Retrieved document IDs and hashes record the identity and integrity markers of the materials returned by a retrieval step during a GenAI run. In a retrieval-augmented system, the model does not answer from its base model alone; it also draws on documents, passages, chunks, tables, or other indexed artefacts supplied at run time. RAIDT therefore treats the retrieved evidence objects as part of the run record, not as an invisible background process.

A document ID typically names the retrieved artefact within the organisation's corpus, search layer, vector index, content management system, or evidence store. A hash is a compact integrity value derived from the relevant source object, such as the full document, the retrieved chunk, or a canonicalised passage representation. Together, these fields support later checking that the evidence retrieved during the run is the evidence being discussed during review.

This item matters because retrieval introduces a distinctive governance problem: the answer may depend on external materials that can change over time. A query alone does not fully solve this problem. Two runs can use the same query and index but still retrieve different chunks because of corpus updates, ranking changes, ingestion errors, or source edits. For RAIDT, retrieved document IDs and hashes therefore complement S4.10 ? Retrieval query and index ID by documenting what was actually returned, and complement S4.15 ? Output hash by showing what evidence underpinned the output.

Within RAIDT, this belongs inside run-level evidence because a run is the unit of governance. If reviewers cannot reconstruct which evidence artefacts informed the run, then the evidence pack is incomplete and the five-pillar profile risks resting on assertion rather than inspectable records.

Retrieved document IDs and hashes solve a practical audit problem: they allow a reviewer to move from a claim that a system used evidence to a demonstrable record of which evidence objects were retrieved. This reduces ambiguity when outputs are contested, when a document repository is updated after the fact, or when an organisation needs to compare two runs that produced materially different answers.

Without this item, retrieval provenance is often reduced to vague statements such as "the model searched the policy library" or "the answer was grounded in internal documents". That is insufficient for responsible governance. It becomes difficult to test whether the model cited the wrong version of a policy, whether an outdated chunk was surfaced, or whether a later reviewer is looking at a source that differs from the one used at the original moment of decision support.

For organisations using GenAI in operational settings, this item helps convert abstract expectations about transparency into a reviewable artefact. It supports challenge, replay, escalation, and post hoc investigation. In RAIDT terms, it moves governance from principles to operational evidence by showing what evidence objects were actually in play at run time.

Key idea: Retrieved document IDs and hashes matter because they make retrieval provenance inspectable at the level of the actual evidence objects used in a specific run.

• The specific document, record, file, or corpus object returned by the retrieval step.
• The identifier structure used by the retrieval layer, such as document ID, chunk ID, page ID, or repository key.
• The integrity value associated with the retrieved artefact, such as a documented content hash.
• The basis for checking whether the retrieved source has changed since the run occurred.
• The link between retrieval events and the evidence pack used for review, scoring, and contestability.
• The minimum provenance needed to compare what was asked for, what was retrieved, and what was ultimately produced.

Audience question

Why store document hashes?

Answer

The concern behind this question is usually that document identifiers alone may seem sufficient. In practice, they are not always enough. A document ID may remain stable even when the underlying content changes, when a page is revised, or when a retrieval pipeline re-chunks source material during re-indexing. If RAIDT stored only the identifier, a reviewer might locate the same nominal document later but still fail to verify the exact content state that informed the run.

The direct answer is that hashes help show that the evidence source actually used in the run is the evidence source being reviewed afterwards. For example, suppose a policy assistant retrieved HR-POL-017 from an internal repository during a run in March. By June, the same policy has been updated after a compliance review. The document ID still points to HR-POL-017, but the hash reveals whether the reviewer is looking at the March content or the June revision. That distinction matters if the run supported a decision that is later challenged.

RAIDT handles this better than a generic AI governance approach because it records the issue at run level. Rather than saying only that the system was connected to approved sources, RAIDT asks what was retrieved in this run, how it can be verified, and how that retrieval evidence enters the evidence pack and score profile.

Consider a healthcare use case in which a hospital uses a retrieval-augmented GenAI assistant to draft discharge guidance for clinicians from internal protocols and medicines information sheets. A particular run retrieves three passages: a local anticoagulation protocol, a renal dosing table, and a discharge checklist. The run-level issue is that the generated answer may later be questioned if a patient incident occurs or if the protocol was updated after the response was generated.

The evidence needed is not only the clinician's prompt and the retrieval query, but also the retrieved document IDs, chunk references, and hashes for the exact materials returned during the run. These records allow a reviewer to test whether the assistant relied on the correct protocol version and whether the retrieved content corresponds to the answer that was given.

In RAIDT terms, Auditability and Traceability are the most directly affected pillars, with Dependability also strengthened because the organisation can evaluate whether the system behaved consistently against the intended evidence base. Responsibility is implicated because clinical governance depends on being able to investigate evidence use. This item improves governance readiness by making the retrieval layer reviewable rather than opaque.

Retrieved document IDs and hashes link to RAIDT in four ways.

First, they support RAIDT's core idea that governance should attach to the run rather than to broad system-level assurances. The item makes a specific retrieval event evidentially visible.

Second, they strengthen run-level evidence by documenting what evidence artefacts were actually returned, not merely what repository or query configuration existed in principle.

Third, they improve the evidence pack and the score profile because reviewers can assess whether retrieval provenance is sufficiently robust for audit, challenge, and replay.

Fourth, they support reviewability, contestability, audit readiness, and organisational learning by allowing later investigators to compare the original retrieval state with the current corpus state and to diagnose source drift or pipeline change.

Retrieved document IDs and hashes -> Run-level evidence -> Evidence pack -> RAIDT score profile -> Governance readiness

This chain matters because retrieval provenance is often where apparently well-governed systems become difficult to reconstruct in practice. RAIDT makes that weakness visible and governable.

Responsibility

This item supports Responsibility when an organisation must show that evidence-backed outputs were grounded in identifiable and reviewable source materials. It is especially important when human operators rely on a system in consequential organisational settings.

Example evidence / implication:

• A reviewer can test whether staff relied on the approved policy artefact rather than an outdated or informal document.
• Governance teams can assign accountability more fairly when the evidence path behind a run is explicit.

Auditability

This item has a strong effect on Auditability because it gives reviewers concrete handles for reconstructing what the retrieval subsystem returned at the time of the run.

Example evidence / implication:

• Audit logs can tie an answer to specific document and chunk identifiers.
• Hashes provide an integrity check when sources have changed since the run occurred.

Interpretability

The effect on Interpretability is supportive rather than primary. Retrieved document IDs and hashes do not explain model internals, but they do clarify which external artefacts likely shaped the answer.

Example evidence / implication:

• Reviewers can distinguish between a problematic answer caused by poor retrieval and one caused by poor generation.
• Subject-matter experts can inspect the retrieved materials to understand why the answer took a particular direction.

Dependability

This item supports Dependability by helping teams evaluate whether the retrieval component behaves consistently and whether changes in outputs correspond to changes in retrieved evidence.

Example evidence / implication:

• Teams can compare repeated runs and test whether retrieval variation reflects corpus change, ranking instability, or implementation faults.
• Incident reviews can determine whether a failure arose from missing evidence, wrong evidence, or unchanged evidence used badly.

Traceability

This item has a very strong effect on Traceability because it links the output to identifiable source artefacts and allows movement from the generated answer back to the retrieval event.

Example evidence / implication:

• Reviewers can trace an answer back to the exact corpus objects returned during the run.
• Investigators can connect retrieval evidence with prompt records, tool traces, and output artefacts in a single evidence chain.

Auditability and Traceability are the most directly affected pillars here, with Dependability and Responsibility also materially supported.

In general AI governance, source provenance may simply mean that a system uses approved documents or that citations appear in the interface. In RAIDT, retrieved document IDs and hashes mean that the concrete evidence objects returned during one run are recorded in a way that can be inspected later.

The RAIDT meaning is more operational because it is tied to run-level evidence. It is not enough to claim that the model was retrieval-augmented or connected to a trusted corpus. RAIDT asks whether a reviewer can identify the exact retrieved artefacts, test their integrity, and relate them to the answer, the evidence pack, and the resulting governance assessment.

Misunderstanding

If the system logs the retrieval query and the name of the document repository, that is enough to show retrieval provenance.

Correction

That is only partial provenance. The same query against the same repository can return different results over time because documents are updated, rankings shift, indexes are rebuilt, or chunking strategies change. For example, a legal assistant may query the same internal policy library in April and again in July, yet retrieve materially different passages because a guidance note was revised. RAIDT therefore requires evidence of what was actually retrieved in the run, not just where the system looked.

This item does not prove that the retrieved documents were correct, sufficient, or appropriately interpreted by the model. It does not by itself establish factual accuracy, legal adequacy, or safe organisational use. A stable document hash may confirm integrity of the retrieved artefact while the artefact itself is still wrong, outdated at source, incomplete, or misapplied by the model.

It also depends on implementation choices. If the system hashes only full documents but retrieval occurs at chunk level, the integrity signal may be too coarse for detailed review. If identifiers are unstable across re-indexing, comparison over time becomes harder. RAIDT handles these limitations by treating this item as one component of a wider evidence architecture that also includes retrieval query and index information, tool-chain traces, outputs, and reviewer judgement.

Manual implementation

A researcher or small team can record retrieved document IDs, source names, page references, and simple hash values in a structured run sheet or evidence table immediately after each run. This is workable for pilots, prototypes, and empirical studies with limited scale.

Semi-automated implementation

A semi-automated setup can populate these fields from a retrieval wrapper, notebook, orchestration script, or form-based review template. Metadata can be exported into a RAIDT evidence pack while reviewers add contextual notes about corpus versioning, source quality, or chunk boundaries.

Fully automated implementation

At scale, a platform can capture retrieval events automatically from the search layer, vector database, content store, or orchestration pipeline. The governance system can log document IDs, chunk IDs, canonicalised hashes, source versions, timestamps, and replay references, then surface them in dashboards, run cards, and reviewer workflows for routine audit and incident investigation.

In Paper 08 Foundations, this item helps demonstrate that RAIDT treats retrieval provenance as a first-class part of run evidence rather than an optional technical detail. In Paper 09 Empirical Validation, it provides a concrete variable for testing whether reviewers can reconstruct evidence use more effectively when retrieval artefacts are logged at run level. In Paper 10 Policy Pathways, it offers a policy-relevant example of how organisations can move from high-level transparency expectations to operational records.

This item is also useful in sector playbooks, especially where document-grounded GenAI systems are likely to be deployed in healthcare, public services, law, and enterprise knowledge work. For the evidence pack, it strengthens replayability and source verification. For the scoring rubric, it supports a defensible assessment of Auditability and Traceability. For supervision, viva defence, and journal positioning, it provides a clear example of how RAIDT turns an abstract governance concern into a structured evidential field.

Q1. Why are document IDs not enough on their own?

Because an identifier may stay constant while the underlying content changes. Hashes add an integrity check that helps show whether the source being reviewed is still the same source state that was retrieved during the run.

Q2. Does this item require a specific hashing algorithm or storage architecture?

No. RAIDT requires a documented and reviewable integrity approach, not one universal technical implementation. The key governance requirement is that the chosen method is stable enough to support later verification.

Q3. How is this different from storing citations in the generated answer?

Citations are useful for users, but they are not the same as run-level provenance. RAIDT is concerned with what the system actually retrieved and how that can be verified during review, even if the visible answer contains simplified or incomplete references.

Q4. What happens if the source corpus is continuously updated?

That is precisely why this item matters. Continuous updates increase the risk of source drift. Recording document IDs and hashes allows the organisation to compare the original retrieval state with the later corpus state and to explain differences.

Q5. Is this mainly a technical logging issue, or a governance issue?

It is both, but RAIDT frames it primarily as a governance issue expressed through technical evidence. The point is not logging for its own sake; it is to make evidence use contestable, reviewable, and organisationally defensible.

• retrieval-augmented generation provenance
• document versioning and integrity verification
• hash-based evidence preservation in digital governance
• audit trails for AI-assisted decision support
• source drift in knowledge-grounded language models
• provenance metadata for enterprise search and RAG systems
• reproducibility of retrieval pipelines
• evidential logging for responsible AI governance
• traceability of external knowledge in generative AI
• corpus version control and compliance review

Retrieved document IDs and hashes are the part of RAIDT that makes retrieval evidence concrete. If a GenAI system uses external documents during a run, RAIDT does not treat that as a vague background feature. It asks which specific documents or chunks were retrieved and how their integrity can be checked later. That matters because the same query can return different material when repositories are updated, indexes are rebuilt, or rankings change. By recording identifiers and hashes at run level, the evidence pack becomes much more reviewable. Supervisors, auditors, or organisational reviewers can test what evidence the system actually used, not just what it was supposed to use. In RAIDT, this directly strengthens auditability, traceability, and governance readiness.

Retrieved document IDs and hashes are the run-level provenance fields that show exactly which retrieved evidence objects informed a GenAI run and how RAIDT makes them reviewable.

• S4.01 ? run_id
• S4.02 ? Timestamp
• S4.03 ? User role / operator role
• S4.04 ? Task and domain label
• S4.05 ? Prompt registry
• S4.06 ? Prompt ID and version
• S4.07 ? Prompt hash
• S4.08 ? Model/provider/version identifier
• S4.09 ? Decoding parameters
• S4.10 ? Retrieval query and index ID
• S4.12 ? Tool-chain trace
• S4.13 ? Adapter ID / PEFT lineage
• S4.14 ? Alignment policy ID
• S4.15 ? Output hash
• S4.16 ? Review decision and reviewer notes
• ? and 1 more

No anchored questions were present in the source note.