What is a compliance snapshot?
A compliance snapshot freezes the governance state of an AI system at a specific point in time. It preserves the system description, risk classification, actor role, obligation mapping, evidence state, legal version consulted, and the responsible persons — exactly as they existed at the moment of the governance decision.
The snapshot is immutable. When the system changes, a new snapshot is created. When the law changes, the prior snapshot shows what was known and decided under the prior version. This is what makes governance reconstructable across time.
Key points
- A snapshot is not the current state — it is the state at the moment of decision. The current state may have changed; the snapshot preserves what was true then.
- Each governance event (screening, approval, re-screening) produces its own snapshot. The chain of snapshots is the governance history.
- Snapshots must be immutable. If a snapshot can be retroactively modified, it loses its evidentiary value.
- The difference between the current state and the last snapshot is the governance delta — the change that may trigger re-screening.
Why it matters
Auditors ask: "What did you know when you approved this system?" A compliance snapshot answers this precisely. Without snapshots, the organisation can only show the current state, which may have changed since the decision was made. The snapshot preserves the decision context, making it possible to evaluate whether the decision was reasonable at the time — independent of what has happened since.
How EAB approaches this
EAB's Versioned Screening Records create immutable snapshots at each governance event. Each snapshot captures the complete governance state including legal-version anchoring. The audit trail chains snapshots together to form the reconstructable decision path.