Pramiti Docs

Compliance Reports

EU AI Act, SOC 2, and custom compliance report generation

Flight Recorder generates compliance reports from recorded actions, providing auditable evidence for regulatory requirements.

How It Works

The compliance.py module generates structured reports:

from pramiti_flight_recorder import FlightRecorder
 
fr = FlightRecorder()
 
# EU AI Act compliance report
report = fr.compliance_report("eu_ai_act", "2026-01-01", "2026-12-31")
 
# SOC 2 compliance report
report = fr.compliance_report("soc2", "2026-Q1-start", "2026-Q1-end")

Report Types

EU AI Act Report

Covers the transparency and accountability requirements for AI systems:

  • Action inventory — Complete list of actions performed by each agent
  • Decision audit trail — Every ALLOW/DENY decision with reasons
  • Denied action summary — Actions that were blocked and why
  • Signature verification — Confirmation that all records have valid signatures
  • Agent activity breakdown — Per-agent action counts and patterns

SOC 2 Report

Covers the Trust Services Criteria for system controls:

  • Access controls — Agent identity and authentication records
  • Change management — Actions that modified data or configurations
  • Monitoring — Continuous recording with no gaps
  • Incident response — Denied and escalated actions

ComplianceReport Structure

The ComplianceReport dataclass contains:

@dataclass
class ComplianceReport:
    framework: str           # "eu_ai_act", "soc2"
    period_start: str        # Report period start
    period_end: str          # Report period end
    total_actions: int       # Total recorded actions
    checks: list[ComplianceCheck]  # Individual compliance checks
    summary: str             # Human-readable summary
    generated_at: str        # Report generation timestamp

Each ComplianceCheck represents a single compliance criterion:

@dataclass
class ComplianceCheck:
    name: str                # Check name
    status: str              # "pass", "fail", "warning"
    details: str             # Explanation
    evidence_count: int      # Number of supporting records

Export Formats

Reports can be serialized to:

  • JSON — Machine-readable for automated compliance workflows
  • Dict — Python dictionary for programmatic access

Technical Details

  • Reports are generated from the stored action records, not from live data
  • Signature verification checks every record in the reporting period
  • Reports include a generated_at timestamp for audit trail purposes
  • The compliance module has zero external dependencies beyond SQLAlchemy
  • Custom compliance frameworks can be added by extending the report generation logic

On this page