{"title":"Sgraal Compliance Documentation","profiles":{"EU_AI_ACT":{"description":"European Union AI Act compliance profile","articles":{"Article 9":"Risk management — medical domain with omega>40 requires human oversight","Article 12":"Logging — irreversible actions with omega>60 blocked, audit trail required","Article 13":"Transparency — explainability_note always included in every response"},"enforcement":"Critical violations override recommended_action to BLOCK"},"GDPR":{"description":"General Data Protection Regulation","measures":{"data_minimization":"Memory state processed in real time, not stored","privacy_by_design":"3-layer privacy: ID obfuscation, reason abstraction, ZK commitment","differential_privacy":"Optional ε-DP via Laplace mechanism (dp_epsilon field)","right_to_erasure":"DELETE /v1/account removes all data within 30 days"}},"FDA_510K":{"description":"FDA 510(k) medical device compliance","rules":{"predicate_comparison":"Medical domain with omega>30 requires predicate device comparison","risk_classification":"Irreversible/destructive actions with omega>50 require Class III review"},"healing_policy":"tool_state + medical → tier 3 (log-only), requires approval"},"HIPAA":{"description":"Health Insurance Portability and Accountability Act","rules":{"phi_integrity":"Medical domain with assurance<70 → PHI integrity cannot be guaranteed"},"healing_policy":"All medical memory types require approval for healing actions"}},"usage":"Add compliance_profile field to POST /v1/preflight (e.g. 'EU_AI_ACT')","docs_url":"https://sgraal.com/docs/compliance"}