Production-grade regulatory defensibility layer: human attribution, cryptographically-chained immutable audit storage, evidence packages, data subject rights routing, model risk documentation, and incident response for NAIC, SOX, GDPR/EU AI Act, NY DFS Part 500, SOC 2, ISO 27001, and GLBA.
The existing 17-PRD platform provides strong internal governance — append-only audit bus, NHI lifecycle, constitutional contracts, Gemini validation. But this was designed for engineering accountability, not regulatory defensibility.
Regulated environments (insurance, financial services, healthcare) require more than logs. They require per-human-user attribution threading through every agent action, cryptographically tamper-evident storage, structured evidence packages examiners can audit without reconstruction, and human decision records at every governance gate. Without this layer, the platform cannot be deployed under NAIC Model Bulletin on AI, SOX §302/404, GDPR Articles 15–22, EU AI Act, NY DFS Part 500, SOC 2 Trust Service Criteria, ISO 27001 ISMS, or the GLBA Safeguards Rule.
This PRD sits above the existing governance infrastructure and consumes its outputs to produce regulator-ready artifacts. It does not replace PRD 5 (Governance) — it makes PRD 5's outputs defensible under examiner review.
Every session anchored to an authenticated human identity (MFA verified for confidential/restricted data). Named responsible person (NAIC requirement). Lawful basis recorded (GDPR). SOX control reference. All agent actions inherit human_user_id as foreign key.
Append-only PostgreSQL with cryptographic hash chaining — each row stores SHA-256 of the previous row's hash plus its own content. Sequence numbers prevent reordering. 7-year retention minimum. Replaces SQLite WAL which cannot survive an examiner who understands databases.
When a governance gate fires, the decision is captured with full context: what evidence was shown, who decided, when, rationale, MFA verification, and whether this is SOX control evidence. Signed and immutable.
On demand, produce a complete signed package: session record, audit trail, Gemini validations, gate decisions, artifacts, lineage, cost report, model cards, adverse action log. Ed25519-signed. Versioned — amendments create new versions, never modify originals.
GDPR Articles 15–22. Access, erasure, portability, rectification, objection. 30-day SLA tracked automatically. Erasure cascades deletion across Qdrant, Postgres, n8n, vector memory — every deletion itself logged.
Per NAIC / SR 11-7: model cards for every AI system (Claude, Gemini, Ollama). Intended use, prohibited uses, validation method, known limitations, bias assessment, third-party risk tier, annual review schedule, named responsible person.
| Framework | Key Requirement | How This PRD Addresses It |
|---|---|---|
| NAIC Model Bulletin on AI | Named responsible person per AI system | human_sessions.responsible_party + model_cards.naic_responsible_person |
| NAIC Model Bulletin on AI | Adverse action explanations | Evidence packages include adverse_action_log with explanation text |
| SOX §302/404 | Segregation of duties | Gemini validation (independent) + human gate decisions (documented SOD control) |
| SOX §302/404 | Change management audit trail | All identity card changes logged with before/after, author, approver |
| GDPR Article 15 | Data subject access within 30 days | DSR router with SLA deadline tracking, filtered evidence package generation |
| GDPR Article 17 | Right to erasure | Cascade deletion across all subsystems, confirmation artifact, audit log of deletion |
| EU AI Act | Conformity assessment documentation | Model cards + evidence packages provide conformity assessment artifact |
| NY DFS Part 500 | 5-year audit retention | 7-year retention floor (exceeds requirement) across all regulatory artifacts |
| NY DFS Part 500 | 72-hour breach notification | Incident records with automatic 72-hour clock from detection |
| SOC 2 (Security TSC) | Logical access controls with MFA | human_sessions.mfa_verified gating + data_classification_ceiling enforcement |
| SOC 2 (Availability TSC) | System uptime monitoring and SLA tracking | Integration with PRD 11 observability + incident records with notification SLA |
| SOC 2 (Processing Integrity) | Complete, accurate, valid processing | immutable_audit_events chain + reconciliation engine (PRD 9) + Gemini validation |
| SOC 2 (Confidentiality TSC) | Encryption of confidential information | data_classification_ceiling + policy engine encryption requirements + Ed25519 package signing |
| SOC 2 (Privacy TSC) | Privacy notice, consent, data minimization | dsr_requests router + lawful_basis field + purpose-scoped TTL retention |
| SOC 2 Type II | 6–12 month operational evidence | Evidence packages aggregated across reporting period; 7-year retention of all inputs |
| ISO 27001 (Clause 6) | Information security risk assessment | Risk register linked to model_cards.third_party_risk_tier + incident records |
| ISO 27001 (Annex A.5) | Information security policies | Constitutional contracts (PRD 5) + Statement of Applicability artifact |
| ISO 27001 (Annex A.8) | Asset management | Asset inventory with data_classification tags across all subsystems |
| ISO 27001 (Annex A.9) | Access control | policy_decision + policy_rationale per audit event + RBAC on all endpoints |
| ISO 27001 (Annex A.15) | Supplier relationships | model_cards serve as third-party risk assessment for foundation model vendors |
| ISO 27001 (Clause 9.3) | Management review | Annual model reviews + outcome measurement metrics (PRD 15) feed management review |
| GLBA (Safeguards Rule) | Written Information Security Program (WISP) | WISP artifact generated from governance configuration + control documentation |
| GLBA (Safeguards Rule) | Nonpublic Personal Information (NPI) protection | NPI classification tags + encryption + access controls + continuous classification (PRD 9) |
| GLBA (Safeguards Rule) | Annual risk assessment | Scheduled risk assessment with findings tracked in incident records |
| GLBA (Privacy Rule) | Privacy notice to consumers | Privacy notice generator with lawful_basis documentation |
| GLBA (Pretexting Rule) | Protection from social engineering | MFA verification + Guardian behavioral anomaly detection (PRD 11) |
| GLBA §501(b) | Third-party service provider oversight | model_cards third_party_risk_tier assessment + supplier review workflows |
human_user_id as a non-nullable foreign key.This PRD is implemented as the compliance module in the agentic-data-plane service at port 8099.
| Method | Endpoint | Purpose |
|---|---|---|
| POST | /api/v1/compliance/sessions | Initialize human-attributed session |
| POST | /api/v1/compliance/audit-events | Record chained audit event |
| POST | /api/v1/compliance/gate-decisions | Record human gate decision |
| POST | /api/v1/compliance/evidence-packages/:sessionId | Generate evidence package |
| POST | /api/v1/compliance/dsr | Submit data subject rights request |
| PATCH | /api/v1/compliance/dsr/:requestId | Update DSR status |
| POST | /api/v1/compliance/models | Register model card |
| GET | /api/v1/compliance/models | List all model cards |
| POST | /api/v1/compliance/incidents | Open incident with 72-hour clock |
| PATCH | /api/v1/compliance/incidents/:incidentId | Update incident status |
Migration 015_compliance.sql adds 7 tables:
human_sessions — per-session human attribution with MFA verificationimmutable_audit_events — cryptographically chained with prev_event_hash + sequence_numberhuman_gate_decisions — signed decisions with full evidence contextevidence_packages — Ed25519-signed, versioneddsr_requests — GDPR Art. 15–22 with 30-day SLA trackingmodel_cards — NAIC / SR 11-7 model governanceincident_records — NY DFS Part 500 with 72-hour notification clockAll tables include retention_until columns defaulting to 7 years.
A ready-to-paste Claude Code prompt that generates the regulatory compliance module from scratch against the existing agentic-data-plane project.
Build a Regulatory Compliance & Audit Trail module for a TypeScript/Node.js data-plane service. The module must produce regulator-ready artifacts for NAIC Model Bulletin on AI, SOX §302/404, GDPR Articles 15-22, EU AI Act, NY DFS Part 500, SOC 2 Trust Service Criteria, ISO 27001 ISMS, and GLBA Safeguards/Privacy/Pretexting rules. Target environment: ESM TypeScript (Node 20+), PostgreSQL for persistence, Express REST API, Ed25519 signing, Zod validation, existing EventPublisher integration.
## Module Structure
Create `src/compliance/` with:
- `types.ts` - all type definitions (HumanSessionRecord, ImmutableAuditEvent, HumanGateDecision, EvidencePackage, DataSubjectRightsRequest, ModelCard, IncidentRecord and their input variants)
- `ComplianceEngine.ts` - core engine class with constructor(pool: pg.Pool, publisher: EventPublisher)
## Database Schema (Migration)
Create `src/db/migrations/015_compliance.sql` with 7 tables:
1. human_sessions - session_id PK, human_user_id, authenticated_by enum (mfa_totp/mfa_webauthn/sso_oidc/sso_saml/api_key), role, responsible_party (NAIC), data_classification_ceiling, lawful_basis (GDPR), naic_system_id, sox_control_ref, mfa_verified bool, initiated_at, retention_until DATE default +7 years
2. immutable_audit_events - event_id UUID PK, session_id FK, human_user_id, nhi_agent_id, event_type, tool, data_classification, policy_decision, policy_rationale, gemini_validation_ref, payload JSONB, prev_event_hash VARCHAR(64), this_event_hash VARCHAR(64) UNIQUE, sequence_number INT, timestamp_utc, UNIQUE(session_id, sequence_number)
3. human_gate_decisions - gate_id PK, session_id FK, gate_type enum, presented_to, evidence_shown JSONB, decision enum, decision_rationale, decision_by, mfa_verified, sox_control_evidence, triggered_at, decision_timestamp, signature VARCHAR(64)
4. evidence_packages - package_id PK, session_id FK, generated_at, version INT, file_count, total_size_bytes, signature, manifest_hash, UNIQUE(session_id, version)
5. dsr_requests - request_id PK, subject_id, right_type enum (access/erasure/portability/rectification/objection), status, submitted_at, sla_deadline (submitted_at + 30 days), completed_at, assigned_to, resolution_notes
6. model_cards - model_id PK, model_type, vendor, version, intended_use, prohibited_uses JSONB, validation_date, validated_by, validation_method, known_limitations JSONB, bias_assessment, third_party_risk_tier enum, annual_review_due, naic_responsible_person
7. incident_records - incident_id PK, opened_at, classification, trigger_source, affected_session_ids JSONB, status, notification_deadline (opened_at + 72 hours per NY DFS), notified_at, post_incident_report_ref, resolution
All tables include retention_until columns defaulting to 7 years.
Extend lineage_event_chain CHECK constraint to include SESSION_INIT, GATE_DECISION, EVIDENCE_GENERATED, DSR_SUBMITTED, INCIDENT_OPENED.
## ComplianceEngine Methods
- initSession(input, agent) - validates MFA for confidential/restricted, persists session, publishes compliance.session_init event
- recordAuditEvent(input, agent) - fetches prev event hash + sequence, computes SHA-256(content + prev_hash), inserts with incremented sequence
- recordGateDecision(input, agent) - signs decision hash, stores, publishes compliance.gate_decision
- generateEvidencePackage(sessionId, agent) - collects session + audit events + gate decisions, computes manifest hash, signs, stores versioned (amendments create new versions, never modify originals)
- submitDsr(input, agent) - creates request with 30-day SLA deadline
- updateDsrStatus(requestId, status, notes)
- registerModel(card, agent) - UPSERT on model_id
- listModels()
- openIncident(input, agent) - 72-hour notification clock from opened_at
- updateIncidentStatus(incidentId, status, resolution)
## REST Routes
Create `src/api/rest/complianceRoutes.ts` with Zod schemas and requireRole auth:
- POST /compliance/sessions (admin, compliance_officer)
- POST /compliance/audit-events (admin, analyst, compliance_officer)
- POST /compliance/gate-decisions (admin, compliance_officer)
- POST /compliance/evidence-packages/:sessionId (admin, compliance_officer)
- POST /compliance/dsr, PATCH /compliance/dsr/:requestId (admin, compliance_officer)
- POST /compliance/models, GET /compliance/models (admin, viewer, analyst, compliance_officer)
- POST /compliance/incidents, PATCH /compliance/incidents/:incidentId (admin, compliance_officer)
## Event Types
Add to existing events/types.ts:
- 5 event types: compliance.session_init, compliance.gate_decision, compliance.evidence_generated, compliance.dsr_submitted, compliance.incident_opened
- All mapped to EVENT_CATEGORY 'regulatory_compliance'
- PG names: SESSION_INIT, GATE_DECISION, EVIDENCE_GENERATED, DSR_SUBMITTED, INCIDENT_OPENED
- 5 payload interfaces added to EventPayload union
## Integration
Wire into src/index.ts (instantiate ComplianceEngine with pool + publisher) and src/api/server.ts (register routes at /api/v1, add to ServerDependencies).
## Requirements (50 total, REQ-RCA-001 to 050)
Implement all 50 requirements from the PRD: human attribution (1-4), immutable audit (5-8), human gate decisions (9-11), evidence packages (12-15), data retention (16-19), GDPR DSR (20-22), model risk NAIC/SR 11-7 (23-25), incident response NY DFS (26-28), regulatory reporting (29-32), SOC 2 TSC (33-38), ISO 27001 ISMS (39-44), GLBA (45-50).
## Design Principles
- Append-only for corrections (GDPR Art. 16 rectification without modifying originals)
- 7-year retention floor (exceeds NY DFS 5yr, meets SOX 7yr) universally
- Named responsible person per session AND per deployment (NAIC requires both)
- MFA required at session init for confidential+ data classification
- Hash-chained events with sequence_number prevent tampering AND reordering
- Evidence packages are immutable - new versions for amendments, originals preserved
After implementation: run npx tsc --noEmit (clean compile), npm run test:unit (all pass), rebuild Docker container, verify /api/v1/compliance/sessions responds.Human session record created at session init; human_user_id injected into state schema; human gate decision records added to verification gate events.
Audit bus upgraded to immutable chained store; 90-day retention extended to 7 years; governance_report extended to produce full evidence packages.
Data lineage records included in evidence packages; personal data classification feeds GDPR rights router.
Guardian TERMINATE events trigger incident response workflow; behavioral anomalies on personal data sessions flagged for GDPR Art. 22 review.
Cost reports included in evidence packages for SOX financial controls evidence.
Outcome metrics included in model risk documentation and NAIC model governance reporting.