Pre-built compliance for EU AI Act, SOC 2, and ISO 42001. Automated risk classification, gap analysis, evidence generation, and remediation tracking.
Full implementation of Regulation 2024/1689: Article 5 (prohibited practices detection), Article 9 (risk management), Article 10 (data governance), Article 11 (technical documentation), Article 14 (human oversight), Article 52 (transparency). Risk categories: Prohibited, High-Risk, Limited, Minimal.
Controls mapped across CC6 (logical access), CC7 (system monitoring and logging), CC8 (information system monitoring), CC9 (incident management), plus A.6-A.12 security procedures. Evidence auto-generated from audit logs, policy evaluations, and agent telemetry.
Sections A.6-A.12 implemented: information security assessment, access control, cryptography and key management, audit and accountability, asset management, physical security, and operations security. Control mapping with evidence templates and assessment procedures.
Questionnaire-based assessment scores agents across Data Access (PII, financial, health), Decision Autonomy (approval requirements, financial authority), Impact Potential (human rights, employment, infrastructure), and Reversibility (non-reversible actions, intervention requirements). Produces risk levels: Minimal, Limited, High, Unacceptable.
const assessment = classifier.classify(
"agent_123",
"Customer Service Bot",
{
accessesPII: true,
accessesFinancialData: false,
requiresHumanApproval: false,
canMakeFinancialDecisions: true,
financialLimit: 500,
actionsReversible: true
}
);
// { riskLevel: "limited", riskScore: 45 }EU AI Act: Article-by-article compliance automation
SOC 2 Type II: CC6-CC9 control evidence generation
ISO 42001: Full AI management systems coverage
Automated risk classification across 4 dimensions
Gap analysis with remediation tracking
Evidence packages: PDF, JSON, Markdown, SIEM export