feat(citability): logischer norm_id-Join auf legal_basis (KB-v2 Zitier-Vertrag)
Wake-up #2 (Domaene 2): Zitierfaehigkeit ohne char-Level-Spans via logischem norm_id-Join auf KB-v2-Units (bp_compliance_kb_2026_1_build). Konvention (Board Compliance/KB-v2 2026-07-01): EU-<ACT>-Anhang<ROM> (Annex-Ebene, confirmed) / EU-<ACT>-Art<N> + EU-<ACT>-Kapitel<ROM> (verify_pending). Namensvariante EU-MaschVO-* (NICHT MaschinenVO). KEINE neue Klasse — norm_ids ist ein Attribut auf legal_basis (freeze-safe). - 65/65 legal_basis gejoint (CRA 40 + MaschVO 25), 0 unparsed; 64 Obligations citation_status -> norm_id_linked (BP/guidance-anchored bleiben ohne norm_id). - 53 annex_confirmed, 12 verify_pending; distinkt 5 Annex-IDs + 19 Art/Kapitel. - norm_id_manifest.json = KB-v2-Handoff (verify_pending Art-/Kapitel-IDs pruefen). - Granularitaet annex-grob (Part/Punkt = KB-Enhancement TBD); Artikel-norm_ids in KB-v2 noch zu verifizieren. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
+97
-29
@@ -23,7 +23,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (1)",
|
||||
"citation": "SBOM in gängigem maschinenlesbarem Format, mind. Top-Level-Abhängigkeiten"
|
||||
"citation": "SBOM in gängigem maschinenlesbarem Format, mind. Top-Level-Abhängigkeiten",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -128,7 +132,7 @@
|
||||
"member_count": 85,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -149,7 +153,12 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Art. 3(36) i.V.m. Annex I Part II (1)",
|
||||
"citation": "SBOM-Definition: formale Aufzeichnung enthaltener Komponenten und Abhängigkeiten"
|
||||
"citation": "SBOM-Definition: formale Aufzeichnung enthaltener Komponenten und Abhängigkeiten",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI",
|
||||
"EU-CRA-Art3"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -188,7 +197,7 @@
|
||||
"member_count": 24,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -209,7 +218,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (1)",
|
||||
"citation": "gängiges, maschinenlesbares Format"
|
||||
"citation": "gängiges, maschinenlesbares Format",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -248,7 +261,7 @@
|
||||
"member_count": 19,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -269,7 +282,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (1)",
|
||||
"citation": "SBOM während Support-Zeitraum führen"
|
||||
"citation": "SBOM während Support-Zeitraum führen",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -315,7 +332,7 @@
|
||||
"member_count": 31,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -476,7 +493,12 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Art. 31 / Annex I Part II (1)",
|
||||
"citation": "Vorlage der SBOM auf begründetes Verlangen der Marktüberwachungsbehörde"
|
||||
"citation": "Vorlage der SBOM auf begründetes Verlangen der Marktüberwachungsbehörde",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI",
|
||||
"EU-CRA-Art31"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -493,7 +515,7 @@
|
||||
"member_count": 8,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -514,7 +536,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Art. 31(4)",
|
||||
"citation": "Marktüberwachungsbehörden wahren Vertraulichkeit der erhaltenen Informationen"
|
||||
"citation": "Marktüberwachungsbehörden wahren Vertraulichkeit der erhaltenen Informationen",
|
||||
"norm_ids": [
|
||||
"EU-CRA-Art31"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -539,7 +565,7 @@
|
||||
"member_count": 10,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -600,7 +626,12 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Art. 31 i.V.m. Annex VII",
|
||||
"citation": "technische Dokumentation muss SBOM-relevante Nachweise enthalten"
|
||||
"citation": "technische Dokumentation muss SBOM-relevante Nachweise enthalten",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangVII",
|
||||
"EU-CRA-Art31"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -628,7 +659,7 @@
|
||||
"member_count": 13,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -649,7 +680,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (1)",
|
||||
"citation": "Komponenten identifizieren und dokumentieren, einschl. SBOM"
|
||||
"citation": "Komponenten identifizieren und dokumentieren, einschl. SBOM",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -717,7 +752,7 @@
|
||||
"member_count": 48,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -738,7 +773,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (1)",
|
||||
"citation": "Schwachstellen behandeln und beheben"
|
||||
"citation": "Schwachstellen behandeln und beheben",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -819,7 +858,7 @@
|
||||
"member_count": 61,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -840,7 +879,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (2) & (8)",
|
||||
"citation": "Schwachstellen unverzüglich beheben, kostenlose Sicherheitsupdates"
|
||||
"citation": "Schwachstellen unverzüglich beheben, kostenlose Sicherheitsupdates",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -965,7 +1008,7 @@
|
||||
"member_count": 110,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"merged_into": "provide_security_updates",
|
||||
"status": "deprecated_alias",
|
||||
@@ -989,7 +1032,12 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Article 13(8) & Annex VII",
|
||||
"citation": "Schwachstellenbehandlungsprozesse einrichten und in technischer Doku belegen"
|
||||
"citation": "Schwachstellenbehandlungsprozesse einrichten und in technischer Doku belegen",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangVII",
|
||||
"EU-CRA-Art13"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1114,7 +1162,7 @@
|
||||
"member_count": 105,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -1135,7 +1183,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (5)",
|
||||
"citation": "Coordinated Vulnerability Disclosure Policy einrichten"
|
||||
"citation": "Coordinated Vulnerability Disclosure Policy einrichten",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1233,7 +1285,7 @@
|
||||
"member_count": 78,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -1254,7 +1306,12 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Article 14 & Article 16",
|
||||
"citation": "Meldepflicht aktiv ausgenutzter Schwachstellen über Single Reporting Platform"
|
||||
"citation": "Meldepflicht aktiv ausgenutzter Schwachstellen über Single Reporting Platform",
|
||||
"norm_ids": [
|
||||
"EU-CRA-Art14",
|
||||
"EU-CRA-Art16"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -1294,7 +1351,7 @@
|
||||
"member_count": 31,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -1315,7 +1372,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (4) & (6)",
|
||||
"citation": "Informationen über behobene Schwachstellen teilen und offenlegen"
|
||||
"citation": "Informationen über behobene Schwachstellen teilen und offenlegen",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1335,7 +1396,7 @@
|
||||
"member_count": 5,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
}
|
||||
],
|
||||
@@ -1581,5 +1642,12 @@
|
||||
"produces_evidence_for",
|
||||
"implements",
|
||||
"derived_from"
|
||||
]
|
||||
],
|
||||
"norm_id_contract": {
|
||||
"convention": "EU-<ACT>-Anhang<ROM> (Annex-Ebene) / EU-<ACT>-Art<N> (verify) — KB-v2 bp_compliance_kb_2026_1_build",
|
||||
"act_naming": "EU-MaschVO-* (NICHT MaschinenVO)",
|
||||
"granularity": "annex-grob — 'Annex I Part II (1)' -> EU-CRA-AnhangI; Part/Punkt = KB-Enhancement TBD",
|
||||
"article_status": "EU-<ACT>-Art<N> in KB-v2 noch zu verifizieren; Annex-IDs confirmed",
|
||||
"source": "Board Compliance/KB-v2 2026-07-01"
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user