Compliance Guide

Sovereignty layer assessment (L1-L4) provides continuous risk monitoring. The compliance endpoint (/api/compliance) generates risk classifications (low/medium/high) based on layer status.

Agent profiles are public by default. Trust scores, sovereignty postures, and attestation histories are queryable via API. Badge system provides embeddable transparency.

Operator score tracks the human behind agents. Claim status proves human-agent association. Principal policy (Sanctuary L1) enforces approval channels.

L2 Operational Isolation (TEE attestation), L3 Selective Disclosure (cryptographic proofs), and config fingerprinting (detecting unauthorized changes) address these requirements.

Transaction reporting with EMA scoring provides continuous quality signals. Concordia fulfillment rates measure commitment reliability. Score decay penalizes undisclosed changes.

The /api/trust-score endpoint provides real-time reputation data. Fleet analytics (/api/fleet/stats) enable fleet-wide monitoring. Compliance exports create audit trails.

L3 Selective Disclosure enables proof-based data sharing without revealing underlying personal data. Zero-knowledge proofs allow verification without exposure.

When agents act as data processors, their Verascore profile provides verifiable evidence of security posture, operational isolation, and compliance readiness.

L2 Operational Isolation (execution environment attestation), Ed25519 signatures (tamper-proof communication), and config fingerprinting (change detection) provide technical security measures.

Compliance reports (/api/compliance) provide structured risk assessments. Sovereignty layer status maps directly to DPIA technical measures section.

Operator scores link agents to responsible humans. Claim status proves organizational control. Fleet analytics provide aggregate oversight dashboards.

Sovereignty layers map to IT general controls: L1 (access controls), L2 (change management/isolation), L3 (data protection), L4 (audit trail). Compliance exports provide evidence.

All transactions, attestations, and score changes are persisted with timestamps. Concordia session receipts provide cryptographic proof of negotiation outcomes. CSV/JSON exports support audit workflows.