Compliance Boundary
Public architectural mapping. Not legal advice. Not automatic compliance.
How public architectural properties map to obligation families. The product alone does not make an organization compliant.
Public Surface
- Public correspondence between system properties and obligation families.
- Replay, evidence, supervision, and deployment properties that have a public artifact.
- Operator responsibilities that remain outside product claims.
Boundary
- Not legal advice.
- Not a substitute for tenant-specific control design.
- Not a statement that every framework obligation is already publicly evidenced on this site.
Public Mapping Surface
| Obligation family | Public structural support | Public artifact | Operator responsibility | Public status |
|---|---|---|---|---|
| Decision traceability and replay | Recorded decision outcome bound to evidence set and policy version. | Technical Artifact | Provide evidence capture, retention policy, and tenant-specific policy governance. | Publicly described |
| Human oversight and escalation | INDETERMINATE preserves uncertainty and keeps escalation explicit. | Technical Artifact | Own staffing, approval rules, escalation deadlines, and final action workflow. | Publicly described |
| Integrity verification | Offline-verifiable artifact path and integrity-bound exports. | Verify Offline | Own custody, distribution, and review context for exported material. | Publicly described |
| Deployment control and jurisdiction | On-prem, operator-controlled deployment boundary with no remote dependency in the critical path. | Integration | Own hosting, access control, infrastructure hardening, and jurisdiction choices. | Publicly described |
| Framework mapping and gap analysis | Public summary only. This site shows architectural correspondence, not tenant-specific closure. | Reality Boundary | Own legal interpretation, control selection, and framework-specific acceptance criteria. | Summary only |
| Incident workflows, BOM, registry, and extended reporting | These may exist as product surfaces, but they are not fully evidenced on the public site as a universal claim set. | Pilot Scope | Own reportability decisions, authority communication, and environment-specific implementation. | Not fully public |
Framework Boundary
- EU AI Act, DORA, GDPR, sectoral rules, and national law have different control vocabularies.
- This site publishes architectural correspondence, not article-by-article legal closure for every tenant.
- If a framework mapping is not backed by a public artifact here, treat it as private review scope rather than as a public proof claim.
Need the explicit proof level?
Use Reality Boundary for claim levels and Non-Goals for the negative boundary before entering deployment review.