EU AI Act

AF-3, AF-4, AF-6

agent_charters.riskLevel; agent_charters.mayNotActions + mustEscalateWhen (mitigation measures); agent_statement_assignments (controls); agent_action_events.decision (operational evidence the measures are applied)

Per-agent risk management is fully expressed: classification (charter), declared treatments (charter rules), bound controls (statement assignments), runtime evidence (ledger). The lifecycle iteration is supported by the supersedesCharterId chain + reviewDueAt recertification timer.

AF-3 (runtime data only)

agent_charters.dataAccess[] documents which datasets/PII categories the agent accesses at runtime

out of AF scope

Article 10 governs training data for the AI system. Dictiva agents use third-party model providers (Claude, GPT, etc.) — training-data governance is the model vendor's domain plus the customer's own model-procurement practice. AF documents runtime data exposure (charter dataAccess[]) but does not address training-data lineage. Not tracking in AF-7.

AF-1, AF-0

agent_action_events ledger row per action: actor_did_snapshot, action, subject_type/subject_id, occurred_at, decision, initiator_user_id, approved_by_user_id, metadata

The ledger is the technical record-keeping mechanism. Append-only enforcement (trigger-based per ADR-044) makes the logs tamper-evident at the DB level. The four indexes support per-agent timeline, per-DID lookup (across rotation), per-subject drilldown, and per-execution grouping — all retrieval modes a regulator audit would require.

AF-3

agent_charters rendered on /members/[id] profile page: purpose, scope, riskLevel, mayActions, mayNotActions, mustEscalateWhen, humanOversight, approvalRequirements, dataAccess, externalSystems

The charter is the agent's "instructions for use" expressed as data, not just text. The profile page renders it in human-readable form. A non-technical deployer can read it in 30 seconds (per AF-3 acceptance criterion).

AF-3, AF-6

agent_charters.humanOversight.{requiredFor, monitoringCadence, overrideAuthority} (declared); agent_charters.approvalRequirements[] (declared); AF-6 preflight evaluator (enforced); agent_action_events.decision='escalated' with approved_by_user_id populated (proven-in-use evidence)

This is the AF system's headline alignment with the AI Act. (a) monitoring → AF-1.5 Recent Actions tab. (b/c) charter purpose/riskLevel declare scope and limits. (d/e) override/intervene → AF-6 escalation routes the request to a human and blocks until approval; the ledger row records the decision. The Art 14(4)(e) "stop button" is the per-action override; agent-wide stop (kill switch) is AF-7.1 — a noted gap.

AF-1 (robustness signal); AF-7.5 (qualification)

agent_action_events.decision='blocked' rows surface behavioral inconsistencies

Robustness is partially covered: the ledger surfaces inconsistencies and the AF-6 enforcement layer prevents many. Accuracy is upstream — a function of the underlying model and the agent's prompt/skill quality, addressed by the AF-7.5 qualification track (#2632). Cybersecurity is tenant-wide (auth, encryption, network controls) — out of AF scope.