Compliance & Governance¶
Get regulator-ready compliance evidence from every AI call without changing your application architecture. CRP is the first AI context protocol with regulatory compliance as a first-class feature - not bolted on after the fact.
Why This Matters¶
The EU AI Act high-risk requirements take effect August 2026. Organizations deploying AI in employment, education, healthcare, law enforcement, or critical infrastructure must demonstrate compliance. CRP provides the technical foundation.
Regulatory Coverage¶
graph TD
CRP[CRP Protocol] --> EU[EU AI Act<br/>33/35 controls]
CRP --> ISO[ISO 42001<br/>AIMS alignment]
CRP --> GDPR[GDPR<br/>Data protection]
CRP --> NIST[NIST AI RMF<br/>Risk management]
CRP --> OWASP[OWASP Top 10<br/>9/10 LLM + 8/10 ML] | Framework | CRP Coverage | Key Strength |
|---|---|---|
| EU AI Act | 33/35 technical controls | HMAC audit trail, risk classification |
| ISO 42001 | AIMS-aligned architecture | Event-sourced fact model, quality tiers |
| GDPR | Built-in data protection | PII scanning, consent management, erasure |
| NIST AI RMF | 4 core functions mapped | Continuous monitoring, bias detection |
| Security | 8 security layers | Zero-trust, encryption, RBAC |
Business value¶
| Compliance task | Traditional approach | With CRP |
|---|---|---|
| EU AI Act risk classification | Manual legal review | client.compliance.classify() in milliseconds |
| Technical documentation | Consultants, weeks | Auto-generated Art. 11 docs from runtime data |
| Record-keeping | Spreadheets / log dumps | HMAC-signed audit chain per call |
| DPIA (GDPR Art. 35) | Manual template filling | Auto-generated from PII/processing evidence |
| Evidence pack for auditors | Months of gathering | One-click export from CRP Comply |
Built-in Compliance Components¶
The current CRP Python SDK exposes compliance and audit helpers directly on the client:
import crp
client = crp.SDKClient() # auto-detects provider from env vars
# EU AI Act Art. 6 risk classification
risk = client.compliance.classify(
intended_purpose="Automated contract review",
processes_personal_data=True,
makes_automated_decisions=False,
)
print(risk["level"]) # MINIMAL | LIMITED | HIGH | UNACCEPTABLE
# Per-session compliance status across frameworks
report = client.compliance.report()
print(report["score"], report["frameworks"])
# List active technical controls
controls = client.compliance.controls()
print(controls)
# Tamper-evident audit summary and verification
print(client.audit.summary())
valid, broken_at = client.audit.verify()
assert valid
For the hosted compliance dashboard, one-click evidence packs, and signed certificates, see the CRP Comply product page.
Compliance Demo¶
The demo app includes a full compliance demonstration:
This demonstrates risk classification, human oversight levels, audit trail verification, PII scanning, and compliance report generation.
Pages in This Section¶
-
Article-by-article mapping. 33/35 controls implemented.
-
AI Management System alignment.
-
Data protection by design and default.
-
Risk management framework mapping.
-
8-layer security architecture.
-
Hosted dashboard, evidence packs, and report generator.