Skip to content

Compliance & Governance

CRP is the first AI context protocol built with regulatory compliance as a first-class feature — not bolted on after the fact.

Why This Matters

The EU AI Act high-risk requirements take effect August 2026. Organizations deploying AI in employment, education, healthcare, law enforcement, or critical infrastructure must demonstrate compliance. CRP provides the technical foundation.

Regulatory Coverage

graph TD
    CRP[CRP Protocol] --> EU[EU AI Act<br/>33/35 controls]
    CRP --> ISO[ISO 42001<br/>AIMS alignment]
    CRP --> GDPR[GDPR<br/>Data protection]
    CRP --> NIST[NIST AI RMF<br/>Risk management]
    CRP --> OWASP[OWASP Top 10<br/>9/10 LLM + 8/10 ML]
Framework CRP Coverage Key Strength
EU AI Act 33/35 technical controls HMAC audit trail, risk classification
ISO 42001 AIMS-aligned architecture Event-sourced fact model, quality tiers
GDPR Built-in data protection PII scanning, consent management, erasure
NIST AI RMF 4 core functions mapped Continuous monitoring, bias detection
Security 8 security layers Zero-trust, encryption, RBAC

Built-in Compliance Components

CRP exposes compliance features as public properties on the client:

from crp import Client

client = Client(provider="openai", model="gpt-4o")

# All compliance components accessible:
client.risk_classifier       # EU AI Act Art. 6 risk assessment
client.human_oversight        # EU AI Act Art. 14 oversight levels
client.compliance_audit       # HMAC-SHA256 audit trail (Art. 12)
client.pii_scanner            # GDPR PII detection
client.consent_manager        # GDPR Art. 7 consent tracking
client.processing_records     # GDPR Art. 30 records
client.retention_manager      # Data retention policies
client.compliance_reporter    # Multi-framework compliance reports
client.lineage_tracker        # Data lineage tracking

Compliance Demo

The demo app includes a full compliance demonstration:

python -m examples.demo_app.demo compliance --mock

This demonstrates risk classification, human oversight levels, audit trail verification, PII scanning, and compliance report generation.

Pages in This Section

  • EU AI Act

    Article-by-article mapping. 33/35 controls implemented.

  • ISO 42001

    AI Management System alignment.

  • GDPR

    Data protection by design and default.

  • NIST AI RMF

    Risk management framework mapping.

  • Security

    8-layer security architecture.