Capabilities
The Linedat capability catalogue, anchored to regulation and with their limits
31 product capabilities, each anchored to a real obligation (EU AI Act, ISO 42001, GDPR, ISO 38505-1) and with its limits stated.
AI Governance
FRIA: Fundamental Rights Impact Assessment
The FRIA required by EU AI Act Art. 27, versioned and linked to the AI system — not a Word document sitting in a folder.
EU AI Act Art. 27 · ISO/IEC 42005View capability →AI System Inventory by Risk Class
The AI Act audits systems, not API calls. Every AI system inventoried with its risk class.
EU AI Act Art. 6 / Annex III · Art. 11 · ISO/IEC 42001 A.6View capability →AI Incidents with the 15-Day Clock
A serious incident starts the Art. 73 clock. We start it running and block closure until notification is on record.
EU AI Act Art. 73 · ISO/IEC 42001 §10.2View capability →PII Sanitisation Before Reaching the Model
Before a national ID or an IBAN leaves for OpenAI, it is redacted — in the critical path, not as an option.
GDPR Art. 5(1)(c) + Ch. V · ISO/IEC 38507View capability →Versioned Model Cards and Dataset Cards
Transparency is not an attached PDF: it is a versioned card with status.
EU AI Act Art. 11 (Annex IV) · Art. 10 · ISO/IEC 42001 A.7.5View capability →Bias Detection with p-value
We do not tell you there is bias: we prove it, with a p-value.
ISO/IEC 38507 §6.4 · EU AI Act Art. 15 · ISO/IEC 42001 A.6.2.6View capability →AI Providers with DPA, SCCs and TIA
Using OpenAI without a DPA is an international transfer with no legal basis.
GDPR Ch. V + Art. 28 · EU AI Act Art. 25 · ISO/IEC 42001 A.10View capability →AI Audit Trail Without Storing the Prompt
We do not store what you told the AI. We store that you can prove you said it.
EU AI Act Art. 12 · ISO/IEC 38507 §6.5View capability →AI Policy and Limits with Committee Approval
Who turns on AI with confidential data is not the operator: it is the committee.
ISO/IEC 38507 §6.2 · ISO/IEC 42001 §5View capability →Description Origin and Human-in-the-Loop
When AI writes a description, the system knows AI wrote it — and does not publish it until a human signs off.
ISO/IEC 38507 §6.3 · ISO/IEC 42001 A.10.4View capability →AIMS ISO 42001: The Demonstrable PDCA Cycle
Documenting the AIMS is easy. Proving you audit and review it — the full PDCA — is what gets certified.
ISO/IEC 42001 §6.2 / §7 / §9.2 / §9.3 / §10.2View capability →Privacy (GDPR)
RoPA: Record of Processing Activities
A RoPA that points to the real tables — not a disconnected spreadsheet.
GDPR Art. 30 · Art. 6 · Art. 9View capability →Data Subject Rights (DSR) with Legal Clock
Citizen rights are not managed by email: with the Art. 12 clock and data location via the RoPA.
GDPR Art. 12 · Arts. 15/17/20 · Art. 22(3)View capability →DPIA: Proactive Impact Assessment (Art. 35)
Do not wait for the risk to find you: the catalogue tells you which assets require a DPIA.
GDPR Art. 35 · Art. 36 · ISO/IEC 38505-1 (Risk)View capability →Right to Erasure: Real Cascading Deletion
The right to erasure requires real deletion, not a deleted=true flag.
GDPR Art. 17 · Art. 12(3)View capability →Data governance
Data Contracts with Automatic Violation Detection
Without a contract, every schema change is Russian roulette with someone else's data.
ISO/IEC 38505-1 (Restrictions) · Data MeshView capability →Data Valuation: Utility Index
How much is your data worth? A self-calculated utility index 0–100 (usage, lineage, quality).
ISO/IEC 38505-1 (Value) · DAMA-DMBOKView capability →Governance Committees with Traceable Evidence
The committee does not decide in a Word document: it decides with evidence linked to the data.
ISO/IEC 38505-1 (Authority) · ISO/IEC TR 38505-2 §5 · ISO/IEC 42001 §9.2/§9.3View capability →EDM View: 6 Principles at a Glance
The CDO does not need 40 dashboards: they need six principles, at a glance.
ISO/IEC 38505-1 §5 (Evaluate–Direct–Monitor)View capability →Data Risk with 5×5 Matrix and Effectiveness Verification
A data risk is not closed by saying "already mitigated": it is closed with proven effectiveness.
ISO 31000 · ISO/IEC 38505-1 (Risk)View capability →Access Grant with Structured Purpose
Access with a typed purpose and an expiry date. Not "just because".
GDPR Art. 5(1)(b) · ISO/IEC 38505-1 (Authority)View capability →Append-Only Policy Versioning
Ask us which policy was in force on 15 January. We will reconstruct it.
ISO/IEC 38505-1 (Authority) · GDPR Art. 5(2)View capability →Consented and Time-Bounded Authority Delegation
Authority is not imposed: it is delegated, the delegate accepts it, and it expires on its own.
ISO/IEC 38505-1 (Authority) · GDPR Art. 5(2)View capability →Catalog, quality & lineage
Executable Data Quality (Real SQL, 6 Dimensions)
Quality stops being an opinion: rules that execute real SQL against the source, in 8 dialects.
ISO 8000 · DAMA-DMBOK · ISO/IEC 38505-1 (Quality)View capability →Temporal and Verifiable Lineage (Point-in-Time)
We know what the lineage looked like on the fiscal year-end — and we can prove nobody touched it.
ISO/IEC 38505-1 (Principles 5 and 6) · GDPR Art. 5(2)View capability →Governed Semantic Search
Find your "churn tables" even if none of them are called that — and with an audit trail.
ISO/IEC 38507 (traced AI usage)View capability →Impact Analysis Before Breaking Anything
Before dropping a column, you see the 14 dashboards and 3 models that will break.
ISO/IEC 38505-1 (Lifecycle)View capability →The Catalogue in Your IDE: Native MCP Server
Your IDE queries the catalogue without leaving the editor — and without bypassing a single permission.
MCP spec · authz server-sideView capability →Trust & evidence
Audit Chain: Verifiable Cryptographic Integrity
Other catalogues store logs. Linedat stores proof — verify it with a button.
ISO/IEC 38505-1 (Principle 6) · GDPR Art. 5(2) · EU AI Act Art. 12View capability →Append-Only Decision Evidence (via Trigger)
The evidence of your decisions is not edited: it is superseded, chained.
ISO/IEC TR 38505-2 §5 (decide phase) · EU AI Act Art. 14View capability →3-Level RBAC with Separation of Duties
The person who operates the data is not the person who governs it. By design.
ISO/IEC 38505-1 (Authority) · SoD (SOX/DORA) · ISO/IEC TR 38505-2 §6View capability →