SystemOverflow
LearnPrivacy & Fairness in MLRegulatory Compliance (GDPR, CCPA)2 of 6
Privacy & Fairness in MLRegulatory Compliance (GDPR, CCPA)Medium⏱️ ~2 min

Four Planes of Compliant ML Architecture

Definition
A compliant ML architecture separates into four planes: Data (storage/lineage), Control (consent/policy), Processing (training/inference), and Audit (logging/evidence).

DATA PLANE: STORAGE AND LINEAGE

Stores raw data, training datasets, and features with complete lineage. Every piece traces to source and consent basis. Requirements: immutable access logs, automatic retention enforcement, encryption. When deletion requests arrive, identifies all locations with that user data.

CONTROL PLANE: CONSENT AND POLICY

Manages consent records and policy enforcement. Maintains registry mapping users to permissions per purpose. Before processing: "Can I use user X data for purpose Y?" Handles DSARs—orchestrating retrieval, deletion, or portability across systems.

💡 Key Insight: Centralize consent. Distributed consent across services leads to inconsistencies—one service may process data the user revoked elsewhere.

PROCESSING PLANE: TRAINING AND INFERENCE

Runs training and inference only after consent verification. Pipelines record which data points contributed to each model version. Inference checks consent before personalized predictions—if revoked, serve defaults.

AUDIT PLANE: LOGGING AND EVIDENCE

Captures immutable evidence for regulators. Every data access, consent change, and processing decision logged. Provides timestamped proof of deletion. Audit logs often persist longer than the data itself.

⚠️ Key Trade-off: Four planes add latency and complexity. Small teams may start with two (data + audit) and separate control/processing as scale demands.
💡 Key Takeaways
Data plane handles storage/lineage; control plane manages consent and DSAR orchestration
Processing plane verifies consent; audit plane captures immutable evidence
Centralize consent—distributed tracking causes inconsistencies
📌 Interview Tips
1Describe four-plane architecture when asked about compliance design
2Emphasize control plane as single source of truth
← Back to Regulatory Compliance (GDPR, CCPA) Overview
Four Planes of Compliant ML Architecture | Regulatory Compliance (GDPR, CCPA) - System Overflow