Upload initial CC artifact templates and CC algo

compliance_analysis.py

@@ -0,0 +1,139 @@
+import os
+import yaml
+
+#Define a function that creates a list of all the files in the folder. We will use this for different things.
+def create_list_of_files(folder_path):
+    for root, dirs, files in os.walk(folder_path):
+        for filename in files:
+            found_files.append(os.path.join(root, filename))
+
+#Define a function that checks for a Project CC. Without this, there cannot be an analysis.
+def check_for_project_cc(folder_path):
+    found_files = []
+
+    # Walk through the directory
+    for root, dirs, files in os.walk(folder_path):
+        for filename in files:
+            if filename.lower() == 'project_cc.md':
+                found_files.append(os.path.join(root, filename))
+
+    # Check the results
+    if len(found_files) == 0:
+        print(f"We did not find a Project CC in your folder. We cannot run a compliance analysis without a Project CC.")
+    elif len(found_files) == 1:
+        print(f"We found exactly one Project CC in your folder. Great job!:")
+        print(f"  - {found_files[0]}")
+        run_compliance_analysis(folder_path + "project_cc.md")
+    else:
+        print(f"Multiple Project CCs found:")
+        for file_path in found_files:
+            print(f"  - {file_path}")
+        print("We found multiple Project CCs in your folder. There should only be one Project CC per project.")
+
+def run_compliance_analysis(project_cc)):
+
+    # Load the Project CC's YAML file. This will be our starting point. 
+    with open(project_cc, 'r') as file:
+        project_cc_yaml = yaml.safe_load(file)
+
+    # Check if the Act does not apply to the project, either because it is not on the EU market or falls into an exception
+    
+    # Check for prohibited practices -- these are by default non-compliant 
+
+    # Iterate through values of the second-level keys of prohibited_ai_practice_status
+    for key, value in project_cc_yaml['prohibited_ai_practice_status']:
+        if value:  # This condition will be met whereever a prohibited practice exists 
+            print(f"You have a prohibited practice and are non-compliant with the Act")
+            break
+    else:
+        print("No prohibited practices found. That's good...")
+
+    # Check if the key that indicates it is an AI system is present and if its value is true
+    if 'AI project is a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments' in projec_cc_yaml and project_cc_yaml['AI project is a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments'] == True:
+        print("The project is an AI system.")
+
+        #iterate through all of the 
+
+        all_true = True
+        for key in secondary_keys:
+            if key in secondary_data and secondary_data[key] == True:
+                print(f"The key '{key}' is True in the secondary file.")
+            else:
+                print(f"The key '{key}' is not True in the secondary file.")
+                all_true = False
+        
+        if all_true:
+            print("All specified keys in the secondary file are True.")
+        else:
+            print("Not all specified keys in the secondary file are True.")
+    else:
+        print(f"The key '{main_key}' is not True in the main file.")
+
+
+def check_if_within_scope(project_cc):
+    within_scope = None
+    if project_cc[ai_project_owner_role][provider_status][value] == True and (project_cc[ai_system_status][ai_system_status][value] == True and (project_cc[eu_market_status][placed_on_market_status][value] == True or project_cc[eu_market_status][put_into_service_status][value] == True)) or (project_cc[gpai_model_status][gpai_model_status][value] == True and (project_cc[eu_market_status][placed_on_market_status][value] == True)):   # Article 2.1(a)
+        return True
+    if project_cc[ai_project_owner_role][deployer_status][value] == True and project_cc[ai_project_owner_role][eu_location_status][value] == True: # Article 2.1(b)
+        return True
+    if (project_cc[ai_project_owner_role][provider_status][value] == True or project_cc[ai_project_owner_role][deployer_status][value]== True) and (project_cc[ai_system_status][ai_system_status][value] == True and project_cc[ai_project_owner_role][eu_location_status][value] == True and project_cc[ai_project_owner_role][output_status][value] == True): # Article 2.1(c)
+        return True
+    if (project_cc[ai_project_owner_role][importer_status][value] == True or project_cc[ai_project_owner_role][distributor_status][value] == True) and project_cc[ai_system_status][ai_system_status][value] == True: # Article 2.1(d)
+        return True
+    if project_cc[ai_project_owner_role][product_manufacturer_status][value] == True and project_cc[ai_system_status][ai_system_status][value] == True and ((project_cc[eu_market_status][placed_on_market_status][value] == True or project_cc[eu_market_status][put_into_service_status][value] == True)): # Article 2.1(e)
+        return True
+    else   
+        return False
+
+def check_data_ccs(folder_path):
+
+    for filename in os.listdir(folder_path):
+        # Check if the search word is in the filename
+        if "model_cc.md" in filename.lower():
+            # Construct the full file path
+            file_path = os.path.join(folder_path, filename)
+            
+            # Process the file
+            process_file(file_path)
+
+
+def check_all_true(file_path):
+        # Load the YAML file
+    with open(project_cc, 'r') as file:
+        data = yaml.safe_load(file)
+    
+    # Iterate through top-level keys
+    for top_key, top_value in data.items():
+        if isinstance(top_value, dict):
+            # Iterate through second-level keys
+            for second_key, second_value in top_value.items():
+                if not second_value:
+                    print("You are non-compliant with the Act")
+                    break
+            else:
+                print("No problems here")
+
+
+
+# Example usage
+main_file = 'main.yaml'
+secondary_file = 'secondary.yaml'
+main_key = 'data_and_data_governance'
+secondary_keys = [
+    'Training data is relevant',
+    'Training data is sufficiently representative',
+    'Training data is, to the best extent possible, free of errors'
+]
+
+check_yaml_values(main_file, secondary_file, main_key, secondary_keys)
+
+
+def main():
+    # Prompt the user to enter a filename
+    file_path = input("Please enter a file path to the folder containing all your AI project's Compliance Cards: ")
+
+    # Call the function with the entered filename
+    check_for_project_cc(file_path)
+
+if __name__ == "__main__":
+    main()

data_cc.md

@@ -0,0 +1,36 @@
+data_and_data_governance:
+  'Data sets has been subject to data governance and management practices appropriate for the intended purpose of the system': !!bool true # Art. 10(1)-(2)
+  'Data governance and management practices have been applied to the relevant design choices': !!bool true # Art. 10(2)(a)
+  'Data governance and management practices have been applied to data collection processes and the origin of data, and in the case of personal data, the original purpose of the data collection': !!bool true # Art. 10(2)(b)
+  'Data governance and management practices have been applied to relevant data-preparation processing operations, such as annotation, labelling, cleaning, updating, enrichment and aggregation': !!bool true # Art. 10(2)(c)
+  'Data governance and management practices have been applied to the formulation of assumptions, in particular with respect to the information that the data are supposed to measure and represent': !!bool true # Art. 10(2)(d)
+  'Data governance and management practices included an assessment of the availability, quantity and suitability of the data sets that are needed': !!bool true # Art. 10(2)(e)
+  'Data governance and management practices have included an examination of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations': !!bool true # Art. 10(2)(f)
+  'Data governance and management practices included appropriate measures to detect, prevent and mitigate possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations': !!bool true # Art. 10(2)(g)
+  'Data governance and management practices have included the identification of relevant data gaps or shortcomings that prevent compliance with this Regulation, and how those gaps and shortcomings can be addressed': !!bool true # Art. 10(2)(h)
+  'Training data is relevant': !!bool true # Art. 10(3); Rec. 67
+  'Training data is sufficiently representative': !!bool true # Art. 10(3); Rec. 67
+  'Training data is, to the best extent possible, free of errors': !!bool true # Art. 10(3); Rec. 67
+  'Training data is complete in view of the intended purpose of system': !!bool true # Art. 10(3); Rec. 67
+  'Training data possesses the appropriate statistical properties, including, where applicable, as regards the people in relation to whom the system is intended to be used': !!bool true # Art. 10(3)
+  'Training data takes into account, to the extent required by the intended purpose, the characteristics or elements that are particular to the specific geographical, contextual, behavioural or functional setting within which the system is intended to be used': !!bool true # Art. 10(4)
+  'Where special categories of personal data have been used to ensure the detection and correction of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations, the use of this data was strictly necessary': !!bool true # Art. 10(5)
+  'Where special categories of personal data have been used to ensure the detection and correction of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations, the use complied with appropriate safeguards for the fundamental rights and freedoms of natural persons': !!bool true # Art. 10(5)
+  'Where special categories of personal data have been used to ensure the detection and correction of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations, the use of this data satisfied the provisions set out in Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive (EU) 2016/680': !!bool true # Art. 10(5)
+  'Where special categories of personal data have been used to ensure the detection and correction of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations, the bias detection and correction was not effectively fulfilled by processing other data, including synthetic or anonymised data': !!bool true # Art. 10(5)(a)
+  'Where special categories of personal data have been used to ensure the detection and correction of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations, the special categories of personal data were not subject to technical limitations on the re-use of the personal data, and state-of-the-art security and privacy-preserving measures, including pseudonymisation': !!bool true # Art. 10(5)(b)
+  'Where special categories of personal data have been used to ensure the detection and correction of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations, the special categories of personal data were subject to measures to ensure that the personal data processed are secured, protected, subject to suitable safeguards, including strict controls and documentation of the access, to avoid misuse and ensure that only authorised persons have access to those personal data with appropriate confidentiality obligations': !!bool true # Art. 10(5)(c)
+  'Where special categories of personal data have been used to ensure the detection and correction of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations, the special categories of personal data were not to be transmitted, transferred or otherwise accessed by other parties': !!bool true # Art. 10(5)(d)
+  'Where special categories of personal data have been used to ensure the detection and correction of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations, the special categories of personal data were deleted once the bias was corrected or the personal data reached the end of its retention period (whichever came first)': !!bool true # Art. 10(5)(e)
+  'Where special categories of personal data have been used to ensure the detection and correction of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations, the records of processing activities pursuant to Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive (EU) 2016/680 include the reasons why the processing of special categories of personal data was strictly necessary to detect and correct biases, and why that objective could not be achieved by processing other data': !!bool true # Art. 10(5)(f)
+
+technical_documentation:
+  'Where relevant, the data requirements in terms of datasheets describing the training methodologies and techniques and the training data sets used, including a general description of these data sets, information about their provenance, scope and main characteristics; how the data was obtained and selected; labelling procedures (e.g. for supervised learning), data cleaning methodologies (e.g. outliers detection)': !!bool true # Art. 11; Annex IV(2)(d)
+  'Validation and testing procedures used, including information about the validation and testing data used and their main characteristics; metrics used to measure accuracy, robustness and compliance with other relevant requirements set out in Title III, Chapter 2 as well as potentially discriminatory impacts; test logs and all test reports dated and signed by the responsible persons, including with regard to predetermined changes as referred to under point (f)': !!bool true # Art. 11; Annex IV(2)(g)
+  'Cybersecurity measures put in place as regards the data (e.g., scanning for data poisoning)': !!bool true # Art. 11; Annex IV(2)(h)
+
+transparency_and_provision_of_information_to_deployers:
+  'Specifications for the input data, or any other relevant information in terms of the training, validation and testing data sets used, taking into account the intended purpose of the AI system': !!bool true # Art. 13(3)(b)(vi)
+
+quality_management_system:
+  'Systems and procedures for data management, including data acquisition, data collection, data analysis, data labelling, data storage, data filtration, data mining, data aggregation, data retention and any other operation regarding the data that is performed before and for the purposes of the placing on the market or putting into service of high-risk AI systems': !!bool true # Art. 17(1)(f)

model_cc.md

@@ -0,0 +1,78 @@
+risk_management_system:
+'Known or reasonably foreseeable risks the model can pose to health or safety when used for intended purpose': !!bool true # Art. 9(2)(a)
+'Estimation and evaluation of risks when model used for intended purpose': !!bool true # Art. 9(2)(b)
+'Estimation and evaluation of risks when model used under conditions of reasonably foreseeable misuse': !!bool true # Art. 9(2)(b)
+'Testing to ensure model performs consistently for intended purpose': !!bool true # Art. 9(6)
+'Testing to ensure model complies with Act': !!bool true # Art. 9(6)
+'Testing against prior defined metrics appropriate to intended purpose': !!bool true # Art. 9(8)
+'Testing against probabilistic thresholds appropriate to intended purpose': !!bool true # Art. 9(8)
+
+technical_documentation:
+  'Pre-trained elements of model provided by third parties and how used, integrated or modified': !!bool true # Art. 11; Annex IV(2)(a)
+  'General logic of model': !!bool true # Art. 11; Annex IV(2)(b)
+  'Key design choices including rationale and assumptions made, including with regard to persons or groups on which model intended to be used': !!bool true # Art. 11; Annex IV(2)(b)
+  'Main classification choices': !!bool true # Art. 11; Annex IV(2)(b)
+  'What model is designed to optimise for and relevance of its different parameters': !!bool true # Art. 11; Annex IV(2)(b)
+  'Description of the expected output and output quality of the system': !!bool true # Art. 11; Annex IV(2)(b)
+  'Decisions about any possible trade-off made regarding the technical solutions adopted to comply with the requirements set out in Title III, Chapter 2': !!bool true # Art. 11; Annex IV(2)(b)
+  'Assessment of the human oversight measures needed in accordance with Article 14, including an assessment of the technical measures needed to facilitate the interpretation of the outputs of AI systems by the deployers, in accordance with Articles 13(3)(d)': !!bool true # Art. 11; Annex IV(2)(e)
+  'Validation and testing procedures used, including information about the validation and testing data used and their main characteristics; metrics used to measure accuracy, robustness and compliance with other relevant requirements set out in Title III, Chapter 2 as well as potentially discriminatory impacts; test logs and all test reports dated and signed by the responsible persons, including with regard to predetermined changes as referred to under point (f)': !!bool true # Art. 11; Annex IV(2)(g)
+  'Cybersecurity measures put in place': !!bool true # Art. 11; Annex IV(2)(h)
+
+transparency_and_information_provision:
+  'Intended purpose': !!bool true # Art. 13(3)(b)(i)
+  'Level of accuracy, including its metrics, robustness and cybersecurity referred to in Article 15 against which the high-risk AI system has been tested and validated and which can be expected, and any known and foreseeable circumstances that may have an impact on that expected level of accuracy, robustness and cybersecurity': !!bool true # Art. 13(3)(b)(ii)
+  'Any known or foreseeable circumstance, related to the use of the high-risk AI system in accordance with its intended purpose or under conditions of reasonably foreseeable misuse, which may lead to risks to the health and safety or fundamental rights referred to in Article 9(2)': !!bool true # Art. 13(3)(b)(iii)
+  'Technical capabilities and characteristics of the AI system to provide information that is relevant to explain its output': !!bool true # Art. 13(3)(b)(iv)
+  'Performance regarding specific persons or groups of persons on which the system is intended to be used': !!bool true # Art. 13(3)(b)(v)
+  'Specifications for the input data, or any other relevant information in terms of the training, validation and testing data sets used, taking into account the intended purpose of the AI system': !!bool true # Art. 13(3)(b)(vi)
+  'Information to enable deployers to interpret the output of the high-risk AI system and use it appropriately': !!bool true # Art. 13(3)(b)(vii)
+  'Human oversight measures referred to in Article 14, including the technical measures put in place to facilitate the interpretation of the outputs of AI systems by the deployers': !!bool true # Art. 13(3)(d)
+  'Computational and hardware resources needed, the expected lifetime of the high-risk AI system and any necessary maintenance and care measures, including their frequency, to ensure the proper functioning of that AI system, including as regards software updates': !!bool true # Art. 13(3)(e)
+
+accuracy_robustness_cybersecurity:
+  'Appropriate level of accuracy': !!bool true # Art. 15(1)
+  'Appropriate level of robustness': !!bool true # Art. 15(1)
+  'Appropriate level of cybersecurity': !!bool true # Art. 15(1)
+  'Use of relevant accuracy metrics': !!bool true # Art. 15(2)
+  'Maximum possible resilience regarding errors, faults or inconsistencies that may occur within the system or the environment in which the system operates, in particular due to their interaction with natural persons or other systems. Technical and organisational measures shall be taken towards this regard': !!bool true # Art. 15(4)
+  'Measures to prevent, detect, respond to, resolve and control for attacks trying to manipulate the training dataset (data poisoning), or pre-trained components used in training (model poisoning), inputs designed to cause the model to make a mistake (adversarial examples or model evasion), confidentiality attacks or model flaws': !!bool true # Art. 15(5)
+
+quality_management_system:
+  'Examination, test and validation procedures to be carried out before, during and after the development of the high-risk AI system, and the frequency with which they have to be carried out': !!bool true # Art. 17(1)(d)
+
+transparency_obligations:
+  'Providers of AI systems, including GPAI systems, generating synthetic audio, image, video or text content, shall ensure the outputs of the AI system are marked in a machine-readable format and detectable as artificially generated or manipulated': !!bool true # Art. 50(2)
+  'Providers shall ensure their technical solutions are effective, interoperable, robust and reliable as far as this is technically feasible, taking into account specificities and limitations of different types of content, costs of implementation and the generally acknowledged state-of-the-art, as may be reflected in relevant technical standards': !!bool true # Art. 50(2)
+
+classification_of_gpai_models:
+  'Whether model has high impact capabilities evaluated on the basis of appropriate technical tools and methodologies, including indicators and benchmarks': !!bool true # Art. 51(1)(a)
+  'Cumulative compute used for training measured in floating point operations (FLOPs)': !!bool true # Art. 51(2)
+
+obligations_for_providers_of_gpai_models:
+  'The tasks that the model is intended to perform and the type and nature of AI systems in which it can be integrated': !!bool true # Art. 53; Annex XI(1)(1)(a)
+  'Acceptable use policies applicable': !!bool true # Art. 53; Annex XI(1)(1)(b)
+  'The date of release and methods of distribution': !!bool true # Art. 53; Annex XI(1)(1)(c)
+  'The architecture and number of parameters': !!bool true # Art. 53; Annex XI(1)(1)(d)
+  'Modality (e.g. text, image) and format of inputs and outputs': !!bool true # Art. 53; Annex XI(1)(1)(e)
+  'The license': !!bool true # Art. 53; Annex XI(1)(1)(f)
+  'Training methodologies and techniques': !!bool true # Art. 53; Annex XI(1)(2)(b)
+  'Key design choices including the rationale and assumptions made': !!bool true # Art. 53; Annex XI(1)(2)(b)
+  'What the model is designed to optimise for': !!bool true # Art. 53; Annex XI(1)(2)(b)
+  'The relevance of the different parameters, as applicable': !!bool true # Art. 53; Annex XI(1)(2)(b)
+  'Information on the data used for training, testing and validation: type of data': !!bool true # Art. 53; Annex XI(1)(2)(c)
+  'Information on the data used for training, testing and validation: provenance of data': !!bool true # Art. 53; Annex XI(1)(2)(c)
+  'Information on the data used for training: curation methodologies (e.g. cleaning, filtering etc)': !!bool true # Art. 53; Annex XI(1)(2)(c)
+  'Information on the data used for training: the number of data points': !!bool true # Art. 53; Annex XI(1)(2)(c)
+  'Information on the data used for training: data points scope and main characteristics applicable': !!bool true # Art. 53; Annex XI(1)(2)(c)
+  'Information on the data used for training: how the data was obtained and selected': !!bool true # Art. 53; Annex XI(1)(2)(c)
+  'Information on the data used for training: all other measures to detect the unsuitability of data sources and methods to detect identifiable biases, where applicable': !!bool true # Art. 53; Annex XI(1)(2)(c)
+  'The computational resources used to train the model (e.g. number of floating point operations – FLOPs), training time, and other relevant details related to the training': !!bool true # Art. 53; Annex XI(1)(2)(d)
+  'Known or estimated energy consumption of the model; in case not known, this could be based on information about computational resources used': !!bool true # Art. 53; Annex XI(1)(2)(e)
+  'Detailed description of the evaluation strategies, including evaluation results, on the basis of available public evaluation protocols and tools or otherwise of other evaluation methodologies. Evaluation strategies shall include evaluation criteria, metrics and the methodology on the identification of limitations': !!bool true # Art. 53; Annex XI(2)(1)
+  'Where applicable, detailed description of the measures put in place for the purpose of conducting internal and/or external adversarial testing (e.g. red teaming), model adaptations, including alignment and fine-tuning': !!bool true # Art. 53; Annex XI(2)(2)
+
+obligations_for_providers_of_gpai_models_with_systemic_risk:
+  'Perform model evaluation in accordance with standardised protocols and tools reflecting the state of the art, including conducting and documenting adversarial testing of the model with a view to identify and mitigate systemic risk': !!bool true # Art. 55(1)(a)
+  'Assess and mitigate possible systemic risks at Union level, including their sources, that may stem from the development': !!bool true # Art. 55(1)(b)
+  'Ensure an adequate level of cybersecurity protection for the GPAI model with systemic risk and the physical infrastructure of the mode': !!bool true # Art. 55(1)(d)

project_cc.md

@@ -0,0 +1,297 @@
+smb_status:
+  smb_status: # Art. 11(1) 
+    verbose: 'AI project is operated by a small or medium-sized enterprise' 
+    value: !!bool false
+
+eu_market_status:
+  placed_on_market_status: # Art. 3(9)
+    verbose: 'AI project is being made available on the Union market for the first time'
+    value: !!bool false 
+  put_into_service_status: #Art. 3(11)
+    verbose: 'AI project is supplied for first use directly to the deployer or for own use in the Union for its intended purpose;'
+
+ai_project_owner_role:
+  provider_status: # Art. 2
+    verbose: 'The owner of this AI project is a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge'
+    value: !!bool false 
+  on_market_status: # Art 2 
+    verbose: "AI project is placed on the market or put into service in the Union"
+    value: !!bool false  
+  deployer_status: # Art. 2
+    verbose: 'The owner of this AI project is a natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity'
+    value: !!bool false 
+  eu_location_status: # Art. 2
+    verbose: 'The owner of this AI project has its place of establishment or location within the Union'
+    value: !!bool true  
+  output_status: # Art. 2
+    verbose: 'the output produced by the AI system is used in the Union'
+    value: !!bool true 
+  importer_status: # Art. 2 
+    verbose: 'AI project owner is a natural or legal person located or established in the Union that places on the market an AI system that bears the name or trademark of a natural or legal person established in a third country'
+    value: !!bool true 
+  distributor_status:
+    verbose: 'a natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the Union market'
+    value: !!bool true # Art. 2
+  product_manufacturer_status:
+    value: !!bool true # Art. 2
+
+ai_system_status:
+  ai_system_status: # Art. 3(1)
+    verbose: 'AI project is a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments'
+    value: !!bool true 
+
+gpai_model_status:
+  gpai_model_status: # Art. 3(63)
+    verbose: 'AI project is an AI model, including where such an AI model is trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications, except AI models that are used for research, development or prototyping activities before they are placed on the market'
+    value: !!bool true  
+
+excepted_use:
+  scientific_r_and_d: # Art. 2(6) 
+    verbose: 'AI project is or was specifically developed and put into service for the sole purpose of scientific research and development'
+    value: !!bool true 
+  pre_market: # Art. 2(8) 
+    verbose: 'AI project strictly consists of research, testing or development activity of the sort that takes place prior to their being placed on the market or put into service'
+    value: !!bool true 
+  open_source_gpai: # Art. 53(2)
+    verbose: 'AI project involves AI models that are released under a free and open-source licence that allows for the access, usage, modification, and distribution of the model, and whose parameters, including the weights, the information on the model architecture, and the information on model usage, are made publicly available. This exception shall not apply to general purpose AI models with systemic risks'
+    value: !!bool true  
+
+prohibited_ai_practice_status:
+  manipulative: # Art. 5(1)(a)
+    verbose: 'This AI system deploys subliminal or purposefully manipulative or deceptive techniques, with the objective or effect of materially distorting the behavior of people by appreciably impairing their ability to make an informed decision, thereby causing them to take a decision that they would not have otherwise taken in a manner that causes or is reasonably likely to cause significant harm'
+    value: !!bool false 
+  exploit_vulnerable: # Art. 5(1)(b)
+    verbose: 'This AI system exploits the vulnerabilities of natural people due to their age, disability or a specific social or economic situation, with the objective or effect of materially distorting their behaviour in a manner that causes or is reasonably likely to cause significant harm'
+    value: !!bool false 
+  social_score: # Art. 5(1)(c)
+    verbose: 'This AI system is for the evaluation or classification of natural people over a certain period of time based on their social behaviour or known, inferred or predicted personal or personality characteristics, with the social score leading to at least one of the following: (i) detrimental or unfavourable treatment of certain natural people in social contexts that are unrelated to the contexts in which the data was originally generated or collected; (ii) detrimental or unfavourable treatment of certain natural people that is unjustified or disproportionate to their social behaviour or its gravity'
+    value: !!bool false 
+  crime_prediction:  # Art. 5(1)(d)
+    verbose: 'This AI system makes risk assessments of natural persons in order to assess or predict the risk of them committing a criminal offence, based solely on the profiling of the natural person or on assessing their personality traits and characteristics (and does not support the human assessment of the involvement of a person in a criminal activity, which is already based on objective and verifiable facts directly linked to a criminal activity)'
+    value: !!bool false
+  untarged_face: # Art. 5(1)(e)
+    verbose: 'This AI systems creates or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage'
+    value: !!bool false 
+  emotion_prediction: # Art. 5(1)(f)
+    verbose: 'This AI systems infer emotions of a natural person in the areas of workplace and education institutions and is not intended to be put in place or into the market for medical or safety reasons'
+    value: !!bool false 
+
+high_risk_ai_system_status:
+  safety_component: # Art. 6(1)(a)
+    verbose: 'AI project is intended to be used as a safety component of a product'
+    value: !!bool false 
+  product_covered_by_machinery_regulation: # Art. 6(1)(b); Annex I
+    verbose: 'AI project is itself a product, covered by Directive 2006/42/EC of the European Parliament and of the Council of 17 May 2006 on machinery, and amending Directive 95/16/EC (OJ L 157, 9.6.2006, p. 24) [as repealed by the Machinery Regulation]'
+    value: !!bool false 
+  product_covered_by_toy_safety_regulation: # Art. 6(1)(b); Annex I
+    verbose: 'AI project is itself a product, covered by Directive 2009/48/EC of the European Parliament and of the Council of 18 June 2009 on the safety of toys (OJ L 170, 30.6.2009, p. 1)'
+    value: !!bool false 
+  product_covered_by_watercraft_regulation: # Art. 6(1)(b); Annex I
+    verbose: 'AI project is itself a product, covered by Directive 2013/53/EU of the European Parliament and of the Council of 20 November 2013 on recreational craft and personal watercraft and repealing Directive 94/25/EC (OJ L 354, 28.12.2013, p. 90)'
+    value: !!bool false 
+  biometric_categorization: # Art. 6(2); Annex III(1)(b)
+    verbose: 'AI project is intended to be used for biometric categorisation, according to sensitive or protected attributes or characteristics based on the inference of those attributes or characteristics'
+    value: !!bool false 
+  emotion_recognition: # Art. 6(2); Annex III(1)(c)
+    verbose: 'AI project is intended to be used for emotion recognition'
+    value: !!bool false 
+  critical_infrastructure: # Art. 6(2); Annex III(2)
+    verbose: 'AI project is intended to be used as safety components in the management and operation of critical digital infrastructure, road traffic, or in the supply of water, gas, heating or electricity'
+    value: !!bool false 
+  educational: # Art. 6(2); Annex III(3)(a)
+    verbose: 'AI project is intended to be used to determine access or admission or to assign natural persons to educational and vocational training institutions at all levels'
+    value: !!bool false 
+  recruitment: # Art. 6(2); Annex III(4)(a)
+    verbose: 'AI project is intended to be used for the recruitment or selection of natural persons, in particular to place targeted job advertisements, to analyse and filter job applications, and to evaluate candidates'
+    value: !!bool false 
+  public_assistance: # Art. 6(2); Annex III(5)(a)
+    verbose: 'AI project is intended to be used by public authorities or on behalf of public authorities to evaluate the eligibility of natural persons for essential public assistance benefits and services, including healthcare services, as well as to grant, reduce, revoke, or reclaim such benefits and services'
+    value: !!bool false 
+  victim_assessment: # Art. 6(2); Annex III(6)(a)
+    verbose: 'AI project is intended to be used by or on behalf of law enforcement authorities, or by Union institutions, bodies, offices or agencies in support of law enforcement authorities or on their behalf to assess the risk of a natural person becoming the victim of criminal offences'
+    value: !!bool false 
+  polygraph: # Art. 6(2); Annex III(7)(a)
+    verbose: 'AI project is intended to be used by or on behalf of competent public authorities or by Union institutions, bodies, offices or agencies as polygraphs or similar tools'
+    value: !!bool false 
+  judicial: # Art. 6(2); Annex III(8)(a)
+    verbose: 'AI project is intended to be used by a judicial authority or on their behalf to assist a judicial authority in researching and interpreting facts and the law and in applying the law to a concrete set of facts, or to be used in a similar way in alternative dispute resolution'
+    value: !!bool false 
+  filter_exception_rights: # Art. 6(3)
+    verbose: 'The AI initiate does not pose a significant risk of harm to the health, safety or fundamental rights of natural persons, including by not materially influencing the outcome of decision making'
+    value: !!bool true 
+  filter_exception_narrow: # Art. 6(3)(a)
+    verbose: 'The AI project is intended to perform a narrow procedural task'
+    value: !!bool false
+  filter_exception_narrow: # Art. 6(3)(b)
+    verbose: 'the AI project is intended to improve the result of a previously completed human activity'
+    value: !!bool false
+  filter_exception_deviation: # Art. 6(3)(c)
+    verbose: 'the AI system is intended to detect decision-making patterns or deviations from prior decision-making patterns and is not meant to replace or influence the previously completed human assessment, without proper human review'
+    value: !!bool false
+  filter_exception_deviation: # Art. 6(3)(d)
+    verbose: 'the AI system is intended to perform a preparatory task to an assessment relevant for the purposes of the use cases listed in Annex III.'
+    value: !!bool false 
+
+risk_management_system:
+  established: # Article 9
+    verbose: 'Risk management system has been established, implemented, documented and maintained for AI system'
+    value: !!bool false 
+  lifecycle: # Art. 9(2)
+    verbose: 'Risk management system (high-risk AI system) has been planned, run, reviewed, and updated, throughout the entire lifecycle of AI system'
+    value: !!bool false 
+  risk_analysis_intended: # Art. 9(2)(a)
+    verbose: 'Risk management system for AI system includes the identification and analysis of any known or reasonably foreseeable risks that the AI system might pose to health, safety or fundamental rights when used in accordance with its intended purpose'
+    value: !!bool false 
+  risk_estimation_foreseeable: # Art. 9(2)(b)
+    verbose: 'Risk management system for AI system includes the estimation and evaluation of the risks that may emerge when the high-risk AI system is used in accordance with its intended purpose, and under conditions of reasonably foreseeable misuse;
+    value: !!bool false 
+  risk_post_market: # Art. 9(2)(c)
+    verbose: 'Risk management system for AI system includes the evaluation of other risks possibly arising, based on the analysis of data gathered from the post-market monitoring system'
+    value: !!bool false   
+  risk_management_measures: # Art. 9(2)(d)
+    verbose: 'Where risk that the AI system might pose to health, safety or fundamental rights when used in accordance with its intended purpose have been identified, appropriate and targeted risk management measures designed to address the risks have been adopted'
+    value: !!bool false 
+  documentation: # Art. 9(5)
+    verbose: 'Where risk that the AI system might pose to health, safety or fundamental rights when used in accordance with its intended purpose have been identified, these risks have been documented and communicated to deployers and either eliminated, if feasible, or mitigated such that any residual risk is judged to be acceptable'
+    value: !!bool false 
+  tested: # Art. 9(6)
+    verbose: 'To determine the right mitigations, and to show the high-risk AI system performs consistently its intended purpose and is in compliance with the risk management requirements, the AI system has been tested'
+    value: !!bool false 
+  testing_threshold: # Art. 9(8)
+    verbose: 'Testing has or will be performed before the AI system is placed on the market and has or will be carried out against prior defined metrics and probabilistic thresholds that are appropriate to the intended purpose'
+    value: !!bool false 
+
+technical_documentation:
+  drawn_up: # Art. 11(1)
+    verbose: 'Technical documentation for the high-risk AI system has been drawn up before the system has been placed on the market or put into service and will be kept up-to date'
+    value: !!bool false 
+  intended_purpose: # Art. 11(1); Annex IV(1)(a)
+    verbose: 'The Technical Documentation includes a general description of the AI system that covers its intended purpose, the name of the provider and the version of the system reflecting its relation to previous versions'
+    value: !!bool false 
+  interaction: # Art. 11(1); Annex IV(1)(b)
+    verbose: 'The Technical Documentation includes a general description of the AI system that covers how the AI system interacts with, or can be used to interact with, hardware or software, including with other AI systems, that are not part of the AI system itself, where applicable'
+   value: !!bool false 
+  versions: # Art. 11(1); Annex IV(1)(c)
+    verbose: 'Technical Documentation includes a general description of the AI system that covers the versions of relevant software or firmware, and any requirements related to version updates'
+    value: !!bool false 
+  packages: # Art. 11(1); Annex IV(1)(d)
+    verbose: 'Technical Documentation includes a general description of the AI system that covers the description of all the forms in which the AI system is placed on the market or put into service, such as software packages embedded into hardware, downloads, or APIs'
+    value: !!bool false 
+  hardware: # Art. 11(1); Annex IV(1)(e)
+    verbose: 'Technical Documentation includes a general description of the AI system that covers the description of the hardware on which the AI system is intended to run'
+    value: !!bool false 
+  development_steps: # Art. 11(1); Annex IV(2)(a)
+    verbose: 'Technical Documentation includes a detailed description of the elements of the AI system and of the process for its development, covering the methods and steps performed for the development of the AI system, including, where relevant, recourse to pre-trained systems or tools provided by third parties and how those were used, integrated or modified by the provider'
+    value: !!bool false 
+  design_specs: # Art. 11(1); Annex IV(2)(b)
+    verbose: 'Technical Documentation includes a detailed description of the elements of the AI system and of the process for its development, covering the design specifications of the system, namely the general logic of the AI system and of the algorithms; the key design choices including the rationale and assumptions made, including with regard to persons or groups of persons in respect of who, the system is intended to be used; the main classification choices; what the system is designed to optimise for, and the relevance of the different parameters; the description of the expected output and output quality of the system; the decisions about any possible trade-off made regarding the technical solutions adopted to comply with the requirements set out in Chapter III, Section 2'
+    value: !!bool false 
+  risk_management: # Art. 11(1); Annex IV(5)
+    verbose: 'Technical Documentation includes a detailed description of the risk management system in accordance with Article 9'
+    value: !!bool false 
+  changes: # Art. 11(1); Annex IV(6)
+    verbose: 'Technical Documentation includes a description of relevant changes made by the provider to the system through its lifecycle'
+    value: !!bool false 
+  declaration_of_conformity: # Art. 11(1); Annex IV(8)
+    verbose: 'Technical Documentation includes a copy of the EU declaration of conformity referred to in Article 47'
+    value: !!bool false 
+  post_market: # Art. 11(1); Annex IV(9)
+    verbose: 'Technical Documentation includes a detailed description of the system in place to evaluate the AI system performance in the post-market phase in accordance with Article 72, including the post-market monitoring plan referred to in Article 72(3)'
+    value: !!bool false 
+  product: # Art. 11(2)
+    verbose: 'High-risk AI system is either not related to a product covered by the Union harmonisation legislation listed in Section A of Annex I and placed on the market or put into service or, if it is, a single set of technical documentation has been drawn up containing all the information set out in paragraph 1, as well as the information required under those legal acts'
+    value: !!bool false 
+
+record_keeping:
+  logging_generally: # Article 12(1)
+    verbose: 'The AI system technically allows for the automatic recording of events (logs) over the lifetime of the system'
+    value: !!bool false 
+  logging_risk: # Art. 12(1)(a)
+    verbose: 'The AI system technically allows for the automatic recording of events (logs) over the lifetime of the system and these logging capabilities enable the recording of events relevant for identifying situations that may result in the high-risk AI system presenting a risk within the meaning of Article 79(1) or in a substantial modification'
+    value: !!bool false 
+  logging_post_market: # Art. 12(1)(b)
+    verbose: 'The AI system technically allows for the automatic recording of events (logs) over the lifetime of the system and these logging capabilities enable the recording of events relevant for facilitating the post-market monitoring referred to in Article 72'
+    value: !!bool false 
+  monitoring: # Art. 12(1)(c)
+    verbose: 'The AI system technically allows for the automatic recording of events (logs) over the lifetime of the system and these logging capabilities enable the recording of events relevant for monitoring the operation of high-risk AI systems referred to in Article 26(5)'
+    value: !!bool false 
+  recording_use: # Art. 12(2)(a)
+    verbose: 'For the remote biometric identification systems high-risk AI systems referred to in point 1 (a), of Annex III, the logging capabilities shall provide, at a minimum, the recording of the period of each use of the system (start date and time and end date and time of each use)'
+    value: !!bool false 
+  reference_db: # Art. 12(2)(b)
+    verbose: 'For the remote biometric identification systems high-risk AI systems referred to in point 1 (a), of Annex III, the logging capabilities shall provide, at a minimum, the reference database against which input data has been checked by the system'
+    value: !!bool false 
+  input: # Art. 12(2)(c)
+    verbose: 'For the remote biometric identification systems high-risk AI systems referred to in point 1 (a), of Annex III, the logging capabilities shall provide, at a minimum, the input data for which the search has led to a match'
+    value: !!bool false 
+  'For the remote biometric identification systems high-risk AI systems referred to in point 1 (a), of Annex III, the logging capabilities shall provide, at a minimum, the identification of the natural persons involved in the verification of the results, as referred to in Article 14(5)': !!bool false # Art. 12(2)(d)
+
+transparency_and_provision_of_information_to_deployers:
+  'AI system is designed and developed to ensure operation is sufficiently transparent for deployers to interpret output and use appropriately': !!bool true # Art. 13(1)
+  'AI system is designed and developed with transparency to ensure compliance with provider and deployer obligations in Section 3': !!bool true # Art. 13(1)
+  'AI system is accompanied by instructions for use in appropriate digital format or otherwise, with concise, complete, correct, clear, relevant, accessible, and comprehensible information for deployers': !!bool true # Art. 13(2)
+  'Instructions include provider identity and contact details, and if applicable, authorized representative details': !!bool true # Art. 13(3)(a)
+  'Instructions include AI system characteristics, capabilities, performance limitations, and intended purpose': !!bool true # Art. 13(3)(b)(i)
+  'Instructions include accuracy metrics, robustness, cybersecurity, and potential impacts on these': !!bool true # Art. 13(3)(b)(ii)
+  'Instructions include foreseeable circumstances that may risk health, safety, or fundamental rights': !!bool true # Art. 13(3)(b)(iii)
+  'Instructions include technical capabilities to provide information relevant to explaining output': !!bool true # Art. 13(3)(b)(iv)
+  'Instructions include performance regarding specific persons or groups, if applicable': !!bool true # Art. 13(3)(b)(v)
+  'Instructions include input data specifications and relevant training, validation, and testing dataset information': !!bool true # Art. 13(3)(b)(vi)
+  'Instructions include information to enable deployers to interpret and appropriately use AI system output': !!bool true # Art. 13(3)(b)(vii)
+  'Instructions include predetermined changes to AI system and its performance since initial conformity assessment': !!bool true # Art. 13(3)(c)
+  'Instructions include human oversight measures and technical measures for output interpretation': !!bool true # Art. 13(3)(d)
+  'Instructions include computational and hardware resource needs, expected lifetime, and maintenance measures': !!bool true # Art. 13(3)(e)
+  'Instructions include description of mechanisms for deployers to collect, store, and interpret logs, if applicable': !!bool true # Art. 13(3)(f)
+
+human_oversight:
+  'AI system is designed and developed to be effectively overseen by natural persons during use, including appropriate human-machine interface tools': !!bool true # Art. 14(1)
+  'Human oversight aims to prevent or minimize risks to health, safety, or fundamental rights during intended use or foreseeable misuse': !!bool true # Art. 14(2)
+  'Oversight measures are commensurate with risks, autonomy level, and use context, ensured through provider-built measures and/or deployer-implemented measures': !!bool true # Art. 14(3)
+  'AI system enables assigned persons to understand its capacities and limitations, monitor operation, and detect anomalies': !!bool true # Art. 14(4)
+  'AI system enables assigned persons to be aware of potential automation bias': !!bool true # Art. 14(4)(a)
+  'AI system enables assigned persons to correctly interpret its output': !!bool true # Art. 14(4)(c)
+  'AI system enables assigned persons to decide not to use it or override its output': !!bool true # Art. 14(4)(d)
+  'AI system enables assigned persons to intervene or halt the system through a stop button or similar procedure': !!bool true # Art. 14(4)(e)
+  'For Annex III point 1(a) systems, actions or decisions require verification by at least two competent persons, with exceptions for law enforcement, migration, border control, or asylum': !!bool true # Art. 14(5)
+
+accuracy_robustness_cybersecurity:
+  'AI system is designed and developed to achieve appropriate levels of accuracy, robustness, and cybersecurity, performing consistently throughout its lifecycle': !!bool true # Art. 15(1)
+  'Commission encourages development of benchmarks and measurement methodologies for accuracy and robustness': !!bool true # Art. 15(2)
+  'Accuracy levels and relevant metrics are declared in accompanying instructions of use': !!bool true # Art. 15(3)
+  'AI system is resilient against errors, faults, or inconsistencies, with technical and organizational measures implemented': !!bool true # Art. 15(4)
+  'AI system that continues learning after deployment is designed to eliminate or reduce risk of biased outputs influencing future operations': !!bool true # Art. 15(4)
+  'AI system is resilient against unauthorized third-party attempts to alter use, outputs, or performance': !!bool true # Art. 15(5)
+  'Cybersecurity solutions are appropriate to relevant circumstances and risks': !!bool true # Art. 15(5)
+  'Technical solutions address AI-specific vulnerabilities, including measures against data poisoning, model poisoning, adversarial examples, and confidentiality attacks': !!bool true # Art. 15(5)
+
+quality_management_system:
+  'Initiative is subject to a quality management system with strategy for regulatory compliance': !!bool true # Art. 17(1)(a)
+  'System includes techniques, procedures, and actions for design, control, and verification of high-risk AI system': !!bool true # Art. 17(1)(b)
+  'System includes techniques, procedures, and actions for development, quality control, and quality assurance': !!bool true # Art. 17(1)(c)
+  'System includes examination, test, and validation procedures before, during, and after development': !!bool true # Art. 17(1)(d)
+
+transparency_obligations:
+  'Providers of AI systems generating synthetic content ensure outputs are marked and detectable as artificially generated': !!bool true # Art. 50(2)
+  'Technical solutions for marking are effective, interoperable, robust, and reliable': !!bool true # Art. 50(2)
+
+gpai_model_classification:
+  'Model impact capabilities evaluated using appropriate technical tools and methodologies': !!bool true # Art. 51
+  'Cumulative compute for training measured in floating point operations (FLOPs)': !!bool true # Art. 51(2)
+
+gpai_model_provider_obligations:
+  'Provide information on intended tasks, integration types, and acceptable use policies': !!bool true # Art. 53(1)(a); Annex XI(1)(1)(a-c)
+  'Provide details on model architecture, parameters, input/output modalities, and license': !!bool true # Art. 53(1)(a); Annex XI(1)(1)(d-f)
+  'Describe training methodologies, key design choices, and optimization goals': !!bool true # Art. 53(1)(b); Annex XI(1)(2)(b)
+  'Provide information on training, testing, and validation data': !!bool true # Art. 53(1)(b); Annex XI(1)(2)(c)
+  'Disclose computational resources and energy consumption for training': !!bool true # Art. 53(1)(b); Annex XI(1)(2)(d-e)
+  'Describe evaluation strategies, results, and adversarial testing measures': !!bool true # Art. 53(1)(b); Annex XI(2)(1-2)
+
+obligations_to_downstream_providers:
+  'Provide general description of GPAI model, including intended tasks and integration types': !!bool true # Art. 53(1)(b); Annex XII(1)(a-h)
+  'Describe model elements, development process, and integration requirements': !!bool true # Art. 53(1)(b); Annex XII(2)(a-c)
+
+obligations_for_systemic_risk_models:
+  'Perform model evaluation using standardized protocols and conduct adversarial testing': !!bool true # Art. 55(1)(a)
+  'Assess and mitigate possible systemic risks at Union level': !!bool true # Art. 55(1)(b)
+  'Ensure adequate cybersecurity protection for the model and infrastructure': !!bool true # Art. 55(1)(d)
+