advanta

HomeGlossaryTechnology

Risk Class

Technology

P4

Data leakage

Audience

GC / CLORisk & ComplianceLegal OperationsCIO / CISO

DEFINITION

Risk class 2 of the Risk Taxonomy 2026: information that should have remained inside the function reaches a model provider, a vendor's broader infrastructure, or another vendor customer through the AI system's data pathways — whether through training-use terms, logging, data residency gaps, or vendor support access to prompt content. Addressed by contemporaneous proof of data isolation, residency, retention bounds, and vendor-access controls per AI system in use.

Detailed Explanation

Class 2 in the 2026 Risk Taxonomy covers any failure where data escapes the function’s controlled boundary: vendor training pipelines, third‑party prompt logging, over‑retention beyond the approved lifecycle, or cross‑tenant isolation failures in shared infrastructure. Because these failures directly threaten client confidentiality and create acute regulatory exposure, they are treated as publication‑blocking risks.

Mitigation is anchored in the Data Governance Architecture (DAT-01) and Vendor Data Protection Obligations (DAT-03). Every AI vendor contract must include a Data Protection Agreement that:

  • Prohibits training on client data by default
  • Requires any opt‑in to be explicit, narrowly scoped, and time‑bound
  • Binds vendors to documented data‑flow controls and retention limits

The AI Bill of Materials (BoM) disclosure requirement (VEN-02) forces vendors to articulate their data flows, including storage locations, subprocessors, logging behavior, and training/finetuning paths. Vendors that cannot provide a coherent BoM fail due diligence for Class 2 risk.

For Tier 3+ capabilities, Class 2 entries in the Evidence Register (GOV-13) are publication‑block‑grade: no DPS (Design Pattern Specification) can be published while any Class 2 evidence cell is empty. Teams must provide concrete artifacts (e.g., signed DPAs, BoM diagrams, logging configuration, retention controls, and cross‑tenant isolation attestations) before the pattern is cleared for production use.

Operational rule: for Tier 3+ AI capabilities, treat Class 2 evidence as a hard gate. If any Class 2 cell in GOV-13 is empty, the DPS cannot be published, regardless of other approvals.

image pending

Diagram showing data flowing from client systems into an AI vendor with strict boundaries preventing training use, third-party logging, over-retention, and cross-tenant leakage.

Class 2 controls: DPAs, BoM-based data-flow validation, and enforced retention/isolation guardrails form the core of the Data Governance Architecture for preventing data leakage.

Quick Facts

Term Type

Risk Class

Category

Technology

Related Pillar

P4 · Governance

Governance

Methodology
v2026.1

Explore Glossary

← All Terms