Regulatory Reports — One-Click Compliance
Generate structured compliance reports for EU regulations by aggregating data from Decision Trail, Erasure Proof, Governance Gateway, and the GMP Compliance service.
Each report is BLAKE2b-256 hashed for tamper detection and can be downloaded as a JSON audit package.
Supported frameworks
| Framework | Regulation | Articles Covered |
|---|---|---|
| 🇪🇺 EU AI Act | Regulation (EU) 2024/1689 | Art 13 (Transparency), Art 14 (Human Oversight), Art 15 (Accuracy) |
| 🔒 GDPR | Regulation (EU) 2016/679 | Art 17 (Erasure), Art 25 (By Design), Art 30 (Records of Processing) |
| 🏦 DORA | Regulation (EU) 2022/2554 | Art 6 (ICT Risk), Art 9 (Protection), Art 11 (Audit Trail) |
| 📊 Full Audit | All frameworks combined | All 9 articles across 3 frameworks |
Report structure
Each report contains per-article sections, each with:
| Field | Description |
|---|---|
title | The article title (e.g. "Article 13 — Transparency Obligations") |
requirement | The regulatory requirement text |
compliance_evidence | Structured data proving compliance (counts, flags, algorithms used) |
finding | COMPLIANT, PARTIAL, or INSUFFICIENT_DATA |
The overall finding is:
- COMPLIANT — all sections pass
- PARTIAL — some sections are not fully satisfied
- INSUFFICIENT_DATA — insufficient operational data to assess
Example: Generate an EU AI Act report
curl -X POST https://cloud.grafomem.com/v1/reports/generate \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{"report_type": "eu_ai_act", "period_days": 30}'
Response includes the full report with per-article sections:
{
"report_id": "a1b2c3d4e5f6...",
"title": "EU AI Act Compliance Report (2026-04-27 → 2026-05-27)",
"status": "complete",
"content": {
"framework": "EU AI Act",
"regulation": "Regulation (EU) 2024/1689",
"sections": {
"article_13_transparency": {
"title": "Article 13 — Transparency Obligations",
"finding": "COMPLIANT",
"compliance_evidence": {
"decision_trail_active": true,
"total_decisions_logged": 1247,
"replay_capability": true,
"fact_provenance": "BLAKE2b-128, Ed25519-signed"
}
}
},
"overall_finding": "COMPLIANT"
},
"content_hash": "2f9d784ac980dc17..."
}
API reference
| Method | Path | Description |
|---|---|---|
GET | /v1/reports/stats | Summary: total reports, complete count, last report date |
GET | /v1/reports/frameworks | List available frameworks with article details |
POST | /v1/reports/generate | Generate a report. Body: {report_type, period_days} |
GET | /v1/reports/ | List all reports (summaries, no content) |
GET | /v1/reports/{id} | Get full report with content |
GET | /v1/reports/{id}/download | Download as JSON file |
DELETE | /v1/reports/{id} | Delete a report |
What each framework checks
EU AI Act
| Article | Data Source | Checks |
|---|---|---|
| Art 13 (Transparency) | Decision Trail | Decisions logged, models tracked, replay available, provenance signed |
| Art 14 (Human Oversight) | Governance Gateway | HITL policies exist, requests escalated, policies active |
| Art 15 (Accuracy) | Compliance | GMP conformance rate, capabilities declared, cryptographic provenance |
GDPR
| Article | Data Source | Checks |
|---|---|---|
| Art 17 (Erasure) | Erasure Proof | Certificates issued, decisions scrubbed, signed certificates |
| Art 25 (By Design) | Architecture | Content addressing, signing, tenant isolation, PII guards |
| Art 30 (Records) | Decision Trail | Processing records logged, export available, retention policy |
DORA
| Article | Data Source | Checks |
|---|---|---|
| Art 6 (ICT Risk) | Governance Gateway | Policies active, policy types available, blocked requests |
| Art 9 (Protection) | Architecture | Content integrity, rate limiting, PII detection, access control |
| Art 11 (Audit Trail) | Decision Trail + Governance | Decisions logged, evaluation logs, erasure trail, immutable records |