A founder at a small marketing consultancy described an exchange that captures the issue well. Her team had used an AI writing tool to draft a market intelligence summary for a financial services client. The client came back with a single question: where did this information come from, which model processed it, and who had verified the output before it landed in their inbox? She had no answer beyond the name of the tool. The project stalled.
That moment is what AI provenance addresses.
What is AI provenance?
AI provenance covers three layers: the origin of your data, the model that processed it, and how any output was produced and subsequently changed. IBM defines data provenance as the historical record of data’s origins and how it has been modified and handled over its lifecycle. Model provenance records which version of a tool ran and on what training material. Output provenance traces the prompt, parameters, and any edits made before the result was used.
The term has archival roots. Provenance in records management meant documenting who created something and how it came to exist. Applied to AI, that question runs across an entire pipeline from data collection through to the finished output.
The three-layer frame helps. Data provenance covers your source material: whether it was collected lawfully, on what basis, and what you are permitted to do with it. Model provenance records which tool you used, in which version, built on what training material. Output provenance captures the specific prompt, parameters, and any subsequent edits that shaped the result the reader saw.
For a small UK service firm, this rarely requires dedicated infrastructure. The core question is a practical one: if a client, a regulator, or a court asked you to reconstruct what data you used, which AI tool processed it, and what the output originally said, could you answer?
Why does AI provenance matter for your business?
UK firms using AI already carry provenance obligations, whether they know it or not. The ICO’s guidance on AI and data protection expects organisations to document the provenance of training data, including sources and bias-reduction steps, wherever automated decisions affect individuals. The FCA has pointed to data governance and data lineage as central to safe AI in financial services. These are current requirements, not future intentions.
Two court cases from 2023 illustrate the risk in practical terms. In the UK, a High Court judge ruled that Getty Images’ case against Stability AI over training-data provenance could proceed to trial. The case centred on whether Stability AI’s model had been trained on Getty’s images without permission, and contested provenance records meant the dispute could not be resolved without full disclosure. In the US, a federal judge fined two lawyers $5,000 after they filed court documents containing six fabricated case citations generated by ChatGPT. The firm had not verified whether the sources were real. Output provenance, the ability to trace exactly what an AI produced and what it was based on, was the problem in both situations.
The EU AI Act adds a forward-looking dimension. Article 50, which takes effect from August 2026, will require providers of certain AI-generated content to use machine-readable labelling that signals AI involvement. UK firms are not directly bound by the Act, but any UK business offering AI-assisted services into the EU market may fall within scope. The Competition and Markets Authority has separately warned it may act under consumer protection law if AI systems mislead consumers, and documented provenance is your first practical defence if a challenge arises.
Where will you actually meet AI provenance?
AI provenance becomes concrete in three situations common to small UK service firms: when you feed client or personal data into an AI tool, when you use or fine-tune an external model for your work, and when you produce AI-assisted content for clients or the public. Each carries a different risk level and calls for different records.
When your team feeds client documents, customer records, or any personal information into an external AI tool, you have an active data provenance question. Under UK GDPR, you need a documented lawful basis. A simple data register, recording source, owner, legal basis, and retention period for each dataset you use in AI workflows, covers the basics. The ICO’s accountability guidance points to exactly this kind of documentation.
The model you rely on carries its own provenance history. When you use OpenAI, Anthropic, or another foundation model, you inherit the provider’s situation. The New York Times’ lawsuit against OpenAI and Microsoft over training-data use illustrates how unresolved disputes at the provider level can affect indemnities. A model register, recording provider, version, intended purpose, and known limitations, gives you a defensible audit trail.
Output provenance is the most visible layer for client-facing firms. When an AI tool produces a report or recommendation that you pass to a client, keep a record of the prompt used, the model version, and any edits made before delivery. A simple labelling convention such as “AI-assisted draft, reviewed by [name]” aligns with what the CMA and the NTIA both expect: that recipients of AI-assisted outputs can identify AI involvement.
When does provenance matter and when can you ignore it?
Provenance discipline scales with the stakes involved. When an AI output or the data feeding it could affect a client’s decisions, a regulated process, or someone’s rights, basic record-keeping is proportionate and expected. When a team member uses AI to tidy their own internal notes or summarise a policy document, detailed tracking is not required. The test is whether you would need to reconstruct the data trail if something went wrong.
Regulators are not expecting every small firm to track every autocomplete suggestion. The UK government’s 2023 AI White Paper explicitly frames regulation as proportionate to risk. Purely internal experimentation on non-personal data, commodity SaaS features with no material effect on decisions, and AI tools used only on dummy data all sit below the threshold where formal provenance tracking is required.
The line moves when AI starts producing something that matters outside your own team. Client-facing analysis, automated recommendations, anything that touches hiring or performance decisions, and content that could be mistaken for fully human-authored work all warrant some basic record-keeping. The NCSC’s Secure AI System Development Guidelines treat traceability of training data, model versions, and outputs as a core security design requirement, not an optional consideration.
A practical frame for a firm of ten to thirty people: keep a data register, a model register, and a basic output log for high-stakes deliverables. A shared spreadsheet, reviewed quarterly, is sufficient for many firms at this scale without dedicated tooling.
What related concepts should you know?
Provenance sits alongside several terms that appear in the same conversations. Knowing the difference helps when talking to suppliers, reviewing model documentation, or responding to a data protection audit. Data lineage, model cards, and content credentials are the three you will encounter most frequently, and each addresses a different part of the same accountability chain.
Data lineage shows how data moves through your systems, from source to output. Snowflake draws the distinction clearly: lineage is about flow, provenance is about proof. You can have well-documented lineage and still face a provenance problem if the source data was collected without clear permission or a documented legal basis.
Model cards are published documents, introduced in Google Research’s 2019 model card paper, that describe a model’s training data, intended uses, limitations, and known risks. Where a provider publishes them, download a copy and link it to your model register. They give you documented evidence of what a model was trained on and what it was built to do.
Content credentials are an emerging standard from the Coalition for Content Provenance and Authenticity (C2PA), backed by Adobe, Microsoft, and others. They embed cryptographically verifiable metadata into digital files so a viewer can confirm whether content is AI-generated, who created it, and what changes have been made. This is output provenance at scale, and it is likely to become a client expectation in professional services as concerns about AI-generated content grow.
If you are working through your AI documentation, the ICO’s DPIA templates are a practical starting point. They already ask the provenance questions.
