OpenChainGraph Suite · OCG v0.8.0 · AI Governance · Cluster ㉓

AI Decision Log Conformance

Gated three-step chain for EU AI Act Art 12/26/27 decision-log conformance. Step 1 classifies Annex III FS obligations using art-238 (extending run_ai_act_highrisk_fit). A §21.4 gate exits OUT_OF_SCOPE when is_high_risk=false; confirmed high-risk systems proceed to Step 2 where art-236 builds Art 12(2)-conformant records, then Step 3 where art-237 validates IETF AAT chain linkage. Applicable to Annex III 5(b) creditworthiness and 5(c) life/health insurance pricing AI. Zero PII — structural identifiers only.

OpenChainGraph · 3 Steps compliance mandate · §21.4 Gate Hash-Anchored §4 chain_depth:3 EU AI Act Art 12/26/27 · Zero PII
Not legal or compliance advice. Run art-64 (run_ai_act_highrisk_fit) before this chain to confirm is_high_risk classification. Enforcement dates: original 2026-08-02; Digital Omnibus proposes Annex III obligations to 2027-12-02 (provisional agreement 7 May 2026). Consult counsel.
🔒 STRUCTURAL IDENTIFIERS ONLY. Art-236 subject_ref is a structural field (system/record reference), not a natural-person identifier. No PII is processed at any stage. All computation runs locally in your browser. No data is transmitted.
⚡ §21.4 Decision Gate active at Step 1: chain exits OUT_OF_SCOPE when is_high_risk = false. When is_high_risk = true, the chain proceeds to Art 12(2) decision log record and IETF AAT audit trail validation.
Chain Topology (§21.4 gated) — Annex III Classifier [GATE] → Art 12(2) Decision Log → IETF AAT Validator
§4 Execution Hash · Chain Definition Anchor
execution_hash:computing…
Chain Stages · 3 Steps · 1 Decision Gate (§21.4)
1 ROOT & GATE node §21.4 gate
Annex III FS Obligations Classifier art-238-classify-annex3-decisioning-obligations
EXTENDS run_ai_act_highrisk_fit (art-64). Maps Art 12(2) logging, Art 26(6) FRIA, and Art 27(1) DB registration obligations for Annex III 5(b) creditworthiness and 5(c) life/health insurance pricing AI. Gate: is_high_risk=false exits OUT_OF_SCOPE. Default (is_high_risk=true) proceeds to Art 12(2) record builder.
△ Gate: if /is_high_risk = false → END (OUT_OF_SCOPE)  |  default (true) → Step 2
MCP Call · classify_annex3_decisioning_obligations
{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "params": {
    "name": "classify_annex3_decisioning_obligations",
    "arguments": {
      "is_high_risk": true,
      "annex3_category": "5b_creditworthiness",
      "deployer_role": "deployer",
      "has_human_oversight": true,
      "fria_completed": true,
      "db_registered": false,
      "logging_implemented": false
    }
  },
  "id": 1
}
2 D2 node
Art 12(2) AI Decision Log Record Builder art-236-build-ai-decision-log-record
Builds Art 12(2)-conformant decision log record: model_id, model_version, decision_label, confidence, input_digest (SHA-256), output_digest (SHA-256), sha256_prev_record (chain link), override_flag, override_by, subject_ref (structural only), retention_months (≥6), anchor_surface. Computes art12_completeness_score (0-12 fields). Passes sha256 record hash to IETF AAT validator.
MCP Call · build_ai_decision_log_record
{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "params": {
    "name": "build_ai_decision_log_record",
    "arguments": {
      "model_id": "credit-score-v2",
      "model_version": "2.1.4",
      "decision_label": "APPROVED",
      "confidence": 0.91,
      "input_digest": "sha256:a3b4c5d6e7f8...",
      "output_digest": "sha256:b4c5d6e7f8a9...",
      "sha256_prev_record": "",
      "override_flag": false,
      "override_by": "",
      "subject_ref": "LOAN-REF-2026-001",
      "retention_months": 84
    }
  },
  "id": 2
}
3 TERMINAL node
IETF AAT Audit Trail Validator art-237-validate-agent-audit-trail
Validates IETF draft-sharif-agent-audit-trail-00 (expires 2026-09) compliance. Checks action_class (10 valid values), outcome (5 valid), trust_level (5 valid) enums; sha256_prev_record format (/^[0-9a-f]{64}$/); ECDSA signature presence. Emits conformance_result (CONFORMANT/PARTIAL/NON_CONFORMANT/EMPTY_INPUT) and aat_completeness_score (0-8). Terminal stage — exports composite §4 artifact.
MCP Call · validate_agent_audit_trail
{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "params": {
    "name": "validate_agent_audit_trail",
    "arguments": {
      "agent_identity": "did:web:credit-model.example.com",
      "timestamp": "2026-07-04T12:00:00Z",
      "action_class": "AUTHORIZE",
      "outcome": "SUCCESS",
      "trust_level": "HIGH",
      "sha256_prev_record": "a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4",
      "ecdsa_signature": "0x3045...",
      "reason": "Credit score 750 exceeds approval threshold 680"
    }
  },
  "id": 3
}
Export Chain Artifact
Download a §4-compliant chain artifact with execution hash, step definitions, gate configuration, and regulatory basis. Hash is deterministic over canonical {policy_parameters, output_payload} per RFC 8785/JCS.