Skip to main content

Regulatory Reports — One-Click Compliance

Generate structured compliance reports for EU regulations by aggregating data from Decision Trail, Erasure Proof, Governance Gateway, and the GMP Compliance service.

Each report is BLAKE2b-256 hashed for tamper detection and can be downloaded as a JSON audit package.

Supported frameworks

FrameworkRegulationArticles Covered
🇪🇺 EU AI ActRegulation (EU) 2024/1689Art 13 (Transparency), Art 14 (Human Oversight), Art 15 (Accuracy)
🔒 GDPRRegulation (EU) 2016/679Art 17 (Erasure), Art 25 (By Design), Art 30 (Records of Processing)
🏦 DORARegulation (EU) 2022/2554Art 6 (ICT Risk), Art 9 (Protection), Art 11 (Audit Trail)
📊 Full AuditAll frameworks combinedAll 9 articles across 3 frameworks

Report structure

Each report contains per-article sections, each with:

FieldDescription
titleThe article title (e.g. "Article 13 — Transparency Obligations")
requirementThe regulatory requirement text
compliance_evidenceStructured data proving compliance (counts, flags, algorithms used)
findingCOMPLIANT, PARTIAL, or INSUFFICIENT_DATA

The overall finding is:

  • COMPLIANT — all sections pass
  • PARTIAL — some sections are not fully satisfied
  • INSUFFICIENT_DATA — insufficient operational data to assess

Example: Generate an EU AI Act report

curl -X POST https://cloud.grafomem.com/v1/reports/generate \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{"report_type": "eu_ai_act", "period_days": 30}'

Response includes the full report with per-article sections:

{
"report_id": "a1b2c3d4e5f6...",
"title": "EU AI Act Compliance Report (2026-04-27 → 2026-05-27)",
"status": "complete",
"content": {
"framework": "EU AI Act",
"regulation": "Regulation (EU) 2024/1689",
"sections": {
"article_13_transparency": {
"title": "Article 13 — Transparency Obligations",
"finding": "COMPLIANT",
"compliance_evidence": {
"decision_trail_active": true,
"total_decisions_logged": 1247,
"replay_capability": true,
"fact_provenance": "BLAKE2b-128, Ed25519-signed"
}
}
},
"overall_finding": "COMPLIANT"
},
"content_hash": "2f9d784ac980dc17..."
}

API reference

MethodPathDescription
GET/v1/reports/statsSummary: total reports, complete count, last report date
GET/v1/reports/frameworksList available frameworks with article details
POST/v1/reports/generateGenerate a report. Body: {report_type, period_days}
GET/v1/reports/List all reports (summaries, no content)
GET/v1/reports/{id}Get full report with content
GET/v1/reports/{id}/downloadDownload as JSON file
DELETE/v1/reports/{id}Delete a report

What each framework checks

EU AI Act

ArticleData SourceChecks
Art 13 (Transparency)Decision TrailDecisions logged, models tracked, replay available, provenance signed
Art 14 (Human Oversight)Governance GatewayHITL policies exist, requests escalated, policies active
Art 15 (Accuracy)ComplianceGMP conformance rate, capabilities declared, cryptographic provenance

GDPR

ArticleData SourceChecks
Art 17 (Erasure)Erasure ProofCertificates issued, decisions scrubbed, signed certificates
Art 25 (By Design)ArchitectureContent addressing, signing, tenant isolation, PII guards
Art 30 (Records)Decision TrailProcessing records logged, export available, retention policy

DORA

ArticleData SourceChecks
Art 6 (ICT Risk)Governance GatewayPolicies active, policy types available, blocked requests
Art 9 (Protection)ArchitectureContent integrity, rate limiting, PII detection, access control
Art 11 (Audit Trail)Decision Trail + GovernanceDecisions logged, evaluation logs, erasure trail, immutable records