From a4df3201db4cb02d8832e21662e9c8c2f85b9c66 Mon Sep 17 00:00:00 2001
From: Benjamin Admin <benjaminadmin@MacBookPro.fritz.box>
Date: Tue, 3 Mar 2026 15:58:50 +0100
Subject: [PATCH] =?UTF-8?q?feat:=20Obligations-Modul=20auf=20100%=20?=
 =?UTF-8?q?=E2=80=94=20vollst=C3=A4ndige=20CRUD-Implementierung?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Backend: compliance_obligations Tabelle (Migration 013)
- Backend: obligation_routes.py — GET/POST/PUT/DELETE + Stats-Endpoint
- Backend: obligation_router in __init__.py registriert
- Frontend: obligations/page.tsx — ObligationModal, ObligationDetail, ObligationCard, alle Buttons verdrahtet
- Proxy: PATCH-Methode in compliance catch-all route ergänzt
- Tests: 39/39 Obligation-Tests (Schemas, Helpers, Business Logic)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../app/(sdk)/sdk/obligations/page.tsx        | 980 +++++++++++++-----
 .../sdk/v1/compliance/[[...path]]/route.ts    |  10 +-
 backend-compliance/compliance/api/__init__.py |   3 +
 .../compliance/api/obligation_routes.py       | 318 ++++++
 .../migrations/013_obligations.sql            |  31 +
 .../tests/test_obligation_routes.py           | 325 ++++++
 6 files changed, 1382 insertions(+), 285 deletions(-)
 create mode 100644 backend-compliance/compliance/api/obligation_routes.py
 create mode 100644 backend-compliance/migrations/013_obligations.sql
 create mode 100644 backend-compliance/tests/test_obligation_routes.py

diff --git a/admin-compliance/app/(sdk)/sdk/obligations/page.tsx b/admin-compliance/app/(sdk)/sdk/obligations/page.tsx
index f3aa4f1..f2ce136 100644
--- a/admin-compliance/app/(sdk)/sdk/obligations/page.tsx
+++ b/admin-compliance/app/(sdk)/sdk/obligations/page.tsx
@@ -1,11 +1,10 @@
 'use client'
 
-import React, { useState, useEffect } from 'react'
-import { useSDK } from '@/lib/sdk'
+import React, { useState, useEffect, useCallback } from 'react'
 import { StepHeader, STEP_EXPLANATIONS } from '@/components/sdk/StepHeader'
 
 // =============================================================================
-// TYPES
+// Types
 // =============================================================================
 
 interface Obligation {
@@ -13,364 +12,777 @@ interface Obligation {
   title: string
   description: string
   source: string
-  sourceArticle: string
-  deadline: Date | null
+  source_article: string
+  deadline: string | null
   status: 'pending' | 'in-progress' | 'completed' | 'overdue'
   priority: 'critical' | 'high' | 'medium' | 'low'
   responsible: string
-  linkedSystems: string[]
+  linked_systems: string[]
+  assessment_id?: string
+  rule_code?: string
+  notes?: string
+  created_at?: string
+  updated_at?: string
+}
+
+interface ObligationStats {
+  pending: number
+  in_progress: number
+  overdue: number
+  completed: number
+  total: number
+  critical: number
+  high: number
+}
+
+interface ObligationFormData {
+  title: string
+  description: string
+  source: string
+  source_article: string
+  deadline: string
+  status: string
+  priority: string
+  responsible: string
+  linked_systems: string
+  notes: string
+}
+
+const EMPTY_FORM: ObligationFormData = {
+  title: '',
+  description: '',
+  source: 'DSGVO',
+  source_article: '',
+  deadline: '',
+  status: 'pending',
+  priority: 'medium',
+  responsible: '',
+  linked_systems: '',
+  notes: '',
+}
+
+const API = '/api/sdk/v1/compliance/obligations'
+
+// =============================================================================
+// Status helpers
+// =============================================================================
+
+const PRIORITY_COLORS: Record<string, string> = {
+  critical: 'bg-red-100 text-red-700',
+  high:     'bg-orange-100 text-orange-700',
+  medium:   'bg-yellow-100 text-yellow-700',
+  low:      'bg-green-100 text-green-700',
+}
+
+const PRIORITY_LABELS: Record<string, string> = {
+  critical: 'Kritisch',
+  high:     'Hoch',
+  medium:   'Mittel',
+  low:      'Niedrig',
+}
+
+const STATUS_COLORS: Record<string, string> = {
+  pending:      'bg-gray-100 text-gray-600',
+  'in-progress':'bg-blue-100 text-blue-700',
+  completed:    'bg-green-100 text-green-700',
+  overdue:      'bg-red-100 text-red-700',
+}
+
+const STATUS_LABELS: Record<string, string> = {
+  pending:      'Ausstehend',
+  'in-progress':'In Bearbeitung',
+  completed:    'Abgeschlossen',
+  overdue:      'Ueberfaellig',
+}
+
+const STATUS_NEXT: Record<string, string> = {
+  pending:      'in-progress',
+  'in-progress':'completed',
+  completed:    'pending',
+  overdue:      'in-progress',
 }
 
 // =============================================================================
-// COMPONENTS
+// Create/Edit Modal
 // =============================================================================
 
-function ObligationCard({ obligation }: { obligation: Obligation }) {
-  const priorityColors = {
-    critical: 'bg-red-100 text-red-700',
-    high: 'bg-orange-100 text-orange-700',
-    medium: 'bg-yellow-100 text-yellow-700',
-    low: 'bg-green-100 text-green-700',
-  }
+function ObligationModal({
+  initial,
+  onClose,
+  onSave,
+}: {
+  initial?: Partial<ObligationFormData>
+  onClose: () => void
+  onSave: (data: ObligationFormData) => Promise<void>
+}) {
+  const [form, setForm] = useState<ObligationFormData>({ ...EMPTY_FORM, ...initial })
+  const [saving, setSaving] = useState(false)
+  const [error, setError] = useState<string | null>(null)
 
-  const statusColors = {
-    pending: 'bg-gray-100 text-gray-600 border-gray-200',
-    'in-progress': 'bg-blue-100 text-blue-700 border-blue-200',
-    completed: 'bg-green-100 text-green-700 border-green-200',
-    overdue: 'bg-red-100 text-red-700 border-red-200',
-  }
+  const update = (field: keyof ObligationFormData, value: string) =>
+    setForm(prev => ({ ...prev, [field]: value }))
 
-  const statusLabels = {
-    pending: 'Ausstehend',
-    'in-progress': 'In Bearbeitung',
-    completed: 'Abgeschlossen',
-    overdue: 'Ueberfaellig',
+  const handleSave = async () => {
+    if (!form.title.trim()) { setError('Titel ist erforderlich'); return }
+    setSaving(true)
+    setError(null)
+    try {
+      await onSave(form)
+      onClose()
+    } catch (e) {
+      setError(e instanceof Error ? e.message : 'Fehler beim Speichern')
+    } finally {
+      setSaving(false)
+    }
   }
 
-  const daysUntilDeadline = obligation.deadline
-    ? Math.ceil((obligation.deadline.getTime() - new Date().getTime()) / (1000 * 60 * 60 * 24))
-    : null
-
   return (
-    <div className={`bg-white rounded-xl border-2 p-6 ${
-      obligation.status === 'overdue' ? 'border-red-200' :
-      obligation.status === 'completed' ? 'border-green-200' : 'border-gray-200'
-    }`}>
-      <div className="flex items-start justify-between">
-        <div className="flex-1">
-          <div className="flex items-center gap-2 mb-2">
-            <span className={`px-2 py-1 text-xs rounded-full ${priorityColors[obligation.priority]}`}>
-              {obligation.priority === 'critical' ? 'Kritisch' :
-               obligation.priority === 'high' ? 'Hoch' :
-               obligation.priority === 'medium' ? 'Mittel' : 'Niedrig'}
-            </span>
-            <span className={`px-2 py-1 text-xs rounded-full ${statusColors[obligation.status]}`}>
-              {statusLabels[obligation.status]}
-            </span>
-            <span className="px-2 py-1 text-xs bg-purple-50 text-purple-700 rounded">
-              {obligation.source} {obligation.sourceArticle}
-            </span>
+    <div className="fixed inset-0 bg-black/40 z-50 flex items-center justify-center p-4" onClick={e => e.target === e.currentTarget && onClose()}>
+      <div className="bg-white rounded-2xl shadow-2xl w-full max-w-xl max-h-[90vh] overflow-y-auto">
+        <div className="flex items-center justify-between p-6 border-b">
+          <h2 className="text-lg font-semibold text-gray-900">
+            {initial?.title ? 'Pflicht bearbeiten' : 'Neue Pflicht erstellen'}
+          </h2>
+          <button onClick={onClose} className="text-gray-400 hover:text-gray-600 text-xl">✕</button>
+        </div>
+        <div className="p-6 space-y-4">
+          {error && <div className="text-red-600 text-sm bg-red-50 rounded-lg p-3">{error}</div>}
+
+          <div>
+            <label className="block text-sm font-medium text-gray-700 mb-1">Titel *</label>
+            <input
+              type="text"
+              value={form.title}
+              onChange={e => update('title', e.target.value)}
+              className="w-full px-3 py-2 border border-gray-300 rounded-lg text-sm focus:ring-2 focus:ring-purple-500"
+              placeholder="z.B. Datenschutz-Folgenabschaetzung durchfuehren"
+            />
           </div>
-          <h3 className="text-lg font-semibold text-gray-900">{obligation.title}</h3>
-          <p className="text-sm text-gray-500 mt-1">{obligation.description}</p>
-        </div>
-      </div>
 
-      <div className="mt-4 grid grid-cols-2 gap-4 text-sm">
-        <div>
-          <span className="text-gray-500">Verantwortlich: </span>
-          <span className="font-medium text-gray-700">{obligation.responsible}</span>
-        </div>
-        {obligation.deadline && (
-          <div className={daysUntilDeadline && daysUntilDeadline < 0 ? 'text-red-600' : ''}>
-            <span className="text-gray-500">Frist: </span>
-            <span className="font-medium">
-              {obligation.deadline.toLocaleDateString('de-DE')}
-              {daysUntilDeadline !== null && (
-                <span className="ml-2">
-                  ({daysUntilDeadline < 0 ? `${Math.abs(daysUntilDeadline)} Tage ueberfaellig` : `${daysUntilDeadline} Tage`})
-                </span>
-              )}
-            </span>
+          <div>
+            <label className="block text-sm font-medium text-gray-700 mb-1">Beschreibung</label>
+            <textarea
+              value={form.description}
+              onChange={e => update('description', e.target.value)}
+              rows={3}
+              className="w-full px-3 py-2 border border-gray-300 rounded-lg text-sm focus:ring-2 focus:ring-purple-500"
+              placeholder="Detaillierte Beschreibung der Anforderung..."
+            />
           </div>
-        )}
-      </div>
 
-      {obligation.linkedSystems.length > 0 && (
-        <div className="mt-3 flex items-center gap-2 flex-wrap">
-          <span className="text-sm text-gray-500">Betroffene Systeme:</span>
-          {obligation.linkedSystems.map(sys => (
-            <span key={sys} className="px-2 py-0.5 text-xs bg-gray-100 text-gray-600 rounded">
-              {sys}
-            </span>
-          ))}
+          <div className="grid grid-cols-2 gap-4">
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Rechtsquelle</label>
+              <select
+                value={form.source}
+                onChange={e => update('source', e.target.value)}
+                className="w-full px-3 py-2 border border-gray-300 rounded-lg text-sm"
+              >
+                {['DSGVO', 'AI Act', 'NIS2', 'BDSG', 'TTDSG', 'Sonstig'].map(s => (
+                  <option key={s}>{s}</option>
+                ))}
+              </select>
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Artikel/Paragraph</label>
+              <input
+                type="text"
+                value={form.source_article}
+                onChange={e => update('source_article', e.target.value)}
+                className="w-full px-3 py-2 border border-gray-300 rounded-lg text-sm"
+                placeholder="z.B. Art. 35"
+              />
+            </div>
+          </div>
+
+          <div className="grid grid-cols-2 gap-4">
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Prioritaet</label>
+              <select
+                value={form.priority}
+                onChange={e => update('priority', e.target.value)}
+                className="w-full px-3 py-2 border border-gray-300 rounded-lg text-sm"
+              >
+                <option value="critical">Kritisch</option>
+                <option value="high">Hoch</option>
+                <option value="medium">Mittel</option>
+                <option value="low">Niedrig</option>
+              </select>
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Status</label>
+              <select
+                value={form.status}
+                onChange={e => update('status', e.target.value)}
+                className="w-full px-3 py-2 border border-gray-300 rounded-lg text-sm"
+              >
+                <option value="pending">Ausstehend</option>
+                <option value="in-progress">In Bearbeitung</option>
+                <option value="completed">Abgeschlossen</option>
+                <option value="overdue">Ueberfaellig</option>
+              </select>
+            </div>
+          </div>
+
+          <div className="grid grid-cols-2 gap-4">
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Faellig bis</label>
+              <input
+                type="date"
+                value={form.deadline}
+                onChange={e => update('deadline', e.target.value)}
+                className="w-full px-3 py-2 border border-gray-300 rounded-lg text-sm"
+              />
+            </div>
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">Verantwortlich</label>
+              <input
+                type="text"
+                value={form.responsible}
+                onChange={e => update('responsible', e.target.value)}
+                className="w-full px-3 py-2 border border-gray-300 rounded-lg text-sm"
+                placeholder="z.B. DSB, IT, Compliance"
+              />
+            </div>
+          </div>
+
+          <div>
+            <label className="block text-sm font-medium text-gray-700 mb-1">Betroffene Systeme</label>
+            <input
+              type="text"
+              value={form.linked_systems}
+              onChange={e => update('linked_systems', e.target.value)}
+              className="w-full px-3 py-2 border border-gray-300 rounded-lg text-sm"
+              placeholder="Kommagetrennt: CRM, ERP, Website"
+            />
+          </div>
+
+          <div>
+            <label className="block text-sm font-medium text-gray-700 mb-1">Notizen</label>
+            <textarea
+              value={form.notes}
+              onChange={e => update('notes', e.target.value)}
+              rows={2}
+              className="w-full px-3 py-2 border border-gray-300 rounded-lg text-sm"
+              placeholder="Interne Hinweise..."
+            />
+          </div>
         </div>
-      )}
-
-      <div className="mt-4 pt-4 border-t border-gray-100 flex items-center justify-between">
-        <button className="text-sm text-purple-600 hover:text-purple-700 font-medium">
-          Details anzeigen
-        </button>
-        {obligation.status !== 'completed' && (
-          <button className="px-4 py-2 text-sm bg-purple-50 text-purple-700 rounded-lg hover:bg-purple-100 transition-colors">
-            Als erledigt markieren
+        <div className="flex justify-end gap-3 p-6 border-t">
+          <button onClick={onClose} className="px-4 py-2 text-sm text-gray-600 hover:bg-gray-100 rounded-lg">Abbrechen</button>
+          <button
+            onClick={handleSave}
+            disabled={saving}
+            className="px-5 py-2 text-sm bg-purple-600 text-white rounded-lg hover:bg-purple-700 disabled:opacity-50"
+          >
+            {saving ? 'Speichern...' : 'Speichern'}
           </button>
-        )}
+        </div>
       </div>
     </div>
   )
 }
 
 // =============================================================================
-// HELPERS
+// Detail Panel
 // =============================================================================
 
-function mapControlsToObligations(assessments: Array<{
-  id: string
-  title?: string
-  domain?: string
-  result?: {
-    required_controls?: Array<{
-      id: string
-      title: string
-      description: string
-      gdpr_ref?: string
-      effort?: string
-    }>
-    triggered_rules?: Array<{
-      rule_code: string
-      title: string
-      severity: string
-      gdpr_ref: string
-    }>
-    risk_level?: string
-  }
-}>): Obligation[] {
-  const obligations: Obligation[] = []
+function ObligationDetail({ obligation, onClose, onStatusChange, onEdit, onDelete }: {
+  obligation: Obligation
+  onClose: () => void
+  onStatusChange: (id: string, status: string) => Promise<void>
+  onEdit: () => void
+  onDelete: (id: string) => Promise<void>
+}) {
+  const [saving, setSaving] = useState(false)
 
-  for (const assessment of assessments) {
-    // Map triggered rules to obligations
-    const rules = assessment.result?.triggered_rules || []
-    for (const rule of rules) {
-      const severity = rule.severity
-      obligations.push({
-        id: `${assessment.id}-${rule.rule_code}`,
-        title: rule.title,
-        description: `Aus Assessment: ${assessment.title || assessment.id.slice(0, 8)}`,
-        source: rule.gdpr_ref?.includes('AI Act') ? 'AI Act' : 'DSGVO',
-        sourceArticle: rule.gdpr_ref || '',
-        deadline: null,
-        status: 'pending',
-        priority: severity === 'BLOCK' ? 'critical' : severity === 'WARN' ? 'high' : 'medium',
-        responsible: 'Compliance Team',
-        linkedSystems: assessment.title ? [assessment.title] : [],
-      })
-    }
-
-    // Map required controls to obligations
-    const controls = assessment.result?.required_controls || []
-    for (const control of controls) {
-      obligations.push({
-        id: `${assessment.id}-ctrl-${control.id}`,
-        title: control.title,
-        description: control.description,
-        source: control.gdpr_ref?.includes('AI Act') ? 'AI Act' : 'DSGVO',
-        sourceArticle: control.gdpr_ref || '',
-        deadline: null,
-        status: 'pending',
-        priority: assessment.result?.risk_level === 'HIGH' || assessment.result?.risk_level === 'UNACCEPTABLE' ? 'high' : 'medium',
-        responsible: 'IT / Compliance',
-        linkedSystems: assessment.title ? [assessment.title] : [],
-      })
-    }
+  const handleStatusCycle = async () => {
+    setSaving(true)
+    await onStatusChange(obligation.id, STATUS_NEXT[obligation.status])
+    setSaving(false)
   }
 
-  return obligations
+  const handleDelete = async () => {
+    if (!confirm('Pflicht wirklich loeschen?')) return
+    await onDelete(obligation.id)
+    onClose()
+  }
+
+  const daysUntil = obligation.deadline
+    ? Math.ceil((new Date(obligation.deadline).getTime() - Date.now()) / 86400000)
+    : null
+
+  return (
+    <div className="fixed inset-0 bg-black/40 z-50 flex items-end md:items-center justify-center p-4" onClick={e => e.target === e.currentTarget && onClose()}>
+      <div className="bg-white rounded-2xl shadow-2xl w-full max-w-lg max-h-[85vh] overflow-y-auto">
+        <div className="flex items-start justify-between p-6 border-b gap-4">
+          <div className="flex-1">
+            <div className="flex items-center gap-2 mb-1 flex-wrap">
+              <span className={`px-2 py-0.5 text-xs rounded-full ${PRIORITY_COLORS[obligation.priority]}`}>{PRIORITY_LABELS[obligation.priority]}</span>
+              <span className={`px-2 py-0.5 text-xs rounded-full ${STATUS_COLORS[obligation.status]}`}>{STATUS_LABELS[obligation.status]}</span>
+              {obligation.source && (
+                <span className="px-2 py-0.5 text-xs bg-purple-50 text-purple-700 rounded">{obligation.source} {obligation.source_article}</span>
+              )}
+            </div>
+            <h2 className="text-base font-semibold text-gray-900">{obligation.title}</h2>
+          </div>
+          <button onClick={onClose} className="text-gray-400 hover:text-gray-600 flex-shrink-0">✕</button>
+        </div>
+
+        <div className="p-6 space-y-4 text-sm">
+          {obligation.description && (
+            <p className="text-gray-700 whitespace-pre-wrap">{obligation.description}</p>
+          )}
+
+          <div className="grid grid-cols-2 gap-3">
+            <div>
+              <span className="text-gray-500">Verantwortlich</span>
+              <p className="font-medium text-gray-900">{obligation.responsible || '—'}</p>
+            </div>
+            <div>
+              <span className="text-gray-500">Frist</span>
+              <p className={`font-medium ${daysUntil !== null && daysUntil < 0 ? 'text-red-600' : 'text-gray-900'}`}>
+                {obligation.deadline
+                  ? `${new Date(obligation.deadline).toLocaleDateString('de-DE')}${daysUntil !== null ? ` (${daysUntil < 0 ? `${Math.abs(daysUntil)}d ueberfaellig` : `${daysUntil}d`})` : ''}`
+                  : '—'}
+              </p>
+            </div>
+          </div>
+
+          {obligation.linked_systems?.length > 0 && (
+            <div>
+              <span className="text-gray-500">Betroffene Systeme</span>
+              <div className="flex flex-wrap gap-1 mt-1">
+                {obligation.linked_systems.map(s => (
+                  <span key={s} className="px-2 py-0.5 text-xs bg-gray-100 text-gray-600 rounded">{s}</span>
+                ))}
+              </div>
+            </div>
+          )}
+
+          {obligation.notes && (
+            <div>
+              <span className="text-gray-500">Notizen</span>
+              <p className="text-gray-700 mt-1">{obligation.notes}</p>
+            </div>
+          )}
+
+          {obligation.rule_code && (
+            <div className="bg-purple-50 rounded-lg p-3">
+              <span className="text-xs text-purple-600">Aus UCCA Assessment abgeleitet · Regel {obligation.rule_code}</span>
+            </div>
+          )}
+
+          {obligation.created_at && (
+            <p className="text-xs text-gray-400">
+              Erstellt: {new Date(obligation.created_at).toLocaleDateString('de-DE')}
+              {obligation.updated_at && obligation.updated_at !== obligation.created_at
+                ? ` · Geaendert: ${new Date(obligation.updated_at).toLocaleDateString('de-DE')}`
+                : ''}
+            </p>
+          )}
+        </div>
+
+        <div className="flex items-center justify-between gap-2 p-6 border-t flex-wrap">
+          <div className="flex gap-2">
+            <button
+              onClick={handleDelete}
+              className="px-3 py-1.5 text-xs text-red-600 hover:bg-red-50 rounded-lg border border-red-200"
+            >
+              Loeschen
+            </button>
+          </div>
+          <div className="flex gap-2">
+            <button onClick={onEdit} className="px-3 py-1.5 text-xs text-gray-700 bg-gray-100 hover:bg-gray-200 rounded-lg">
+              Bearbeiten
+            </button>
+            {obligation.status !== 'completed' && (
+              <button
+                onClick={handleStatusCycle}
+                disabled={saving}
+                className="px-4 py-1.5 text-xs bg-purple-600 text-white rounded-lg hover:bg-purple-700 disabled:opacity-50"
+              >
+                {saving ? '...' : STATUS_NEXT[obligation.status] === 'completed' ? 'Als erledigt markieren' : `→ ${STATUS_LABELS[STATUS_NEXT[obligation.status]]}`}
+              </button>
+            )}
+          </div>
+        </div>
+      </div>
+    </div>
+  )
 }
 
 // =============================================================================
-// MAIN PAGE
+// Obligation Card
+// =============================================================================
+
+function ObligationCard({
+  obligation,
+  onStatusChange,
+  onDetails,
+}: {
+  obligation: Obligation
+  onStatusChange: (id: string, status: string) => Promise<void>
+  onDetails: () => void
+}) {
+  const [saving, setSaving] = useState(false)
+
+  const daysUntil = obligation.deadline
+    ? Math.ceil((new Date(obligation.deadline).getTime() - Date.now()) / 86400000)
+    : null
+
+  const handleMark = async (e: React.MouseEvent) => {
+    e.stopPropagation()
+    setSaving(true)
+    await onStatusChange(obligation.id, STATUS_NEXT[obligation.status])
+    setSaving(false)
+  }
+
+  return (
+    <div
+      className={`bg-white rounded-xl border-2 p-5 cursor-pointer hover:shadow-md transition-all ${
+        obligation.status === 'overdue' ? 'border-red-200' :
+        obligation.status === 'completed' ? 'border-green-200' :
+        obligation.status === 'in-progress' ? 'border-blue-200' : 'border-gray-200'
+      }`}
+      onClick={onDetails}
+    >
+      <div className="flex items-start justify-between gap-4">
+        <div className="flex-1 min-w-0">
+          <div className="flex items-center gap-2 mb-1.5 flex-wrap">
+            <span className={`px-2 py-0.5 text-xs rounded-full ${PRIORITY_COLORS[obligation.priority]}`}>
+              {PRIORITY_LABELS[obligation.priority]}
+            </span>
+            <span className={`px-2 py-0.5 text-xs rounded-full ${STATUS_COLORS[obligation.status]}`}>
+              {STATUS_LABELS[obligation.status]}
+            </span>
+            {obligation.source_article && (
+              <span className="px-2 py-0.5 text-xs bg-purple-50 text-purple-700 rounded">
+                {obligation.source} {obligation.source_article}
+              </span>
+            )}
+          </div>
+          <h3 className="font-semibold text-gray-900 text-sm">{obligation.title}</h3>
+          {obligation.description && (
+            <p className="text-xs text-gray-500 mt-1 line-clamp-2">{obligation.description}</p>
+          )}
+        </div>
+      </div>
+
+      <div className="mt-3 flex items-center justify-between text-xs text-gray-500">
+        <div className="flex items-center gap-3">
+          {obligation.responsible && <span>👤 {obligation.responsible}</span>}
+          {obligation.deadline && (
+            <span className={daysUntil !== null && daysUntil < 0 ? 'text-red-600 font-medium' : ''}>
+              📅 {new Date(obligation.deadline).toLocaleDateString('de-DE')}
+              {daysUntil !== null && ` (${daysUntil < 0 ? `${Math.abs(daysUntil)}d überfällig` : `${daysUntil}d`})`}
+            </span>
+          )}
+        </div>
+        <div className="flex items-center gap-2" onClick={e => e.stopPropagation()}>
+          <button
+            onClick={onDetails}
+            className="text-purple-600 hover:text-purple-700 font-medium"
+          >
+            Details
+          </button>
+          {obligation.status !== 'completed' && (
+            <button
+              onClick={handleMark}
+              disabled={saving}
+              className="px-3 py-1 bg-purple-50 text-purple-700 rounded-lg hover:bg-purple-100 transition-colors disabled:opacity-50"
+            >
+              {saving ? '...' : STATUS_NEXT[obligation.status] === 'completed' ? 'Erledigt ✓' : `→ ${STATUS_LABELS[STATUS_NEXT[obligation.status]]}`}
+            </button>
+          )}
+        </div>
+      </div>
+    </div>
+  )
+}
+
+// =============================================================================
+// Main Page
 // =============================================================================
 
 export default function ObligationsPage() {
-  const { state } = useSDK()
   const [obligations, setObligations] = useState<Obligation[]>([])
-  const [filter, setFilter] = useState<string>('all')
+  const [stats, setStats] = useState<ObligationStats | null>(null)
+  const [filter, setFilter] = useState('all')
+  const [searchQuery, setSearchQuery] = useState('')
   const [loading, setLoading] = useState(true)
-  const [backendAvailable, setBackendAvailable] = useState(false)
-  const [backendError, setBackendError] = useState<string | null>(null)
+  const [error, setError] = useState<string | null>(null)
+  const [showModal, setShowModal] = useState(false)
+  const [editObligation, setEditObligation] = useState<Obligation | null>(null)
+  const [detailObligation, setDetailObligation] = useState<Obligation | null>(null)
 
-  useEffect(() => {
-    async function loadObligations() {
-      try {
-        const response = await fetch('/api/sdk/v1/ucca/assessments')
-        if (response.ok) {
-          const data = await response.json()
-          const assessments = data.assessments || []
-          if (assessments.length > 0) {
-            const mapped = mapControlsToObligations(assessments)
-            setObligations(mapped)
-            setBackendAvailable(true)
-            setLoading(false)
-            return
-          }
-        }
-      } catch {
-        setBackendError('Backend nicht erreichbar — Pflichten aus lokalem State geladen (Offline-Modus)')
+  const loadData = useCallback(async () => {
+    setLoading(true)
+    setError(null)
+    try {
+      const params = new URLSearchParams({ limit: '200' })
+      if (filter !== 'all' && ['pending', 'in-progress', 'completed', 'overdue'].includes(filter)) {
+        params.set('status', filter)
       }
-
-      // Fallback: use obligations from SDK state
-      if (state.obligations && state.obligations.length > 0) {
-        setObligations(state.obligations.map(o => ({
-          id: o.id,
-          title: o.title,
-          description: o.description || '',
-          source: o.source || 'DSGVO',
-          sourceArticle: o.sourceArticle || '',
-          deadline: o.deadline ? new Date(o.deadline) : null,
-          status: (o.status as Obligation['status']) || 'pending',
-          priority: (o.priority as Obligation['priority']) || 'medium',
-          responsible: o.responsible || 'Compliance Team',
-          linkedSystems: o.linkedSystems || [],
-        })))
+      if (filter === 'critical' || filter === 'high') {
+        params.set('priority', filter)
       }
+      if (searchQuery) params.set('search', searchQuery)
 
+      const [listRes, statsRes] = await Promise.all([
+        fetch(`${API}?${params}`),
+        fetch(`${API}/stats`),
+      ])
+
+      if (listRes.ok) {
+        const data = await listRes.json()
+        setObligations(data.obligations || [])
+      }
+      if (statsRes.ok) {
+        setStats(await statsRes.json())
+      }
+    } catch {
+      setError('Verbindung zum Backend fehlgeschlagen')
+    } finally {
       setLoading(false)
     }
+  }, [filter, searchQuery])
 
-    loadObligations()
-  }, [state.obligations])
+  useEffect(() => {
+    loadData()
+  }, [loadData])
 
-  const filteredObligations = filter === 'all'
-    ? obligations
-    : obligations.filter(o => o.status === filter || o.priority === filter || o.source.toLowerCase().includes(filter))
+  const handleCreate = async (form: ObligationFormData) => {
+    const res = await fetch(API, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        title: form.title,
+        description: form.description || null,
+        source: form.source,
+        source_article: form.source_article || null,
+        deadline: form.deadline || null,
+        status: form.status,
+        priority: form.priority,
+        responsible: form.responsible || null,
+        linked_systems: form.linked_systems ? form.linked_systems.split(',').map(s => s.trim()).filter(Boolean) : [],
+        notes: form.notes || null,
+      }),
+    })
+    if (!res.ok) throw new Error('Erstellen fehlgeschlagen')
+    await loadData()
+  }
 
-  const pendingCount = obligations.filter(o => o.status === 'pending').length
-  const inProgressCount = obligations.filter(o => o.status === 'in-progress').length
-  const overdueCount = obligations.filter(o => o.status === 'overdue').length
-  const completedCount = obligations.filter(o => o.status === 'completed').length
+  const handleUpdate = async (id: string, form: ObligationFormData) => {
+    const res = await fetch(`${API}/${id}`, {
+      method: 'PUT',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        title: form.title,
+        description: form.description || null,
+        source: form.source,
+        source_article: form.source_article || null,
+        deadline: form.deadline || null,
+        status: form.status,
+        priority: form.priority,
+        responsible: form.responsible || null,
+        linked_systems: form.linked_systems ? form.linked_systems.split(',').map(s => s.trim()).filter(Boolean) : [],
+        notes: form.notes || null,
+      }),
+    })
+    if (!res.ok) throw new Error('Aktualisierung fehlgeschlagen')
+    await loadData()
+    // Refresh detail if open
+    if (detailObligation?.id === id) {
+      const updated = await fetch(`${API}/${id}`)
+      if (updated.ok) setDetailObligation(await updated.json())
+    }
+  }
+
+  const handleStatusChange = async (id: string, newStatus: string) => {
+    const res = await fetch(`${API}/${id}/status`, {
+      method: 'PUT',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ status: newStatus }),
+    })
+    if (!res.ok) return
+    const updated = await res.json()
+    setObligations(prev => prev.map(o => o.id === id ? updated : o))
+    if (detailObligation?.id === id) setDetailObligation(updated)
+    // Refresh stats
+    fetch(`${API}/stats`).then(r => r.json()).then(setStats).catch(() => {})
+  }
+
+  const handleDelete = async (id: string) => {
+    const res = await fetch(`${API}/${id}`, { method: 'DELETE' })
+    if (!res.ok && res.status !== 204) throw new Error('Loeschen fehlgeschlagen')
+    setObligations(prev => prev.filter(o => o.id !== id))
+    setDetailObligation(null)
+    fetch(`${API}/stats`).then(r => r.json()).then(setStats).catch(() => {})
+  }
 
   const stepInfo = STEP_EXPLANATIONS['obligations']
 
+  const filteredObligations = obligations.filter(o => {
+    if (filter === 'ai') return o.source.toLowerCase().includes('ai')
+    return true
+  })
+
   return (
     <div className="space-y-6">
-      {/* Step Header */}
+      {/* Modals */}
+      {(showModal || editObligation) && !detailObligation && (
+        <ObligationModal
+          initial={editObligation ? {
+            title: editObligation.title,
+            description: editObligation.description,
+            source: editObligation.source,
+            source_article: editObligation.source_article,
+            deadline: editObligation.deadline ? editObligation.deadline.slice(0, 10) : '',
+            status: editObligation.status,
+            priority: editObligation.priority,
+            responsible: editObligation.responsible,
+            linked_systems: editObligation.linked_systems?.join(', ') || '',
+            notes: editObligation.notes || '',
+          } : undefined}
+          onClose={() => { setShowModal(false); setEditObligation(null) }}
+          onSave={async (form) => {
+            if (editObligation) {
+              await handleUpdate(editObligation.id, form)
+              setEditObligation(null)
+            } else {
+              await handleCreate(form)
+              setShowModal(false)
+            }
+          }}
+        />
+      )}
+
+      {detailObligation && (
+        <ObligationDetail
+          obligation={detailObligation}
+          onClose={() => setDetailObligation(null)}
+          onStatusChange={handleStatusChange}
+          onDelete={handleDelete}
+          onEdit={() => {
+            setEditObligation(detailObligation)
+            setDetailObligation(null)
+          }}
+        />
+      )}
+
+      {/* Header */}
       <StepHeader
         stepId="obligations"
-        title={stepInfo.title}
-        description={stepInfo.description}
-        explanation={stepInfo.explanation}
-        tips={stepInfo.tips}
+        title={stepInfo?.title || 'Pflichten-Management'}
+        description={stepInfo?.description || 'DSGVO & AI-Act Compliance-Pflichten verwalten'}
+        explanation={stepInfo?.explanation || ''}
+        tips={stepInfo?.tips || []}
       >
-        <button className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors">
-          <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+        <button
+          onClick={() => setShowModal(true)}
+          className="flex items-center gap-2 px-4 py-2 bg-purple-600 text-white rounded-lg hover:bg-purple-700 transition-colors text-sm"
+        >
+          <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
             <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 6v6m0 0v6m0-6h6m-6 0H6" />
           </svg>
           Pflicht hinzufuegen
         </button>
       </StepHeader>
 
-      {/* Backend Status */}
-      {backendAvailable && (
-        <div className="bg-green-50 border border-green-200 rounded-lg p-3 text-sm text-green-700">
-          Pflichten aus UCCA-Assessments geladen (Live-Daten)
-        </div>
-      )}
-      {backendError && !backendAvailable && (
-        <div className="bg-amber-50 border border-amber-200 rounded-lg p-3 text-sm text-amber-700 flex items-center gap-2">
-          <svg className="w-4 h-4 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-          </svg>
-          {backendError}
-        </div>
-      )}
-
-      {/* Loading */}
-      {loading && (
-        <div className="text-center py-8 text-gray-500">Lade Pflichten...</div>
+      {/* Error */}
+      {error && (
+        <div className="bg-amber-50 border border-amber-200 rounded-lg p-3 text-sm text-amber-700">{error}</div>
       )}
 
       {/* Stats */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
-        <div className="bg-white rounded-xl border border-gray-200 p-6">
-          <div className="text-sm text-gray-500">Ausstehend</div>
-          <div className="text-3xl font-bold text-gray-900">{pendingCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-blue-200 p-6">
-          <div className="text-sm text-blue-600">In Bearbeitung</div>
-          <div className="text-3xl font-bold text-blue-600">{inProgressCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-red-200 p-6">
-          <div className="text-sm text-red-600">Ueberfaellig</div>
-          <div className="text-3xl font-bold text-red-600">{overdueCount}</div>
-        </div>
-        <div className="bg-white rounded-xl border border-green-200 p-6">
-          <div className="text-sm text-green-600">Abgeschlossen</div>
-          <div className="text-3xl font-bold text-green-600">{completedCount}</div>
-        </div>
+      <div className="grid grid-cols-2 md:grid-cols-4 gap-4">
+        {[
+          { label: 'Ausstehend',    value: stats?.pending     ?? 0, color: 'text-gray-600',  border: 'border-gray-200' },
+          { label: 'In Bearbeitung',value: stats?.in_progress ?? 0, color: 'text-blue-600',  border: 'border-blue-200' },
+          { label: 'Ueberfaellig',  value: stats?.overdue     ?? 0, color: 'text-red-600',   border: 'border-red-200'  },
+          { label: 'Abgeschlossen', value: stats?.completed   ?? 0, color: 'text-green-600', border: 'border-green-200'},
+        ].map(s => (
+          <div key={s.label} className={`bg-white rounded-xl border ${s.border} p-5`}>
+            <div className={`text-xs ${s.color}`}>{s.label}</div>
+            <div className={`text-3xl font-bold mt-1 ${s.color}`}>{s.value}</div>
+          </div>
+        ))}
       </div>
 
-      {/* Urgent Alert */}
-      {overdueCount > 0 && (
-        <div className="bg-red-50 border border-red-200 rounded-xl p-4 flex items-center gap-4">
-          <div className="w-10 h-10 bg-red-100 rounded-full flex items-center justify-center">
-            <svg className="w-5 h-5 text-red-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+      {/* Overdue alert */}
+      {(stats?.overdue ?? 0) > 0 && (
+        <div className="bg-red-50 border border-red-200 rounded-xl p-4 flex items-center gap-3">
+          <div className="w-9 h-9 bg-red-100 rounded-full flex items-center justify-center flex-shrink-0">
+            <svg className="w-4 h-4 text-red-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
               <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
             </svg>
           </div>
           <div>
-            <h4 className="font-medium text-red-800">Achtung: {overdueCount} ueberfaellige Pflicht(en)</h4>
-            <p className="text-sm text-red-600">Diese Pflichten erfordern sofortige Aufmerksamkeit.</p>
+            <h4 className="font-medium text-red-800 text-sm">Achtung: {stats?.overdue} ueberfaellige Pflicht(en)</h4>
+            <p className="text-xs text-red-600">Diese Pflichten erfordern sofortige Aufmerksamkeit.</p>
           </div>
         </div>
       )}
 
-      {/* Filter */}
-      <div className="flex items-center gap-2 flex-wrap">
-        <span className="text-sm text-gray-500">Filter:</span>
-        {['all', 'overdue', 'pending', 'in-progress', 'completed', 'critical', 'ai'].map(f => (
-          <button
-            key={f}
-            onClick={() => setFilter(f)}
-            className={`px-3 py-1 text-sm rounded-full transition-colors ${
-              filter === f
-                ? 'bg-purple-600 text-white'
-                : 'bg-gray-100 text-gray-600 hover:bg-gray-200'
-            }`}
-          >
-            {f === 'all' ? 'Alle' :
-             f === 'overdue' ? 'Ueberfaellig' :
-             f === 'pending' ? 'Ausstehend' :
-             f === 'in-progress' ? 'In Bearbeitung' :
-             f === 'completed' ? 'Abgeschlossen' :
-             f === 'critical' ? 'Kritisch' : 'AI Act'}
-          </button>
-        ))}
-      </div>
-
-      {/* Obligations List */}
-      <div className="space-y-4">
-        {filteredObligations
-          .sort((a, b) => {
-            const statusOrder = { overdue: 0, 'in-progress': 1, pending: 2, completed: 3 }
-            return statusOrder[a.status] - statusOrder[b.status]
-          })
-          .map(obligation => (
-            <ObligationCard key={obligation.id} obligation={obligation} />
+      {/* Search + Filter */}
+      <div className="flex flex-col sm:flex-row items-start sm:items-center gap-3">
+        <input
+          type="text"
+          value={searchQuery}
+          onChange={e => setSearchQuery(e.target.value)}
+          placeholder="Suche nach Pflichten..."
+          className="flex-1 px-4 py-2 border border-gray-300 rounded-lg text-sm focus:ring-2 focus:ring-purple-500"
+        />
+        <div className="flex items-center gap-2 flex-wrap">
+          {['all', 'overdue', 'pending', 'in-progress', 'completed', 'critical', 'ai'].map(f => (
+            <button
+              key={f}
+              onClick={() => setFilter(f)}
+              className={`px-3 py-1.5 text-xs rounded-full transition-colors ${
+                filter === f ? 'bg-purple-600 text-white' : 'bg-gray-100 text-gray-600 hover:bg-gray-200'
+              }`}
+            >
+              {f === 'all' ? 'Alle' : f === 'in-progress' ? 'In Bearbeitung' : f === 'overdue' ? 'Ueberfaellig' : f === 'pending' ? 'Ausstehend' : f === 'completed' ? 'Abgeschlossen' : f === 'critical' ? 'Kritisch' : 'AI Act'}
+            </button>
           ))}
+        </div>
       </div>
 
-      {filteredObligations.length === 0 && !loading && (
-        <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
-          <div className="w-16 h-16 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
-            <svg className="w-8 h-8 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2" />
-            </svg>
-          </div>
-          <h3 className="text-lg font-semibold text-gray-900">Keine Pflichten gefunden</h3>
-          <p className="mt-2 text-gray-500">
-            Erstellen Sie zuerst ein Use Case Assessment, um automatisch Pflichten abzuleiten.
-          </p>
+      {/* Loading */}
+      {loading && <div className="text-center py-8 text-gray-500 text-sm">Lade Pflichten...</div>}
+
+      {/* Obligations list */}
+      {!loading && (
+        <div className="space-y-3">
+          {filteredObligations.map(o => (
+            <ObligationCard
+              key={o.id}
+              obligation={o}
+              onStatusChange={handleStatusChange}
+              onDetails={() => setDetailObligation(o)}
+            />
+          ))}
+
+          {filteredObligations.length === 0 && (
+            <div className="bg-white rounded-xl border border-gray-200 p-12 text-center">
+              <div className="w-14 h-14 mx-auto bg-gray-100 rounded-full flex items-center justify-center mb-4">
+                <svg className="w-7 h-7 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2" />
+                </svg>
+              </div>
+              <h3 className="text-base font-semibold text-gray-900">Keine Pflichten gefunden</h3>
+              <p className="mt-2 text-sm text-gray-500">
+                Klicken Sie auf "Pflicht hinzufuegen", um die erste Compliance-Pflicht zu erfassen.
+              </p>
+              <button
+                onClick={() => setShowModal(true)}
+                className="mt-4 px-5 py-2 bg-purple-600 text-white text-sm rounded-lg hover:bg-purple-700"
+              >
+                Erste Pflicht erstellen
+              </button>
+            </div>
+          )}
         </div>
       )}
     </div>
diff --git a/admin-compliance/app/api/sdk/v1/compliance/[[...path]]/route.ts b/admin-compliance/app/api/sdk/v1/compliance/[[...path]]/route.ts
index 1253f24..da8be75 100644
--- a/admin-compliance/app/api/sdk/v1/compliance/[[...path]]/route.ts
+++ b/admin-compliance/app/api/sdk/v1/compliance/[[...path]]/route.ts
@@ -47,7 +47,7 @@ async function proxyRequest(
       signal: AbortSignal.timeout(60000),
     }
 
-    if (method === 'POST' || method === 'PUT') {
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
       const body = await request.text()
       if (body) {
         fetchOptions.body = body
@@ -118,6 +118,14 @@ export async function PUT(
   return proxyRequest(request, path, 'PUT')
 }
 
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PATCH')
+}
+
 export async function DELETE(
   request: NextRequest,
   { params }: { params: Promise<{ path?: string[] }> }
diff --git a/backend-compliance/compliance/api/__init__.py b/backend-compliance/compliance/api/__init__.py
index bb2bdf2..c98dba9 100644
--- a/backend-compliance/compliance/api/__init__.py
+++ b/backend-compliance/compliance/api/__init__.py
@@ -15,6 +15,7 @@ from .einwilligungen_routes import router as einwilligungen_router
 from .escalation_routes import router as escalation_router
 from .consent_template_routes import router as consent_template_router
 from .notfallplan_routes import router as notfallplan_router
+from .obligation_routes import router as obligation_router
 
 # Include sub-routers
 router.include_router(audit_router)
@@ -31,6 +32,7 @@ router.include_router(einwilligungen_router)
 router.include_router(escalation_router)
 router.include_router(consent_template_router)
 router.include_router(notfallplan_router)
+router.include_router(obligation_router)
 
 __all__ = [
     "router",
@@ -48,4 +50,5 @@ __all__ = [
     "escalation_router",
     "consent_template_router",
     "notfallplan_router",
+    "obligation_router",
 ]
diff --git a/backend-compliance/compliance/api/obligation_routes.py b/backend-compliance/compliance/api/obligation_routes.py
new file mode 100644
index 0000000..3ce409d
--- /dev/null
+++ b/backend-compliance/compliance/api/obligation_routes.py
@@ -0,0 +1,318 @@
+"""
+FastAPI routes for Compliance Obligations Tracking.
+
+Endpoints:
+  GET    /obligations           — list with filters (status, priority, source, limit, offset)
+  POST   /obligations           — create obligation
+  GET    /obligations/stats     — counts per status and priority
+  GET    /obligations/{id}      — get single obligation
+  PUT    /obligations/{id}      — update obligation
+  PUT    /obligations/{id}/status — quick status update
+  DELETE /obligations/{id}      — delete obligation
+"""
+
+import logging
+from datetime import datetime
+from typing import Optional, List, Any, Dict
+from uuid import UUID
+
+from fastapi import APIRouter, Depends, HTTPException, Query, Header
+from pydantic import BaseModel
+from sqlalchemy import text
+from sqlalchemy.orm import Session
+
+from classroom_engine.database import get_db
+
+logger = logging.getLogger(__name__)
+router = APIRouter(prefix="/obligations", tags=["obligations"])
+
+DEFAULT_TENANT_ID = "9282a473-5c95-4b3a-bf78-0ecc0ec71d3e"
+
+
+# =============================================================================
+# Pydantic Schemas
+# =============================================================================
+
+class ObligationCreate(BaseModel):
+    title: str
+    description: Optional[str] = None
+    source: str = "DSGVO"
+    source_article: Optional[str] = None
+    deadline: Optional[datetime] = None
+    status: str = "pending"
+    priority: str = "medium"
+    responsible: Optional[str] = None
+    linked_systems: Optional[List[str]] = None
+    assessment_id: Optional[str] = None
+    rule_code: Optional[str] = None
+    notes: Optional[str] = None
+
+
+class ObligationUpdate(BaseModel):
+    title: Optional[str] = None
+    description: Optional[str] = None
+    source: Optional[str] = None
+    source_article: Optional[str] = None
+    deadline: Optional[datetime] = None
+    status: Optional[str] = None
+    priority: Optional[str] = None
+    responsible: Optional[str] = None
+    linked_systems: Optional[List[str]] = None
+    notes: Optional[str] = None
+
+
+class ObligationStatusUpdate(BaseModel):
+    status: str
+
+
+def _row_to_dict(row) -> Dict[str, Any]:
+    result = dict(row._mapping)
+    for key, val in result.items():
+        if isinstance(val, datetime):
+            result[key] = val.isoformat()
+        elif hasattr(val, '__str__') and not isinstance(val, (str, int, float, bool, list, dict, type(None))):
+            result[key] = str(val)
+    return result
+
+
+def _get_tenant_id(x_tenant_id: Optional[str] = Header(None)) -> str:
+    if x_tenant_id:
+        try:
+            UUID(x_tenant_id)
+            return x_tenant_id
+        except ValueError:
+            pass
+    return DEFAULT_TENANT_ID
+
+
+# =============================================================================
+# Routes
+# =============================================================================
+
+@router.get("")
+async def list_obligations(
+    status: Optional[str] = Query(None),
+    priority: Optional[str] = Query(None),
+    source: Optional[str] = Query(None),
+    search: Optional[str] = Query(None),
+    limit: int = Query(100, ge=1, le=500),
+    offset: int = Query(0, ge=0),
+    db: Session = Depends(get_db),
+    x_tenant_id: Optional[str] = Header(None),
+):
+    """List obligations with optional filters."""
+    tenant_id = _get_tenant_id(x_tenant_id)
+
+    where_clauses = ["tenant_id = :tenant_id"]
+    params: Dict[str, Any] = {"tenant_id": tenant_id, "limit": limit, "offset": offset}
+
+    if status:
+        where_clauses.append("status = :status")
+        params["status"] = status
+    if priority:
+        where_clauses.append("priority = :priority")
+        params["priority"] = priority
+    if source:
+        where_clauses.append("source ILIKE :source")
+        params["source"] = f"%{source}%"
+    if search:
+        where_clauses.append("(title ILIKE :search OR description ILIKE :search)")
+        params["search"] = f"%{search}%"
+
+    where_sql = " AND ".join(where_clauses)
+
+    total_row = db.execute(
+        text(f"SELECT COUNT(*) FROM compliance_obligations WHERE {where_sql}"),
+        params,
+    ).fetchone()
+    total = total_row[0] if total_row else 0
+
+    rows = db.execute(
+        text(f"""
+            SELECT * FROM compliance_obligations
+            WHERE {where_sql}
+            ORDER BY
+                CASE priority
+                    WHEN 'critical' THEN 0
+                    WHEN 'high' THEN 1
+                    WHEN 'medium' THEN 2
+                    ELSE 3
+                END,
+                CASE status
+                    WHEN 'overdue' THEN 0
+                    WHEN 'in-progress' THEN 1
+                    WHEN 'pending' THEN 2
+                    ELSE 3
+                END,
+                created_at DESC
+            LIMIT :limit OFFSET :offset
+        """),
+        params,
+    ).fetchall()
+
+    return {
+        "obligations": [_row_to_dict(r) for r in rows],
+        "total": total,
+    }
+
+
+@router.get("/stats")
+async def get_obligation_stats(
+    db: Session = Depends(get_db),
+    x_tenant_id: Optional[str] = Header(None),
+):
+    """Return obligation counts per status and priority."""
+    tenant_id = _get_tenant_id(x_tenant_id)
+
+    rows = db.execute(text("""
+        SELECT
+            COUNT(*) FILTER (WHERE status = 'pending')     AS pending,
+            COUNT(*) FILTER (WHERE status = 'in-progress') AS in_progress,
+            COUNT(*) FILTER (WHERE status = 'overdue')     AS overdue,
+            COUNT(*) FILTER (WHERE status = 'completed')   AS completed,
+            COUNT(*) FILTER (WHERE priority = 'critical')  AS critical,
+            COUNT(*) FILTER (WHERE priority = 'high')      AS high,
+            COUNT(*)                                        AS total
+        FROM compliance_obligations
+        WHERE tenant_id = :tenant_id
+    """), {"tenant_id": tenant_id}).fetchone()
+
+    if rows:
+        d = dict(rows._mapping)
+        return {k: (v or 0) for k, v in d.items()}
+    return {"pending": 0, "in_progress": 0, "overdue": 0, "completed": 0, "critical": 0, "high": 0, "total": 0}
+
+
+@router.post("", status_code=201)
+async def create_obligation(
+    payload: ObligationCreate,
+    db: Session = Depends(get_db),
+    x_tenant_id: Optional[str] = Header(None),
+):
+    """Create a new compliance obligation."""
+    tenant_id = _get_tenant_id(x_tenant_id)
+
+    import json
+    linked_systems = json.dumps(payload.linked_systems or [])
+
+    row = db.execute(text("""
+        INSERT INTO compliance_obligations
+            (tenant_id, title, description, source, source_article, deadline,
+             status, priority, responsible, linked_systems, assessment_id, rule_code, notes)
+        VALUES
+            (:tenant_id, :title, :description, :source, :source_article, :deadline,
+             :status, :priority, :responsible, :linked_systems::jsonb, :assessment_id, :rule_code, :notes)
+        RETURNING *
+    """), {
+        "tenant_id": tenant_id,
+        "title": payload.title,
+        "description": payload.description,
+        "source": payload.source,
+        "source_article": payload.source_article,
+        "deadline": payload.deadline,
+        "status": payload.status,
+        "priority": payload.priority,
+        "responsible": payload.responsible,
+        "linked_systems": linked_systems,
+        "assessment_id": payload.assessment_id,
+        "rule_code": payload.rule_code,
+        "notes": payload.notes,
+    }).fetchone()
+    db.commit()
+    return _row_to_dict(row)
+
+
+@router.get("/{obligation_id}")
+async def get_obligation(
+    obligation_id: str,
+    db: Session = Depends(get_db),
+    x_tenant_id: Optional[str] = Header(None),
+):
+    tenant_id = _get_tenant_id(x_tenant_id)
+    row = db.execute(text("""
+        SELECT * FROM compliance_obligations
+        WHERE id = :id AND tenant_id = :tenant_id
+    """), {"id": obligation_id, "tenant_id": tenant_id}).fetchone()
+    if not row:
+        raise HTTPException(status_code=404, detail="Obligation not found")
+    return _row_to_dict(row)
+
+
+@router.put("/{obligation_id}")
+async def update_obligation(
+    obligation_id: str,
+    payload: ObligationUpdate,
+    db: Session = Depends(get_db),
+    x_tenant_id: Optional[str] = Header(None),
+):
+    """Update an obligation's fields."""
+    tenant_id = _get_tenant_id(x_tenant_id)
+    import json
+
+    updates: Dict[str, Any] = {"id": obligation_id, "tenant_id": tenant_id, "updated_at": datetime.utcnow()}
+    set_clauses = ["updated_at = :updated_at"]
+
+    for field, value in payload.model_dump(exclude_unset=True).items():
+        if field == "linked_systems":
+            updates["linked_systems"] = json.dumps(value or [])
+            set_clauses.append("linked_systems = :linked_systems::jsonb")
+        else:
+            updates[field] = value
+            set_clauses.append(f"{field} = :{field}")
+
+    if len(set_clauses) == 1:
+        raise HTTPException(status_code=400, detail="No fields to update")
+
+    row = db.execute(text(f"""
+        UPDATE compliance_obligations
+        SET {', '.join(set_clauses)}
+        WHERE id = :id AND tenant_id = :tenant_id
+        RETURNING *
+    """), updates).fetchone()
+    db.commit()
+
+    if not row:
+        raise HTTPException(status_code=404, detail="Obligation not found")
+    return _row_to_dict(row)
+
+
+@router.put("/{obligation_id}/status")
+async def update_obligation_status(
+    obligation_id: str,
+    payload: ObligationStatusUpdate,
+    db: Session = Depends(get_db),
+    x_tenant_id: Optional[str] = Header(None),
+):
+    """Quick status update for an obligation."""
+    tenant_id = _get_tenant_id(x_tenant_id)
+    valid_statuses = {"pending", "in-progress", "completed", "overdue"}
+    if payload.status not in valid_statuses:
+        raise HTTPException(status_code=400, detail=f"Invalid status. Must be one of: {', '.join(valid_statuses)}")
+
+    row = db.execute(text("""
+        UPDATE compliance_obligations
+        SET status = :status, updated_at = :now
+        WHERE id = :id AND tenant_id = :tenant_id
+        RETURNING *
+    """), {"status": payload.status, "now": datetime.utcnow(), "id": obligation_id, "tenant_id": tenant_id}).fetchone()
+    db.commit()
+
+    if not row:
+        raise HTTPException(status_code=404, detail="Obligation not found")
+    return _row_to_dict(row)
+
+
+@router.delete("/{obligation_id}", status_code=204)
+async def delete_obligation(
+    obligation_id: str,
+    db: Session = Depends(get_db),
+    x_tenant_id: Optional[str] = Header(None),
+):
+    tenant_id = _get_tenant_id(x_tenant_id)
+    result = db.execute(text("""
+        DELETE FROM compliance_obligations
+        WHERE id = :id AND tenant_id = :tenant_id
+    """), {"id": obligation_id, "tenant_id": tenant_id})
+    db.commit()
+    if result.rowcount == 0:
+        raise HTTPException(status_code=404, detail="Obligation not found")
diff --git a/backend-compliance/migrations/013_obligations.sql b/backend-compliance/migrations/013_obligations.sql
new file mode 100644
index 0000000..3391193
--- /dev/null
+++ b/backend-compliance/migrations/013_obligations.sql
@@ -0,0 +1,31 @@
+-- Migration 013: Compliance Obligations Tracking
+-- Standalone obligation items (DSGVO/AI-Act Pflichten-Verwaltung)
+-- Derived from UCCA assessments or created manually
+
+SET search_path TO compliance, core, public;
+
+CREATE TABLE IF NOT EXISTS compliance_obligations (
+    id              UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id       UUID NOT NULL DEFAULT '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e',
+    title           TEXT NOT NULL,
+    description     TEXT,
+    source          TEXT NOT NULL DEFAULT 'DSGVO',   -- 'DSGVO', 'AI Act', 'NIS2', etc.
+    source_article  TEXT,                            -- e.g. 'Art. 35', 'Art. 9'
+    deadline        TIMESTAMPTZ,
+    status          TEXT NOT NULL DEFAULT 'pending', -- pending|in-progress|completed|overdue
+    priority        TEXT NOT NULL DEFAULT 'medium',  -- critical|high|medium|low
+    responsible     TEXT,
+    linked_systems  JSONB DEFAULT '[]'::jsonb,
+    -- Link to UCCA assessment (if auto-derived)
+    assessment_id   UUID,
+    rule_code       TEXT,                            -- UCCA rule code if derived
+    notes           TEXT,
+    created_at      TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at      TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_obligations_tenant    ON compliance_obligations(tenant_id);
+CREATE INDEX IF NOT EXISTS idx_obligations_status    ON compliance_obligations(status);
+CREATE INDEX IF NOT EXISTS idx_obligations_priority  ON compliance_obligations(priority);
+CREATE INDEX IF NOT EXISTS idx_obligations_deadline  ON compliance_obligations(deadline) WHERE deadline IS NOT NULL;
+CREATE INDEX IF NOT EXISTS idx_obligations_created   ON compliance_obligations(created_at DESC);
diff --git a/backend-compliance/tests/test_obligation_routes.py b/backend-compliance/tests/test_obligation_routes.py
new file mode 100644
index 0000000..c4e1247
--- /dev/null
+++ b/backend-compliance/tests/test_obligation_routes.py
@@ -0,0 +1,325 @@
+"""Tests for compliance obligation routes and schemas (obligation_routes.py)."""
+
+import pytest
+from unittest.mock import MagicMock
+from datetime import datetime
+
+from compliance.api.obligation_routes import (
+    ObligationCreate,
+    ObligationUpdate,
+    ObligationStatusUpdate,
+    _row_to_dict,
+    _get_tenant_id,
+    DEFAULT_TENANT_ID,
+)
+
+
+# =============================================================================
+# Schema Tests — ObligationCreate
+# =============================================================================
+
+class TestObligationCreate:
+    def test_minimal_valid(self):
+        req = ObligationCreate(title="Art. 30 VVT führen")
+        assert req.title == "Art. 30 VVT führen"
+        assert req.source == "DSGVO"
+        assert req.status == "pending"
+        assert req.priority == "medium"
+        assert req.description is None
+        assert req.source_article is None
+        assert req.deadline is None
+        assert req.responsible is None
+        assert req.linked_systems is None
+        assert req.assessment_id is None
+        assert req.rule_code is None
+        assert req.notes is None
+
+    def test_full_values(self):
+        deadline = datetime(2026, 6, 1, 0, 0, 0)
+        req = ObligationCreate(
+            title="DSFA durchführen",
+            description="Pflicht nach Art. 35 DSGVO",
+            source="DSGVO",
+            source_article="Art. 35",
+            deadline=deadline,
+            status="in-progress",
+            priority="critical",
+            responsible="Datenschutzbeauftragter",
+            linked_systems=["CRM", "ERP"],
+            assessment_id="abc123",
+            rule_code="RULE-DSFA-001",
+            notes="Frist ist bindend",
+        )
+        assert req.title == "DSFA durchführen"
+        assert req.source_article == "Art. 35"
+        assert req.priority == "critical"
+        assert req.responsible == "Datenschutzbeauftragter"
+        assert req.linked_systems == ["CRM", "ERP"]
+        assert req.rule_code == "RULE-DSFA-001"
+
+    def test_ai_act_source(self):
+        req = ObligationCreate(title="Risikoklasse bestimmen", source="AI Act")
+        assert req.source == "AI Act"
+        assert req.status == "pending"
+
+    def test_nis2_source(self):
+        req = ObligationCreate(title="Meldepflicht einrichten", source="NIS2")
+        assert req.source == "NIS2"
+
+    def test_serialization_excludes_none(self):
+        req = ObligationCreate(title="Test", priority="high")
+        data = req.model_dump(exclude_none=True)
+        assert data["title"] == "Test"
+        assert data["priority"] == "high"
+        assert "description" not in data
+        assert "deadline" not in data
+
+    def test_serialization_includes_set_fields(self):
+        req = ObligationCreate(title="Test", status="overdue", responsible="admin")
+        data = req.model_dump()
+        assert data["status"] == "overdue"
+        assert data["responsible"] == "admin"
+        assert data["source"] == "DSGVO"
+
+
+# =============================================================================
+# Schema Tests — ObligationUpdate
+# =============================================================================
+
+class TestObligationUpdate:
+    def test_empty_update(self):
+        req = ObligationUpdate()
+        data = req.model_dump(exclude_unset=True)
+        assert data == {}
+
+    def test_partial_update_title(self):
+        req = ObligationUpdate(title="Neuer Titel")
+        data = req.model_dump(exclude_unset=True)
+        assert data == {"title": "Neuer Titel"}
+
+    def test_partial_update_status_priority(self):
+        req = ObligationUpdate(status="completed", priority="low")
+        data = req.model_dump(exclude_unset=True)
+        assert data["status"] == "completed"
+        assert data["priority"] == "low"
+        assert "title" not in data
+
+    def test_update_linked_systems(self):
+        req = ObligationUpdate(linked_systems=["CRM"])
+        data = req.model_dump(exclude_unset=True)
+        assert data["linked_systems"] == ["CRM"]
+
+    def test_update_clears_linked_systems(self):
+        req = ObligationUpdate(linked_systems=[])
+        data = req.model_dump(exclude_unset=True)
+        assert data["linked_systems"] == []
+
+    def test_update_deadline(self):
+        dl = datetime(2026, 12, 31)
+        req = ObligationUpdate(deadline=dl)
+        data = req.model_dump(exclude_unset=True)
+        assert data["deadline"] == dl
+
+    def test_full_update(self):
+        req = ObligationUpdate(
+            title="Updated",
+            description="Neue Beschreibung",
+            source="NIS2",
+            source_article="Art. 21",
+            status="in-progress",
+            priority="high",
+            responsible="CISO",
+            notes="Jetzt eilt es",
+        )
+        data = req.model_dump(exclude_unset=True)
+        assert len(data) == 8
+        assert data["responsible"] == "CISO"
+
+
+# =============================================================================
+# Schema Tests — ObligationStatusUpdate
+# =============================================================================
+
+class TestObligationStatusUpdate:
+    def test_pending(self):
+        req = ObligationStatusUpdate(status="pending")
+        assert req.status == "pending"
+
+    def test_in_progress(self):
+        req = ObligationStatusUpdate(status="in-progress")
+        assert req.status == "in-progress"
+
+    def test_completed(self):
+        req = ObligationStatusUpdate(status="completed")
+        assert req.status == "completed"
+
+    def test_overdue(self):
+        req = ObligationStatusUpdate(status="overdue")
+        assert req.status == "overdue"
+
+    def test_serialization(self):
+        req = ObligationStatusUpdate(status="completed")
+        data = req.model_dump()
+        assert data == {"status": "completed"}
+
+
+# =============================================================================
+# Helper Tests — _row_to_dict
+# =============================================================================
+
+class TestRowToDict:
+    def test_basic_conversion(self):
+        row = MagicMock()
+        row._mapping = {"id": "abc-123", "title": "Test Pflicht", "priority": "medium"}
+        result = _row_to_dict(row)
+        assert result["id"] == "abc-123"
+        assert result["title"] == "Test Pflicht"
+        assert result["priority"] == "medium"
+
+    def test_datetime_serialized(self):
+        ts = datetime(2026, 6, 1, 12, 0, 0)
+        row = MagicMock()
+        row._mapping = {"id": "abc", "created_at": ts, "updated_at": ts}
+        result = _row_to_dict(row)
+        assert result["created_at"] == ts.isoformat()
+        assert result["updated_at"] == ts.isoformat()
+
+    def test_deadline_serialized(self):
+        dl = datetime(2026, 12, 31, 23, 59, 59)
+        row = MagicMock()
+        row._mapping = {"id": "abc", "deadline": dl}
+        result = _row_to_dict(row)
+        assert result["deadline"] == dl.isoformat()
+
+    def test_none_values_preserved(self):
+        row = MagicMock()
+        row._mapping = {
+            "id": "abc",
+            "description": None,
+            "deadline": None,
+            "responsible": None,
+            "notes": None,
+        }
+        result = _row_to_dict(row)
+        assert result["description"] is None
+        assert result["deadline"] is None
+        assert result["responsible"] is None
+        assert result["notes"] is None
+
+    def test_uuid_converted_to_string(self):
+        import uuid
+        uid = uuid.UUID("9282a473-5c95-4b3a-bf78-0ecc0ec71d3e")
+        row = MagicMock()
+        row._mapping = {"id": uid, "tenant_id": uid}
+        result = _row_to_dict(row)
+        assert result["id"] == str(uid)
+        assert result["tenant_id"] == str(uid)
+
+    def test_string_fields_unchanged(self):
+        row = MagicMock()
+        row._mapping = {
+            "title": "DSFA durchführen",
+            "status": "pending",
+            "source": "DSGVO",
+            "source_article": "Art. 35",
+            "priority": "critical",
+        }
+        result = _row_to_dict(row)
+        assert result["title"] == "DSFA durchführen"
+        assert result["status"] == "pending"
+        assert result["source"] == "DSGVO"
+        assert result["priority"] == "critical"
+
+    def test_int_and_bool_unchanged(self):
+        row = MagicMock()
+        row._mapping = {"count": 42, "active": True, "flag": False}
+        result = _row_to_dict(row)
+        assert result["count"] == 42
+        assert result["active"] is True
+        assert result["flag"] is False
+
+
+# =============================================================================
+# Helper Tests — _get_tenant_id
+# =============================================================================
+
+class TestGetTenantId:
+    def test_valid_uuid_returned(self):
+        tenant_id = "9282a473-5c95-4b3a-bf78-0ecc0ec71d3e"
+        result = _get_tenant_id(x_tenant_id=tenant_id)
+        assert result == tenant_id
+
+    def test_different_valid_uuid(self):
+        tenant_id = "12345678-1234-1234-1234-123456789abc"
+        result = _get_tenant_id(x_tenant_id=tenant_id)
+        assert result == tenant_id
+
+    def test_none_returns_default(self):
+        result = _get_tenant_id(x_tenant_id=None)
+        assert result == DEFAULT_TENANT_ID
+
+    def test_invalid_uuid_returns_default(self):
+        result = _get_tenant_id(x_tenant_id="not-a-valid-uuid")
+        assert result == DEFAULT_TENANT_ID
+
+    def test_empty_string_returns_default(self):
+        result = _get_tenant_id(x_tenant_id="")
+        assert result == DEFAULT_TENANT_ID
+
+    def test_partial_uuid_returns_default(self):
+        result = _get_tenant_id(x_tenant_id="9282a473-5c95-4b3a")
+        assert result == DEFAULT_TENANT_ID
+
+
+# =============================================================================
+# Business Logic Tests
+# =============================================================================
+
+class TestObligationBusinessLogic:
+    def test_default_tenant_id_is_valid_uuid(self):
+        import uuid
+        # Should not raise
+        parsed = uuid.UUID(DEFAULT_TENANT_ID)
+        assert str(parsed) == DEFAULT_TENANT_ID
+
+    def test_valid_statuses(self):
+        valid = {"pending", "in-progress", "completed", "overdue"}
+        # Each status should be a valid string, matching what the route validates
+        assert "pending" in valid
+        assert "in-progress" in valid
+        assert "completed" in valid
+        assert "overdue" in valid
+
+    def test_valid_priorities(self):
+        valid = {"critical", "high", "medium", "low"}
+        req = ObligationCreate(title="Test", priority="critical")
+        assert req.priority in valid
+        req2 = ObligationCreate(title="Test", priority="low")
+        assert req2.priority in valid
+
+    def test_priority_order_correctness(self):
+        """Ensure priority values match the SQL CASE ordering in the route."""
+        priorities_ordered = ["critical", "high", "medium", "low"]
+        for i, p in enumerate(priorities_ordered):
+            req = ObligationCreate(title=f"Test {p}", priority=p)
+            assert req.priority == p
+
+    def test_linked_systems_defaults_to_none(self):
+        req = ObligationCreate(title="Test")
+        assert req.linked_systems is None
+
+    def test_linked_systems_can_be_empty_list(self):
+        req = ObligationCreate(title="Test", linked_systems=[])
+        assert req.linked_systems == []
+
+    def test_linked_systems_multiple_items(self):
+        systems = ["CRM", "ERP", "HR-System", "Buchhaltung"]
+        req = ObligationCreate(title="Test", linked_systems=systems)
+        assert len(req.linked_systems) == 4
+        assert "ERP" in req.linked_systems
+
+    def test_source_defaults(self):
+        """Verify all common DSGVO/AI Act sources can be stored."""
+        for source in ["DSGVO", "AI Act", "NIS2", "BDSG", "ISO 27001"]:
+            req = ObligationCreate(title="Test", source=source)
+            assert req.source == source