Compliance Reports
EU AI Act, SOC 2, and custom compliance report generation
Flight Recorder generates compliance reports from recorded actions, providing auditable evidence for regulatory requirements.
How It Works
The compliance.py module generates structured reports:
Report Types
EU AI Act Report
Covers the transparency and accountability requirements for AI systems:
- Action inventory — Complete list of actions performed by each agent
- Decision audit trail — Every ALLOW/DENY decision with reasons
- Denied action summary — Actions that were blocked and why
- Signature verification — Confirmation that all records have valid signatures
- Agent activity breakdown — Per-agent action counts and patterns
SOC 2 Report
Covers the Trust Services Criteria for system controls:
- Access controls — Agent identity and authentication records
- Change management — Actions that modified data or configurations
- Monitoring — Continuous recording with no gaps
- Incident response — Denied and escalated actions
ComplianceReport Structure
The ComplianceReport dataclass contains:
Each ComplianceCheck represents a single compliance criterion:
Export Formats
Reports can be serialized to:
- JSON — Machine-readable for automated compliance workflows
- Dict — Python dictionary for programmatic access
Technical Details
- Reports are generated from the stored action records, not from live data
- Signature verification checks every record in the reporting period
- Reports include a
generated_attimestamp for audit trail purposes - The compliance module has zero external dependencies beyond SQLAlchemy
- Custom compliance frameworks can be added by extending the report generation logic