Missing or hard-to-find privacy notice / transparency information
Max: EUR 20M / 4% turnover
We verify this via Violation ID: nl-gdpr-transparency-missing-privacy-notice
Forensic Hub
Technical annex
AI Act disclosure requirements and risk mapping
Reference framework for AI transparency controls, labeling, and governance evidence under 2026 audit pressure.
Document ref
REF-AIA-2026
Legal basis
EU AI Act transparency obligations combined with GDPR principles
Audit status
VERIFIED BY COMPLIANCE-NU
AI Act disclosure requirementsAI risk mappingAlgorithm transparency
Scare trigger
Missing AI disclosure and weak model traceability trigger rapid scrutiny in procurement and regulator-facing audits.
Injected violations
Under this legal framework, these technical failure patterns are repeatedly observed.
Missing lawful basis disclosure for processing activities
Max: EUR 20M / 4% turnover
We verify this via Violation ID: nl-gdpr-legal-basis-missing
Purposes of processing not specified (risk flag)
Max: EUR 20M / 4% turnover
We verify this via Violation ID: nl-gdpr-purpose-specification-missing
Calculated risk snippet
AI transparency exposure model
Maximum = max(fixed ceiling, turnover percentage).
Indicative max exposure
€20M
Translate obligations into controls
Disclosure must be visible at interaction time, not hidden in policy archives. Document where user notice appears in each journey.
Risk classification and model purpose need direct links to data use and decision paths. Without traceability, compliance claims break under review.
Evidence expected by reviewers
Store model update logs with user-impact notes and connect them to disclosure updates and support scripts.
Demonstrate that escalation to human oversight exists for high-impact outcomes.
Master index