Compliance Dashboard

6 regulatory frameworks · 14 controls mapped · CONSILIUM verdict chain as machine-readable evidence

6
Frameworks
14
Controls mapped
100%
RFC 3161 timestamped
UNSAT
INV-15 Z3 proof

Framework Coverage

🇪🇺
EU AI Act
5 controls mapped
Art 9Art 10 Art 11Art 13 Art 14
Risk management system (Art 9) · Data governance (Art 10) · Technical documentation (Art 11) · Transparency (Art 13) · Human oversight (Art 14 — enforced 2026-08-02)
Last verdict: 2026-05-19T12:21:50+00:00 · freetsa.org
🏛️
NIST AI RMF
4 controls mapped
MAPMEASURE MANAGEGOVERN
MAP: threat taxonomy per verdict · MEASURE: 9-vendor confidence scores · MANAGE: ALLOW/REVIEW/BLOCK enforcement · GOVERN: audit chain + STIX 2.1 export
Last verdict: 2026-05-19T12:21:50+00:00 · freetsa.org
🔒
ISO 42001
2 controls mapped
Clause 6Clause 8
Clause 6: AI risk treatment planning (INV-15 formal proof) · Clause 8: Operational AI governance (4-stage SOAR pipeline)
Last verdict: 2026-05-19T12:21:50+00:00 · freetsa.org
SOC 2
1 control mapped
CC7
CC7 (System Operations): real-time anomaly detection via 9-vendor adversarial ensemble · HMAC-SHA256 verdict chain provides tamper-evident audit trail
Last verdict: 2026-05-19T12:21:50+00:00 · freetsa.org
🛡️
GDPR
1 control mapped
Art 22
Art 22: Automated individual decision-making — CONSILIUM provides human-in-the-loop REVIEW verdicts with explainable per-vendor reasoning for GDPR-covered automated decisions
Last verdict: 2026-05-19T12:21:50+00:00 · freetsa.org
📋
NIST 800-53
1 control mapped
AU-4
AU-4 (Audit Log Storage Capacity): RFC 3161 TSA-timestamped verdict chain stored as tamper-evident JSONL · 1312-byte TimeStampToken per verdict · Freetsa.org + DigiCert fallback
Last verdict: 2026-05-19T12:21:50+00:00 · freetsa.org

Live Verification

Any verdict is independently verifiable via RFC 3161 TSA:

curl https://api.apohara.dev/v1/verdicts/{signed_hash}/verify-timestamp # → {"valid": true, "authority": "freetsa.org", # "timestamp": "2026-05-19T12:21:50+00:00"}

INV-15 formal safety invariant (Z3 SMT, UNSAT = safe):

python -m pytest tests/test_verdict_vault.py -v # → 16 passed — tamper-detection on verdict chain verified

STIX 2.1 export for SIEM ingestion:

curl -X POST https://api.apohara.dev/v1/soar/judge/evaluate \ -H 'Content-Type: application/json' \ -d '{"prompt": "test prompt", "export_format": "stix21"}'