CRP Comply for AutoCyber AI¶
Enterprise AI Compliance — Integrated into the AutoCyber AI Platform
Executive Summary¶
AutoCyber AI Pty Ltd builds security-first AI infrastructure. CRP Comply is the compliance engine that powers governance across the AutoCyber platform — turning regulatory obligations from a cost centre into a competitive advantage.
Every AI system deployed through AutoCyber AI ships with built-in, auditable compliance evidence. No consultants. No spreadsheets. No 6-month assessment cycles.
The Business Case¶
The Regulatory Landscape¶
| Regulation | Jurisdiction | Enforcement | Penalty |
|---|---|---|---|
| EU AI Act (2024/1689) | EU/EEA + any company selling into EU | August 2, 2026 | Up to €35M or 7% of global turnover |
| GDPR | EU/EEA + global data processors | In force | Up to €20M or 4% of global turnover |
| ISO 42001 | Global (voluntary, but increasingly expected) | Market expectation | Loss of enterprise contracts |
| NIST AI RMF | US federal, increasingly adopted privately | Recommended | Procurement disqualification |
ROI¶
| Cost Category | Without CRP Comply | With CRP Comply |
|---|---|---|
| Compliance assessment | $50K–$500K per AI system | Automated — included |
| Ongoing evidence gathering | 2–5 FTEs | Zero manual effort |
| Audit preparation | 4–12 weeks per audit | Minutes (one-click evidence pack) |
| Time to market | Delayed by compliance review | Ship and comply simultaneously |
| Regulatory risk | €35M fine exposure | Continuous, demonstrable compliance |
| Consultant dependency | Ongoing retainer fees | Self-sufficient |
Bottom line: CRP Comply pays for itself on the first audit.
Integration Architecture¶
CRP Comply is not bolt-on compliance — it is embedded at the protocol layer. Every AI interaction that flows through CRP automatically generates the data that CRP Comply needs.
┌──────────────────────────────────────────────────────────────────┐
│ AutoCyber AI Platform │
│ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────────┐ │
│ │ Product A │ │ Product B │ │ Product C │ │ Client Apps │ │
│ └─────┬────┘ └─────┬────┘ └─────┬────┘ └──────┬───────┘ │
│ │ │ │ │ │
│ └─────────────┼─────────────┼───────────────┘ │
│ │ │ │
│ ┌───────▼─────────────▼───────┐ │
│ │ Context Relay Protocol │ │
│ │ HMAC audit • PII detection │ │
│ │ Quality scoring • Security │ │
│ └───────────┬─────────────────┘ │
│ │ │
│ ┌───────────▼─────────────────┐ │
│ │ CRP Comply Engine │ │
│ │ │ │
│ │ • Risk Assessment (Art. 6) │ │
│ │ • Compliance Report │ │
│ │ • DPIA (GDPR Art. 35) │ │
│ │ • Transparency (Art. 13) │ │
│ │ • Technical Docs (Art. 11) │ │
│ │ • Session Audit (Art. 12) │ │
│ │ • Evidence Pack │ │
│ │ • Signed Certificates │ │
│ └───────────┬─────────────────┘ │
│ │ │
│ ┌───────────▼─────────────────┐ │
│ │ Dashboard • REST API │ │
│ │ CLI • Python SDK │ │
│ └─────────────────────────────┘ │
└──────────────────────────────────────────────────────────────────┘
How It Works¶
- Deploy any AutoCyber AI product — CRP is the transport layer
- CRP records every AI interaction with cryptographic audit trails (HMAC-SHA256)
- CRP Comply reads those audit trails and generates compliance evidence
- You export regulator-ready reports, DPIAs, evidence packs, and signed certificates
There is no separate "compliance step." Compliance is a byproduct of normal operation.
Compliance Coverage¶
16 Implemented Controls¶
| ID | Framework | Article / Clause | Control | Status |
|---|---|---|---|---|
| EUAI-01 | EU AI Act | Art. 9 | Risk management system | ✅ Implemented |
| EUAI-02 | EU AI Act | Art. 10 | Data governance | ✅ Implemented |
| EUAI-03 | EU AI Act | Art. 11 | Technical documentation | ✅ Implemented |
| EUAI-04 | EU AI Act | Art. 12 | Record-keeping | ✅ Implemented |
| EUAI-05 | EU AI Act | Art. 13 | Transparency | ✅ Implemented |
| EUAI-06 | EU AI Act | Art. 14 | Human oversight | ✅ Implemented |
| EUAI-07 | EU AI Act | Art. 15 | Accuracy, robustness, cybersecurity | ✅ Implemented |
| EUAI-08 | EU AI Act | Art. 17 | Quality management | ✅ Implemented |
| ISO-01 | ISO 42001 | A.6.2.3 | AI risk assessment | ✅ Implemented |
| ISO-02 | ISO 42001 | A.6.2.4 | AI system impact assessment | ✅ Implemented |
| ISO-03 | ISO 42001 | A.6.2.5 | AI system lifecycle management | ✅ Implemented |
| ISO-04 | ISO 42001 | A.6.2.6 | Data quality for AI | ✅ Implemented |
| ISO-05 | ISO 42001 | A.6.2.7 | AI transparency and explainability | ✅ Implemented |
| ISO-06 | ISO 42001 | A.6.2.8 | AI system monitoring | ✅ Implemented |
| ISO-07 | ISO 42001 | §9.1 | Performance evaluation | ✅ Implemented |
| ISO-08 | ISO 42001 | §10.1 | Continual improvement | ✅ Implemented |
Additional Frameworks¶
| Framework | Coverage |
|---|---|
| GDPR | Art. 7 (consent management), Art. 17 (right to erasure), Art. 30 (records of processing), Art. 35 (DPIA) |
| SOC 2 | CC7.2 (system monitoring), CC7.3 (anomaly detection) |
| HIPAA | §164.312(b) (tamper-resistant audit controls) |
| ISO 27001 | A.12.4 (logging and monitoring) |
| NIST AI RMF | GOVERN, MAP, MEASURE, MANAGE (all core functions) |
Deployment Options¶
Self-Hosted (Enterprise)¶
Deploy CRP Comply inside your own infrastructure:
docker run -p 8400:8400 \
-e CRP_COMPLY_JWT_SECRET=$(openssl rand -hex 32) \
-e CRP_COMPLY_LICENSE_TIER=enterprise \
-v comply-data:/app/data \
ghcr.io/constantinos-uni/crp-comply:latest
- Data never leaves your network
- Full API access at
/api/v1/ - Web dashboard at port 8400
- Integrate via REST API or Python SDK
Managed Cloud (SaaS)¶
AutoCyber AI hosts and manages everything:
- Digitally signed compliance certificates — verifiable at
crprotocol.io/verify/ - Automatic regulatory updates — delegated acts and technical standards reflected immediately
- 99.9% uptime SLA — credit-backed guarantees
- Data residency — choose AU, EU, or US hosting
- SOC 2 / ISO 27001 aligned infrastructure — your auditor assesses us, not you
- "CRP Certified" trust badge — display on your products and marketing
- Priority support — direct access to the compliance engineering team
Integration Examples¶
Python SDK¶
from crp_comply import CRPComply
comply = CRPComply()
# Generate evidence pack for a regulator
pack = comply.conformity_evidence_pack(
system_name="AutoCyber Threat Detector",
category="law_enforcement",
)
# Contains: risk_assessment, compliance_report, dpia,
# transparency_declaration, technical_documentation
REST API¶
# Risk assessment
curl -X POST http://localhost:8400/api/v1/risk-assessment \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"category": "financial", "processes_personal_data": true}'
# Evidence pack
curl -X POST http://localhost:8400/api/v1/evidence-pack \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"system_name": "AutoCyber Claims AI", "category": "financial"}'
CI/CD Pipeline Integration¶
# .github/workflows/compliance.yml
name: Compliance Check
on: [push]
jobs:
comply:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: pip install crp-comply
- run: crp-comply report --category financial --format markdown > compliance.md
- uses: actions/upload-artifact@v4
with:
name: compliance-report
path: compliance.md
Competitive Positioning¶
| Capability | CRP Comply | Generic GRC Platforms | Consultant Reports |
|---|---|---|---|
| Evidence source | Real AI system data | Self-reported questionnaires | Interviews |
| Update frequency | Real-time | Quarterly | Annual |
| Tamper evidence | HMAC-SHA256 chains | None | None |
| Time to first report | Minutes | Weeks | Months |
| Cost per system | Flat license fee | $100K+ / year | $50K–$500K per assessment |
| Regulatory specificity | EU AI Act article-level | Generic risk frameworks | Depends on consultant |
| Technical integration | Protocol-native | Requires custom integration | Manual input |
| Audit trail integrity | Cryptographic proof | Database records | PDF documents |
Client Messaging¶
For Enterprise Buyers¶
"Every AI system we deploy through AutoCyber AI ships with built-in EU AI Act compliance. Our customers don't choose between innovation speed and regulatory safety — they get both."
For Regulators & Auditors¶
"CRP Comply generates compliance evidence from cryptographic audit trails — not self-assessments. Every claim is backed by tamper-evident records of actual AI system behaviour."
For Technical Teams¶
"CRP Comply is not a compliance checkbox. It's a Python library and REST API that generates regulation-ready artifacts from real session data.
pip install crp-complyand you're done."
Contact¶
| General enquiries | info@crprotocol.io |
| Enterprise & licensing | contact@crprotocol.io |
| Security | security@autocyberai.com |
| Website | crprotocol.io |
CRP Comply is a product of AutoCyber AI Pty Ltd (ABN 22 697 087 166). Built on the Context Relay Protocol. "Context Relay Protocol" is a trademark of Constantinos Vidiniotis (application pending, IP Australia Class 9). Licensed under the Elastic License v2.