feat: Domain-spezifische UCCA-Fragen (HR, Education, Healthcare) + AGG-Modul

1. Domain-Context Structs: HRContext (7 Felder), EducationContext (6), HealthcareContext (6) — nach FinancialContext-Pattern, optionale Structs in UseCaseIntake 2. AGG Obligations Modul: 8 Obligations (§1-§22 AGG) — Bias-Audit, Beweislastumkehr, Proxy-Merkmale, Beschwerdemechanismus — Applicability: domain=hr/recruiting, country=DE 3. Frontend: Conditional Domain-Fragen in Step 4 des UCCA-Wizard — HR: 6 Fragen (Screening, Absagen, AGG, Bias-Audit, Human Review) — Education: 5 Fragen (Noten, Pruefungen, Minderjaehrige, Lehrkraft-Review) — Healthcare: 6 Fragen (Diagnose, Triage, MDR, klinische Validierung) — Farbcodierung: rot=Risiko, gruen=Schutzmassnahme — Domain-Contexts im Submit-Payload gemappt Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-12 22:06:15 +02:00
parent f17608a956
commit 0957254547
5 changed files with 334 additions and 1 deletions
--- a/admin-compliance/app/sdk/advisory-board/page.tsx
+++ b/admin-compliance/app/sdk/advisory-board/page.tsx
@@ -337,6 +337,25 @@ function AdvisoryBoardPageInner() {
    employee_monitoring: false,
    hr_decision_support: false,
    works_council_consulted: false,
+    // Domain-specific contexts (Annex III)
+    hr_automated_screening: false,
+    hr_automated_rejection: false,
+    hr_candidate_ranking: false,
+    hr_bias_audits: false,
+    hr_agg_visible: false,
+    hr_human_review: false,
+    hr_performance_eval: false,
+    edu_grade_influence: false,
+    edu_exam_evaluation: false,
+    edu_student_selection: false,
+    edu_minors: false,
+    edu_teacher_review: false,
+    hc_diagnosis: false,
+    hc_treatment: false,
+    hc_triage: false,
+    hc_patient_data: false,
+    hc_medical_device: false,
+    hc_clinical_validation: false,
    // Hosting (single-select tile)
    hosting_provider: '' as string,
    hosting_region: '' as string,
@@ -427,6 +446,31 @@ function AdvisoryBoardPageInner() {
        employee_monitoring: form.employee_monitoring,
        hr_decision_support: form.hr_decision_support,
        works_council_consulted: form.works_council_consulted,
+        // Domain-specific contexts
+        hr_context: ['hr', 'recruiting'].includes(form.domain) ? {
+          automated_screening: form.hr_automated_screening,
+          automated_rejection: form.hr_automated_rejection,
+          candidate_ranking: form.hr_candidate_ranking,
+          bias_audits_done: form.hr_bias_audits,
+          agg_categories_visible: form.hr_agg_visible,
+          human_review_enforced: form.hr_human_review,
+          performance_evaluation: form.hr_performance_eval,
+        } : undefined,
+        education_context: ['education', 'higher_education', 'vocational_training', 'research'].includes(form.domain) ? {
+          grade_influence: form.edu_grade_influence,
+          exam_evaluation: form.edu_exam_evaluation,
+          student_selection: form.edu_student_selection,
+          minors_involved: form.edu_minors,
+          teacher_review_required: form.edu_teacher_review,
+        } : undefined,
+        healthcare_context: ['healthcare', 'medical_devices', 'pharma', 'elderly_care'].includes(form.domain) ? {
+          diagnosis_support: form.hc_diagnosis,
+          treatment_recommendation: form.hc_treatment,
+          triage_decision: form.hc_triage,
+          patient_data_processed: form.hc_patient_data,
+          medical_device: form.hc_medical_device,
+          clinical_validation: form.hc_clinical_validation,
+        } : undefined,
        store_raw_text: true,
      }

@@ -830,6 +874,104 @@ function AdvisoryBoardPageInner() {
                </label>
              </div>
            </div>
+
+            {/* Domain-specific questions — HR/Recruiting */}
+            {['hr', 'recruiting'].includes(form.domain) && (
+              <div className="mt-6 pt-6 border-t border-gray-200">
+                <h3 className="text-sm font-semibold text-gray-900 mb-1">HR & Recruiting — Hochrisiko-Pruefung</h3>
+                <p className="text-xs text-gray-500 mb-4">AI Act Annex III Nr. 4 + AGG — Pflichtfragen bei KI im Personalbereich.</p>
+                <div className="space-y-3">
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-gray-200 hover:bg-gray-50 cursor-pointer">
+                    <input type="checkbox" checked={form.hr_automated_screening} onChange={(e) => updateForm({ hr_automated_screening: e.target.checked })} className="w-4 h-4 rounded border-gray-300 text-purple-600 focus:ring-purple-500" />
+                    <div><span className="text-sm font-medium text-gray-900">Bewerber werden automatisch vorsortiert/gerankt</span><p className="text-xs text-gray-500">CV-Screening, Score-basierte Vorauswahl</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-red-200 bg-red-50 hover:bg-red-100 cursor-pointer">
+                    <input type="checkbox" checked={form.hr_automated_rejection} onChange={(e) => updateForm({ hr_automated_rejection: e.target.checked })} className="w-4 h-4 rounded border-red-300 text-red-600 focus:ring-red-500" />
+                    <div><span className="text-sm font-medium text-red-900">Absagen werden automatisch versendet</span><p className="text-xs text-red-700">Art. 22 DSGVO: Vollautomatische Absagen grundsaetzlich unzulaessig!</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-gray-200 hover:bg-gray-50 cursor-pointer">
+                    <input type="checkbox" checked={form.hr_agg_visible} onChange={(e) => updateForm({ hr_agg_visible: e.target.checked })} className="w-4 h-4 rounded border-gray-300 text-purple-600 focus:ring-purple-500" />
+                    <div><span className="text-sm font-medium text-gray-900">System kann AGG-Merkmale erkennen (Name, Foto, Alter)</span><p className="text-xs text-gray-500">Proxy-Diskriminierung: Name→Herkunft, Foto→Geschlecht</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-gray-200 hover:bg-gray-50 cursor-pointer">
+                    <input type="checkbox" checked={form.hr_performance_eval} onChange={(e) => updateForm({ hr_performance_eval: e.target.checked })} className="w-4 h-4 rounded border-gray-300 text-purple-600 focus:ring-purple-500" />
+                    <div><span className="text-sm font-medium text-gray-900">System bewertet Mitarbeiterleistung</span><p className="text-xs text-gray-500">Performance Reviews, KPI-Tracking</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-green-200 bg-green-50 hover:bg-green-100 cursor-pointer">
+                    <input type="checkbox" checked={form.hr_bias_audits} onChange={(e) => updateForm({ hr_bias_audits: e.target.checked })} className="w-4 h-4 rounded border-green-300 text-green-600 focus:ring-green-500" />
+                    <div><span className="text-sm font-medium text-green-900">Regelmaessige Bias-Audits durchgefuehrt</span><p className="text-xs text-green-700">Analyse nach Geschlecht, Alter, Herkunft</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-green-200 bg-green-50 hover:bg-green-100 cursor-pointer">
+                    <input type="checkbox" checked={form.hr_human_review} onChange={(e) => updateForm({ hr_human_review: e.target.checked })} className="w-4 h-4 rounded border-green-300 text-green-600 focus:ring-green-500" />
+                    <div><span className="text-sm font-medium text-green-900">Mensch prueft jede KI-Empfehlung</span><p className="text-xs text-green-700">Kein Rubber Stamping — echte Pruefung</p></div>
+                  </label>
+                </div>
+              </div>
+            )}
+
+            {/* Domain-specific questions — Education */}
+            {['education', 'higher_education', 'vocational_training', 'research'].includes(form.domain) && (
+              <div className="mt-6 pt-6 border-t border-gray-200">
+                <h3 className="text-sm font-semibold text-gray-900 mb-1">Bildung — Hochrisiko-Pruefung</h3>
+                <p className="text-xs text-gray-500 mb-4">AI Act Annex III Nr. 3 — bei KI in Bildung und Ausbildung.</p>
+                <div className="space-y-3">
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-gray-200 hover:bg-gray-50 cursor-pointer">
+                    <input type="checkbox" checked={form.edu_grade_influence} onChange={(e) => updateForm({ edu_grade_influence: e.target.checked })} className="w-4 h-4 rounded border-gray-300 text-purple-600 focus:ring-purple-500" />
+                    <div><span className="text-sm font-medium text-gray-900">KI beeinflusst Noten oder Bewertungen</span><p className="text-xs text-gray-500">Notenvorschlaege, Bewertungsunterstuetzung</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-gray-200 hover:bg-gray-50 cursor-pointer">
+                    <input type="checkbox" checked={form.edu_exam_evaluation} onChange={(e) => updateForm({ edu_exam_evaluation: e.target.checked })} className="w-4 h-4 rounded border-gray-300 text-purple-600 focus:ring-purple-500" />
+                    <div><span className="text-sm font-medium text-gray-900">KI bewertet Pruefungen/Klausuren</span><p className="text-xs text-gray-500">Automatische Korrektur, Bewertungsvorschlaege</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-gray-200 hover:bg-gray-50 cursor-pointer">
+                    <input type="checkbox" checked={form.edu_student_selection} onChange={(e) => updateForm({ edu_student_selection: e.target.checked })} className="w-4 h-4 rounded border-gray-300 text-purple-600 focus:ring-purple-500" />
+                    <div><span className="text-sm font-medium text-gray-900">KI beeinflusst Zugang zu Bildungsangeboten</span><p className="text-xs text-gray-500">Zulassung, Kursempfehlungen, Einstufung</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-red-200 bg-red-50 hover:bg-red-100 cursor-pointer">
+                    <input type="checkbox" checked={form.edu_minors} onChange={(e) => updateForm({ edu_minors: e.target.checked })} className="w-4 h-4 rounded border-red-300 text-red-600 focus:ring-red-500" />
+                    <div><span className="text-sm font-medium text-red-900">Minderjaehrige sind betroffen</span><p className="text-xs text-red-700">Besonderer Schutz (Art. 24 EU-Grundrechtecharta)</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-green-200 bg-green-50 hover:bg-green-100 cursor-pointer">
+                    <input type="checkbox" checked={form.edu_teacher_review} onChange={(e) => updateForm({ edu_teacher_review: e.target.checked })} className="w-4 h-4 rounded border-green-300 text-green-600 focus:ring-green-500" />
+                    <div><span className="text-sm font-medium text-green-900">Lehrkraft prueft jedes KI-Ergebnis</span><p className="text-xs text-green-700">Human Oversight vor Mitteilung an Schueler</p></div>
+                  </label>
+                </div>
+              </div>
+            )}
+
+            {/* Domain-specific questions — Healthcare */}
+            {['healthcare', 'medical_devices', 'pharma', 'elderly_care'].includes(form.domain) && (
+              <div className="mt-6 pt-6 border-t border-gray-200">
+                <h3 className="text-sm font-semibold text-gray-900 mb-1">Gesundheitswesen — Hochrisiko-Pruefung</h3>
+                <p className="text-xs text-gray-500 mb-4">AI Act Annex III Nr. 5 + MDR (EU) 2017/745.</p>
+                <div className="space-y-3">
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-gray-200 hover:bg-gray-50 cursor-pointer">
+                    <input type="checkbox" checked={form.hc_diagnosis} onChange={(e) => updateForm({ hc_diagnosis: e.target.checked })} className="w-4 h-4 rounded border-gray-300 text-purple-600 focus:ring-purple-500" />
+                    <div><span className="text-sm font-medium text-gray-900">KI unterstuetzt Diagnosen</span><p className="text-xs text-gray-500">Diagnosevorschlaege, Bildgebungsauswertung</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-gray-200 hover:bg-gray-50 cursor-pointer">
+                    <input type="checkbox" checked={form.hc_treatment} onChange={(e) => updateForm({ hc_treatment: e.target.checked })} className="w-4 h-4 rounded border-gray-300 text-purple-600 focus:ring-purple-500" />
+                    <div><span className="text-sm font-medium text-gray-900">KI empfiehlt Behandlungen</span><p className="text-xs text-gray-500">Therapievorschlaege, Medikation</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-red-200 bg-red-50 hover:bg-red-100 cursor-pointer">
+                    <input type="checkbox" checked={form.hc_triage} onChange={(e) => updateForm({ hc_triage: e.target.checked })} className="w-4 h-4 rounded border-red-300 text-red-600 focus:ring-red-500" />
+                    <div><span className="text-sm font-medium text-red-900">KI priorisiert Patienten (Triage)</span><p className="text-xs text-red-700">Lebenskritisch — erhoehte Anforderungen</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-gray-200 hover:bg-gray-50 cursor-pointer">
+                    <input type="checkbox" checked={form.hc_patient_data} onChange={(e) => updateForm({ hc_patient_data: e.target.checked })} className="w-4 h-4 rounded border-gray-300 text-purple-600 focus:ring-purple-500" />
+                    <div><span className="text-sm font-medium text-gray-900">Gesundheitsdaten verarbeitet</span><p className="text-xs text-gray-500">Art. 9 DSGVO — besondere Kategorie</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-gray-200 hover:bg-gray-50 cursor-pointer">
+                    <input type="checkbox" checked={form.hc_medical_device} onChange={(e) => updateForm({ hc_medical_device: e.target.checked })} className="w-4 h-4 rounded border-gray-300 text-purple-600 focus:ring-purple-500" />
+                    <div><span className="text-sm font-medium text-gray-900">System ist Medizinprodukt (MDR)</span><p className="text-xs text-gray-500">MDR (EU) 2017/745 — Zertifizierung erforderlich</p></div>
+                  </label>
+                  <label className="flex items-center gap-3 p-3 rounded-lg border border-green-200 bg-green-50 hover:bg-green-100 cursor-pointer">
+                    <input type="checkbox" checked={form.hc_clinical_validation} onChange={(e) => updateForm({ hc_clinical_validation: e.target.checked })} className="w-4 h-4 rounded border-green-300 text-green-600 focus:ring-green-500" />
+                    <div><span className="text-sm font-medium text-green-900">Klinisch validiert</span><p className="text-xs text-green-700">System wurde in klinischer Studie geprueft</p></div>
+                  </label>
+                </div>
+              </div>
+            )}
          </div>
        )}

--- a/ai-compliance-sdk/internal/ucca/json_regulation_module.go
+++ b/ai-compliance-sdk/internal/ucca/json_regulation_module.go
@@ -58,6 +58,8 @@ func (m *JSONRegulationModule) defaultApplicability(facts *UnifiedFacts) bool {
 		return facts.Financial.DORAApplies || facts.Financial.IsRegulated
 	case "betrvg":
 		return facts.Organization.Country == "DE" && facts.Organization.EmployeeCount >= 5
+	case "agg":
+		return facts.Organization.Country == "DE"
 	default:
 		return true
 	}
--- a/ai-compliance-sdk/internal/ucca/models.go
+++ b/ai-compliance-sdk/internal/ucca/models.go
@@ -222,10 +222,46 @@ type UseCaseIntake struct {
 	HRDecisionSupport     bool `json:"hr_decision_support,omitempty"`     // System supports HR decisions (hiring, evaluation, termination)
 	WorksCouncilConsulted bool `json:"works_council_consulted,omitempty"` // Works council has been consulted

+	// Domain-specific contexts (AI Act Annex III high-risk domains)
+	HRContext         *HRContext         `json:"hr_context,omitempty"`
+	EducationContext  *EducationContext  `json:"education_context,omitempty"`
+	HealthcareContext *HealthcareContext `json:"healthcare_context,omitempty"`
+
 	// Opt-in to store raw text (otherwise only hash)
 	StoreRawText bool `json:"store_raw_text,omitempty"`
 }

+// HRContext captures HR/recruiting-specific compliance data (AI Act Annex III Nr. 4 + AGG)
+type HRContext struct {
+	AutomatedScreening    bool `json:"automated_screening"`      // KI sortiert Bewerber vor
+	AutomatedRejection    bool `json:"automated_rejection"`      // KI generiert Absagen
+	CandidateRanking      bool `json:"candidate_ranking"`        // KI erstellt Bewerber-Rankings
+	BiasAuditsDone        bool `json:"bias_audits_done"`         // Regelmaessige Bias-Audits
+	AGGCategoriesVisible  bool `json:"agg_categories_visible"`   // System kann Name/Foto/Alter erkennen
+	HumanReviewEnforced   bool `json:"human_review_enforced"`    // Mensch prueft jede KI-Empfehlung
+	PerformanceEvaluation bool `json:"performance_evaluation"`   // KI bewertet Mitarbeiterleistung
+}
+
+// EducationContext captures education-specific compliance data (AI Act Annex III Nr. 3)
+type EducationContext struct {
+	GradeInfluence        bool `json:"grade_influence"`          // KI beeinflusst Noten
+	ExamEvaluation        bool `json:"exam_evaluation"`          // KI bewertet Pruefungen
+	StudentSelection      bool `json:"student_selection"`        // KI beeinflusst Zugang/Auswahl
+	MinorsInvolved        bool `json:"minors_involved"`          // Minderjaehrige betroffen
+	TeacherReviewRequired bool `json:"teacher_review_required"`  // Lehrkraft prueft KI-Ergebnis
+	LearningAdaptation    bool `json:"learning_adaptation"`      // KI passt Lernpfade an
+}
+
+// HealthcareContext captures healthcare-specific compliance data (AI Act Annex III Nr. 5 + MDR)
+type HealthcareContext struct {
+	DiagnosisSupport     bool `json:"diagnosis_support"`         // KI unterstuetzt Diagnosen
+	TreatmentRecommend   bool `json:"treatment_recommendation"`  // KI empfiehlt Behandlungen
+	TriageDecision       bool `json:"triage_decision"`           // KI priorisiert Patienten
+	PatientDataProcessed bool `json:"patient_data_processed"`    // Gesundheitsdaten verarbeitet
+	MedicalDevice        bool `json:"medical_device"`            // System ist Medizinprodukt
+	ClinicalValidation   bool `json:"clinical_validation"`       // Klinisch validiert
+}
+
 // DataTypes specifies what kinds of data are processed
 type DataTypes struct {
 	PersonalData     bool `json:"personal_data"`
@@ -388,6 +424,13 @@ type AssessmentResult struct {
 	Art22Risk       bool            `json:"art22_risk"` // Art. 22 GDPR automated decision risk
 	TrainingAllowed TrainingAllowed `json:"training_allowed"`

+	// BetrVG Conflict Score (0-100) — works council escalation risk
+	BetrvgConflictScore        int  `json:"betrvg_conflict_score"`
+	BetrvgConsultationRequired bool `json:"betrvg_consultation_required"`
+
+	// Input (needed for escalation logic)
+	Intake UseCaseIntake `json:"-"` // not serialized, internal use only
+
 	// Summary for humans
 	Summary         string `json:"summary"`
 	Recommendation  string `json:"recommendation"`
--- a/ai-compliance-sdk/policies/obligations/v2/_manifest.json
+++ b/ai-compliance-sdk/policies/obligations/v2/_manifest.json
@@ -60,8 +60,14 @@
      "file": "betrvg_v2.json",
      "version": "1.0",
      "count": 12
+    },
+    {
+      "id": "agg",
+      "file": "agg_v2.json",
+      "version": "1.0",
+      "count": 8
    }
  ],
  "tom_mapping_file": "_tom_mapping.json",
-  "total_obligations": 358
+  "total_obligations": 366
 }
--- a/ai-compliance-sdk/policies/obligations/v2/agg_v2.json
+++ b/ai-compliance-sdk/policies/obligations/v2/agg_v2.json
@@ -0,0 +1,140 @@
+{
+  "regulation": "agg",
+  "regulation_full_name": "Allgemeines Gleichbehandlungsgesetz (AGG)",
+  "version": "1.0",
+  "obligations": [
+    {
+      "id": "AGG-OBL-001",
+      "title": "Diskriminierungsfreie Gestaltung von KI-Auswahlverfahren",
+      "description": "KI-gestuetzte Auswahlverfahren (Recruiting, Befoerderung, Kuendigung) muessen so gestaltet sein, dass keine Benachteiligung nach § 1 AGG Merkmalen (Geschlecht, Alter, ethnische Herkunft, Religion, Behinderung, sexuelle Identitaet) erfolgt.",
+      "applies_when": "AI system used in employment decisions",
+      "applies_when_condition": { "all_of": [{ "field": "organization.country", "operator": "EQUALS", "value": "DE" }, { "field": "hr_context.automated_screening", "operator": "EQUALS", "value": true }] },
+      "legal_basis": [{ "norm": "AGG", "article": "§ 1, § 7", "title": "Benachteiligungsverbot" }, { "norm": "AGG", "article": "§ 11", "title": "Ausschreibung" }],
+      "sources": [{ "type": "national_law", "ref": "§ 1, § 7, § 11 AGG" }],
+      "category": "Governance",
+      "responsible": "HR / Compliance",
+      "deadline": { "type": "on_event", "event": "Vor Einsatz im Auswahlverfahren" },
+      "sanctions": { "description": "Schadensersatz bis 3 Monatsgehaelter (§ 15 AGG), Beweislastumkehr (§ 22 AGG)" },
+      "evidence": [{ "name": "Bias-Audit-Bericht", "required": true }, "AGG-Konformitaetspruefung"],
+      "priority": "kritisch",
+      "tom_control_ids": ["TOM.FAIR.01"],
+      "breakpilot_feature": "/sdk/use-cases",
+      "valid_from": "2006-08-18",
+      "valid_until": null,
+      "version": "1.0"
+    },
+    {
+      "id": "AGG-OBL-002",
+      "title": "Keine Nutzung von Proxy-Merkmalen fuer Diskriminierung",
+      "description": "Das KI-System darf keine Proxy-Merkmale verwenden, die indirekt auf geschuetzte Kategorien schliessen lassen (z.B. Name → Herkunft, Foto → Alter/Geschlecht, PLZ → sozialer Hintergrund).",
+      "applies_when": "AI processes applicant data with identifiable features",
+      "applies_when_condition": { "all_of": [{ "field": "organization.country", "operator": "EQUALS", "value": "DE" }, { "field": "hr_context.agg_categories_visible", "operator": "EQUALS", "value": true }] },
+      "legal_basis": [{ "norm": "AGG", "article": "§ 3 Abs. 2", "title": "Mittelbare Benachteiligung" }],
+      "sources": [{ "type": "national_law", "ref": "§ 3 Abs. 2 AGG" }],
+      "category": "Technisch",
+      "responsible": "Data Science / Compliance",
+      "priority": "kritisch",
+      "evidence": [{ "name": "Feature-Analyse-Dokumentation (keine Proxy-Merkmale)", "required": true }],
+      "tom_control_ids": ["TOM.FAIR.01"],
+      "valid_from": "2006-08-18",
+      "version": "1.0"
+    },
+    {
+      "id": "AGG-OBL-003",
+      "title": "Beweislast-Dokumentation fuehren (§ 22 AGG)",
+      "description": "Bei Indizien fuer eine Benachteiligung kehrt sich die Beweislast um (§ 22 AGG). Der Arbeitgeber muss beweisen, dass KEINE Diskriminierung vorliegt. Daher ist lueckenlose Dokumentation der KI-Entscheidungslogik zwingend.",
+      "applies_when": "AI supports employment decisions in Germany",
+      "applies_when_condition": { "all_of": [{ "field": "organization.country", "operator": "EQUALS", "value": "DE" }, { "field": "data_types.employee_data", "operator": "EQUALS", "value": true }] },
+      "legal_basis": [{ "norm": "AGG", "article": "§ 22", "title": "Beweislast" }],
+      "sources": [{ "type": "national_law", "ref": "§ 22 AGG" }],
+      "category": "Governance",
+      "responsible": "HR / Legal",
+      "priority": "kritisch",
+      "deadline": { "type": "recurring", "interval": "laufend" },
+      "sanctions": { "description": "Ohne Dokumentation kann Beweislastumkehr nicht abgewehrt werden — Schadensersatz nach § 15 AGG" },
+      "evidence": [{ "name": "Entscheidungsprotokoll mit KI-Begruendung", "required": true }, "Audit-Trail aller KI-Bewertungen"],
+      "tom_control_ids": ["TOM.LOG.01", "TOM.GOV.01"],
+      "valid_from": "2006-08-18",
+      "version": "1.0"
+    },
+    {
+      "id": "AGG-OBL-004",
+      "title": "Regelmaessige Bias-Audits bei KI-gestuetzter Personalauswahl",
+      "description": "KI-Systeme im Recruiting muessen regelmaessig auf Bias geprueft werden: statistische Analyse der Ergebnisse nach Geschlecht, Altersgruppen und soweit zulaessig nach Herkunft.",
+      "applies_when": "AI ranks or scores candidates",
+      "applies_when_condition": { "all_of": [{ "field": "organization.country", "operator": "EQUALS", "value": "DE" }, { "field": "hr_context.candidate_ranking", "operator": "EQUALS", "value": true }] },
+      "legal_basis": [{ "norm": "AGG", "article": "§ 1, § 3", "title": "Unmittelbare und mittelbare Benachteiligung" }],
+      "category": "Technisch",
+      "responsible": "Data Science",
+      "priority": "hoch",
+      "deadline": { "type": "recurring", "interval": "quartalsweise" },
+      "evidence": [{ "name": "Bias-Audit-Ergebnis (letzte 3 Monate)", "required": true }],
+      "tom_control_ids": ["TOM.FAIR.01"],
+      "valid_from": "2006-08-18",
+      "version": "1.0"
+    },
+    {
+      "id": "AGG-OBL-005",
+      "title": "Schulung der HR-Entscheider ueber KI-Grenzen",
+      "description": "Personen, die KI-gestuetzte Empfehlungen im Personalbereich nutzen, muessen ueber Systemgrenzen, Bias-Risiken und ihre Pflicht zur eigenstaendigen Pruefung geschult werden.",
+      "applies_when": "AI provides recommendations for HR decisions",
+      "applies_when_condition": { "all_of": [{ "field": "organization.country", "operator": "EQUALS", "value": "DE" }, { "field": "data_types.employee_data", "operator": "EQUALS", "value": true }] },
+      "legal_basis": [{ "norm": "AGG", "article": "§ 12 Abs. 2", "title": "Pflicht des Arbeitgebers zu Schutzmassnahmen" }],
+      "category": "Organisatorisch",
+      "responsible": "HR / Training",
+      "priority": "hoch",
+      "deadline": { "type": "recurring", "interval": "jaehrlich" },
+      "evidence": [{ "name": "Schulungsnachweis AGG + KI-Kompetenz", "required": true }],
+      "tom_control_ids": [],
+      "valid_from": "2006-08-18",
+      "version": "1.0"
+    },
+    {
+      "id": "AGG-OBL-006",
+      "title": "Beschwerdemechanismus fuer abgelehnte Bewerber",
+      "description": "Bewerber muessen die Moeglichkeit haben, sich ueber KI-gestuetzte Auswahlentscheidungen zu beschweren. Die zustaendige Stelle (§ 13 AGG) muss benannt sein.",
+      "applies_when": "AI used in applicant selection process",
+      "applies_when_condition": { "all_of": [{ "field": "organization.country", "operator": "EQUALS", "value": "DE" }, { "field": "hr_context.automated_screening", "operator": "EQUALS", "value": true }] },
+      "legal_basis": [{ "norm": "AGG", "article": "§ 13", "title": "Beschwerderecht" }],
+      "category": "Organisatorisch",
+      "responsible": "HR",
+      "priority": "hoch",
+      "evidence": [{ "name": "Dokumentierter Beschwerdemechanismus", "required": true }],
+      "tom_control_ids": [],
+      "valid_from": "2006-08-18",
+      "version": "1.0"
+    },
+    {
+      "id": "AGG-OBL-007",
+      "title": "Schadensersatzrisiko dokumentieren und versichern",
+      "description": "Das Schadensersatzrisiko bei AGG-Verstoessen (bis 3 Monatsgehaelter pro Fall, § 15 AGG) muss bewertet und dokumentiert werden. Bei hohem Bewerbungsvolumen kann das kumulierte Risiko erheblich sein.",
+      "applies_when": "AI processes high volume of applications",
+      "applies_when_condition": { "all_of": [{ "field": "organization.country", "operator": "EQUALS", "value": "DE" }, { "field": "hr_context.automated_screening", "operator": "EQUALS", "value": true }] },
+      "legal_basis": [{ "norm": "AGG", "article": "§ 15", "title": "Entschaedigung und Schadensersatz" }],
+      "category": "Governance",
+      "responsible": "Legal / Finance",
+      "priority": "hoch",
+      "evidence": [{ "name": "Risikobewertung AGG-Schadensersatz", "required": false }],
+      "tom_control_ids": [],
+      "valid_from": "2006-08-18",
+      "version": "1.0"
+    },
+    {
+      "id": "AGG-OBL-008",
+      "title": "KI-Stellenausschreibungen AGG-konform gestalten",
+      "description": "Wenn KI bei der Erstellung oder Optimierung von Stellenausschreibungen eingesetzt wird, muss sichergestellt sein, dass die Ausschreibungen keine diskriminierenden Formulierungen enthalten (§ 11 AGG).",
+      "applies_when": "AI generates or optimizes job postings",
+      "applies_when_condition": { "all_of": [{ "field": "organization.country", "operator": "EQUALS", "value": "DE" }] },
+      "legal_basis": [{ "norm": "AGG", "article": "§ 11", "title": "Ausschreibung" }],
+      "category": "Organisatorisch",
+      "responsible": "HR / Marketing",
+      "priority": "hoch",
+      "evidence": [{ "name": "Pruefprotokoll Stellenausschreibung auf AGG-Konformitaet", "required": false }],
+      "tom_control_ids": [],
+      "valid_from": "2006-08-18",
+      "version": "1.0"
+    }
+  ],
+  "controls": [],
+  "incident_deadlines": []
+}