III, Section 2 and other applicable Union harmonisation legislation providing for its affixing
Source	AIA(Art. 3(24))
Date Created	2024-04-10
Date Modified	2024-07-30
Contributors	Delaram Golpayegani
See More:	section ASSESSMENT in EU-AIACT

Term	ChangeCategory	Prefix	eu-aiact
Label	Change Category
IRI	https://w3id.org/dpv/legal/eu/aiact#ChangeCategory
Type	rdfs:Class, skos:Concept
Broader/Parent types	dpv:Context
Object of relation	dpv:hasContext, eu-aiact:hasChangeCategory
Definition	A categorisation of the change associated with the AI system
Date Created	2024-12-01
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	ChangeDescription	Prefix	eu-aiact
Label	Change Description
IRI	https://w3id.org/dpv/legal/eu/aiact#ChangeDescription
Type	rdfs:Class, skos:Concept
Broader/Parent types	dpv:Context
Object of relation	dpv:hasContext, eu-aiact:hasChangeDescription
Definition	A description of the change associated with the AI system
Date Created	2024-12-01
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	CommonSpecification	Prefix	eu-aiact
Label	Common Specification
IRI	https://w3id.org/dpv/legal/eu/aiact#CommonSpecification
Type	rdfs:Class, skos:Concept, tech:Documentation
Broader/Parent types	tech:Specification → tech:Documentation
Object of relation	tech:hasDocumentation
Definition	A set of technical specifications, as defined in point 4 of Article 2 of Regulation (EU) No 1025/2012 providing means to comply with certain requirements established under the AI Act
Source	AIA Art.3-28
Date Created	2024-04-10
Date Modified	2024-12-17
Contributors	Delaram Golpayegani
See More:	section DOCS in EU-AIACT

Term	ConformityAssessment	Prefix	eu-aiact
Label	Conformity Assessment
IRI	https://w3id.org/dpv/legal/eu/aiact#ConformityAssessment
Type	rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types	dpv:Assessment → dpv:OrganisationalMeasure → dpv:TechnicalOrganisationalMeasure
Object of relation	dpv:hasAssessment, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition	The process of demonstrating whether the requirements set out in Chapter III, Section 2 relating to a high-risk AI system have been fulfilled
Source	AIA(Art. 3(20))
Date Created	2024-04-10
Date Modified	2024-07-30
Contributors	Delaram Golpayegani
See More:	section ASSESSMENT in EU-AIACT

Term	ConformityAssessmentBody	Prefix	eu-aiact
Label	Conformity Assessment Body
IRI	https://w3id.org/dpv/legal/eu/aiact#ConformityAssessmentBody
Type	rdfs:Class, skos:Concept
Broader/Parent types	tech:Auditor → tech:Partner → tech:Actor → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor, tech:hasAuditor, tech:hasPartner
Definition	A body that performs third-party conformity assessment activities, including testing, certification and inspection
Source	AIA(Art. 3(21))
Date Created	2024-04-10
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	CriticalInfrastructureSector	Prefix	eu-aiact
Label	Critical Infrastructure Sector
IRI	https://w3id.org/dpv/legal/eu/aiact#CriticalInfrastructureSector
Type	rdfs:Class, skos:Concept, dpv:Sector
Broader/Parent types	dpv:Sector
Object of relation	dpv:hasSector
Definition	Sector related to provision and maintenance of critical services
Source	Annex III, EU AI Act
Date Created	2024-12-01
Contributors	Delaram Golpayegani, Harshvardhan J. Pandit
See More:	section SECTOR in EU-AIACT

Term	DeepFakeGeneration	Prefix	eu-aiact
Label	Deep Fake Generation
IRI	https://w3id.org/dpv/legal/eu/aiact#DeepFakeGeneration
Type	rdfs:Class, skos:Concept, tech:Capability
Broader/Parent types	ai:BiometricIdentification → ai:BiometricCapability → ai:HumanOrientedCapability → ai:Capability → ai:AI → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, ai:hasAI, ai:hasCapability
Definition	Capability to generate or manipulate image, audio or video content that resembles existing persons, objects, places, entities or events and would falsely appear to a person to be authentic or truthful;l
Source	AIA Art. 3(60)
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section CAPABILITY in EU-AIACT

Term	DemocraticProcessSector	Prefix	eu-aiact
Label	Democratic Process Sector
IRI	https://w3id.org/dpv/legal/eu/aiact#DemocraticProcessSector
Type	rdfs:Class, skos:Concept, dpv:Sector
Broader/Parent types	dpv:Sector
Object of relation	dpv:hasSector
Definition	Sector related to administration of democratic processes
Source	Annex III, EU AI Act
Date Created	2024-12-01
Contributors	Delaram Golpayegani, Harshvardhan J. Pandit
See More:	section SECTOR in EU-AIACT

Term	DownstreamAIProvider	Prefix	eu-aiact
Label	Downstream AI Provider
IRI	https://w3id.org/dpv/legal/eu/aiact#DownstreamAIProvider
Type	rdfs:Class, skos:Concept
Broader/Parent types	eu-aiact:AIProvider → eu-aiact:AIOperator → tech:Operator → tech:Actor → dpv:Entity
Broader/Parent types	eu-aiact:AIProvider → tech:Provider → tech:Actor → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor, tech:hasProvider
Definition	A provider of an AI system, including a general-purpose AI system, which integrates an AI model, regardless of whether the AI model is provided by themselves and vertically integrated or provided by another entity based on contractual relations.
Source	AIA(Art. 3(68))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	EducationSector	Prefix	eu-aiact
Label	Education Sector
IRI	https://w3id.org/dpv/legal/eu/aiact#EducationSector
Type	rdfs:Class, skos:Concept, dpv:Sector
Broader/Parent types	dpv:Sector
Object of relation	dpv:hasSector
Definition	Sector related to education and vocational training at any level and for any profession
Source	Annex III, EU AI Act
Date Created	2024-12-01
Contributors	Delaram Golpayegani, Harshvardhan J. Pandit
See More:	section SECTOR in EU-AIACT

Term	EmotionRecognition	Prefix	eu-aiact
Label	Emotion Recognition
IRI	https://w3id.org/dpv/legal/eu/aiact#EmotionRecognition
Type	rdfs:Class, skos:Concept, tech:Capability
Broader/Parent types	ai:EmotionRecognition → ai:HumanOrientedCapability → ai:Capability → ai:AI → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, ai:hasAI, ai:hasCapability
Definition	Capability of a technology to identify or infer emotions or intentions of natural persons (on the basis of their biometric data)
Source	AIA Art. 3(39)
Related	pd:Biometric
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section CAPABILITY in EU-AIACT

Term	EmotionRecognitionSystem	Prefix	eu-aiact
Label	Emotion Recognition System
IRI	https://w3id.org/dpv/legal/eu/aiact#EmotionRecognitionSystem
Type	rdfs:Class, skos:Concept, eu-aiact:AISystem
Broader/Parent types	eu-aiact:AISystem → ai:AISystem → ai:AI → dpv:Technology
Broader/Parent types	eu-aiact:AISystem → ai:AISystem → tech:System → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, ai:hasAI, ai:hasAISystem, tech:hasSystem
Definition	An AI system for the purpose of identifying or inferring emotions or intentions of natural persons on the basis of their biometric data.
Source	AIA(Art. 3(39))
Related	eu-aiact:EmotionRecognition, pd:Biometric
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section SYSTEM in EU-AIACT

Term	EmploymentSector	Prefix	eu-aiact
Label	Employment Sector
IRI	https://w3id.org/dpv/legal/eu/aiact#EmploymentSector
Type	rdfs:Class, skos:Concept, dpv:Sector
Broader/Parent types	dpv:Sector
Object of relation	dpv:hasSector
Definition	Sector related to employment including workforce management and self-employment
Source	Annex III, EU AI Act
Date Created	2024-12-01
Contributors	Delaram Golpayegani, Harshvardhan J. Pandit
See More:	section SECTOR in EU-AIACT

Term	EUDeclarationOfConformity	Prefix	eu-aiact
Label	EU Declaration Of Conformity
IRI	https://w3id.org/dpv/legal/eu/aiact#EUDeclarationOfConformity
Type	rdfs:Class, skos:Concept, tech:Documentation
Broader/Parent types	tech:Documentation
Object of relation	tech:hasDocumentation
Definition	Document providing the EU declaration of conformity, as required by the AI Act, Article 47
Source	AI Act Art.47
Date Created	2024-12-01
Contributors	Delaram Golpayegani
See More:	section DOCS in EU-AIACT

Term	FRIA	Prefix	eu-aiact
Label	Fundamental Rights Impact Assessment
IRI	https://w3id.org/dpv/legal/eu/aiact#FRIA
Type	rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types	dpv:Assessment → dpv:OrganisationalMeasure → dpv:TechnicalOrganisationalMeasure
Object of relation	dpv:hasAssessment, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition	An assessment undertaken to evaluate how the AI use of an AI system might impact fundamental rights
Source	AIA(Art. 27)
Date Created	2024-04-10
Date Modified	2024-07-30
Contributors	Delaram Golpayegani
See More:	section ASSESSMENT in EU-AIACT

Term	GPAIModel	Prefix	eu-aiact
Label	General Purpose AI Model
IRI	https://w3id.org/dpv/legal/eu/aiact#GPAIModel
Type	rdfs:Class, skos:Concept
Broader/Parent types	ai:Model → ai:AI → dpv:Technology
Broader/Parent types	ai:Model → tech:Model → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, ai:hasAI, ai:hasModel, tech:hasModel
Definition	An AI model, including where such an AI model is trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications, except AI models that are used for research, development or prototyping activities before they are placed on the market
Source	AIA(Art. 3(63))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section SYSTEM in EU-AIACT

Term	GPAISystem	Prefix	eu-aiact
Label	General Purpose AI System
IRI	https://w3id.org/dpv/legal/eu/aiact#GPAISystem
Type	rdfs:Class, skos:Concept
Broader/Parent types	eu-aiact:AISystem → ai:AISystem → ai:AI → dpv:Technology
Broader/Parent types	eu-aiact:AISystem → ai:AISystem → tech:System → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, ai:hasAI, ai:hasAISystem, tech:hasSystem
Definition	An AI system which is based on a general-purpose AI model and which has the capability to serve a variety of purposes, both for direct use as well as for integration in other AI systems
Source	AIA(Art.3 (66))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section SYSTEM in EU-AIACT

Term	HighImpactCapabilityGPAIModel	Prefix	eu-aiact
Label	High-Impact Capability in General Purpose AI Models
IRI	https://w3id.org/dpv/legal/eu/aiact#HighImpactCapabilityGPAIModel
Type	rdfs:Class, skos:Concept, tech:Capability
Broader/Parent types	tech:Capability
Object of relation	tech:hasCapability
Definition	‘High-impact Capabilities’ in general purpose AI models means capabilities that match or exceed the capabilities recorded in the most advanced general purpose AI models
Source	AIA Art. 3(64)
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section CAPABILITY in EU-AIACT

Term	HighRiskAIAssessment	Prefix	eu-aiact
Label	High Risk AI Assessment
IRI	https://w3id.org/dpv/legal/eu/aiact#HighRiskAIAssessment
Type	rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types	dpv:Assessment → dpv:OrganisationalMeasure → dpv:TechnicalOrganisationalMeasure
Object of relation	dpv:hasAssessment, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition	An assessment undertaken to determine whether the AI system is classified as high-risk under the AI Act
Source	AIA(Art. 6)
Date Created	2024-04-10
Date Modified	2024-07-30
Contributors	Delaram Golpayegani
See More:	section ASSESSMENT in EU-AIACT

Term	InformedConsent	Prefix	eu-aiact
Label	Informed Consent
IRI	https://w3id.org/dpv/legal/eu/aiact#InformedConsent
Type	rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types	dpv:InformedConsent → dpv:Consent → dpv:LegalBasis
Object of relation	dpv:hasLegalBasis
Definition	Informed consent means a (real world test) subject’s freely given, specific, unambiguous and voluntary expression of his or her willingness to participate in a particular testing in real world conditions, after having been informed of all aspects of the testing that are relevant to the subject’s decision to participate
Source	AIA (Art. 3(59))
Date Created	2024-04-10
Date Modified	2024-07-30
Contributors	Delaram Golpayegani
See More:	section ASSESSMENT in EU-AIACT

Term	InstructionForUse	Prefix	eu-aiact
Label	Instruction For Use
IRI	https://w3id.org/dpv/legal/eu/aiact#InstructionForUse
Type	rdfs:Class, skos:Concept, tech:Documentation
Broader/Parent types	tech:Instructions → tech:Documentation
Object of relation	tech:hasDocumentation
Definition	The information provided by the provider to inform the deployer of, in particular, an AI system’s intended purpose and proper use
Source	AIA(Art.3(15))
Date Created	2024-04-10
Date Modified	2025-07-31
Contributors	Delaram Golpayegani
See More:	section DOCS in EU-AIACT

Term	IntendedPurpose	Prefix	eu-aiact
Label	Intended Purpose
IRI	https://w3id.org/dpv/legal/eu/aiact#IntendedPurpose
Type	rdfs:Class, skos:Concept
Broader/Parent types	tech:IntendedUse
Object of relation	tech:hasIntendedUse
Definition	The use for which an AI system is intended by the provider, including the specific context and conditions of use, as specified in the information supplied by the provider in the instructions for use, promotional or sales materials and statements, as well as in the technical documentation
Source	AIA (Art. 3(12))
Date Created	2024-04-10
Contributors	Delaram Golpayegani
See More:	section MISC in EU-AIACT

Term	JusticeSector	Prefix	eu-aiact
Label	Justice Sector
IRI	https://w3id.org/dpv/legal/eu/aiact#JusticeSector
Type	rdfs:Class, skos:Concept, dpv:Sector
Broader/Parent types	dpv:Sector
Object of relation	dpv:hasSector
Definition	Sector related to administration of justice
Source	Annex III, EU AI Act
Date Created	2024-12-01
Contributors	Delaram Golpayegani, Harshvardhan J. Pandit
See More:	section SECTOR in EU-AIACT

Term	LawEnforcementSector	Prefix	eu-aiact
Label	Law Enforcement Sector
IRI	https://w3id.org/dpv/legal/eu/aiact#LawEnforcementSector
Type	rdfs:Class, skos:Concept, dpv:Sector
Broader/Parent types	dpv:Sector
Object of relation	dpv:hasSector
Definition	Sector related to law enforcement
Source	Annex III, EU AI Act
Date Created	2024-12-01
Contributors	Delaram Golpayegani, Harshvardhan J. Pandit
See More:	section SECTOR in EU-AIACT

Term	MarketAvailabilityStatus	Prefix	eu-aiact
Label	Market Availability Status
IRI	https://w3id.org/dpv/legal/eu/aiact#MarketAvailabilityStatus
Type	rdfs:Class, skos:Concept
Broader/Parent types	tech:MarketAvailabilityStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasMarketAvailabilityStatus
Definition	Status associated with whether the AI system or GPAI Model is available for distribution or use on the market in the course of a commercial activity
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	MarketPlacementStatus	Prefix	eu-aiact
Label	Market Placement Status
IRI	https://w3id.org/dpv/legal/eu/aiact#MarketPlacementStatus
Type	rdfs:Class, skos:Concept
Broader/Parent types	tech:MarketAvailabilityStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasMarketAvailabilityStatus
Definition	Status associated with whether the AI system or GPAI Model has been 'first' made available on the market
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	MarketSurveillanceAuthority	Prefix	eu-aiact
Label	Market Surveillance Authority
IRI	https://w3id.org/dpv/legal/eu/aiact#MarketSurveillanceAuthority
Type	rdfs:Class, skos:Concept
Broader/Parent types	eu-aiact:NationalCompetentAuthority → dpv:Authority → dpv:GovernmentalOrganisation → dpv:Organisation → dpv:LegalEntity → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasAuthority, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasParty, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf, eu-gdpr:hasEstablishment, eu-gdpr:hasMainEstablishment, eu-gdpr:isMainEstablishmentFor
Definition	The national authority carrying out the activities and taking the measures pursuant to Regulation (EU) 2019/1020
Source	AIA(Art. 3(26))
Date Created	2024-04-10
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	MigrationSector	Prefix	eu-aiact
Label	Migration Sector
IRI	https://w3id.org/dpv/legal/eu/aiact#MigrationSector
Type	rdfs:Class, skos:Concept, dpv:Sector
Broader/Parent types	dpv:Sector
Object of relation	dpv:hasSector
Definition	Sector related to migration management
Source	Annex III, EU AI Act
Date Created	2024-12-01
Contributors	Delaram Golpayegani, Harshvardhan J. Pandit
See More:	section SECTOR in EU-AIACT

Term	NationalCompetentAuthority	Prefix	eu-aiact
Label	National Competent Authority
IRI	https://w3id.org/dpv/legal/eu/aiact#NationalCompetentAuthority
Type	rdfs:Class, skos:Concept
Broader/Parent types	dpv:Authority → dpv:GovernmentalOrganisation → dpv:Organisation → dpv:LegalEntity → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasAuthority, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasParty, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf, eu-gdpr:hasEstablishment, eu-gdpr:hasMainEstablishment, eu-gdpr:isMainEstablishmentFor
Definition	A notifying authority or a market surveillance authority; as regards AI systems put into service or used by Union institutions, agencies, offices and bodies, references to national competent authorities or market surveillance authorities in the AI Act shall be construed as references to the European Data Protection Supervisor
Source	AIA(Art. 3(48))
Date Created	2024-04-10
Date Modified	2027-07-30
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	NonpredeterminedChange	Prefix	eu-aiact
Label	Non-Predetermined Change
IRI	https://w3id.org/dpv/legal/eu/aiact#NonpredeterminedChange
Type	rdfs:Class, skos:Concept, eu-aiact:ChangeCategory
Broader/Parent types	eu-aiact:ChangeCategory → dpv:Context
Object of relation	dpv:hasContext, eu-aiact:hasChangeCategory
Definition	Change associated with the AI system that has not been pre-determined
Usage Note	What is considered "pre-determined" is not defined with this concept or within the AI Act, therefore if there are specific interpretations of "pre-determined", such as within a jurisdiction, sector, or for a particular technology, then this concept should be extended accordingly
Date Created	2024-12-01
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	NotAvailableOnMarket	Prefix	eu-aiact
Label	Not Available on Market
IRI	https://w3id.org/dpv/legal/eu/aiact#NotAvailableOnMarket
Type	rdfs:Class, skos:Concept, eu-aiact:MarketAvailabilityStatus
Broader/Parent types	eu-aiact:MarketAvailabilityStatus → tech:MarketAvailabilityStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasMarketAvailabilityStatus
Definition	not available on a market anywhere in EU or otherwise
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	NotifiedBody	Prefix	eu-aiact
Label	Notified Body
IRI	https://w3id.org/dpv/legal/eu/aiact#NotifiedBody
Type	rdfs:Class, skos:Concept
Broader/Parent types	eu-aiact:ConformityAssessmentBody → tech:Auditor → tech:Partner → tech:Actor → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor, tech:hasAuditor, tech:hasPartner
Definition	A conformity assessment body notified in accordance with the AI Act and other relevant Union harmonisation legislation
Source	AIA(Art. 3(22))
Date Created	2024-04-10
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	NotifyingAuthority	Prefix	eu-aiact
Label	Notifying Authority
IRI	https://w3id.org/dpv/legal/eu/aiact#NotifyingAuthority
Type	rdfs:Class, skos:Concept
Broader/Parent types	eu-aiact:NationalCompetentAuthority → dpv:Authority → dpv:GovernmentalOrganisation → dpv:Organisation → dpv:LegalEntity → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasAuthority, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasParty, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf, eu-gdpr:hasEstablishment, eu-gdpr:hasMainEstablishment, eu-gdpr:isMainEstablishmentFor
Definition	The national authority responsible for setting up and carrying out the necessary procedures for the assessment, designation and notification of conformity assessment bodies and for their monitoring
Source	AIA(Art. 3(19))
Date Created	2024-04-10
Contributors	Delaram Golpayegani
See More:	section ROLES in EU-AIACT

Term	NotPutIntoService	Prefix	eu-aiact
Label	Not Put in to Service
IRI	https://w3id.org/dpv/legal/eu/aiact#NotPutIntoService
Type	rdfs:Class, skos:Concept, eu-aiact:ServiceSupplyStatus
Broader/Parent types	eu-aiact:ServiceSupplyStatus → tech:ProvisionStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasProvisionStatus
Definition	Status associated with an AI system that has not been put into service
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	PlacedOnEUMarket	Prefix	eu-aiact
Label	Placed on EU Market
IRI	https://w3id.org/dpv/legal/eu/aiact#PlacedOnEUMarket
Type	rdfs:Class, skos:Concept, eu-aiact:MarketPlacementStatus
Broader/Parent types	eu-aiact:PlacedOnMarket → eu-aiact:MarketPlacementStatus → tech:MarketAvailabilityStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasMarketAvailabilityStatus
Definition	Status indicating the first making available of an AI system or a general purpose AI model on the Union market
Source	AIA (Art. 3(9))
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	PlacedOnMarket	Prefix	eu-aiact
Label	Placed on Market
IRI	https://w3id.org/dpv/legal/eu/aiact#PlacedOnMarket
Type	rdfs:Class, skos:Concept, eu-aiact:MarketPlacementStatus
Broader/Parent types	eu-aiact:MarketPlacementStatus → tech:MarketAvailabilityStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasMarketAvailabilityStatus
Definition	Status indicating the first making available of an AI system or a general purpose AI model on the market
Source	AIA (Art. 3(9))
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	PostMarketMonitoringPlan	Prefix	eu-aiact
Label	Post-market Monitoring Plan
IRI	https://w3id.org/dpv/legal/eu/aiact#PostMarketMonitoringPlan
Type	rdfs:Class, skos:Concept, tech:Documentation
Broader/Parent types	tech:Plan → tech:Documentation
Object of relation	tech:hasDocumentation
Definition	Description of the post-market monitoring plan, as required by the AI Act
Source	AI Act Art.72
Date Created	2024-12-01
Date Modified	2024-12-17
Contributors	Delaram Golpayegani
See More:	section DOCS in EU-AIACT

Term	PostMarketMonitoringSystem	Prefix	eu-aiact
Label	Post-Market Monitoring System
IRI	https://w3id.org/dpv/legal/eu/aiact#PostMarketMonitoringSystem
Type	rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types	dpv:OrganisationalMeasure → dpv:TechnicalOrganisationalMeasure
Object of relation	dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition	All activities carried out by providers of AI systems to collect and review experience gained from the use of AI systems they place on the market or put into service for the purpose of identifying any need to immediately apply any necessary corrective or preventive actions
Source	AIA(Art. 3(25))
Date Created	2024-04-10
Contributors	Delaram Golpayegani
See More:	section ASSESSMENT in EU-AIACT

Term	PostMarketMonitoringSystemDocumentation	Prefix	eu-aiact
Label	Post-market Monitoring System Documentation
IRI	https://w3id.org/dpv/legal/eu/aiact#PostMarketMonitoringSystemDocumentation
Type	rdfs:Class, skos:Concept, tech:Documentation
Broader/Parent types	tech:Documentation
Object of relation	tech:hasDocumentation
Definition	Documentation of the post-market monitoring system in place, as required by the AI Act
Source	AI Act Art.72
Date Created	2024-12-01
Contributors	Delaram Golpayegani
See More:	section DOCS in EU-AIACT

Term	PostRemoteBiometricIdentificationSystem	Prefix	eu-aiact
Label	Post Remote Biometric Identification System
IRI	https://w3id.org/dpv/legal/eu/aiact#PostRemoteBiometricIdentificationSystem
Type	rdfs:Class, skos:Concept, eu-aiact:AISystem
Broader/Parent types	eu-aiact:RemoteBiometricIdentificationSystem → eu-aiact:AISystem → ai:AISystem → ai:AI → dpv:Technology
Broader/Parent types	eu-aiact:RemoteBiometricIdentificationSystem → eu-aiact:AISystem → ai:AISystem → tech:System → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, ai:hasAI, ai:hasAISystem, tech:hasSystem
Definition	A remote biometric identification system other than a real-time remote biometric identification system
Source	AIA(Art. 3(43))
Related	pd:Biometric
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section SYSTEM in EU-AIACT

Term	PredeterminedChange	Prefix	eu-aiact
Label	Predetermined Change
IRI	https://w3id.org/dpv/legal/eu/aiact#PredeterminedChange
Type	rdfs:Class, skos:Concept, eu-aiact:ChangeCategory
Broader/Parent types	eu-aiact:ChangeCategory → dpv:Context
Object of relation	dpv:hasContext, eu-aiact:hasChangeCategory
Definition	Change associated with the AI system that has been pre-determined
Usage Note	What is considered "pre-determined" is not defined with this concept or within the AI Act, therefore if there are specific interpretations of "pre-determined", such as within a jurisdiction, sector, or for a particular technology, then this concept should be extended accordingly
Date Created	2024-12-01
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	PrivateSector	Prefix	eu-aiact
Label	Private Sector
IRI	https://w3id.org/dpv/legal/eu/aiact#PrivateSector
Type	rdfs:Class, skos:Concept, dpv:Sector
Broader/Parent types	dpv:Sector
Object of relation	dpv:hasSector
Definition	Sector comprising of entities that are privately owned
Source	Annex III, EU AI Act
Date Created	2024-12-01
Contributors	Delaram Golpayegani, Harshvardhan J. Pandit
See More:	section SECTOR in EU-AIACT

Term	PubliclyAccessibleSpace	Prefix	eu-aiact
Label	Publicly Accessible Space
IRI	https://w3id.org/dpv/legal/eu/aiact#PubliclyAccessibleSpace
Type	rdfs:Class, skos:Concept, dpv:Location
Broader/Parent types	dpv:PublicLocation → dpv:LocalLocation → dpv:LocationLocality → dpv:Location
Subject of relation	loc:iso_alpha2, loc:iso_alpha3, loc:iso_numeric, loc:un_m49
Object of relation	dpv:hasJurisdiction, dpv:hasLocation, dpv:isOutsideOfLocation
Definition	Any publicly or privately owned physical place accessible to an undetermined number of natural persons, regardless of whether certain conditions for access may apply, and regardless of the potential capacity restrictions
Source	AIA(Art. 3(44))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section MISC in EU-AIACT

Term	PublicSector	Prefix	eu-aiact
Label	Public Sector
IRI	https://w3id.org/dpv/legal/eu/aiact#PublicSector
Type	rdfs:Class, skos:Concept, dpv:Sector
Broader/Parent types	dpv:Sector
Object of relation	dpv:hasSector
Definition	Sector comprising of entities that are publicly owned e.g. by the government
Source	Annex III, EU AI Act
Date Created	2024-12-01
Contributors	Delaram Golpayegani, Harshvardhan J. Pandit
See More:	section SECTOR in EU-AIACT

Term	PutIntoService	Prefix	eu-aiact
Label	Put in to Service
IRI	https://w3id.org/dpv/legal/eu/aiact#PutIntoService
Type	rdfs:Class, skos:Concept, eu-aiact:ServiceSupplyStatus
Broader/Parent types	eu-aiact:ServiceSupplyStatus → tech:ProvisionStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasProvisionStatus
Definition	Status associated with the supply of an AI system for first use directly to the deployer or for own use for its intended purpose
Source	AIA (Art. 3(11))
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	PutIntoServiceInEU	Prefix	eu-aiact
Label	Put in to Service In EU
IRI	https://w3id.org/dpv/legal/eu/aiact#PutIntoServiceInEU
Type	rdfs:Class, skos:Concept, eu-aiact:ServiceSupplyStatus
Broader/Parent types	eu-aiact:PutIntoService → eu-aiact:ServiceSupplyStatus → tech:ProvisionStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasProvisionStatus
Definition	Status associated with the supply of an AI system for first use directly to the deployer or for own use in the Union for its intended purpose
Source	AIA (Art. 3(11))
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	RealtimeRemoteBiometricIdentificationSystem	Prefix	eu-aiact
Label	Real-time Remote Biometric Identification System
IRI	https://w3id.org/dpv/legal/eu/aiact#RealtimeRemoteBiometricIdentificationSystem
Type	rdfs:Class, skos:Concept, eu-aiact:AISystem
Broader/Parent types	eu-aiact:RemoteBiometricIdentificationSystem → eu-aiact:AISystem → ai:AISystem → ai:AI → dpv:Technology
Broader/Parent types	eu-aiact:RemoteBiometricIdentificationSystem → eu-aiact:AISystem → ai:AISystem → tech:System → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, ai:hasAI, ai:hasAISystem, tech:hasSystem
Definition	A remote biometric identification system, whereby the capturing of biometric data, the comparison and the identification all occur without a significant delay, comprising not only instant identification, but also limited short delays in order to avoid circumvention
Source	AIA(Art. 3(42))
Related	pd:Biometric
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section SYSTEM in EU-AIACT

Term	RealWorldTestingPlan	Prefix	eu-aiact
Label	Real World Testing Plan
IRI	https://w3id.org/dpv/legal/eu/aiact#RealWorldTestingPlan
Type	rdfs:Class, skos:Concept, tech:Documentation
Broader/Parent types	tech:Plan → tech:Documentation
Object of relation	tech:hasDocumentation
Definition	A document that describes the objectives, methodology, geographical, population and temporal scope, monitoring, organisation and conduct of testing in real world conditions.
Source	AIA Art.3-53
Date Created	2024-04-10
Date Modified	2024-12-17
Contributors	Delaram Golpayegani
See More:	section DOCS in EU-AIACT

Term	RealWorldTestSubject	Prefix	eu-aiact
Label	Real World Test Subject
IRI	https://w3id.org/dpv/legal/eu/aiact#RealWorldTestSubject
Type	rdfs:Class, skos:Concept
Broader/Parent types	dpv:NaturalPerson → dpv:Entity
Object of relation	dpv:hasActiveEntity, dpv:hasEntity, dpv:hasNonInvolvedEntity, dpv:hasPassiveEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganisationalUnitOf, dpv:isRepresentativeFor
Definition	A natural person who participates in testing in real world conditions
Usage Note	Note: The term "Real World Test Subject" is defined as just "Subject" in the AI Act. We emphasise its distinction from other subjects, e.g. AI Subject, with this phrasing of the term.
Source	AIA (Art. 3(58))
Date Created	2024-04-10
Date Modified	2024-07-30
Contributors	Delaram Golpayegani
See More:	section ASSESSMENT in EU-AIACT

Term	ReasonablyForeseeableMisuse	Prefix	eu-aiact
Label	Reasonably Foreseeable Misuse
IRI	https://w3id.org/dpv/legal/eu/aiact#ReasonablyForeseeableMisuse
Type	rdfs:Class, skos:Concept, dpv:RiskConcept
Broader/Parent types	risk:Misuse → risk:UserRisks → risk:OrganisationalRiskConcept → dpv:RiskConcept
Object of relation	risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition	The use of an AI system in a way that is not in accordance with its intended purpose, but which may result from reasonably foreseeable human behaviour or interaction with other systems, including other AI systems
Usage Note	Misuse should be provided through the Risk extension, along with taxonomy e.g. Misuse -> Foreseeable -> Reasonably and NonReasonably Foreseeable; and Misuse -> Unforeseeable Misuse.
Source	AIA (Art. 3(13))
Date Created	2024-04-10
Date Modified	2025-06-19
Contributors	Arthit Suriyawongkul, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit
See More:	section MISC in EU-AIACT

Term	RecalledFromService	Prefix	eu-aiact
Label	Recalled from Service
IRI	https://w3id.org/dpv/legal/eu/aiact#RecalledFromService
Type	rdfs:Class, skos:Concept, eu-aiact:ServiceSupplyStatus
Broader/Parent types	eu-aiact:ServiceSupplyStatus → tech:ProvisionStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasProvisionStatus
Definition	An AI system that is returned to the provider or taken out of service or use
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	RemoteBiometricIdentificationSystem	Prefix	eu-aiact
Label	Remote Biometric Identification System
IRI	https://w3id.org/dpv/legal/eu/aiact#RemoteBiometricIdentificationSystem
Type	rdfs:Class, skos:Concept, eu-aiact:AISystem
Broader/Parent types	eu-aiact:AISystem → ai:AISystem → ai:AI → dpv:Technology
Broader/Parent types	eu-aiact:AISystem → ai:AISystem → tech:System → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, ai:hasAI, ai:hasAISystem, tech:hasSystem
Definition	An AI system for the purpose of identifying natural persons, without their active involvement, typically at a distance through the comparison of a person’s biometric data with the biometric data contained in a reference database.
Source	AIA(Art. 3(41))
Related	pd:Biometric
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section SYSTEM in EU-AIACT

Term	Risk	Prefix	eu-aiact
Label	Risk
IRI	https://w3id.org/dpv/legal/eu/aiact#Risk
Type	rdfs:Class, skos:Concept
Broader/Parent types	dpv:Risk → dpv:RiskConcept
Object of relation	dpv:hasRisk, dpv:isResidualRiskOf, dpv:mitigatesRisk, risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:refersToRisk, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition	The combination of the probability of an occurrence of harm and the severity of that harm
Source	AIA (Art. 3(2))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section RISK in EU-AIACT

Term	RiskLevel	Prefix	eu-aiact
Label	Risk Level
IRI	https://w3id.org/dpv/legal/eu/aiact#RiskLevel
Type	rdfs:Class, skos:Concept
Broader/Parent types	dpv:RiskLevel
Object of relation	dpv:hasRiskLevel
Definition	Enumeration of AI Act's risk-based categorisation which determines the prohibitions and obligations for AI systems
Source	AI Act
Date Created	2025-04-03
Contributors	Arthit Suriyawongkul, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit
See More:	section RISK-LEVELS in EU-AIACT

Term	RiskLevelHigh	Prefix	eu-aiact
Label	Risk Level - High
IRI	https://w3id.org/dpv/legal/eu/aiact#RiskLevelHigh
Type	rdfs:Class, skos:Concept, eu-aiact:RiskLevel
Broader/Parent types	eu-aiact:RiskLevelPermitted → eu-aiact:RiskLevel → dpv:RiskLevel
Object of relation	dpv:hasRiskLevel
Definition	Risk Level categorising an AI system as "high-risk" as defined in the AI Act
Source	AIA(Art.6)
Date Created	2025-04-03
Contributors	Arthit Suriyawongkul, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit
See More:	section RISK-LEVELS in EU-AIACT

Term	RiskLevelHighAnnexI	Prefix	eu-aiact
Label	Risk Level - High per Annex I
IRI	https://w3id.org/dpv/legal/eu/aiact#RiskLevelHighAnnexI
Type	rdfs:Class, skos:Concept, eu-aiact:RiskLevel
Broader/Parent types	eu-aiact:RiskLevelHigh → eu-aiact:RiskLevelPermitted → eu-aiact:RiskLevel → dpv:RiskLevel
Object of relation	dpv:hasRiskLevel
Definition	Risk Level categorising an AI system as "high-risk" as defined in the AI Act Annex I
Source	AIA(Anx.I)
Date Created	2025-04-03
Contributors	Arthit Suriyawongkul, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit
See More:	section RISK-LEVELS in EU-AIACT

Term	RiskLevelHighAnnexIII	Prefix	eu-aiact
Label	Risk Level - High per Annex III
IRI	https://w3id.org/dpv/legal/eu/aiact#RiskLevelHighAnnexIII
Type	rdfs:Class, skos:Concept, eu-aiact:RiskLevel
Broader/Parent types	eu-aiact:RiskLevelHigh → eu-aiact:RiskLevelPermitted → eu-aiact:RiskLevel → dpv:RiskLevel
Object of relation	dpv:hasRiskLevel
Definition	Risk Level categorising an AI system as "high-risk" as defined in the AI Act Annex III
Source	AIA(Anx.III)
Date Created	2025-04-03
Contributors	Arthit Suriyawongkul, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit
See More:	section RISK-LEVELS in EU-AIACT

Term	RiskLevelMinimal	Prefix	eu-aiact
Label	Risk Level - Minimal
IRI	https://w3id.org/dpv/legal/eu/aiact#RiskLevelMinimal
Type	rdfs:Class, skos:Concept, eu-aiact:RiskLevel
Broader/Parent types	eu-aiact:RiskLevelNotHigh → eu-aiact:RiskLevelPermitted → eu-aiact:RiskLevel → dpv:RiskLevel
Object of relation	dpv:hasRiskLevel
Definition	Risk Level categorising an AI system as not being prohibited or high-risk or transparency required as defined in the AI Act
Usage Note	The minimal risk level does not indicate there is no risk, but instead indicates that it is not sufficient to be regulated under the categorisations of the AI Act
Date Created	2025-04-03
Contributors	Arthit Suriyawongkul, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit
See More:	section RISK-LEVELS in EU-AIACT

Term	RiskLevelNotHigh	Prefix	eu-aiact
Label	Risk Level - Not High
IRI	https://w3id.org/dpv/legal/eu/aiact#RiskLevelNotHigh
Type	rdfs:Class, skos:Concept, eu-aiact:RiskLevel
Broader/Parent types	eu-aiact:RiskLevelPermitted → eu-aiact:RiskLevel → dpv:RiskLevel
Object of relation	dpv:hasRiskLevel
Definition	Risk Level categorising an AI system as not being "high-risk" as defined in the AI Act
Usage Note	The "not high" risk level is useful for indicating the outcomes of assessments determining whether something is high-risk
Date Created	2025-04-03
Contributors	Arthit Suriyawongkul, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit
See More:	section RISK-LEVELS in EU-AIACT

Term	RiskLevelPermitted	Prefix	eu-aiact
Label	Risk Level - Permitted
IRI	https://w3id.org/dpv/legal/eu/aiact#RiskLevelPermitted
Type	rdfs:Class, skos:Concept, eu-aiact:RiskLevel
Broader/Parent types	eu-aiact:RiskLevel → dpv:RiskLevel
Object of relation	dpv:hasRiskLevel
Definition	Concept representing "AI practices" are permitted i.e. not prohibited under the AI Act
Usage Note	The permitted risk level is useful for representing outcomes of assessments determining whether something is prohibited
Date Created	2025-04-03
Contributors	Arthit Suriyawongkul, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit
See More:	section RISK-LEVELS in EU-AIACT

Term	RiskLevelProhibited	Prefix	eu-aiact
Label	Risk Level - Prohibited
IRI	https://w3id.org/dpv/legal/eu/aiact#RiskLevelProhibited
Type	rdfs:Class, skos:Concept, eu-aiact:RiskLevel
Broader/Parent types	eu-aiact:RiskLevel → dpv:RiskLevel
Object of relation	dpv:hasRiskLevel
Definition	Risk Level prohibiting "AI practices" as defined in the AI Act
Source	AIA(Art.5)
Date Created	2025-04-03
Contributors	Arthit Suriyawongkul, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit
See More:	section RISK-LEVELS in EU-AIACT

Term	RiskLevelTransparencyRequired	Prefix	eu-aiact
Label	Risk Level - Transparency Required
IRI	https://w3id.org/dpv/legal/eu/aiact#RiskLevelTransparencyRequired
Type	rdfs:Class, skos:Concept, eu-aiact:RiskLevel
Broader/Parent types	eu-aiact:RiskLevelNotHigh → eu-aiact:RiskLevelPermitted → eu-aiact:RiskLevel → dpv:RiskLevel
Object of relation	dpv:hasRiskLevel
Definition	Risk Level categorising an AI system as not high-risk but where transparency is require as defined in the AI Act
Source	AIA(Art.50)
Date Created	2025-04-03
Contributors	Arthit Suriyawongkul, Delaram Golpayegani, Georg P. Krog, Harshvardhan J. Pandit
See More:	section RISK-LEVELS in EU-AIACT

Term	RiskManagementSystem	Prefix	eu-aiact
Label	Risk Management System
IRI	https://w3id.org/dpv/legal/eu/aiact#RiskManagementSystem
Type	rdfs:Class, skos:Concept
Broader/Parent types	risk:RiskManagement
Object of relation	risk:hasRiskManagement
Definition	A risk management system is a continuous iterative process planned and run throughout the entire lifecycle of a high-risk AI system, requiring regular systematic review and updating
Source	AI Act
Date Created	2024-06-12
Contributors	Delaram Golpayegani
See More:	section RISK in EU-AIACT

Term	SafetyComponent	Prefix	eu-aiact
Label	Safety Component
IRI	https://w3id.org/dpv/legal/eu/aiact#SafetyComponent
Type	rdfs:Class, skos:Concept
Broader/Parent types	tech:Component → dpv:Technology
Object of relation	dpv:isImplementedUsingTechnology, tech:hasComponent
Definition	A component of a product or of an AI system which fulfils a safety function for that product or AI system, or the failure or malfunctioning of which endangers the health and safety of persons or property
Source	AIA (Art. 3(14))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section SYSTEM in EU-AIACT

Term	SandboxPlan	Prefix	eu-aiact
Label	Sandbox Plan
IRI	https://w3id.org/dpv/legal/eu/aiact#SandboxPlan
Type	rdfs:Class, skos:Concept, tech:Documentation
Broader/Parent types	tech:Plan → tech:Documentation
Object of relation	tech:hasDocumentation
Definition	A document agreed between the participating provider and the competent authority describing the objectives, conditions, timeframe, methodology and requirements for the activities carried out within the sandbox
Source	AIA (Art.3(54))
Date Created	2024-04-10
Date Modified	2025-07-31
Contributors	Delaram Golpayegani
See More:	section DOCS in EU-AIACT

Term	SeriousIncident	Prefix	eu-aiact
Label	Serious Incident
IRI	https://w3id.org/dpv/legal/eu/aiact#SeriousIncident
Type	rdfs:Class, skos:Concept
Broader/Parent types	risk:Incident → dpv:RiskConcept
Object of relation	risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:hasIncident, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition	an incident or malfunctioning of an AI system that directly or indirectly leads to any of the following: (a) the death of a person, or serious harm to a person’s health; (b) a serious and irreversible disruption of the management or operation of critical infrastructure; (c) the infringement of obligations under Union law intended to protect fundamental rights; (d) serious harm to property or the environment;
Source	AIA (Art. 3(49))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section RISK in EU-AIACT

Term	ServiceSupplyStatus	Prefix	eu-aiact
Label	Service Supply Status
IRI	https://w3id.org/dpv/legal/eu/aiact#ServiceSupplyStatus
Type	rdfs:Class, skos:Concept
Broader/Parent types	tech:ProvisionStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasProvisionStatus
Definition	Status associated with whether the AI system has been supplied for use or put in to service or been recalled or withdrawn
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	SubstantialModification	Prefix	eu-aiact
Label	Substantial Modification
IRI	https://w3id.org/dpv/legal/eu/aiact#SubstantialModification
Type	rdfs:Class, skos:Concept
Definition	A change to an AI system after its placing on the market or putting into service which is not foreseen or planned in the initial conformity assessment carried out by the provider and as a result of which the compliance of the AI system with the requirements set out in Chapter III, Section 2 is affected or results in a modification to the intended purpose for which the AI system has been assessed
Source	AIA(Art. 3(23))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section MISC in EU-AIACT

Term	SystemArchitectureDescription	Prefix	eu-aiact
Label	System Architecture Description
IRI	https://w3id.org/dpv/legal/eu/aiact#SystemArchitectureDescription
Type	rdfs:Class, skos:Concept, tech:Documentation
Broader/Parent types	tech:Documentation
Object of relation	tech:hasDocumentation
Definition	Documentation specifying the software architecture
Source	AI Act Annex.IV
Date Created	2024-12-01
Contributors	Delaram Golpayegani
See More:	section DOCS in EU-AIACT

Term	SystemicRisk	Prefix	eu-aiact
Label	Systemic Risk
IRI	https://w3id.org/dpv/legal/eu/aiact#SystemicRisk
Type	rdfs:Class, skos:Concept
Broader/Parent types	eu-aiact:Risk → dpv:Risk → dpv:RiskConcept
Object of relation	dpv:hasRisk, dpv:isResidualRiskOf, dpv:mitigatesRisk, risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:refersToRisk, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition	Q risk that is specific to the high-impact capabilities of general-purpose AI models, having a significant impact on the Union market due to their reach, or due to actual or reasonably foreseeable negative effects on public health, safety, public security, fundamental rights, or the society as a whole, that can be propagated at scale across the value chain
Source	AIA(Art.3 (65))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section RISK in EU-AIACT

Term	TechnicalDocumentation	Prefix	eu-aiact
Label	Technical Documentation
IRI	https://w3id.org/dpv/legal/eu/aiact#TechnicalDocumentation
Type	rdfs:Class, skos:Concept, tech:Documentation
Broader/Parent types	tech:Documentation
Object of relation	tech:hasDocumentation
Definition	Annex IV technical documentation
Source	AIA Annex.IV, AIA Art.11
Date Created	2024-04-10
Date Modified	2024-12-17
Contributors	Delaram Golpayegani
See More:	section DOCS in EU-AIACT

Term	TestingData	Prefix	eu-aiact
Label	Testing Data
IRI	https://w3id.org/dpv/legal/eu/aiact#TestingData
Type	rdfs:Class, skos:Concept
Broader/Parent types	ai:TestingData → ai:Data → dpv:Data
Broader/Parent types	ai:TestingData → ai:Data → tech:InputOutput
Object of relation	dpv:hasData, ai:hasData, ai:hasTrainingData
Definition	Data used for providing an independent evaluation of the AI system in order to confirm the expected performance of that system before its placing on the market or putting into service
Source	AIA (Art. 3(32))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section DATA in EU-AIACT

Term	TestingRealWorldConditions	Prefix	eu-aiact
Label	Testing In Real World Conditions
IRI	https://w3id.org/dpv/legal/eu/aiact#TestingRealWorldConditions
Type	rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types	dpv:OrganisationalMeasure → dpv:TechnicalOrganisationalMeasure
Object of relation	dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition	The temporary testing of an AI system for its intended purpose in real-world conditions outside a laboratory or otherwise simulated environment, with a view to gathering reliable and robust data and to assessing and verifying the conformity of the AI system with the requirements of the AI Act and it does not qualify as placing the AI system on the market or putting it into service within the meaning of the AI Act, provided that all the conditions laid down in Article 57 or 60 are fulfilled
Source	AIA (Art. 3(57))
Date Created	2024-04-10
Date Modified	2024-07-30
Contributors	Delaram Golpayegani
See More:	section ASSESSMENT in EU-AIACT

Term	TestLog	Prefix	eu-aiact
Label	Test Log
IRI	https://w3id.org/dpv/legal/eu/aiact#TestLog
Type	rdfs:Class, skos:Concept, tech:Documentation
Broader/Parent types	tech:Documentation
Object of relation	tech:hasDocumentation
Definition	Log of the tests performed
Source	AI Act Annex.IV
Date Created	2024-12-01
Contributors	Delaram Golpayegani
See More:	section DOCS in EU-AIACT

Term	TestReport	Prefix	eu-aiact
Label	Test Report
IRI	https://w3id.org/dpv/legal/eu/aiact#TestReport
Type	rdfs:Class, skos:Concept, tech:Documentation
Broader/Parent types	tech:Documentation
Object of relation	tech:hasDocumentation
Definition	A document that includes a summary of test activities and their results
Source	AI Act Annex.IV
Date Created	2024-12-01
Contributors	Delaram Golpayegani
See More:	section DOCS in EU-AIACT

Term	TrainingData	Prefix	eu-aiact
Label	Training Data
IRI	https://w3id.org/dpv/legal/eu/aiact#TrainingData
Type	rdfs:Class, skos:Concept
Broader/Parent types	ai:TrainingData → ai:Data → dpv:Data
Broader/Parent types	ai:TrainingData → ai:Data → tech:InputOutput
Object of relation	dpv:hasData, ai:hasData, ai:hasValidationData
Definition	Data used for training an AI system through fitting its learnable parameters
Source	AIA(Art. 3(29))
Date Created	2024-04-10
Date Modified	2024-12-01
Contributors	Delaram Golpayegani
See More:	section DATA in EU-AIACT

Term	ValidationData	Prefix	eu-aiact
Label	Validation Data
IRI	https://w3id.org/dpv/legal/eu/aiact#ValidationData
Type	rdfs:Class, skos:Concept
Broader/Parent types	ai:ValidationData → ai:Data → dpv:Data
Broader/Parent types	ai:ValidationData → ai:Data → tech:InputOutput
Object of relation	dpv:hasData, ai:hasData, ai:hasTestingData
Definition	Data used for providing an evaluation of the trained AI system and for tuning its non-learnable parameters and its learning process in order, inter alia, to prevent underfitting or overfitting
Source	AIA (Art. 3(30))
Date Created	2024-04-10
Date Modified	2025-07-30
Contributors	Delaram Golpayegani
See More:	section DATA in EU-AIACT

Term	WithdrawnFromService	Prefix	eu-aiact
Label	Withdrawn from Service
IRI	https://w3id.org/dpv/legal/eu/aiact#WithdrawnFromService
Type	rdfs:Class, skos:Concept, eu-aiact:ServiceSupplyStatus
Broader/Parent types	eu-aiact:ServiceSupplyStatus → tech:ProvisionStatus → tech:TechnologyStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus, tech:hasProvisionStatus
Definition	An AI system that is prevented to be made available in the supply chain
Date Created	2024-05-17
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	hasChangeCategory	Prefix	eu-aiact
Label	has change category
IRI	https://w3id.org/dpv/legal/eu/aiact#hasChangeCategory
Type	rdf:Property, skos:Concept
Broader/Parent types	dpv:hasContext
Sub-property of	dpv:hasContext
Domain includes	tech:AI
Range includes	eu-aiact:ChangeCategory
Definition	Associates the category of change to the AI
Date Created	2024-12-01
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

Term	hasChangeDescription	Prefix	eu-aiact
Label	has change description
IRI	https://w3id.org/dpv/legal/eu/aiact#hasChangeDescription
Type	rdf:Property, skos:Concept
Broader/Parent types	dpv:hasContext
Sub-property of	dpv:hasContext
Domain includes	tech:AI
Range includes	eu-aiact:ChangeDescription
Definition	Associates the change description to AI
Date Created	2024-12-01
Contributors	Delaram Golpayegani
See More:	section STATUS in EU-AIACT

DPV uses the following terms from [RDF] and [RDFS] with their defined meanings:

rdf:type to denote a concept is an instance of another concept
rdfs:Class to denote a concept is a Class or a category
rdfs:subClassOf to specify the concept is a subclass (subtype, sub-category, subset) of another concept
rdf:Property to denote a concept is a property or a relation

The following external concepts are re-used within DPV:

Issue 199: Adding concepts from the EU General-Purpose AI Code of Practice todo help-wanted eu-aiact

Adding concepts from the EU General-Purpose AI Code of Practice upon its publication (expected to be published in April 2025).

Issue 229: Update EU-AIAct extension with practical concepts todo help-wanted eu-aiact

As the AI Act comes in to effect, there are several additional sources of information and guidance that should be incorporated into the DPV extension, including representing more of AIAct itself.

Issue 230: Represent Fundamental Rights Impact Assessment (FRIA) in AI Act todo help-wanted eu-aiact

Add concepts to represent information about FRIA as per its use/requirements in the AI Act. See articles for reference:

Issue 261: How to model non-DPA Authorities? help-wanted legal eu-aiact

DPV currently has a broad concept for Authority and a specific one for DataProtectionAuthority. While these are sufficient to represent authorities under GDPR and other privacy/data protection laws, we have started adding other laws whose authorities do not fit this concept. For example, in #253 Thailand has National Broadcasting and Telecommunications Commission (NBTC), and Korea has Korea Communications Commission (KCC) -- which are not DPAs. Similarly, with AI Act, we will also have specific sectorial national authorities which are competent to enforce it. What concepts should be created to represent these?

Issue 281: Represent AI Cards with DPV todo proposal AI eu-aiact

The AI Cards (paper) includes concepts to generate technical documentation of the AI Act, many of which have already implemented within DPV. I propose adding a spec to DPV regarding how to generate AI Cards - this can be also linked to Datasheets and Model Cards specifications, given that integrating these documents has been considered within the AI Cards framework.

Issue 282: Incident and Data Breach Notifications todo help-wanted proposal legal eu-gdpr eu-nis2 eu-aiact eu-dga

Overview of incident notification for the General Data Protection Regulation (GDPR)

This complements the existing data privacy vocabulary by providing specific details about notification requirements under the GDPR.

INCIDENT: Personal data breach (defined in Article 4(12))
NOTIFICATION TO: Supervisory authority (defined in Article 4(21)) (Article 33(1))
TIMELINE: Without undue delay, when feasible within 72 hours (Article 33(1))
TRIGGER: Upon becoming aware of the personal data breach, unless unlikely to result in a risk to individuals (Article 33(1))

INCIDENT: Personal data breach (defined in Article 4(12))
NOTIFICATION TO: Data subject (defined in Article 4(1)) (Articles 34(1) and 34(4))
TIMELINE: Without undue delay (Article 34(1))
TRIGGER: If the personal data breach is likely to result in a high risk to individuals, with exceptions when:

The controller applied appropriate technical and organizational protection measures to affected personal data, such as making the data unintelligible to unauthorized parties
The controller took subsequent measures which ensure the high risk is no longer likely to materialize
It would involve disproportionate effort, in which case public communication must be used instead
If required by the supervisory authority (Article 34(4))

INCIDENT: Personal data breach (defined in Article 4(12))
NOTIFICATION TO: Controller (Article 33(2))
TIMELINE: Without undue delay (Article 33(2))
TRIGGER: Upon becoming aware of the personal data breach (Article 33(2))

Overview of incident notification for the Law Enforcement Directive (LED) – 2016/680

This complements the existing data privacy vocabulary by providing specific details about notification requirements under the Law Enforcement Directive.

INCIDENT: Personal data breach (defined in Article 3(11))
NOTIFICATION TO: Supervisory authority (defined in Article 3(15)) (Article 30(1))
TIMELINE: Without undue delay, where feasible within 72 hours (Article 30(1))
TRIGGER: Upon becoming aware of the personal data breach, unless unlikely to result in a risk to individuals (Article 30(1))

INCIDENT: Personal data breach (defined in Article 3(11))
NOTIFICATION TO: Data subject (defined in Article 3(1)) (Articles 31(1) and 31(4))
TIMELINE: Without undue delay (may be delayed, restricted or omitted in specific circumstances, per Article 31(5)) (Article 31(1))
TRIGGER: If the personal data breach is likely to result in a high risk to individuals, with exceptions when:

The controller applied appropriate technical and organizational protection measures to affected personal data
The controller took subsequent measures which ensure the high risk is no longer likely to materialize
It would involve disproportionate effort (in which case an equally effective method of informing the data subjects must be used)
If required by the supervisory authority (Article 31(4))

INCIDENT: Personal data breach (defined in Article 3(11))
NOTIFICATION TO: Controller of another member state by or to whom the personal data breached has been transmitted (Article 30(6))
TIMELINE: Without undue delay (Article 30(6))
TRIGGER: If the personal data breach involves personal data that have been transmitted by or to the controller of another member state (Article 30(6))

INCIDENT: Personal data breach (defined in Article 3(11))
NOTIFICATION TO: Controller (Article 30(2))
TIMELINE: Without undue delay (Article 30(2))
TRIGGER: Upon becoming aware of the personal data breach (Article 30(2))

Overview of incident notification for the E-Privacy Directive – 2002/58/EC

This complements the existing data privacy vocabulary by providing specific details about notification requirements under the E-Privacy Directive.

INCIDENT: Personal data breach (defined in Article 2(i))
NOTIFICATION TO: Competent national authority (Article 4(3-5))
TIMELINE: Without undue delay (Article 4(3))
TRIGGER: A personal data breach (Article 4(3))

INCIDENT: Personal data breach (defined in Article 2(i))
NOTIFICATION TO: Subscriber or individual (Article 4(3-5))
TIMELINE: Without undue delay (Article 4(3))
TRIGGER: If the personal data breach is likely to adversely affect the personal data or privacy of a subscriber or individual, with exception when:

The provider has demonstrated to the competent authority that it implemented and applied appropriate technological protection measures to affected personal data, making the data unintelligible to unauthorized parties (Article 4(3))
If required by the competent national authority (Article 4(3))

INCIDENT: Particular risk of a breach of the security of the network
NOTIFICATION TO: Subscribers (Article 4(2)(2))
TIMELINE: Not specified in the law
TRIGGER: A particular risk of a breach of the security of the network (Article 4(2)(2))

Overview of incident notification for the Data Governance Act – 2022/868

This complements the existing data privacy vocabulary by providing specific details about notification requirements under the Data Governance Act.

INCIDENT: Unauthorized transfer, access or use of shared nonpersonal data
NOTIFICATION TO: Data holders (defined in Article 2(8)) (Articles 12(k) and 21(5))
TIMELINE: Without delay (Articles 12(k) and 21(5))
TRIGGER: Unauthorized transfer, access or use of shared nonpersonal data (Articles 12(k) and 21(5))

INCIDENT: Unauthorized re-use (defined in Article 2(2)) of nonpersonal data
NOTIFICATION TO: Legal persons whose rights and interests may be affected (Article 5(5))
TIMELINE: Without delay (Article 5(5))
TRIGGER: Unauthorized re-use of nonpersonal data (Article 5(5))

INCIDENT: Data breach resulting in the re-identification of the data subject
NOTIFICATION TO: Public sector body (Article 5(5))
TIMELINE: Not specified in the law (Article 5(5))
TRIGGER: Data breach resulting in the re-identification of the data subject (Article 5(5))

Overview of incident notification for the Data Act – 2023/2854

This complements the existing data privacy vocabulary by providing specific details about notification requirements under the Data Act.

INCIDENT: Unauthorized use or disclosure of data under circumstances defined in Article 11(3)
NOTIFICATION TO: User of a connected product (defined in Article 2(12)) (Article 11(2)(c))
TIMELINE: Without undue delay (Article 11(2))
TRIGGER: If requested by the data holder (defined in Article 2(13)) or the trade secret holder (defined in Article 2(19)) (Article 11(2))

Overview of incident notification for the Network and Information Security Directive 2 – 2022/2555

This complements the existing data privacy vocabulary by providing specific details about notification requirements under the NIS2 Directive.

INCIDENT: Significant Incident (defined in Articles 6(6), 23(3) and 23(11))
NOTIFICATION TO: CSIRT (defined in Article 10) (Article 23(1))
*The majority of essential and important entities will have to notify the authority(ies) of the member state(s) where the incident occurred or where they provide their services, while the Digital Infrastructure entities will have to notify the authority of the member state where they have their main establishment, per Article 26
TIMELINE: Early warning without undue delay, within 24 hours (Article 23(4)(a)); Notification without undue delay, within 72 hours, or 24 hours for trusted service providers (Article 23(4)(b)); Intermediate report at request of CSIRT or competent authority (Article 23(4)(c)); Final report within one month after notification (Article 23(4)(d)); Final report within one month of incident handling (Article 23(4)(e)); Progress report within one month if incident ongoing (Article 23(4)(e))
TRIGGER: Upon becoming aware of the significant incident (Article 23(4))

INCIDENT: Significant Incident (defined in Articles 6(6), 23(3) and 23(11))
NOTIFICATION TO: Recipients of their services (Article 23(1))
TIMELINE: Without undue delay (Article 23(1))
TRIGGER: When appropriate, if the provision of these services is likely to be adversely affected by the significant incident (Article 23(1))

INCIDENT: Significant Incident (defined in Articles 6(6), 23(3) and 23(11))
NOTIFICATION TO: Law enforcement authorities (Article 23(5))
TIMELINE: Without undue delay (Article 23(2))
TRIGGER: If the significant incident is suspected to be of criminal nature (Article 23(5))

INCIDENT: Significant Incident (defined in Articles 6(6), 23(3) and 23(11))
NOTIFICATION TO: The public (Article 23(7))
TIMELINE: According to the guidance from the CSIRT of the competent authority (Article 23(5))
TRIGGER: If required by CSIRT or competent authority (Article 23(7))

INCIDENT: Significant cyber threat (defined in Articles 6(10) and 6(11))
NOTIFICATION TO: Recipients of their services (Article 23(2))
TIMELINE: Without undue delay (Article 23(2))
TRIGGER: When appropriate, if these services are potentially affected by the significant cyber threat (Article 23(2))

INCIDENT: Incidents, cyber threats and near misses (defined in Article 6(5))
NOTIFICATION TO: CSIRT (defined in Article 10) or competent authority (defined in Article 8) (Article 23(1))
TIMELINE: Not explicitly specified for in the law
TRIGGER: Not explicitly specified for in the law

INCIDENT: Incidents, cyber threats and near misses (defined in Article 6(5))
NOTIFICATION TO: CSIRT or competent authority (Article 30(1))
TIMELINE: Not specified in the law
TRIGGER: Not specified in the law

Overview of further and related information sharing for the Network and Information Security Directive 2 – 2022/2555

This complements the existing data privacy vocabulary by providing specific details about information sharing requirements under the NIS2 Directive.

TO: Entities that fall within the scope of the NIS2 Directive and other relevant entities (Article 29(1))
WHAT INFORMATION: Relevant cybersecurity information, e.g. information relating to cyber threats, near misses, vulnerabilities, techniques and procedures, indicators of compromise and adversarial tactics (Article 29(1))
TIMELINE: Not specified in the law
TRIGGER: When such information sharing aims to prevent, detect, respond to or recover from incidents or to mitigate their impacts or enhances the level of cybersecurity (Article 29(1))

TO: CSIRT (Article 23(1))
WHAT INFORMATION: The notification of a significant incident received from an essential or important entity (Article 23(1))
TIMELINE: Upon receipt of the notification (Article 23(1))
TRIGGER: When an essential or important entity notifies the competent authority of a significant incident (Article 23(1))

TO: Competent authorities under the Critical Entities Resilience Directive (Article 23(10))
WHAT INFORMATION: Information about notified significant incidents, incidents, cyber threats and near misses (Article 23(10))
TIMELINE: Not specified in the law
TRIGGER: When significant incidents, incidents, cyber threats and near misses are notified by entities identified as critical entities under the Critical Entities Resilience Directive (Article 23(10))

TO: Single point of contact (defined in Article 8(3)) (Article 23(1))
WHAT INFORMATION: Relevant information notified by essential and important entities (Article 23(1))
TIMELINE: In due time (Article 23(1))
TRIGGER: In case of a cross-border or cross-sectoral significant incident (Article 23(1))

TO: Single point of contact (defined in Article 8(3)) (Article 30(2))
WHAT INFORMATION: Information about voluntary notifications of incidents, significant incidents, cyber threats and near misses (Article 30(2))
TIMELINE: Not specified in the law (Article 30(2))
TRIGGER: When necessary (Article 30(2))

TO: Other affected member states and ENISA (Article 23(6))
WHAT INFORMATION: Information about the notified significant incident (Article 23(6))
TIMELINE: Without undue delay (Article 23(6))
TRIGGER: When a significant incident concerns two or more member states and when otherwise appropriate (Article 23(6))

TO: The public (Article 23(7))
WHAT INFORMATION: About the significant incident (Article 23(7))
TIMELINE: After consulting the entity concerned (Article 23(7))
TRIGGER: When public awareness is necessary to prevent a significant incident or to deal with an ongoing significant incident, or when its disclosure is otherwise in the public interest (Article 23(7))

TO: Single points of contact of other affected member states (Article 23(8))
WHAT INFORMATION: Notifications received (Article 23(8))
TIMELINE: Not specified in the law
TRIGGER: When it is requested by CSIRT or the competent authority (Article 23(8))

TO: ENISA (Article 23(9))
WHAT INFORMATION: A summary report, including anonymized and aggregated data on significant incidents, incidents, cyber threats and near misses notified, including voluntarily (Article 23(9))
TIMELINE: Every three months (Article 23(9))
TRIGGER: Not specified in the law

TO: Data protection authority of own member state (Article 35(1))
WHAT INFORMATION: That an infringement by an essential or important entity of their obligations under the NIS2 Directive can entail a personal data breach as defined in the GDPR (Article 35(1))
TIMELINE: Without undue delay (Article 35(1))
TRIGGER: When an infringement by an essential or important entity of their obligations under the NIS2 Directive can entail a personal data breach as defined in the GDPR (Article 35(1))

TO: CSIRTs network and the Cooperation Group (defined in Article 14) (Article 23(9))
WHAT INFORMATION: Its findings on notifications received (Article 23(9))
TIMELINE: Every six months (Article 23(9))
TRIGGER: Not specified in the law

Overview of incident notification for the Digital Operational Resilience Act – 2022/2554

This complements the existing data privacy vocabulary by providing specific details about notification requirements under DORA.

INCIDENT: Major information communication technology-related incident (defined in Article 3(10))
NOTIFICATION TO: Relevant competent authority (defined in Article 46) (Article 19(1))
TIMELINE: Initial notification four hours from the moment of classification of the incident as major, but no later than 24 hours from becoming aware of the incident; Intermediate report within 72 hours from the submission of the initial notification; Updated notifications every time a relevant status update is available or upon a request from the competent authority; Final report when the root cause analysis is complete, or within one month from the submission of the latest updated intermediate report (per draft Regulatory Technical Standard, subject to change)
TRIGGER: Upon becoming aware of the incident (Article 19(3))

INCIDENT: Major information communication technology-related incident (defined in Article 3(10))
NOTIFICATION TO: Competent authorities or CSIRTs under the NIS2 Directive, if required by a member state (Article 19(1))
TIMELINE: Initial notification four hours from the moment of classification of the incident as major, but no later than 24 hours from becoming aware of the incident; Intermediate report within 72 hours from the submission of the initial notification; Updated notifications every time a relevant status update is available or upon a request from the competent authority; Final report when the root cause analysis is complete, or within one month from the submission of the latest updated intermediate report (per draft Regulatory Technical Standard, subject to change)
TRIGGER: Not specified in the law

INCIDENT: Major information communication technology-related incident (defined in Article 3(10))
NOTIFICATION TO: Clients (Article 19(3))
TIMELINE: Without undue delay upon becoming aware of the incident (Article 19(3))
TRIGGER: When the incident has an impact on the financial interests of clients (Article 19(3))

INCIDENT: Significant cyber threat (defined in Article 3(13))
NOTIFICATION TO: Relevant competent authority (defined in Article 46) (Article 19(2))
TIMELINE: Not specified in the law
TRIGGER: If the financial entity deems the threat to be of relevance to the financial system, service users or clients (Article 19(2))

INCIDENT: Significant cyber threat (defined in Article 3(13))
NOTIFICATION TO: CSIRTs under the NIS2 Directive, if permitted by a member state (Article 19(2))
TIMELINE: Not specified in the law
TRIGGER: If the financial entity deems the threat to be of relevance to the financial system, service users or clients (Article 19(2))

INCIDENT: Significant cyber threat (defined in Article 3(13))
NOTIFICATION TO: Potentially affected clients (Article 19(3))
TIMELINE: Not specified in the law
TRIGGER: Where applicable (Article 19(3))

INFORMATION TO: Other relevant authorities, based on their respective competences (Article 19(6))
INFORMATION SHARED: Details of the major ICT-related incident (Article 19(6))
TIMELINE: In a timely manner (Article 19(6))
TRIGGER: Upon receipt of the initial notification and of each report about the major ICT-related incident (Article 19(6))

INFORMATION TO: Other relevant authorities, defined in Article 19(6) (Article 19(2))
INFORMATION SHARED: Information about significant cyber threats notified by financial entities (Article 19(2))
TIMELINE: Not specified in the law
TRIGGER: Not specified in the law (Article 19(2))

INFORMATION TO: Members of the European System of Central Banks (Article 19(7))
INFORMATION SHARED: On issues relevant to the payment system, in connection to the major ICT-related incident (Article 19(7))
TIMELINE: Not specified in the law
TRIGGER: If there are issues relevant to the payment system in connection to the major ICT-related incident (Article 19(7))

INFORMATION TO: Relevant competent authorities in other member states (Article 19(7))
INFORMATION SHARED: Not specified in the law
TIMELINE: As soon as possible following the assessment that the major ICT-related incident is relevant for competent authorities in other member states (Article 19(7))
TRIGGER: Upon receipt of information in relation to the major ICT-related incident from the competent authority, if it is determined that the major ICT-related incident is relevant for competent authorities in other member states (Article 19(7))

Overview of incident notification for the Payment Services Directive 2 – 2015/2366

This complements the existing data privacy vocabulary by providing specific details about notification requirements under PSD2.

INCIDENT: Major operational or security incident
NOTIFICATION TO: Competent authority (defined in Article 100) in the home member state (defined in Article 4(1)) of the payment service provider (Article 96(1))
TIMELINE: Without undue delay (Article 96(1))
TRIGGER: Major operational or security incident (Article 96(1))

INCIDENT: Major operational or security incident
NOTIFICATION TO: Payment service users (defined in Article 4(10)) (Article 96(1))
TIMELINE: Without undue delay (Article 96(1))
TRIGGER: If the incident has or may have an impact on the financial interests of its payment service users (Article 96(1))

INFORMATION TO: Other relevant authorities in its member state (Article 96(2))
INFORMATION SHARED: Not specified in the law
TIMELINE: After assessing the relevance of the notified incident to other relevant authorities in its member state (Article 96(2))
TRIGGER: If notified incident is relevant to other relevant authorities in its member state (Article 96(2))

INFORMATION TO: European Banking Authority and European Central Bank (Article 96(2))
INFORMATION SHARED: Relevant details of the notified incident (Article 96(2))
TIMELINE: Without undue delay (Article 96(2))
TRIGGER: Receipt of the notification of the incident from the payment service provider (Article 96(2))

INFORMATION TO: Other relevant EU and national authorities (Article 96(2))
INFORMATION SHARED: Not specified in the law (Article 96(2))
TIMELINE: Not specified in the law
TRIGGER: If notified incident is relevant to other relevant EU and national authorities (Article 96(2))

INFORMATION TO: Members of the European System of Central Banks (Article 96(2))
INFORMATION SHARED: Issues relevant to the payment system (defined in Article 4(7)) in connection to the notified incident (Article 96(2))
TIMELINE: Not specified in the law
TRIGGER: If there are issues relevant to the payment system in connection to the notified incident (Article 96(2))

Issue 300: Model Intended Purpose Compatibility statuses for AI Act todo help-wanted eu-aiact

Based on discussions in #283 the dpv:ReuseCompatibility concept should be extended as eu-aiact:IntendedPurposeCompatibility to represent the compatibility of an AI system's use with a specified intended purpose as defined and interpreted within the EU AI Act. The specific concepts modelling these are:

IntendedPurposeCompatible: An assessment that the specified use or purpose is compatible with the Intended Purpose as defined and interpreted under the AI Act
IntendedPurposeIncompatible: An assessment that the specified use or purpose is incompatible with the Intended Purpose as defined and interpreted under the AI Act

These concepts should be accompanied with guidelines on how the interpretation of compatibility works by using DPV concepts, e.g. to test for compatibility, which DPV concepts should be compared.

EU Artificial Intelligence Act (AI Act)

version 2.2

Abstract

Status of This Document

1. Introduction

2. Concepts for AI Act

2.1 AI System

2.2 Purposes & Capabilities

2.3 Risk

2.4 Risk Levels

2.5 Data

2.6 Entity Roles

2.7 Documentation

2.8 Statuses

2.9 Assessments

2.10 Compliance

2.11 Sectors

2.12 Misc. Concepts

3. High-Risk & Prohibited AI Systems

3.1 High-Risk AI Systems

3.2 Prohibited AI Systems

4. FRIA

5. Vocabulary Index

5.1 Classes

5.1.1 AI Act Compliance Unknown

5.1.2 AI Act Compliant

5.1.3 AI Act Lawfulness

5.1.4 AI Act Non-compliant

5.1.5 AI Deployer

5.1.6 AI Distributor

5.1.7 AI Importer

5.1.8 AI Literacy

5.1.9 Artificial Intelligence Office

5.1.10 AI Operator

5.1.11 AI Product Manufacturer

5.1.12 AI Provider

5.1.13 AI Regulatory Sandbox

5.1.14 AI System

5.1.15 AI System Performance

5.1.16 Asylum Sector

5.1.17 Authorised Representative

5.1.18 Available on EU Market

5.1.19 Available on Market

5.1.20 Available on Non-EU Market

5.1.21 Biometric Categorisation

5.1.22 Biometric Categorisation System

5.1.23 Biometric Data

5.1.24 Biometric Identification

5.1.25 Biometric Verification

5.1.26 Border Control Sector

5.1.27 CE Marking

5.1.28 Change Category

5.1.29 Change Description

5.1.30 Common Specification

5.1.31 Conformity Assessment

5.1.32 Conformity Assessment Body

5.1.33 Critical Infrastructure Sector

5.1.34 Deep Fake Generation

5.1.35 Democratic Process Sector

5.1.36 Downstream AI Provider

5.1.37 Education Sector

5.1.38 Emotion Recognition

5.1.39 Emotion Recognition System

5.1.40 Employment Sector

5.1.41 EU Declaration Of Conformity

5.1.42 Fundamental Rights Impact Assessment

5.1.43 General Purpose AI Model

5.1.44 General Purpose AI System

5.1.45 High-Impact Capability in General Purpose AI Models

5.1.46 High Risk AI Assessment

5.1.47 Informed Consent

5.1.48 Instruction For Use

5.1.49 Intended Purpose

5.1.50 Justice Sector

5.1.51 Law Enforcement Sector

5.1.52 Market Availability Status

5.1.53 Market Placement Status

5.1.54 Market Surveillance Authority

5.1.55 Migration Sector

5.1.56 National Competent Authority