Skip to main content

AI Governance

Qarion enables organizations to register, classify, and monitor AI systems alongside traditional data assets. This page covers how the platform supports responsible AI governance, including risk classification aligned with the EU AI Act.

AI Systems as Data Products

AI systems — such as trained machine learning models, automated decision-making pipelines, and inference endpoints — are registered in the Data Catalog as a specialized product type. This means they benefit from all the standard catalog features: metadata management, lineage tracking, governance assignments, quality checks, and access controls.

By treating AI systems as first-class data products, organizations gain a unified view of their entire data and AI landscape within a single governance platform.

Risk Classification

EU AI Act Alignment

The EU AI Act establishes a risk-based framework for regulating AI systems. Qarion mirrors this framework by allowing organizations to assign a Risk Classification to each AI system product.

The available risk tiers are:

  • Unacceptable Risk — AI systems that are prohibited under the EU AI Act (e.g., social scoring, real-time biometric identification in public spaces)
  • High Risk — Systems requiring strict compliance measures (e.g., credit scoring, hiring tools, medical devices)
  • Limited Risk — Systems with transparency obligations (e.g., chatbots, emotion recognition)
  • Minimal Risk — Systems with no specific regulatory requirements (e.g., spam filters, content recommendation)

Assigning Risk Classification

When creating or editing an AI System product, select the appropriate risk tier from the Risk Classification dropdown. This classification drives downstream governance behaviors, including the level of documentation required, the approval workflows triggered, and the monitoring intensity applied.

Risk Assessment

What is a Risk Assessment?

A Risk Assessment is a structured evaluation of an AI system's potential risks and the mitigations in place to address them. Each assessment captures the identified risks, the severity and likelihood of each, the mitigation actions planned or completed, and an overall risk determination.

Creating an Assessment

Navigate to an AI System product's detail page, open the Risk Assessment tab, and click New Assessment. Fill in the assessment details, including the risk factors, scoring criteria, and proposed mitigations.

Mitigation Tracking

Each risk assessment contains a list of mitigation actions. These actions have their own lifecycle — they can be marked as Planned, In Progress, or Completed. This tracking provides a clear audit trail showing that identified risks have been actively managed.

Completing an Assessment

When all risk factors have been evaluated and mitigations documented, the assessment can be Completed. Upon completion, the resulting risk tier can optionally be synced back to the product's risk classification, ensuring that the catalog always reflects the most current assessment.

Continuous Monitoring

AI systems benefit from specialized quality monitoring capabilities. Data Drift Detection monitors for changes in input data distributions that could degrade model performance. Model Performance Checks track accuracy, precision, recall, or custom metrics over time. Alert Integration surfaces drift warnings and performance degradation in the centralized Alerts Center, ensuring timely intervention.

These monitoring capabilities use the same Quality Engine as traditional data quality checks, providing a consistent operational experience across data and AI governance.

Compliance Benefits

Registering AI systems in Qarion and maintaining risk assessments supports compliance with several regulatory frameworks. For the EU AI Act, it provides documentation of risk classification, conformity assessments, and human oversight measures. For GDPR, it tracks the data used to train models and the purposes for which AI systems process personal data. Organizations benefit from a complete, auditable history of AI system governance decisions.

Learn More