DORA
EU Regulation 2022/2554 — ICT risk, incidents, reporting
mapped · Art 9 / 10 / 17 all populated// Compliance · AC15 (≥7/8 EU AI Act Art 12 fields)
Framework coverage
Every THEMIS Evidence Packet populates the 7 framework booleans by default. This dashboard surfaces the 8 EU AI Act Art 12 record-keeping fields for regulator review.
EU AI Act
Reg (EU) 2024/1689 — high-risk AI system obligations
mapped · Art 12 (record-keeping) + Art 26 (deployer)NIST AI RMF 1.0
Govern · Map · Measure · Manage
mapped · 4 functions traced in evidence chainOWASP Agentic 2026
ASI01–ASI10 threats (prompt injection, sensitive data, …)
mapped · AgentDecision.confidence + AuditWatchdogEU AI Act · Art 12 record-keeping · 8 fields
Per-invoice record. 8/8 populated by default. AC15: pass.
Art 12 record fields
- 1 · start_time
- 1700000000000 (Unix ms, from AgentDecision.timestamp_ms on the Extractor decision)
- 2 · end_time
- 1700000004200 (Unix ms, from the last AgentDecision in the chain)
- 3 · reference_database
- PO database: keys/po-database/stark.json (sha256:d7e2…)
- 4 · input_data
- Raw invoice bytes (vendor-supplied PDF/OCR); sha256 captured per AgentDecision.payload
- 5 · natural_person_id
- Tenant operator email (audit-attributable). Demo: none@themis.local (demo fixture)
- 6 · decision_id
- EvidencePacket.packet_id (UUID v4) per run
- 7 · policy_version
- themis-policy@2026-06-12 (JCR gate + BAAAR conditions in evidence packet)
- 8 · hash_chain_prev
- blake3(previous packet) — empty for genesis, populated thereafter
Coverage: 8/8 fields populated. AC15: pass.