EU AI Act
欧盟 AI 法案对提供者和部署者施加义务。Dictiva 提供代理级工件,支持客户的合规和运营证据包。
引用使用规范矩阵中的 Article 格式。
已覆盖
4
部分覆盖
1
未覆盖
1
| 要求 | AF | 证据类型 | 状态 | 备注 |
|---|---|---|---|---|
# Art 9 Risk management system - Establish, implement, document, and maintain a risk management system for high-risk AI systems as a continuous iterative process throughout the lifecycle, including identifying foreseeable risks, estimating, evaluating, and adopting risk-management measures. | AF-3, AF-4, AF-6 | agent_charters.riskLevel; agent_charters.mayNotActions + mustEscalateWhen (mitigation measures); agent_statement_assignments (controls); agent_action_events.decision (operational evidence the measures are applied) | 已覆盖 | Per-agent risk management is fully expressed: classification (charter), declared treatments (charter rules), bound controls (statement assignments), runtime evidence (ledger). The lifecycle iteration is supported by the supersedesCharterId chain + reviewDueAt recertification timer. |
# Art 10 Data and data governance - Training, validation, and testing data sets shall be subject to data governance and management practices appropriate for the intended purpose; examined for biases; relevant in light of the intended purpose. | AF-3 (runtime data only) | agent_charters.dataAccess[] documents which datasets/PII categories the agent accesses at runtime | 未覆盖 out of AF scope | Article 10 governs training data for the AI system. Dictiva agents use third-party model providers (Claude, GPT, etc.) — training-data governance is the model vendor's domain plus the customer's own model-procurement practice. AF documents runtime data exposure (charter dataAccess[]) but does not address training-data lineage. Not tracking in AF-7. |
# Art 12 Record-keeping - High-risk AI systems shall technically allow for the automatic recording of events (logs) over the lifetime of the system. Logs shall ensure traceability of the system's functioning appropriate to the intended purpose. | AF-1, AF-0 | agent_action_events ledger row per action: actor_did_snapshot, action, subject_type/subject_id, occurred_at, decision, initiator_user_id, approved_by_user_id, metadata | 已覆盖 | The ledger is the technical record-keeping mechanism. Append-only enforcement (trigger-based per ADR-044) makes the logs tamper-evident at the DB level. The four indexes support per-agent timeline, per-DID lookup (across rotation), per-subject drilldown, and per-execution grouping — all retrieval modes a regulator audit would require. |
# Art 13 Transparency and provision of information to deployers - High-risk AI systems shall be designed and developed in such a way as to ensure that their operation is sufficiently transparent to enable deployers to interpret a system's output and use it appropriately. Instructions for use shall be provided. | AF-3 | agent_charters rendered on /members/[id] profile page: purpose, scope, riskLevel, mayActions, mayNotActions, mustEscalateWhen, humanOversight, approvalRequirements, dataAccess, externalSystems | 已覆盖 | The charter is the agent's "instructions for use" expressed as data, not just text. The profile page renders it in human-readable form. A non-technical deployer can read it in 30 seconds (per AF-3 acceptance criterion). |
# Art 14 Human oversight - High-risk AI systems shall be designed and developed in such a way as to enable human oversight by natural persons during the period in which they are in use, including: (a) understanding capacities and limitations and being able to monitor operation, (b) remaining aware of automation bias, (c) correctly interpreting output, (d) deciding not to use or otherwise disregard, override, reverse, or stop the output, (e) intervening on the operation or interrupting the system through a 'stop' button. | AF-3, AF-6 | agent_charters.humanOversight.{requiredFor, monitoringCadence, overrideAuthority} (declared); agent_charters.approvalRequirements[] (declared); AF-6 preflight evaluator (enforced); agent_action_events.decision='escalated' with approved_by_user_id populated (proven-in-use evidence) | 已覆盖 | This is the AF system's headline alignment with the AI Act. (a) monitoring → AF-1.5 Recent Actions tab. (b/c) charter purpose/riskLevel declare scope and limits. (d/e) override/intervene → AF-6 escalation routes the request to a human and blocks until approval; the ledger row records the decision. The Art 14(4)(e) "stop button" is the per-action override; agent-wide stop (kill switch) is AF-7.1 — a noted gap. |
# Art 15 Accuracy, robustness, and cybersecurity - High-risk AI systems shall be designed and developed in such a way that they achieve, in the light of their intended purpose, an appropriate level of accuracy, robustness, and cybersecurity, and that they perform consistently in those respects throughout their lifecycle. | AF-1 (robustness signal); AF-7.5 (qualification) | agent_action_events.decision='blocked' rows surface behavioral inconsistencies | 部分覆盖 | Robustness is partially covered: the ledger surfaces inconsistencies and the AF-6 enforcement layer prevents many. Accuracy is upstream — a function of the underlying model and the agent's prompt/skill quality, addressed by the AF-7.5 qualification track (#2632). Cybersecurity is tenant-wide (auth, encryption, network controls) — out of AF scope. |
框架详情
公开缺口引用
每行的缺口标记链接到公开的 AF-7 父级史诗,而不是暴露内部子 issue 编号。