Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ai-sdk): ePrivacy/cookie topic — §25 TDDDG co-primary for cookie questions
CI / detect-changes (pull_request) Successful in 12s
Details
CI / branch-name (pull_request) Successful in 2s
Details
CI / guardrail-integrity (pull_request) Successful in 9s
Details
CI / secret-scan (pull_request) Successful in 9s
Details
CI / dep-audit (pull_request) Failing after 57s
Details
CI / sbom-scan (pull_request) Failing after 58s
Details
CI / build-sha-integrity (pull_request) Successful in 5s
Details
CI / validate-canonical-controls (pull_request) Successful in 5s
Details
CI / loc-budget (pull_request) Successful in 19s
Details
CI / go-lint (pull_request) Successful in 40s
Details
CI / python-lint (pull_request) Failing after 14s
Details
CI / nodejs-lint (pull_request) Failing after 1m8s
Details
CI / nodejs-build (pull_request) Successful in 3m1s
Details
CI / test-go (pull_request) Successful in 1m0s
Details
CI / iace-gt-coverage (pull_request) Successful in 17s
Details
CI / test-python-backend (pull_request) Successful in 23s
Details
CI / test-python-document-crawler (pull_request) Successful in 15s
Details
CI / test-python-dsms-gateway (pull_request) Successful in 13s
Details

Browse Source 
The TDDDG (ex-TTDSG) pilot revealed §25 TDDDG (terminal-equipment / cookie consent)
ranked #3 on a cookie query — the subsidiarity rule demoted it as DE law subsidiary
to the DSGVO, but TDDDG is lex specialis (ePrivacy) for cookies.

Topic-based fix (NOT blanket TDDDG > DSGVO):
- cookie/ePrivacy topic (cookie/endeinrichtung/endgeraet/tracking -> §25 TDDDG) so it is
  co-primary (topic-matched -> topicGain, no subsidiarity demote).
- TDDDG/TTDSG added to the data_protection domain (chunkDomain recognition).
- cookie-specific keywords (NOT bare 'Einwilligung') so a general consent question still
  resolves to Art. 7 DSGVO.

Acceptance on the DSGVO+BDSG+TDDDG build: cookie -> §25 TDDDG top-1; Rechtsgrundlage -> DSGVO;
DSB -> Art.37+§38 BDSG (not TDDDG); degraded=0, must_not=0. go build/vet/test green; 2 new table tests.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-27 07:19:00 +02:00
parent 4ad681741d
commit 07916df330
2 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ai-compliance-sdk/internal/ucca/authority_rerank_test.go
+22
View File
@@ -123,6 +123,28 @@ func TestRerankByAuthority_Acceptance(t *testing.T) {
}
})
t.Run("ePrivacy: a cookie query lifts §25 TDDDG above DSGVO consent (lex specialis topic)", func(t *testing.T) {
in := []LegalSearchResult{
bindingRes("Art. 7 DSGVO", "DSGVO", "EU", 0.70), // higher semantic
bindingRes("§ 25 TDDDG", "TDDDG", "DE", 0.66),
}
out := rerankByAuthority("Wann ist eine Einwilligung fuer das Speichern von Cookies auf Endgeraeten erforderlich?", in)
if out[0].RegulationShort != "TDDDG" {
t.Fatalf("§25 TDDDG must win a cookie question (lex specialis topic), got %q", out[0].ArticleLabel)
}
})
t.Run("a general consent question still resolves to DSGVO, not §25 TDDDG", func(t *testing.T) {
in := []LegalSearchResult{
bindingRes("§ 25 TDDDG", "TDDDG", "DE", 0.70), // higher semantic but no cookie topic
bindingRes("Art. 7 DSGVO", "DSGVO", "EU", 0.66),
}
out := rerankByAuthority("Welche Anforderungen gelten an eine wirksame Einwilligung?", in)
if out[0].RegulationShort != "DSGVO" {
t.Fatalf("a general consent question must resolve to DSGVO (TDDDG demoted), got %q", out[0].ArticleLabel)
}
})
t.Run("co-primary dp_01: BDSG §38 stays top on a DSB question (national special rule)", func(t *testing.T) {
in := []LegalSearchResult{
bindingRes("§ 38 BDSG", "BDSG", "DE", 0.66),