# KB-AIDATA-001 — module evidence summary (public excerpt) **AI-veilig werken met persoonsgegevens** · AI-Safe Municipality journey > Public excerpt of the working record. It shows how this example module was sourced, > reviewed and graded. It is **not learner-facing guidance**, and it deliberately omits > the internal production framework, prompts and full review notes. The learner-facing > output is the module itself. --- ## Module A seven-minute Dutch module for municipal staff. It teaches one routine: before using an AI tool with personal data, run three checks. 1. **Approved tool** — is the tool approved for this use? 2. **Permitted data** — may these data be used, and only the minimum needed? 3. **Permitted purpose** — is there a clear, lawful purpose? The learner proceeds only if all three checks pass. If a check fails, the learner stops or escalates. If personal data reaches an AI tool when it should not have, the learner treats it as a possible data breach and reports it through the organisation's route. The base module teaches the routine, the why and the escalation behaviour. It does not assert which tools, data categories, purposes or reporting routes a specific municipality uses; those are added in a client layer. ## Source registry (excerpt) Every claim rests on a registered, verified source. | Source | Role | Tier | |---|---|---| | GDPR, Regulation (EU) 2016/679 | Purpose limitation, lawful basis, data minimisation, breach notification | Primary, Strong | | EU AI Act, Regulation (EU) 2024/1689, Article 4 | AI literacy and responsible use | Primary, Strong | | Autoriteit Persoonsgegevens guidance on generative AI | Approved tools, permitted data, secure alternatives | Official guidance, Moderate | | Gemeente Eindhoven incident | Real-world warrant only; supports no content claim | Incident, warrant only | Source breakdown: 2 primary legal sources, 1 official guidance source, 1 warrant. ## Claim base Five base claims, each mapped to the sources above. | Claim | Evidence | |---|---| | Personal data may only be entered into approved AI tools | Moderate | | Only the minimum, permitted personal data should be entered | Moderate | | Personal data may only be used for a clear, permitted purpose with a lawful basis | Strong | | Staff using AI tools need working knowledge of safe, responsible use | Strong | | Improper AI use with personal data can create a (suspected) breach and must be reported without delay | Moderate | Evidence base: 2 Strong, 3 Moderate. Claim-to-source mapping is complete. ## Review and gates | Gate | Result | |---|---| | R1/R2 source intake and verification | Sources identified and verified | | R3 claim extraction | Claims rebased onto admitted sources | | G3 claims mapped | Passed | | G4 module-or-journey decision | Passed: single module + job aid | | G5 module design | Passed | | G6 module produced and reviewed | Cleared for internal proof | | G7 assurance and sign-off | Grade computed; independent sign-off pending | | G9 publication | Not reached | Review types completed for the internal proof: instructional, domain, privacy/compliance, accessibility. Independent review is required before client-facing publication. ## Assurance status Computed Assurance Grade: **B Reviewed, pending independent sign-off. Not active.** The current learner draft is **G6.2** (regenerated 11 June 2026) and re-enters G6 review; the earlier computation was made on the superseded G6 v1 draft, so the grade is pending recomputation and does not transfer. No active grade and no published version yet. - Accountable owner: Remco Schoos. - Last validated: 9 June 2026. Next review due: 9 December 2026. - Review cadence: on source change, and at most every six months. - Accessibility: design supports WCAG 2.2 AA and EN 301 549; rendered checks pending. - AI involvement: assisted drafting under human direction, disclosed. ## Rendering summary One governed source, many formats. Available now: the interactive Rise module and the PDF job aid. In the journey plan: manager guide, assignment, podcast, video, team debrief and a scenario assessment. ## Honest limits This excerpt does not claim the module is published, that the grade is active, that it is legal advice, or that it proves EU AI Act compliance. It is an internal proof that the method works end to end, shared in summary form.