Compliance API¶

CRP exposes compliance components as public properties on the Client instance.

Risk Classifier¶

EU AI Act Article 6 risk assessment.

from crp.security import AIRiskLevel

assessment = client.risk_classifier.assess(
    category="employment",
    intended_purpose="Resume screening",
    processes_personal_data=True,
    makes_automated_decisions=True,
    affects_fundamental_rights=True,
    safety_critical=False,
    profiles_individuals=True,
)

RiskAssessment¶

Field	Type	Description
`risk_level`	`AIRiskLevel`	MINIMAL, LIMITED, HIGH, UNACCEPTABLE
`system_category`	`AISystemCategory`	EU AI Act Annex III category
`mitigations`	`list[str]`	Required mitigation measures
`residual_risks`	`list[str]`	Remaining risks after mitigation

AIRiskLevel Enum¶

Value	EU AI Act Mapping
`MINIMAL`	No specific requirements
`LIMITED`	Art. 52 transparency obligations
`HIGH`	Art. 6–17 full compliance required
`UNACCEPTABLE`	Art. 5 prohibited practices

Human Oversight Controller¶

EU AI Act Article 14 human oversight.

from crp.security import HumanOversightLevel

# Get current level
level = client.human_oversight.level
print(f"Level: {level.value}")

# Set level
client.human_oversight.level = HumanOversightLevel.APPROVAL

# Check if operation requires approval
needs_approval = client.human_oversight.requires_approval("dispatch")

HumanOversightLevel Enum¶

Level	Behavior
`NONE`	Fully autonomous operation
`INFORMED`	Humans notified of all operations
`APPROVAL`	Humans must approve before dispatch
`CONTROL`	Humans control every step

Compliance Audit Trail¶

HMAC-SHA256 chained audit trail (Article 12).

# Verify chain integrity
is_valid, broken_at = client.compliance_audit.verify_chain()
# broken_at is -1 if chain is valid, otherwise the sequence number

# Get entry count
entries = client.compliance_audit.entry_count
print(f"Valid: {is_valid}, Entries: {entries}")

Return Values¶

Method	Returns	Description
`verify_chain()`	`tuple[bool, int]`	(is_valid, broken_at_sequence)
`.entry_count`	`int`	Number of audit entries

PII Scanner¶

GDPR personal data detection.

result = client.pii_scanner.scan("Contact John at john@example.com")
print(f"Has PII:    {result.has_pii}")       # bool (property)
print(f"PII types:  {result.pii_types_found}") # set[str]
print(f"Detections: {len(result.detections)}")  # int

PIIScanResult¶

Field	Type	Description
`has_pii`	`bool`	Whether PII was detected (property)
`pii_types_found`	`set[str]`	Types of PII found
`detections`	`list`	Individual PII detections

GDPR Article 7 consent tracking.

from crp.security import ProcessingPurpose

client.consent_manager.record_consent(
    data_subject="user-123",
    purpose=ProcessingPurpose.AI_PROCESSING,
)

Processing Record Keeper¶

GDPR Article 30 records of processing activities.

records = client.processing_records
print(f"Activities: {records.activity_count}")

# Export for auditor
export = records.export()
summary = records.summary()

Retention Manager¶

Data retention policies.

client.retention_manager.enforce_retention()

Compliance Reporter¶

Multi-framework compliance report generation.

status = client.session_status()
assessment = client.risk_classifier.assess(...)

report = client.compliance_reporter.generate_report(
    session_stats=status,
    risk_assessment=assessment,
)

print(f"Score:    {report['summary']['compliance_score']}")
print(f"Controls: {report['summary']['implemented']}/{report['summary']['total_controls']}")

Report Structure¶

{
  "summary": {
    "compliance_score": 0.94,
    "total_controls": 35,
    "implemented": 33
  },
  "eu_ai_act": { ... },
  "gdpr": { ... },
  "iso_42001": { ... },
  "nist_ai_rmf": { ... }
}

Data Lineage Tracker¶

Track data provenance from ingest to output.

lineage = client.lineage_tracker
# Full provenance chain: ingest → extraction → envelope → output

Security Imports¶

All compliance types can be imported from crp.security:

from crp.security import (
    # Risk
    RiskClassifier, RiskAssessment, AIRiskLevel, AISystemCategory,
    # Oversight
    HumanOversightController, HumanOversightLevel,
    # Audit
    ComplianceAuditTrail, ComplianceEventType,
    # Privacy
    PIIScanner, DataLineageTracker, RetentionManager,
    # Consent
    ConsentManager, ProcessingPurpose, ProcessingRecordKeeper,
    # Compliance
    ComplianceReporter, TransparencyDeclaration,
    # General security
    InputValidator, InjectionDetector, RBACEnforcer,
    SessionBindingManager, FactIntegrityChain, StateEncryptor,
)