diff --git a/ai-compliance-sdk/Dockerfile b/ai-compliance-sdk/Dockerfile index 03c7384e..b87ea258 100644 --- a/ai-compliance-sdk/Dockerfile +++ b/ai-compliance-sdk/Dockerfile @@ -35,6 +35,8 @@ COPY policies/ ./policies/ # Copy Compliance Execution Graph data (file-backed: Registry join-key copy + accepted control # mappings + evidence requirements) consumed by GET /sdk/v1/compliance/obligation-status. +# data/obligations/obligation_join_keys.json is a synced copy of the repo-root Registry contract +# (the Obligation Registry owns the canonical file) — re-sync it when the Registry grows. COPY data/control_mappings/ ./data/control_mappings/ COPY data/evidence_requirements/ ./data/evidence_requirements/ COPY data/obligations/ ./data/obligations/ diff --git a/ai-compliance-sdk/data/obligations/obligation_join_keys.json b/ai-compliance-sdk/data/obligations/obligation_join_keys.json index 7a5d5bec..e5838c54 100644 --- a/ai-compliance-sdk/data/obligations/obligation_join_keys.json +++ b/ai-compliance-sdk/data/obligations/obligation_join_keys.json @@ -1,7 +1,7 @@ { "schema_version": "obligation_join_keys_v1", "contract": "obligation_id ist der stabile Join-Key. Legal Knowledge Graph haengt citation_spans an obligation_id; Compliance Execution Graph mappt control_mapping.source_norm -> obligation_id. Interim-Bruecke = citation_units. obligation_id NIE neu vergeben (re-link).", - "count": 93, + "count": 95, "obligation_ids": [ { "obligation_id": "sbom_creation", @@ -175,6 +175,26 @@ ], "source_role": "LEGAL_BASIS" }, + { + "obligation_id": "attack_surface_minimization", + "regulation": "CRA", + "family": "core", + "tier": "LEGAL_MINIMUM", + "citation_units": [ + "Annex I Part I (2)(j)" + ], + "source_role": "LEGAL_BASIS" + }, + { + "obligation_id": "software_integrity_protection", + "regulation": "CRA", + "family": "core", + "tier": "LEGAL_MINIMUM", + "citation_units": [ + "Annex I Part I (2)(f)" + ], + "source_role": "LEGAL_BASIS" + }, { "obligation_id": "user_authentication_required", "regulation": "CRA",