Information Provenance is where the information feeding a decision came from, and whether it can be trusted.
If you cannot say where a decision's inputs came from, you cannot defend the decision. Information provenance is the discipline of recording the source, chain of custody, and freshness of the information that feeds an AI-influenced decision. It is the foundation the other three pillars stand on.
In practice, provenance means tracking which data, documents, and model outputs informed a decision; whether those sources were authoritative and current; and whether they were altered along the way. When a decision is later challenged, provenance is what lets an organization reconstruct it faithfully rather than guess.
Provenance maps to the NIST AI RMF Map function and to the data-governance obligations in the EU AI Act and ISO/IEC 42001.
References
- NIST AI Risk Management Framework (AI RMF 1.0): Govern, Map, Measure, Manage. National Institute of Standards and Technology, 2023. View source ↗
- Information governance: the records and data lifecycle discipline (storage, retention, disposition), distinct from AI decision governance. ARMA International, Generally Accepted Recordkeeping Principles; AIIM. View source ↗
- EU AI Act, Regulation (EU) 2024/1689 (Official Journal of the European Union); ISO/IEC 42001:2023; Texas Responsible AI Governance Act (TRAIGA). View source ↗
- USPTO Trademark Reg. No. 99559923, Digital Information Governance / DIG, owner Matthew Bertram. View source ↗