Class 2 in the 2026 Risk Taxonomy covers any failure where data escapes the function’s controlled boundary: vendor training pipelines, third‑party prompt logging, over‑retention beyond the approved lifecycle, or cross‑tenant isolation failures in shared infrastructure. Because these failures directly threaten client confidentiality and create acute regulatory exposure, they are treated as publication‑blocking risks.
Mitigation is anchored in the Data Governance Architecture (DAT-01) and Vendor Data Protection Obligations (DAT-03). Every AI vendor contract must include a Data Protection Agreement that:
- Prohibits training on client data by default
- Requires any opt‑in to be explicit, narrowly scoped, and time‑bound
- Binds vendors to documented data‑flow controls and retention limits
The AI Bill of Materials (BoM) disclosure requirement (VEN-02) forces vendors to articulate their data flows, including storage locations, subprocessors, logging behavior, and training/finetuning paths. Vendors that cannot provide a coherent BoM fail due diligence for Class 2 risk.
For Tier 3+ capabilities, Class 2 entries in the Evidence Register (GOV-13) are publication‑block‑grade: no DPS (Design Pattern Specification) can be published while any Class 2 evidence cell is empty. Teams must provide concrete artifacts (e.g., signed DPAs, BoM diagrams, logging configuration, retention controls, and cross‑tenant isolation attestations) before the pattern is cleared for production use.
Operational rule: for Tier 3+ AI capabilities, treat Class 2 evidence as a hard gate. If any Class 2 cell in GOV-13 is empty, the DPS cannot be published, regardless of other approvals.
image pending
Diagram showing data flowing from client systems into an AI vendor with strict boundaries preventing training use, third-party logging, over-retention, and cross-tenant leakage.