{
  "$schema": "https://fidacy.com/compliance/mappings.schema.json",
  "version": "1.0.0",
  "updated": "2026-07-04",
  "publisher": "Fidacy (Zeepcode Group LLC)",
  "disclaimer": "Alignment claims, not legal advice and not a certification. Coverage describes the evidence artifacts Fidacy supplies for the gated economic-action slice of a system; mapping them to your institution's obligations is your compliance team's call. Coverage levels: full = the control is evidenced end to end for gated actions; partial = evidenced with named limits; moderate = supporting evidence only.",
  "frameworks": [
    {
      "id": "eu-ai-act",
      "name": "EU AI Act (Regulation 2024/1689)",
      "note": "Timeline per the 2026 Digital Omnibus: Art. 50 chatbot transparency applies 2026-08-02; high-risk (Annex III) record-keeping and monitoring obligations deferred to 2027-12-02, Annex I to 2028-08-02. Fidacy is not the high-risk system; it is the external control and evidence layer for the economic actions an AI system takes.",
      "controls": [
        {
          "control": "Art. 12(1)",
          "requirement": "Automatic recording of events (logs) over the system lifetime",
          "feature": "Every verdict (approve, review, deny, with the violated rule) enters an append-only hash chain; batches are Merkle-aggregated (RFC 6962) and anchored to Bitcoin via OpenTimestamps; re-verifiable offline",
          "coverage": "full",
          "notes": "Covers gated actions. Events outside the gate (the agent's other behavior) are the deployer's own logging duty."
        },
        {
          "control": "Art. 12(2)(3)",
          "requirement": "Traceability of the system's functioning appropriate to its purpose",
          "feature": "Each signed verdict embeds policy_version, the exact policy that produced it; policy changes are versioned and admin-audited",
          "coverage": "full",
          "notes": ""
        },
        {
          "control": "Art. 13",
          "requirement": "Transparency and provision of information to deployers",
          "feature": "Public verdict format (JWS, published JWKS), public calibration metrics at GET /v1/transparency, public docs, public digest recipes",
          "coverage": "full",
          "notes": ""
        },
        {
          "control": "Art. 14",
          "requirement": "Human oversight, including the ability to intervene or interrupt",
          "feature": "Review band routes ambiguous actions to humans; spend-guard confirmations hold payments for approval; policy proposals require human approval; each human decision lands in the audit chain",
          "coverage": "partial",
          "notes": "Oversight hooks cover gated actions only; oversight of the surrounding agent remains with the deployer."
        },
        {
          "control": "Art. 15",
          "requirement": "Accuracy, robustness and cybersecurity",
          "feature": "Deterministic hot path; fail-closed degradation (errors become review, never approve); per-org rate limits; eval loop measures verdicts against human ground truth and publishes aggregate calibration",
          "coverage": "partial",
          "notes": "Evidences the robustness of the verdict layer, not of the deployer's whole AI system."
        },
        {
          "control": "Art. 26",
          "requirement": "Deployer obligations: monitoring, log retention, use per instructions",
          "feature": "Console monitoring per org, weekly firewall report to owners/admins, anchored logs retained and exportable, docs define intended use",
          "coverage": "moderate",
          "notes": "Fidacy supplies the artifacts; the obligations are the deployer's."
        }
      ]
    },
    {
      "id": "nist-800-53",
      "name": "NIST SP 800-53 Rev. 5 (selected controls)",
      "note": "Audit-family controls are where a neutral verdict layer earns rows that self-signed logs cannot.",
      "controls": [
        {
          "control": "AU-2",
          "requirement": "Event logging",
          "feature": "Every gated action produces a structured decision record: actor identity (RFC 7638 thumbprint), mandate, decision, violated rule on deny, timestamp",
          "coverage": "full",
          "notes": ""
        },
        {
          "control": "AU-9",
          "requirement": "Protection of audit information",
          "feature": "Append-only hash chain: modifying any record breaks the chain; chain integrity is checked continuously and re-verifiable by anyone offline",
          "coverage": "full",
          "notes": ""
        },
        {
          "control": "AU-10",
          "requirement": "Non-repudiation",
          "feature": "Verdicts are Ed25519-signed (JWS) against a public JWKS, and the audit chain is checkpointed to the Bitcoin blockchain. Third parties verify a record existed and was not altered without trusting Fidacy or the operator; not even the operator can rewrite it",
          "coverage": "full",
          "notes": "The public anchor is what closes the gap self-signed audit trails leave open: an operator who holds the signing key can re-sign a rewritten history; an operator cannot rewrite a confirmed Bitcoin block."
        },
        {
          "control": "AU-11",
          "requirement": "Audit record retention",
          "feature": "Records retained per plan and exportable; anchored checkpoints remain publicly verifiable independently of Fidacy's storage",
          "coverage": "partial",
          "notes": "Retention windows depend on plan; the existence proof outlives the record itself."
        },
        {
          "control": "AC-3 / AC-6",
          "requirement": "Access enforcement and least privilege",
          "feature": "Deny-by-default: no signed grant, no payment. Scoped API keys, role-based multi-tenant access with row-level security, per-org isolation verified by test",
          "coverage": "full",
          "notes": "For gated economic actions; host-system access control is the deployer's."
        },
        {
          "control": "IR-5 / IR-6",
          "requirement": "Incident monitoring and reporting",
          "feature": "Deny events with violated rule are queryable and webhook-deliverable in near real time; weekly aggregate report to org owners",
          "coverage": "moderate",
          "notes": "Fidacy signals; incident response process is the deployer's."
        }
      ]
    },
    {
      "id": "owasp-agentic",
      "name": "OWASP Agentic AI Top 10",
      "note": "Threat-level mapping with live counters at https://fidacy.com/threats. The firewall's threat model is scoped to economic actions: payments, commitments, documents.",
      "controls": [
        {
          "control": "Threat mapping",
          "requirement": "Coverage of agentic threat classes (prompt injection to payment, BEC/supplier swap, over-limit, duplicate invoice, unauthorized payee)",
          "feature": "Deny-by-default gate with per-threat telemetry; each block category is counted and published; the non-bypass property (no grant, zero PSP calls, across missing/tampered/replayed/expired/mismatched grants) is enforced by a release-blocking test matrix",
          "coverage": "partial",
          "notes": "Content-level threats (toxicity, hallucinated speech without a commitment) are out of scope by design: Fidacy gates commitments, not content."
        }
      ]
    }
  ]
}
