Compliance & Audit
Technical Analysis
System status, version locks, data policy, governance controls, security posture, full audit detail — for compliance and engineering review.
v—
System
System Status
Version & Determinism
Governance
Governance Controls
Live Operational Transparency
Data Policy
Data Policy & Transparency
Audit Detail Report
Extended Governance Audit Log
Rule paths · breaches · hard stops · risk flags · access context · SOC2 CC7.x · GDPR Art. 30
Security Trace (Replay Extension)
Why This Decision Was Safe or Flagged
Live · Replay-linked
Compliance Alignment
Regulatory Compliance Mapping
Phase 1
EU AI Act
High-risk AI system controls
Risk classification — confidence threshold gating ✓ ACTIVE
AI transparency — disclosure banner on all operator pages ✓ ACTIVE
Human oversight — SoD enforced (operator ≠ approver) ✓ ACTIVE
Audit trail — artifact_id + replay on every decision ✓ ACTIVE
Technical documentation — AI Technical File ⚠ PENDING
GDPR
Art. 5, 13, 25, 30
Data minimisation — no raw sensitive values in UI ✓ ACTIVE
Processing records — GDPR Art. 30 log in documents table ✓ ACTIVE
Tenant isolation — all data scoped by tenant_id via JWT ✓ ACTIVE
Right to explanation — deterministic replay + rule trace ✓ ACTIVE
Data lineage — extraction method + source tracked ✓ ACTIVE
ISO 42001
AI Management System
Governance controls — audit logging, replay, drift monitoring ✓ ACTIVE
Risk management — confidence gating + hard stop enforcement ✓ ACTIVE
Policy versioning — policy_version on all artifacts ✓ ACTIVE
Controlled execution — single-use token + TTL + attestation ✓ ACTIVE
Risk register — formal documentation ⚠ PENDING