CPP·AI Compliance Readiness — Regulatory Gap Analysis·internal work product

AI Compliance Readiness: Regulatory Gap Analysis

Date: 2026-07-01 Prepared by: Research (grāmatr-assisted) For: Covington Place Partners — internal advisory use only Status: Draft — not legal advice; not for external distribution without review


Disclaimer

This document is a capability gap analysis, not legal advice. Conformity assessments, compliance certifications, and legal determinations are the province of licensed legal counsel. The honest framing throughout is "designed to support," "maps to," and "evidence-ready for" — never "certified," "compliant," or "guarantees compliance." grāmatr and CPP cannot guarantee regulatory compliance; they can provide tooling and advisory that supports the operational obligations those regulations impose.

Founders referenced: Shea Long & Mike Burns (Covington Place Partners).


How grāmatr Capability States Are Classified

grāmatr capabilities appear in three states throughout this document. The distinction matters for compliance claims:

StateMeaningHow confirmed
LIVE/DEPLOYEDConfirmed running on the production platform (api.gramatr.com/mcp, v0.27.6) via direct API queryLive MCP tool calls returning actual records or active definitions, executed 2026-07-01
IN-REPOCode exists in /home/research3/work/gramatr/ but deployment to production was not independently confirmed during this reviewSource file evidence cited; no live-platform verification
NOTE/ASPIRATIONALFound only in documentation, design docs, or memory notes — no code or live confirmationCited doc only; treat as intent, not capability

Claims marked [DEPLOYMENT-UNVERIFIED] indicate where this analysis cannot confirm the live state. Open questions for the grāmatr team are collected at the end of the document.

Live platform identity confirmed: grāmatr v0.27.6 at https://api.gramatr.com/mcp, caller Brian Handrigan (d2293e01), org gramatr, role super_admin. All entity counts from live API calls 2026-07-01.


Part 1 — Regulatory Requirements

1A. EU AI Act — Digital Omnibus Package (as of July 2026)

The EU AI Act (Regulation (EU) 2024/1689) entered into force August 1, 2024. The "Digital Omnibus" simplification package was provisionally agreed May 7, 2026, endorsed by the European Parliament June 16, 2026, and received Council final approval June 29, 2026. Publication in the Official Journal was pending as of this writing — the high-risk deferral dates are legislatively confirmed but not yet formally operative until that publication.

Sources: Council press release, May 7, 2026; Gibson Dunn — Omnibus: Postponed Deadlines and Key Changes; ComplianceHub.wiki — Annex III deferral; ComplianceHub.wiki — Art. 50 and Omnibus; Modulos.ai — Omnibus deadlines fixed; Latham & Watkins — Timeline Relief and Simplification; Latham & Watkins — GPAI Obligations in Force; Dastra — Inside the Omnibus Deal; EU AI Act — Art. 53 text; DLA Piper — Omnibus update

Active Obligations (July 2026)

ObligationArticle(s)WhoStatusEvidence Artifact Required
Prohibited practices banArt. 5All providers + deployersActive since Feb 2, 2025; expanded Dec 2026 for nudifier/CSAM banPolicy prohibiting banned systems
AI literacyArt. 4Providers + deployersActive since Feb 2, 2025Documented staff training programs; internal governance evidence
GPAI technical documentationArt. 53(1)(a)GPAI model providersActive Aug 2, 2025 (new models); Aug 2, 2027 (legacy pre-2025 models)Technical documentation form: model properties, training, energy consumption, intended use; retained 10 years
GPAI transparency to AI Office + downstreamArt. 53(1)(b)GPAI model providersActive Aug 2, 2025Disclosure package; authorized representative mandate for non-EU providers (Art. 54)
GPAI copyright policyArt. 53(1)(c)GPAI model providersActive Aug 2, 2025Published opt-out compliance policy
GPAI systemic-risk notificationArt. 55Highest-capability GPAI model providersActive Aug 2, 2025Notification to AI Office; systemic risk assessment; red-team adversarial testing
AI-generated content disclosureArt. 50(1)(3)(4)Providers + deployersActive Aug 2, 2026User-facing disclosure at interaction start; deepfake and emotion-recognition labeling
Machine-readable output watermarkingArt. 50(2)Generative AI providersAug 2, 2026 (new systems); Dec 2, 2026 (systems already on market)Machine-readable marking embedded in synthetic outputs

Deferred Obligations — High-Risk AI Systems (Annex III standalone: Dec 2, 2027; Annex I product-embedded: Aug 2, 2028)

ObligationArticle(s)WhoNew DeadlineEvidence Artifact Required
Risk management systemArt. 9Providers of high-risk AIDec 2, 2027 / Aug 2, 2028Documented iterative risk management plan; residual risk records
Data governanceArt. 10ProvidersDec 2, 2027 / Aug 2, 2028Data provenance, bias audit, training/validation/test set documentation
Technical documentationArt. 11ProvidersDec 2, 2027 / Aug 2, 2028Technical file per Annex IV; maintained through system lifetime
Automatic record-keeping / loggingArt. 12Providers + deployersDec 2, 2027 / Aug 2, 2028Automatically generated event logs; ≥6-month retention minimum
Transparency to deployers/usersArt. 13ProvidersDec 2, 2027 / Aug 2, 2028User-facing instructions; limitations disclosure
Human oversight measuresArt. 14Providers + deployersDec 2, 2027 / Aug 2, 2028Documented human-oversight procedures; override capability; trained operators
Accuracy, robustness, cybersecurityArt. 15ProvidersDec 2, 2027 / Aug 2, 2028Benchmark results; adversarial-robustness testing; security documentation
Post-market monitoringArt. 72ProvidersDec 2, 2027 / Aug 2, 2028Monitoring plan; performance tracking over deployment lifetime
Serious-incident reportingArt. 73Providers + deployersDec 2, 2027 / Aug 2, 2028Incident register; 48-hour notification to national authority
Conformity assessmentArts. 43–44Providers (or notified body)Dec 2, 2027 / Aug 2, 2028CE marking; EU declaration of conformity; third-party audit for highest-risk categories

Provider vs. deployer: Providers (build/place on market) carry the heaviest documentation and conformity burden. Deployers (use in their context) carry logging, human oversight, and monitoring duties when they apply a high-risk system outside the provider's specified scope.


1B. Colorado SB 26-189 — Automated Decision-Making Technology Act

Status: SB 24-205 (the original Colorado AI Act) was repealed May 14, 2026, after enforcement was paused by a federal court injunction (April 27, 2026). Its replacement, SB 26-189, was signed by Governor Polis on May 14, 2026 and takes effect January 1, 2027.

Sources: Colorado General Assembly — SB 26-189; Seyfarth Shaw — Colorado Enacts AI Replacement Law; Littler — Colorado Amends AI Law; Hunton — Colorado AI Act Amended; Consumer Finance Monitor — SB 26-189 Unpacked; Monitaur — SB 26-189 Compliance Strategies; TechjackSolutions — What Law Firm Analysis Confirms

Scope definitions:

Obligation Table — Colorado SB 26-189 (Effective January 1, 2027)

ObligationWhoDeadlineEvidence Artifact Required
Technical documentationDevelopersJan 1, 2027Docs describing: intended uses, training data categories, known limitations, instructions for appropriate use/monitoring/meaningful human review
Material update notification to deployersDevelopersOngoingWritten notice of material modifications
Consumer notice at point of interactionDeployersJan 1, 2027Clear, conspicuous notice that covered ADMT is being used
Adverse-decision plain-language explanationDeployersWithin 30 days of adverse consequential outcomePlain-language description of ADMT's role; principal reasons for the outcome
Right to data correctionDeployersOn consumer requestProcess to correct factually incorrect personal data used by the ADMT
Right to human review and reconsiderationDeployersOn consumer request after adverse outcomeMeaningful human review process
Record retentionDevelopers + deployers3 yearsAll records necessary to demonstrate compliance
AG rulemaking complianceDeployersJan 1, 2027Comply with AG rules on post-adverse-outcome disclosures (AG must adopt by Jan 1, 2027)

Enforcement: AG enforces via Colorado Consumer Protection Act. Violations are deceptive trade practices. 60-day notice + cure opportunity before AG action, until Jan 1, 2030. No private right of action (removed from the original law).

Key scope change vs. SB 24-205: The mandatory risk management program and annual impact assessments are gone. SB 26-189 is a disclosure + consumer-rights framework, not a full governance mandate.


Part 2 — grāmatr Capabilities (Live-Platform Verified)

All LIVE/DEPLOYED claims are based on direct API queries to https://api.gramatr.com/mcp (grāmatr v0.27.6) executed 2026-07-01. IN-REPO claims are based on source code in /home/research3/work/gramatr/. NOTE/ASPIRATIONAL claims are from design docs only.

2A. Capabilities Confirmed LIVE/DEPLOYED

These were verified by querying the live platform and receiving actual records or active definitions.

CapabilityLive EvidenceDetail
Per-turn classification telemetry23,822 records in classification_telemetry entity type; 3 records from today (2026-07-01) confirmed via list_entitiesEach record contains: turn_id, multi-head BERT scores (intent, effort, urgency, sentiment, requires_approval, domain), prompt_hash, session_id, project_id, primitives_composed, contract_hash, created_at. All user-scoped (scope: "user").
Per-turn record with prompt and summary22,097 records in turn entity type; 3 records from today confirmed via list_entitiesEach record contains: full prompt text, AI-generated summary, turn_id, session_id, project_id, prompt_hash, sequential turn_number (highest seen: 2,074), classification block, classifier_model, summary_generated_at.
requires_approval classification headConfirmed in every live classification_telemetry record returnedExample from live record: "requires_approval": {"label": "false", "confidence": 0.98319834}. The head fires on every classified turn.
Primitives-composed policy provenance per turnConfirmed in live classification_telemetry recordsprimitives_composed array in each record lists every principle, standard, guideline, preference, and agent bound to that turn — with selection_reason and entity_id. This is the per-turn policy enforcement audit trail, showing which policies were active for each decision.
Soft-delete discipline (immutability)Standard soft_delete_cascade confirmed LIVE — seed_source: "static", enforcement: "mandatory", is_public: true, via list_definitions"Deleting an entity sets inactive=true and recursively soft-deletes child observations and relations in the same transaction. Hard DELETE is reserved for admin GDPR paths." Means the 23,822+ telemetry and 22,097 turn records cannot be hard-deleted through normal paths.
Conversation immutabilityStandard conversation_observations_immutable confirmed LIVE — seed_source: "static", enforcement: "mandatory", is_public: true, via list_definitions"Observations attached to entities of entity_type='conversation' are append-only. Editing or deleting a conversation observation breaks the training-data lineage and is rejected at the service layer."
Per-user RLS isolationStandards user_id_filter_on_every_query + rls_policy_for_user_scoped_tables both LIVE — seed_source: "static", enforcement: "mandatory", is_public: true, via list_definitions. Principle user_data_isolation_is_inviolable LIVE with binding_strength: "inviolable""Every query, embedding, and cache key MUST partition by user_id. There is no exception, no admin override, no debugging shortcut. Cross-tenant leakage is the one failure mode that ends the company." Confirmed operationally: every live entity returned in queries carried the caller's user_id.
Secret management standardsStandards no_secrets_in_logs + no_hardcoded_credentials both LIVE — seed_source: "static", enforcement: "mandatory", is_public: true, via list_definitions. Principle secrets_come_from_secret_manager_only LIVE with binding_strength: "inviolable"All production credentials flow through Bitwarden Secret Manager (BWS).
Execution summary on every tool responseStandard execution_summary_on_every_tool_response LIVE — seed_source: "static", enforcement: "mandatory""Every MCP tool handler and REST API handler MUST attach the canonical execution_summary metadata block." Confirmed: every live API response in this review returned execution_summary.
audit_log entity type24 live records in audit_log entity type confirmed via list_entities; most recent May 2026These are human-authored operational audit events (e.g., "backfill applied," "seed snapshot rebuilt"). Note: these are intentional operational milestones, NOT automated per-turn compliance logs — automated logging runs via classification_telemetry and turn (see above).
Model decommission / change runbookRunbook change_embedding_model LIVE — seed_source: "static", is_public: true, via list_definitionsFull 6-step procedure for changing the active embedding model: write-freeze, staged rollout to staging first, production cutover, rollback path, decommission old model after 7-day stability. This is the live model-lifecycle governance capability.
Credential + security incident runbooksRunbooks rotate_compromised_credential (severity: critical) + respond_to_secret_in_commit_or_log (severity: critical) both LIVE — seed_source: "static", via list_definitionsrespond_to_secret_in_commit_or_log Step 6: "File incident report; notify any third party whose credential was involved." Covers rotation, redaction, audit, and notification for security credential incidents.
GitOps-only production pathPrinciple gitops_is_the_only_path_to_production LIVE — binding_strength: "inviolable""Production state changes flow exclusively through git." Makes all production changes auditable by construction.
25 routing capabilitiesConfirmed LIVE via list_capabilities — all 25 returned across sections A–FIncludes: Quality Gate creation (A), effort classification (B), agent dispatch + research (C), multi-agent collaboration including red-team with 32 agents (D), parallel execution (E), test runner + static analysis (F).

2B. Capabilities That Are IN-REPO (Code Present, Deployment Unconfirmed)

These are grounded in source code at /home/research3/work/gramatr/ but were not independently confirmed as deployed during this review. The NIST AI RMF alignment statement (dated 2026-06-11) provides the most recent attestation.

CapabilityIn-Repo EvidenceStatus
Directive resolver (scoped policy hierarchy)packages/intelligence/src/services/directive-resolver-unified.ts — cited in NIST alignment doc with description of system→org→team→project→user enforcement[DEPLOYMENT-UNVERIFIED] — see Open Questions #2
Decision routerpackages/intelligence/src/services/decision-router.ts — cited in NIST alignment docCircumstantially confirmed: live classification_telemetry records show BERT head outputs consistent with this router, but the specific deployment binary was not verified
Pattern analyzerpackages/intelligence/src/services/pattern-analyzer.ts — cited in NIST alignment doc for risk-trend mining[DEPLOYMENT-UNVERIFIED] — see Open Questions #3
Metrics service / token savingspackages/intelligence/src/services/metrics-service.ts — cited in NIST alignment doc[DEPLOYMENT-UNVERIFIED] — execution_summary on tool responses confirms some metrics pipeline, but this specific service was not directly queried
Log sanitizerpackages/core/src/log-sanitizer.ts — cited in NIST alignment doc[DEPLOYMENT-UNVERIFIED] — no_secrets_in_logs standard is LIVE but the sanitizer binary in the deployed pod was not verified
Cross-tenant hardening CI testspackages/mcp-server/src/tools/__tests__/cross-tenant-hardening.test.ts — cited in design-consistency-model.md[DEPLOYMENT-UNVERIFIED] as a CI artifact — in-repo existence confirmed; whether CI is currently running it was not verified

2C. Capabilities That Are NOTE/ASPIRATIONAL (Docs Only)

These were not found in the live platform or confirmed in runnable code. They are explicitly named as gaps or roadmap items in grāmatr's own documentation.

CapabilitySourceNotes
Prompt-injection / jailbreak detectiondocs/nist-ai-rmf-alignment-2026-06-11.md — MEASURE 2.7 gap, issue #3716"Detection capability tracked (#3716); the position is real, the detection is not yet built." No code file cited.
Automated anomaly-detection → kill-switchdocs/nist-ai-rmf-alignment-2026-06-11.md — MANAGE 2.3–2.4, issues #3698/#3718Explicitly roadmap. Live telemetry exists; automated response does not.
Fairness / bias metricdocs/nist-ai-rmf-alignment-2026-06-11.md — MEASURE 2.11 gap"Not yet instrumented as a first-class metric."
Regulatory requirements registerdocs/nist-ai-rmf-alignment-2026-06-11.md — GOVERN 1.1 gapDocumentation-only gap; ~1 day to write; not yet written.
Formal TEVV plandocs/nist-ai-rmf-alignment-2026-06-11.md — MAP 2.3 gapThe flywheel enacts it informally; no formal document.
Formal governance-review cadencedocs/nist-ai-rmf-alignment-2026-06-11.md — GOVERN 1.5 gapNo scheduled human review documented.
AI incident disclosure runbookNot found in live runbooks or repoNo respond_to_ai_incident or Art. 73-style notification runbook found across 27 live runbooks queried. Security credential runbooks exist; AI system behavior incident runbooks do not.
Consumer explanation / appeal workflowNot found anywhere in live platform or repoNo consumer-facing explanation endpoint, adverse-decision intake, or appeal workflow found.
Configurable log retention beyond 60 daysdocs/cpp-gramatr/ai-governance-standards-alignment-2026-06-10.md — noted as "deployment option"The NIST alignment doc stated "60-day rolling window today." Whether a longer-retention tier is currently available in production was not confirmed. See Open Questions #1.
SOC 2 audit completiondocs/cpp-gramatr/ai-governance-standards-alignment-2026-06-10.md"Disciplines followed; audit in planning" — not yet complete.

Part 3 — Gap-Analysis Matrix

3A. EU AI Act — Current Active Obligations

ObligationArticlegrāmatr CoverageStateVerdictWhat's Missing
AI LiteracyArt. 4grāmatr's primitives_composed system binds principles, standards, and guidelines into every turn before the model fires — machine-layer literacy enforcementLIVE/DEPLOYED at the machine layerPARTIALArt. 4 asks for documented human staff training programs. grāmatr addresses machine-layer enforcement; it does not produce human employee training documentation
Prohibited practices banArt. 5requires_approval BERT head fires on every turn (confirmed in 23,822 live records); scoped directive hierarchy can encode prohibitionsLIVE/DEPLOYED (requires_approval); IN-REPO (directive encoding)PARTIALNo explicit Art. 5 prohibited-use-case registry mapped to enumerated bans. The gate exists; the prohibition content must be authored into directives by each operator
GPAI technical documentationArt. 53(1)(a)grāmatr is AI middleware integrating third-party GPAI models — it is not a GPAI model provider under the Act. Per-turn model provenance captured in classification_telemetry (classifier_backend, classifier_version fields)LIVE/DEPLOYED for provenance trackingNOT APPLICABLE to grāmatr directly. Clients who are GPAI providers need their own Art. 53 documentation; grāmatr's per-turn model record is an evidentiary input, not the required technical documentation form
GPAI transparency to AI OfficeArt. 53(1)(b)(c)Same applicability noteSameNOT APPLICABLE to grāmatr directlySame
AI-generated content disclosureArt. 50(1)(3)(4)Directive hierarchy can require disclosure language at system scope on every interactionIN-REPO (directive capability); no live confirmation of deployed Art. 50 templatePARTIALNo shipped Art. 50(1) disclosure template. Deployer clients must configure their own directive
Machine-readable watermarkingArt. 50(2)This obligation falls on the model provider (e.g., Anthropic for Claude), not middlewareNOT APPLICABLE to grāmatrNOT APPLICABLE to grāmatr. Deployer clients need to confirm their model provider meets Art. 50(2); grāmatr's classifier_backend field in live telemetry records which provider was used

3B. EU AI Act — High-Risk Obligations (Deferred; Prepare Now)

Not yet legally operative but the December 2027 deadline justifies preparation starting now.

ObligationArticlegrāmatr CoverageStateVerdictWhat's Missing
Risk management systemArt. 9Per-turn risk classification (effort_level, requires_approval) fires on every turn; 23,822 live records demonstrate continuous risk-calibrated routingLIVE/DEPLOYEDPARTIALNo documented iterative risk-management plan artifact a regulator could inspect. grāmatr provides the enforcement substrate; the plan document must be separately authored
Data governanceArt. 10Per-user RLS (user_id_filter_on_every_query + rls_policy_for_user_scoped_tables — both LIVE/DEPLOYED mandatory standards); user_data_isolation_is_inviolable inviolable principle LIVELIVE/DEPLOYEDPARTIALNo formal bias audit of training/input data; no Art. 10-compliant data-sheet per AI system. RLS is the data isolation control; the documentation artifact is absent
Technical documentationArt. 11NIST AI RMF alignment statement is the closest analog (IN-REPO, dated 2026-06-11); per-turn telemetry supplies provenance inputsIN-REPOPARTIALNo Annex IV-style technical file per deployed AI system. Clients need system-specific documentation for their own deployments; grāmatr's NIST crosswalk covers the platform
Automatic record-keeping / loggingArt. 1223,822 classification_telemetry records + 22,097 turn records confirmed LIVE/DEPLOYED. Auto-generated every turn; soft_delete_cascade standard prevents hard deletion. Each record carries turn_id, intent, effort, requires_approval, model used, session_id, project_id, created_at, full primitives_composed provenance. This is grāmatr's strongest compliance proof point.LIVE/DEPLOYEDPARTIAL — strongest strength, one confirmed gapRetention gap [DEPLOYMENT-UNVERIFIED]: Art. 12 requires ≥6-month retention for high-risk systems. The NIST alignment doc stated "60-day rolling window" as of 2026-06-11. Whether the live production database retains records beyond 60 days was not confirmed in this review. The grāmatr team must confirm actual retention before this can be represented as ≥6-month-capable. See Open Questions #1.
Transparency to deployers/usersArt. 13Directive system can mandate disclosure content; per-model capability records trackedIN-REPO (directive capability)PARTIALNo shipped Art. 13-compliant user instruction template; deployer clients must configure
Human oversightArt. 14requires_approval gate confirmed LIVE/DEPLOYED in every classification_telemetry recordLIVE/DEPLOYEDPARTIALrequires_approval is a routing-layer classification. Art. 14 also requires trained operators, documented override procedures, and organizational oversight processes — these are organizational, not tooling, deliverables
Accuracy, robustness, cybersecurityArt. 15no_secrets_in_logs + RLS isolation LIVE/DEPLOYED; pre-model governance IN-REPOMixedPARTIALNo formal accuracy/robustness benchmark; prompt-injection detection is NOTE/ASPIRATIONAL (#3716); no Art. 15 security documentation artifact
Post-market monitoringArt. 7223,822+ live telemetry records constitute continuous per-deployment monitoring; pattern-analyzer.ts IN-REPO for trend miningLIVE/DEPLOYED (telemetry); IN-REPO (pattern analysis)PARTIALNo formal post-market monitoring plan document; automated anomaly→response is NOTE/ASPIRATIONAL (#3698)
Incident reportingArt. 73Security incident runbooks LIVE/DEPLOYED (rotate_compromised_credential, respond_to_secret_in_commit_or_log) — but these cover credential/security incidents, not AI system behavior incidentsLIVE/DEPLOYED for security incidents onlyGAPNo AI system incident register; no documented 48-hour notification procedure to national authorities; no AI-specific incident disclosure runbook found in the 27 live runbooks. This is a confirmed gap in both the live platform and the NIST alignment doc (MANAGE 4.3).
Conformity assessmentArts. 43–44grāmatr's live audit trail + NIST crosswalk would supply evidence for a conformity assessment processIN-REPO (NIST crosswalk documentation)GAPConformity assessment is a legal process (self-assessment or notified-body audit); no CE marking; no EU declaration of conformity — regulatory-legal deliverables, not grāmatr capabilities

3C. Colorado SB 26-189 (Effective January 1, 2027)

ObligationWhogrāmatr CoverageStateVerdictWhat's Missing
Technical documentationDevelopersclassification_telemetry records the model, intent, effort, and directives per turn; NIST alignment statement is the platform-level technical documentLIVE/DEPLOYED (per-turn provenance); IN-REPO (NIST crosswalk)PARTIALDeveloper clients must author their own SB 26-189-compliant technical documentation for their ADMT products; grāmatr's per-turn record is an evidentiary input, not a substitute
Material update notificationDeveloperssoft_delete_cascade + conversation_observations_immutable ensure all changes are logged and non-deletableLIVE/DEPLOYEDPARTIALNo automated "material change" notification workflow from developer to deployer clients; this is an organizational process
Consumer notice at point of interactionDeployersDirective hierarchy can require disclosure language at system scope on every interactionIN-REPO (directive capability)PARTIALNo out-of-box SB 26-189 notice template; disclosure must be explicitly configured per deployer
30-day adverse-decision explanationDeployersclassification_telemetry and turn records (LIVE/DEPLOYED, 23,822 + 22,097 records) contain the per-turn decision provenance — model used, intent classification, requires_approval score — that is the raw material for a plain-language explanationLIVE/DEPLOYED (the underlying record)PARTIALNo explanation-generation API that takes a turn_id and produces a consumer-readable explanation; no 30-day response workflow; no consumer intake surface. The data exists; the workflow and surface do not.
Right to data correctionDeployersupdate_entity MCP tool (LIVE/DEPLOYED — confirmed via live API) allows mutation of stored entity data; RLS ensures only the correct user's data is accessibleLIVE/DEPLOYED (entity update path)PARTIALNo consumer-facing correction request intake; no SB 26-189-compliant correction workflow
Right to human review after adverse outcomeDeployersrequires_approval gate (LIVE/DEPLOYED) is a pre-decision human-review flag for high-risk turnsLIVE/DEPLOYED (requires_approval classification)PARTIALrequires_approval is a pre-decision routing signal, not a post-adverse-outcome appeal flow. A consumer appeal queue for after-the-fact review must be built separately. See Open Questions #4 for current behavior.
Record retention (3 years)Developers + deployerssoft_delete_cascade (LIVE/DEPLOYED mandatory standard) prevents hard deletion; 23,822+ classification_telemetry + 22,097 turn records persist; inactive flag onlyLIVE/DEPLOYED (soft-delete prevents deletion)PARTIAL — retention window [DEPLOYMENT-UNVERIFIED]SB 26-189 requires 3-year retention. Soft-delete architecture prevents premature deletion. However, the actual queryable retention window is unconfirmed — the NIST alignment doc stated "60-day rolling window" as of June 2026. The grāmatr team must confirm whether records older than 60 days remain queryable in production. See Open Questions #1.

Part 4 — The CPP Opportunity

4A. Framing the Offering

"AI Compliance Readiness" sits at the intersection of CPP's existing AI Governance & Audit advisory product and two urgent market drivers: EU AI Act GPAI and transparency obligations (live now), and Colorado SB 26-189 coming online January 1, 2027 — with a growing list of states in similar territory.

CPP's role: advisory, assessment, and remediation design — the human judgment layer that maps regulatory obligations to a client's specific systems, authors required artifacts (technical documentation, risk management plans, conformity assessment prep), and designs the organizational processes (human oversight programs, incident response, consumer-appeal workflows).

grāmatr's role: the evidence and enforcement substrate — automatically generating the per-turn audit trail, enforcing policy pre-model, tracking model provenance, and surfacing the telemetry a compliance reviewer draws on. Designed to support clients' compliance obligations, not to certify or guarantee them.

The combined offer: CPP tells you what you have to do and authors the required artifacts; grāmatr makes sure your AI systems are leaving the evidentiary trail those artifacts describe, and that your policies are actually enforced (not just documented).

4B. The Three Strongest Wedges

Wedge 1 — EU AI Act Article 12: Automatic Logging (build toward Dec 2027) Art. 12 requires that high-risk AI systems automatically generate event logs over their lifetime — a manual export does not satisfy it. grāmatr's per-turn decision log is confirmed LIVE/DEPLOYED at 23,822+ classification_telemetry records and 22,097 turn records, auto-generated on every classified turn, with soft_delete_cascade immutability preventing backdating. Each record carries turn_id, session_id, project_id, model used, requires_approval score, and the full primitives_composed list showing which policies were active — the structural shape Art. 12 demands. The single remaining gap (retention window confirmation) is a configuration question, not an architecture question. CPP positions this as: "start building your Art. 12-ready log now, before the Dec 2027 deadline."

Wedge 2 — Colorado SB 26-189: Consumer Explanation Right (active Jan 1, 2027) The 30-day adverse-decision explanation requirement is an operational process clients must build before January 1, 2027. grāmatr's live turn records contain the full prompt text and AI-generated summary per decision; the classification_telemetry records contain the model, intent, requires_approval score, and bound policies. Together they are the raw material for a plain-language explanation — but the workflow, template, and consumer intake surface do not yet exist and must be built. CPP's advisory layer designs the workflow; grāmatr supplies the underlying data. Clients deploying ADMT for consequential decisions (lending, employment, healthcare, housing) need both, and the January 2027 deadline creates urgency now.

Wedge 3 — NIST AI RMF as the US Enterprise Anchor Enterprise buyers, insurers, and procurement requirements increasingly treat NIST AI RMF alignment as table-stakes for AI vendor due diligence. grāmatr has a self-attested crosswalk to all four NIST AI RMF functions (GOVERN/MAP/MEASURE/MANAGE) published 2026-06-11, with requires_approval BERT head confirmed live in 23,822 records (GOVERN 3.1–3.2), and the per-turn telemetry system confirmed live with 45,919+ total records across classification_telemetry + turn (MEASURE 2.8 "explain to a regulator in 48h"). CPP can offer NIST AI RMF readiness assessments with grāmatr as the evidence substrate — positioning the combined offering as "compliance-ready by architecture, not just by documentation."

4C. Top Three Build Gaps to Close First

Build Gap 1 — Confirm and extend log retention [DEPLOYMENT-UNVERIFIED → needs grāmatr team answer today] This is the single highest-priority open question. The NIST alignment doc stated "60-day rolling window" as of June 2026. EU AI Act Art. 12 requires ≥6 months; Colorado SB 26-189 requires 3 years. Until the grāmatr team confirms (a) the actual current retention window in production and (b) whether a configurable longer-retention tier exists and is tested, every Art. 12 and SB 26-189 record-retention claim carries a material caveat. Closing it: confirm the live retention policy; if under 6 months, implement a configurable retention configuration with a documented deployment guide and a verified query path for records older than 60 days. No new architecture needed — the soft-delete immutable records already exist; the question is the database retention window.

Scope note (added 2026-07-01): this obligation is scoped, not universal. EU Art. 12 automatic-logging applies ONLY to high-risk (Annex III/I) AI systems; Colorado SB 26-189's 3-year retention applies ONLY to records for consequential-decision ADMT (lending, employment, housing, healthcare, insurance, government benefits). Neither law requires that every grāmatr turn be stored audit-proof. So this is not a platform-wide default change — the correct build is a per-app/org configurable long-retention tier for the compliance-relevant records of a client's regulated deployment, leaving the 60-day working-memory default untouched. For clients not running a high-risk / consequential-decision system, this retention obligation does not bind.

Build Gap 2 — Consumer explanation + appeal workflow (4–6 weeks engineering) Neither the EU Act's deployer transparency obligations nor Colorado SB 26-189's 30-day explanation right can be satisfied by a per-turn log alone. They require a consumer-facing workflow: accept a turn_id or session reference, generate a plain-language explanation from the live turn + classification_telemetry records, and route for human review if the consumer requests appeal. The underlying data is confirmed LIVE/DEPLOYED (23,822 telemetry + 22,097 turn records). The surface does not exist. Closing it: an explanation-generation API endpoint (input: turn_id; output: human-readable explanation citing the underlying records) and a deployer-configurable consumer intake workflow. This is the gap between grāmatr's strongest evidence asset and a consumer-facing compliance deliverable.

Build Gap 3 — AI incident disclosure runbook (1 day documentation + tracked engineering) EU AI Act Art. 73 requires documented 48-hour notification to national authorities after a serious AI system incident. The 27 live runbooks cover security credential incidents (rotate_compromised_credential, respond_to_secret_in_commit_or_log) but none covers AI system behavior incidents. There is no trigger definition (what constitutes a "serious AI incident" for a routing system), no notification template, no regulatory contact structure, no escalation chain for AI-specific failures. Without this, CPP cannot credibly offer incident-response advisory backed by grāmatr infrastructure. Closing it: a documented AI incident response + disclosure runbook as a first-class live runbook (~1 day, overlapping with planned SOC 2 work), followed by anomaly-detection → alert automation (#3698/#3718) to make 48-hour response operationally achievable rather than aspirational.


Open Questions for the grāmatr Team

These items could not be resolved from live platform queries or repo review. They are blocking or materially qualifying compliance claims and should be confirmed before this analysis is used in external advisory work.

  1. [HIGH PRIORITY] Log retention window: What is the actual retention window for classification_telemetry and turn entity records in the current production database? Is there a configurable longer-retention deployment option? Can records older than 60 days be queried? This gates every EU AI Act Art. 12 and Colorado SB 26-189 record-retention claim in this document.
  2. Directive resolver deployment: Is packages/intelligence/src/services/directive-resolver-unified.ts (the scoped policy hierarchy enforcing system→org→team→project→user directives) currently deployed in the production grāmatr server, and is per-turn policy enforcement via this code path active for all clients?
  3. Pattern analyzer deployment: Is packages/intelligence/src/services/pattern-analyzer.ts currently running in production? If so, does it produce output that would constitute post-market monitoring evidence?
  4. requires_approval routing behavior: When the requires_approval BERT head fires with label true for a given turn in production, what actually happens? Is there a live human review queue, or is it a classification signal that the calling client must act on?
  5. AI literacy documentation: Does grāmatr have any documented staff AI literacy training program covering grāmatr's own operations as a provider (for Art. 4 compliance for grāmatr itself)?

Summary Assessment

"AI compliance readiness + tracking" is a credible CPP offering. The regulatory pressure is real and near-term: GPAI obligations are live now, Art. 50 transparency is active August 2026, high-risk obligations arrive December 2027, and Colorado SB 26-189 takes effect January 1, 2027.

grāmatr's strongest confirmed proof point is the automatic, immutable per-turn audit trail — 23,822 classification_telemetry records + 22,097 turn records confirmed LIVE/DEPLOYED today on the production platform, auto-generated on every classified turn, protected by mandatory soft-delete standards confirmed live. The requires_approval classification head fires on every turn. The user_data_isolation_is_inviolable principle is live and inviolable-strength.

The most-cited gap — log retention — is a scoped configuration problem, not a platform-wide one. It binds only when a client runs a high-risk (EU Art. 12) or consequential-decision (Colorado) system, and even then it concerns a per-app configurable long-retention tier for the compliance-relevant records — not the general 60-day working-memory window. The records exist and are immutable (soft-delete); the open question is the retention/queryability window on the compliance-relevant layer, for regulated deployments only.

The next largest gaps (AI incident disclosure runbook, consumer explanation workflow) are buildable in days to weeks; neither requires architectural changes. CPP's advisory layer is the necessary complement throughout: regulatory obligations require human authors for technical documentation artifacts, organizational design for human oversight processes, and legal review for conformity assessment — none of which grāmatr can substitute for, and all of which CPP is positioned to deliver.


Source Index

Regulatory sources:

grāmatr live-platform evidence (all queries executed 2026-07-01, grāmatr v0.27.6):

grāmatr in-repo evidence: