feat(citability): logischer norm_id-Join auf legal_basis (KB-v2 Zitier-Vertrag)
Wake-up #2 (Domaene 2): Zitierfaehigkeit ohne char-Level-Spans via logischem norm_id-Join auf KB-v2-Units (bp_compliance_kb_2026_1_build). Konvention (Board Compliance/KB-v2 2026-07-01): EU-<ACT>-Anhang<ROM> (Annex-Ebene, confirmed) / EU-<ACT>-Art<N> + EU-<ACT>-Kapitel<ROM> (verify_pending). Namensvariante EU-MaschVO-* (NICHT MaschinenVO). KEINE neue Klasse — norm_ids ist ein Attribut auf legal_basis (freeze-safe). - 65/65 legal_basis gejoint (CRA 40 + MaschVO 25), 0 unparsed; 64 Obligations citation_status -> norm_id_linked (BP/guidance-anchored bleiben ohne norm_id). - 53 annex_confirmed, 12 verify_pending; distinkt 5 Annex-IDs + 19 Art/Kapitel. - norm_id_manifest.json = KB-v2-Handoff (verify_pending Art-/Kapitel-IDs pruefen). - Granularitaet annex-grob (Part/Punkt = KB-Enhancement TBD); Artikel-norm_ids in KB-v2 noch zu verifizieren. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
+97
-29
@@ -23,7 +23,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (1)",
|
||||
"citation": "SBOM in gängigem maschinenlesbarem Format, mind. Top-Level-Abhängigkeiten"
|
||||
"citation": "SBOM in gängigem maschinenlesbarem Format, mind. Top-Level-Abhängigkeiten",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -128,7 +132,7 @@
|
||||
"member_count": 85,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -149,7 +153,12 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Art. 3(36) i.V.m. Annex I Part II (1)",
|
||||
"citation": "SBOM-Definition: formale Aufzeichnung enthaltener Komponenten und Abhängigkeiten"
|
||||
"citation": "SBOM-Definition: formale Aufzeichnung enthaltener Komponenten und Abhängigkeiten",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI",
|
||||
"EU-CRA-Art3"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -188,7 +197,7 @@
|
||||
"member_count": 24,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -209,7 +218,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (1)",
|
||||
"citation": "gängiges, maschinenlesbares Format"
|
||||
"citation": "gängiges, maschinenlesbares Format",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -248,7 +261,7 @@
|
||||
"member_count": 19,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -269,7 +282,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (1)",
|
||||
"citation": "SBOM während Support-Zeitraum führen"
|
||||
"citation": "SBOM während Support-Zeitraum führen",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -315,7 +332,7 @@
|
||||
"member_count": 31,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -476,7 +493,12 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Art. 31 / Annex I Part II (1)",
|
||||
"citation": "Vorlage der SBOM auf begründetes Verlangen der Marktüberwachungsbehörde"
|
||||
"citation": "Vorlage der SBOM auf begründetes Verlangen der Marktüberwachungsbehörde",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI",
|
||||
"EU-CRA-Art31"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -493,7 +515,7 @@
|
||||
"member_count": 8,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -514,7 +536,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Art. 31(4)",
|
||||
"citation": "Marktüberwachungsbehörden wahren Vertraulichkeit der erhaltenen Informationen"
|
||||
"citation": "Marktüberwachungsbehörden wahren Vertraulichkeit der erhaltenen Informationen",
|
||||
"norm_ids": [
|
||||
"EU-CRA-Art31"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -539,7 +565,7 @@
|
||||
"member_count": 10,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -600,7 +626,12 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Art. 31 i.V.m. Annex VII",
|
||||
"citation": "technische Dokumentation muss SBOM-relevante Nachweise enthalten"
|
||||
"citation": "technische Dokumentation muss SBOM-relevante Nachweise enthalten",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangVII",
|
||||
"EU-CRA-Art31"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -628,7 +659,7 @@
|
||||
"member_count": 13,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -649,7 +680,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (1)",
|
||||
"citation": "Komponenten identifizieren und dokumentieren, einschl. SBOM"
|
||||
"citation": "Komponenten identifizieren und dokumentieren, einschl. SBOM",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -717,7 +752,7 @@
|
||||
"member_count": 48,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -738,7 +773,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (1)",
|
||||
"citation": "Schwachstellen behandeln und beheben"
|
||||
"citation": "Schwachstellen behandeln und beheben",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -819,7 +858,7 @@
|
||||
"member_count": 61,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -840,7 +879,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (2) & (8)",
|
||||
"citation": "Schwachstellen unverzüglich beheben, kostenlose Sicherheitsupdates"
|
||||
"citation": "Schwachstellen unverzüglich beheben, kostenlose Sicherheitsupdates",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -965,7 +1008,7 @@
|
||||
"member_count": 110,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"merged_into": "provide_security_updates",
|
||||
"status": "deprecated_alias",
|
||||
@@ -989,7 +1032,12 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Article 13(8) & Annex VII",
|
||||
"citation": "Schwachstellenbehandlungsprozesse einrichten und in technischer Doku belegen"
|
||||
"citation": "Schwachstellenbehandlungsprozesse einrichten und in technischer Doku belegen",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangVII",
|
||||
"EU-CRA-Art13"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1114,7 +1162,7 @@
|
||||
"member_count": 105,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -1135,7 +1183,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (5)",
|
||||
"citation": "Coordinated Vulnerability Disclosure Policy einrichten"
|
||||
"citation": "Coordinated Vulnerability Disclosure Policy einrichten",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1233,7 +1285,7 @@
|
||||
"member_count": 78,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -1254,7 +1306,12 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Article 14 & Article 16",
|
||||
"citation": "Meldepflicht aktiv ausgenutzter Schwachstellen über Single Reporting Platform"
|
||||
"citation": "Meldepflicht aktiv ausgenutzter Schwachstellen über Single Reporting Platform",
|
||||
"norm_ids": [
|
||||
"EU-CRA-Art14",
|
||||
"EU-CRA-Art16"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -1294,7 +1351,7 @@
|
||||
"member_count": 31,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
},
|
||||
{
|
||||
@@ -1315,7 +1372,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I Part II (4) & (6)",
|
||||
"citation": "Informationen über behobene Schwachstellen teilen und offenlegen"
|
||||
"citation": "Informationen über behobene Schwachstellen teilen und offenlegen",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1335,7 +1396,7 @@
|
||||
"member_count": 5,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft"
|
||||
}
|
||||
],
|
||||
@@ -1581,5 +1642,12 @@
|
||||
"produces_evidence_for",
|
||||
"implements",
|
||||
"derived_from"
|
||||
]
|
||||
],
|
||||
"norm_id_contract": {
|
||||
"convention": "EU-<ACT>-Anhang<ROM> (Annex-Ebene) / EU-<ACT>-Art<N> (verify) — KB-v2 bp_compliance_kb_2026_1_build",
|
||||
"act_naming": "EU-MaschVO-* (NICHT MaschinenVO)",
|
||||
"granularity": "annex-grob — 'Annex I Part II (1)' -> EU-CRA-AnhangI; Part/Punkt = KB-Enhancement TBD",
|
||||
"article_status": "EU-<ACT>-Art<N> in KB-v2 noch zu verifizieren; Annex-IDs confirmed",
|
||||
"source": "Board Compliance/KB-v2 2026-07-01"
|
||||
}
|
||||
}
|
||||
@@ -26,7 +26,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I (2)(d)",
|
||||
"citation": "protect... by ensuring protection from unauthorised access, including by reporting... appropriate control mechanisms incl. authentication, identity or access management"
|
||||
"citation": "protect... by ensuring protection from unauthorised access, including by reporting... appropriate control mechanisms incl. authentication, identity or access management",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1391,7 +1395,7 @@
|
||||
"member_count": 1339,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.95,
|
||||
@@ -4682,7 +4686,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I (2)(e)",
|
||||
"citation": "protect the confidentiality... through state-of-the-art mechanisms incl. encryption"
|
||||
"citation": "protect the confidentiality... through state-of-the-art mechanisms incl. encryption",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -5277,7 +5285,7 @@
|
||||
"member_count": 533,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.85,
|
||||
@@ -5650,7 +5658,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I (2)(e)",
|
||||
"citation": "protect the confidentiality of stored, transmitted or otherwise processed data"
|
||||
"citation": "protect the confidentiality of stored, transmitted or otherwise processed data",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -5994,7 +6006,7 @@
|
||||
"member_count": 315,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.85,
|
||||
@@ -6326,7 +6338,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I (2)(a)",
|
||||
"citation": "be made available with a secure by default configuration"
|
||||
"citation": "be made available with a secure by default configuration",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -6347,7 +6363,7 @@
|
||||
"member_count": 9,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.8,
|
||||
@@ -8408,7 +8424,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I (2)(e)",
|
||||
"citation": "protect the confidentiality of... transmitted... data... incl. encryption in transit"
|
||||
"citation": "protect the confidentiality of... transmitted... data... incl. encryption in transit",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -8485,7 +8505,7 @@
|
||||
"member_count": 57,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.8,
|
||||
@@ -10214,7 +10234,11 @@
|
||||
"source": "CRA",
|
||||
"regulation_code": "eu_2024_2847",
|
||||
"anchor": "Annex I (2)(c)",
|
||||
"citation": "ensure that vulnerabilities can be addressed through security updates... ensuring integrity"
|
||||
"citation": "ensure that vulnerabilities can be addressed through security updates... ensuring integrity",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -10273,7 +10297,7 @@
|
||||
"member_count": 37,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.78,
|
||||
@@ -10458,5 +10482,12 @@
|
||||
],
|
||||
"from_obligations": 54,
|
||||
"to_obligations": 29
|
||||
},
|
||||
"norm_id_contract": {
|
||||
"convention": "EU-<ACT>-Anhang<ROM> (Annex-Ebene) / EU-<ACT>-Art<N> (verify) — KB-v2 bp_compliance_kb_2026_1_build",
|
||||
"act_naming": "EU-MaschVO-* (NICHT MaschinenVO)",
|
||||
"granularity": "annex-grob — 'Annex I Part II (1)' -> EU-CRA-AnhangI; Part/Punkt = KB-Enhancement TBD",
|
||||
"article_status": "EU-<ACT>-Art<N> in KB-v2 noch zu verifizieren; Annex-IDs confirmed",
|
||||
"source": "Board Compliance/KB-v2 2026-07-01"
|
||||
}
|
||||
}
|
||||
@@ -23,7 +23,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I Part I (2)(j)",
|
||||
"citation": "limit attack surfaces, including external interfaces"
|
||||
"citation": "limit attack surfaces, including external interfaces",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -38,7 +42,7 @@
|
||||
"component_remote_interface_security"
|
||||
],
|
||||
"primary_implementation": "NIST CM-7",
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "core_from_5b"
|
||||
},
|
||||
{
|
||||
@@ -56,7 +60,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I Part I (2)(f)",
|
||||
"citation": "protect the integrity of stored, transmitted or processed data, software and configuration"
|
||||
"citation": "protect the integrity of stored, transmitted or processed data, software and configuration",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -74,9 +82,16 @@
|
||||
"code_signing"
|
||||
],
|
||||
"primary_implementation": "NIST SI-7",
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "core_from_5b"
|
||||
}
|
||||
],
|
||||
"relationships": []
|
||||
"relationships": [],
|
||||
"norm_id_contract": {
|
||||
"convention": "EU-<ACT>-Anhang<ROM> (Annex-Ebene) / EU-<ACT>-Art<N> (verify) — KB-v2 bp_compliance_kb_2026_1_build",
|
||||
"act_naming": "EU-MaschVO-* (NICHT MaschinenVO)",
|
||||
"granularity": "annex-grob — 'Annex I Part II (1)' -> EU-CRA-AnhangI; Part/Punkt = KB-Enhancement TBD",
|
||||
"article_status": "EU-<ACT>-Art<N> in KB-v2 noch zu verifizieren; Annex-IDs confirmed",
|
||||
"source": "Board Compliance/KB-v2 2026-07-01"
|
||||
}
|
||||
}
|
||||
@@ -44,7 +44,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I Part I (2)(k)",
|
||||
"citation": "monitor relevant internal activity, including the access to or modification of data, services or functions, where applicable, through recording and monitoring"
|
||||
"citation": "monitor relevant internal activity, including the access to or modification of data, services or functions, where applicable, through recording and monitoring",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1038,7 +1042,7 @@
|
||||
"member_count": 961,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.95,
|
||||
@@ -1066,7 +1070,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I Part I (2)(k)",
|
||||
"citation": "recording and monitoring access to or modification of data, services or functions"
|
||||
"citation": "recording and monitoring access to or modification of data, services or functions",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1601,7 +1609,7 @@
|
||||
"member_count": 505,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.92,
|
||||
@@ -1629,7 +1637,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I Part I (2)(k)",
|
||||
"citation": "monitor relevant internal activity including access to or modification of functions"
|
||||
"citation": "monitor relevant internal activity including access to or modification of functions",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1878,7 +1890,7 @@
|
||||
"member_count": 226,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.9,
|
||||
@@ -1906,7 +1918,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I Part I (2)(k)",
|
||||
"citation": "recording and monitoring ... in a secure manner"
|
||||
"citation": "recording and monitoring ... in a secure manner",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -2442,7 +2458,7 @@
|
||||
"member_count": 505,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.93,
|
||||
@@ -2470,7 +2486,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I Part I (2)(k)",
|
||||
"citation": "in a secure manner"
|
||||
"citation": "in a secure manner",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -2550,7 +2570,7 @@
|
||||
"member_count": 59,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.88,
|
||||
@@ -2942,7 +2962,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I Part I (2)(k)",
|
||||
"citation": "monitor relevant internal activity"
|
||||
"citation": "monitor relevant internal activity",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -3251,7 +3275,7 @@
|
||||
"member_count": 283,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.9,
|
||||
@@ -4737,5 +4761,12 @@
|
||||
],
|
||||
"note": "M8/M5/M81 KI-/FRT- bzw. domaenenspezifische Trainings-/PIN-/Biometrie-Protokollierung (AI Act/sektorale Regulierung); M58/M59/M71/M56/M63 reine DSGVO-/datenschutzrechtliche bzw. nationale Verwaltungs-Protokollierungspflichten, nicht CRA Annex I (2)(k)"
|
||||
}
|
||||
]
|
||||
],
|
||||
"norm_id_contract": {
|
||||
"convention": "EU-<ACT>-Anhang<ROM> (Annex-Ebene) / EU-<ACT>-Art<N> (verify) — KB-v2 bp_compliance_kb_2026_1_build",
|
||||
"act_naming": "EU-MaschVO-* (NICHT MaschinenVO)",
|
||||
"granularity": "annex-grob — 'Annex I Part II (1)' -> EU-CRA-AnhangI; Part/Punkt = KB-Enhancement TBD",
|
||||
"article_status": "EU-<ACT>-Art<N> in KB-v2 noch zu verifizieren; Annex-IDs confirmed",
|
||||
"source": "Board Compliance/KB-v2 2026-07-01"
|
||||
}
|
||||
}
|
||||
+165
-51
@@ -48,7 +48,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III Nr. 1 (Allgemeine Grundsätze)",
|
||||
"citation": "Der Hersteller einer Maschine hat eine Risikobeurteilung durchzuführen, um die für die Maschine geltenden Sicherheits- und Gesundheitsschutzanforderungen zu ermitteln."
|
||||
"citation": "Der Hersteller einer Maschine hat eine Risikobeurteilung durchzuführen, um die für die Maschine geltenden Sicherheits- und Gesundheitsschutzanforderungen zu ermitteln.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -560,7 +564,7 @@
|
||||
"member_count": 480,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.95,
|
||||
@@ -588,7 +592,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang IV (Technische Unterlagen)",
|
||||
"citation": "Die technischen Unterlagen müssen die Risikobeurteilung mit den Ergebnissen enthalten."
|
||||
"citation": "Die technischen Unterlagen müssen die Risikobeurteilung mit den Ergebnissen enthalten.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIV"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -882,7 +890,7 @@
|
||||
"member_count": 278,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.9,
|
||||
@@ -1268,7 +1276,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III Nr. 1.1.2 (Grundsätze für die Integration der Sicherheit)",
|
||||
"citation": "Verbleibende Restrisiken sind in der Betriebsanleitung anzugeben."
|
||||
"citation": "Verbleibende Restrisiken sind in der Betriebsanleitung anzugeben.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -1439,7 +1451,7 @@
|
||||
"member_count": 158,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.9,
|
||||
@@ -1467,7 +1479,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III Nr. 1.4 (Anforderungen an Schutzeinrichtungen)",
|
||||
"citation": "Bewegliche Teile der Maschine sind so zu gestalten und zu bauen, dass jegliches Unfallrisiko durch Kontakt verhütet wird; trennende oder nichttrennende Schutzeinrichtungen sind vorzusehen."
|
||||
"citation": "Bewegliche Teile der Maschine sind so zu gestalten und zu bauen, dass jegliches Unfallrisiko durch Kontakt verhütet wird; trennende oder nichttrennende Schutzeinrichtungen sind vorzusehen.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -2024,7 +2040,7 @@
|
||||
"member_count": 530,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.9,
|
||||
@@ -2052,7 +2068,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III Nr. 1.2.4 (Stillsetzen, Not-Halt)",
|
||||
"citation": "Jede Maschine muss mit einer oder mehreren Notvorrichtungen ausgerüstet sein, mit denen sich drohende oder eintretende Gefahren abwenden lassen."
|
||||
"citation": "Jede Maschine muss mit einer oder mehreren Notvorrichtungen ausgerüstet sein, mit denen sich drohende oder eintretende Gefahren abwenden lassen.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -2101,7 +2121,7 @@
|
||||
"member_count": 32,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.88,
|
||||
@@ -2129,7 +2149,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III Nr. 1.2.1 (Sicherheit und Zuverlässigkeit von Steuerungen)",
|
||||
"citation": "Steuerungen sind so zu gestalten, dass sie sicher und zuverlässig sind und Gefährdungssituationen verhindern."
|
||||
"citation": "Steuerungen sind so zu gestalten, dass sie sicher und zuverlässig sind und Gefährdungssituationen verhindern.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -2367,7 +2391,7 @@
|
||||
"member_count": 214,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.85,
|
||||
@@ -2395,7 +2419,12 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang I (Liste der Sicherheitsbauteile), Art. 5",
|
||||
"citation": "Sicherheitsbauteile gemäß Anhang I unterliegen den Anforderungen der Verordnung und der Konformitätsbewertung."
|
||||
"citation": "Sicherheitsbauteile gemäß Anhang I unterliegen den Anforderungen der Verordnung und der Konformitätsbewertung.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangI",
|
||||
"EU-MaschVO-Art5"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -2454,7 +2483,7 @@
|
||||
"member_count": 43,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.85,
|
||||
@@ -2482,7 +2511,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III Nr. 1.7.4 (Betriebsanleitung)",
|
||||
"citation": "Jeder Maschine muss eine Betriebsanleitung in der/den Amtssprache(n) des Mitgliedstaats beiliegen, in dem die Maschine in Verkehr gebracht wird."
|
||||
"citation": "Jeder Maschine muss eine Betriebsanleitung in der/den Amtssprache(n) des Mitgliedstaats beiliegen, in dem die Maschine in Verkehr gebracht wird.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -2828,7 +2861,7 @@
|
||||
"member_count": 325,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.92,
|
||||
@@ -2856,7 +2889,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III Nr. 1.3.7/1.7.4",
|
||||
"citation": "Gefährdungen durch Blockierung beweglicher Teile sind zu berücksichtigen und Maßnahmen zur sicheren Beseitigung in der Betriebsanleitung anzugeben."
|
||||
"citation": "Gefährdungen durch Blockierung beweglicher Teile sind zu berücksichtigen und Maßnahmen zur sicheren Beseitigung in der Betriebsanleitung anzugeben.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -3204,7 +3241,7 @@
|
||||
"member_count": 334,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.8,
|
||||
@@ -3232,7 +3269,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Art. 25 (Konformitätsbewertungsverfahren)",
|
||||
"citation": "Vor dem Inverkehrbringen führt der Hersteller das anwendbare Konformitätsbewertungsverfahren durch."
|
||||
"citation": "Vor dem Inverkehrbringen führt der Hersteller das anwendbare Konformitätsbewertungsverfahren durch.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-Art25"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -3422,7 +3463,7 @@
|
||||
"member_count": 172,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.88,
|
||||
@@ -3450,7 +3491,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang IV (Technische Unterlagen)",
|
||||
"citation": "Die technischen Unterlagen müssen die Konstruktions-, Herstellungs- und Funktionsbeschreibung sowie die Risikobeurteilung enthalten."
|
||||
"citation": "Die technischen Unterlagen müssen die Konstruktions-, Herstellungs- und Funktionsbeschreibung sowie die Risikobeurteilung enthalten.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIV"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -3523,7 +3568,7 @@
|
||||
"member_count": 57,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.85,
|
||||
@@ -3551,7 +3596,12 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Art. 21, Art. 22 (EU-Konformitätserklärung, CE-Kennzeichnung)",
|
||||
"citation": "Der Hersteller stellt eine EU-Konformitätserklärung aus und bringt die CE-Kennzeichnung an."
|
||||
"citation": "Der Hersteller stellt eine EU-Konformitätserklärung aus und bringt die CE-Kennzeichnung an.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-Art21",
|
||||
"EU-MaschVO-Art22"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -3624,7 +3674,7 @@
|
||||
"member_count": 57,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.85,
|
||||
@@ -3652,7 +3702,12 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Art. 10, Art. 11 (Pflichten der Hersteller)",
|
||||
"citation": "Die Hersteller gewährleisten, dass ihre Maschinen gemäß den grundlegenden Sicherheits- und Gesundheitsschutzanforderungen konstruiert und hergestellt wurden."
|
||||
"citation": "Die Hersteller gewährleisten, dass ihre Maschinen gemäß den grundlegenden Sicherheits- und Gesundheitsschutzanforderungen konstruiert und hergestellt wurden.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-Art10",
|
||||
"EU-MaschVO-Art11"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -3723,7 +3778,7 @@
|
||||
"member_count": 55,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.85,
|
||||
@@ -3751,7 +3806,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III (Grundlegende Sicherheits- und Gesundheitsschutzanforderungen)",
|
||||
"citation": "Maschinen müssen die in Anhang III aufgeführten grundlegenden Sicherheits- und Gesundheitsschutzanforderungen erfüllen."
|
||||
"citation": "Maschinen müssen die in Anhang III aufgeführten grundlegenden Sicherheits- und Gesundheitsschutzanforderungen erfüllen.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -3943,7 +4002,7 @@
|
||||
"member_count": 171,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.85,
|
||||
@@ -4029,7 +4088,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Kapitel IV (Notifizierung von Konformitätsbewertungsstellen)",
|
||||
"citation": "Notifizierte Stellen müssen die Anforderungen an Unabhängigkeit, Kompetenz und Unparteilichkeit erfüllen."
|
||||
"citation": "Notifizierte Stellen müssen die Anforderungen an Unabhängigkeit, Kompetenz und Unparteilichkeit erfüllen.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-KapitelIV"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -4052,7 +4115,7 @@
|
||||
"member_count": 11,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.8,
|
||||
@@ -4080,7 +4143,12 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Kapitel V/VI (Marktüberwachung, Schutzklauselverfahren)",
|
||||
"citation": "Mitgliedstaaten ergreifen geeignete Maßnahmen gegen Maschinen, die ein Risiko darstellen; die Kommission koordiniert Schutzmaßnahmen."
|
||||
"citation": "Mitgliedstaaten ergreifen geeignete Maßnahmen gegen Maschinen, die ein Risiko darstellen; die Kommission koordiniert Schutzmaßnahmen.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-KapitelV",
|
||||
"EU-MaschVO-KapitelVI"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -4125,7 +4193,7 @@
|
||||
"member_count": 30,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.8,
|
||||
@@ -4153,7 +4221,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Art. 50 (Sanktionen)",
|
||||
"citation": "Die Mitgliedstaaten legen Vorschriften über Sanktionen für Verstöße gegen diese Verordnung fest."
|
||||
"citation": "Die Mitgliedstaaten legen Vorschriften über Sanktionen für Verstöße gegen diese Verordnung fest.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-Art50"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -4185,7 +4257,7 @@
|
||||
"member_count": 19,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.85,
|
||||
@@ -4213,7 +4285,13 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Art. 1, Art. 53, Art. 54 (Anwendungsbereich, Übergangsbestimmungen, Geltungsbeginn)",
|
||||
"citation": "Diese Verordnung gilt ab dem festgelegten Datum unmittelbar in allen Mitgliedstaaten; Übergangsbestimmungen regeln die Anwendbarkeit."
|
||||
"citation": "Diese Verordnung gilt ab dem festgelegten Datum unmittelbar in allen Mitgliedstaaten; Übergangsbestimmungen regeln die Anwendbarkeit.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-Art1",
|
||||
"EU-MaschVO-Art53",
|
||||
"EU-MaschVO-Art54"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -4316,7 +4394,7 @@
|
||||
"member_count": 85,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.85,
|
||||
@@ -4344,7 +4422,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Art. 18 (wesentliche Veränderung)",
|
||||
"citation": "Wer eine wesentliche Veränderung an einer Maschine vornimmt, gilt als Hersteller und muss die Anforderungen erfüllen."
|
||||
"citation": "Wer eine wesentliche Veränderung an einer Maschine vornimmt, gilt als Hersteller und muss die Anforderungen erfüllen.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-Art18"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -4417,7 +4499,7 @@
|
||||
"member_count": 60,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.8,
|
||||
@@ -4445,7 +4527,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III Nr. 1.1.9 (Schutz gegen Korrumpierung)",
|
||||
"citation": "Die Maschine ist so zu konstruieren, dass die Verbindung mit anderen Geräten nicht zu einer gefährlichen Situation führt; Hard- und Software, die für sicherheitsrelevante Funktionen kritisch sind, sind gegen unbeabsichtigte oder vorsätzliche Korrumpierung zu schützen."
|
||||
"citation": "Die Maschine ist so zu konstruieren, dass die Verbindung mit anderen Geräten nicht zu einer gefährlichen Situation führt; Hard- und Software, die für sicherheitsrelevante Funktionen kritisch sind, sind gegen unbeabsichtigte oder vorsätzliche Korrumpierung zu schützen.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -4562,7 +4648,7 @@
|
||||
"member_count": 86,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.9,
|
||||
@@ -4590,7 +4676,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III Nr. 1.1.9, Nr. 1.2.1",
|
||||
"citation": "Sicherheitsrelevante Hard- und Software ist gegen unbeabsichtigte oder vorsätzliche Korrumpierung zu schützen; eine Korrumpierung darf nicht zu gefährlichen Situationen führen."
|
||||
"citation": "Sicherheitsrelevante Hard- und Software ist gegen unbeabsichtigte oder vorsätzliche Korrumpierung zu schützen; eine Korrumpierung darf nicht zu gefährlichen Situationen führen.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -4659,7 +4749,7 @@
|
||||
"member_count": 46,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.8,
|
||||
@@ -4687,7 +4777,12 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang I Teil A, Anhang III Nr. 1.2.1",
|
||||
"citation": "Maschinen mit sich vollständig oder teilweise selbst entwickelndem Verhalten durch maschinelles Lernen gelten als Hochrisikomaschinen und unterliegen besonderen Anforderungen."
|
||||
"citation": "Maschinen mit sich vollständig oder teilweise selbst entwickelndem Verhalten durch maschinelles Lernen gelten als Hochrisikomaschinen und unterliegen besonderen Anforderungen.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangI",
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -4798,7 +4893,7 @@
|
||||
"member_count": 96,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.8,
|
||||
@@ -4826,7 +4921,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III Nr. 3 (Mobile Maschinen) / Nr. 6",
|
||||
"citation": "Mobile Maschinen sind so zu konstruieren, dass Risiken im Gefahrenbereich und bei Fernsteuerung beherrscht werden."
|
||||
"citation": "Mobile Maschinen sind so zu konstruieren, dass Risiken im Gefahrenbereich und bei Fernsteuerung beherrscht werden.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -4866,7 +4965,7 @@
|
||||
"member_count": 23,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.78,
|
||||
@@ -4894,7 +4993,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III Nr. 2-6 (besondere Maschinenkategorien)",
|
||||
"citation": "Für bestimmte Maschinenkategorien gelten zusätzliche grundlegende Sicherheitsanforderungen."
|
||||
"citation": "Für bestimmte Maschinenkategorien gelten zusätzliche grundlegende Sicherheitsanforderungen.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -5026,7 +5129,7 @@
|
||||
"member_count": 111,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.75,
|
||||
@@ -5054,7 +5157,11 @@
|
||||
{
|
||||
"source": "MaschVO",
|
||||
"anchor": "Anhang III Nr. 1.5.8/1.5.9, Nr. 1.7.4.2",
|
||||
"citation": "Die Betriebsanleitung muss Angaben zu Luftschallemissionen und Vibrationen enthalten."
|
||||
"citation": "Die Betriebsanleitung muss Angaben zu Luftschallemissionen und Vibrationen enthalten.",
|
||||
"norm_ids": [
|
||||
"EU-MaschVO-AnhangIII"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -5089,7 +5196,7 @@
|
||||
"member_count": 22,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.8,
|
||||
@@ -5552,5 +5659,12 @@
|
||||
],
|
||||
"note": "Common-Criteria-/TOE-/SFR-Evaluierung, BCM, Banking, Smart-Meter-Gateway, DNS und allgemeine ISMS-/OT-Cybersecurity-Themen ohne direkten MaschVO-Bezug; nur teilweise IN-Scope-Anteile bereits in access_control_safety_functions abgebildet"
|
||||
}
|
||||
]
|
||||
],
|
||||
"norm_id_contract": {
|
||||
"convention": "EU-<ACT>-Anhang<ROM> (Annex-Ebene) / EU-<ACT>-Art<N> (verify) — KB-v2 bp_compliance_kb_2026_1_build",
|
||||
"act_naming": "EU-MaschVO-* (NICHT MaschinenVO)",
|
||||
"granularity": "annex-grob — 'Annex I Part II (1)' -> EU-CRA-AnhangI; Part/Punkt = KB-Enhancement TBD",
|
||||
"article_status": "EU-<ACT>-Art<N> in KB-v2 noch zu verifizieren; Annex-IDs confirmed",
|
||||
"source": "Board Compliance/KB-v2 2026-07-01"
|
||||
}
|
||||
}
|
||||
+125
-36
@@ -11,7 +11,12 @@
|
||||
"name": "SBOM-Erstellungsprozess",
|
||||
"description": "Erzeugen einer vollstaendigen, maschinenlesbaren Software Bill of Materials fuer ein Produkt mit digitalen Elementen.",
|
||||
"source_role": "procedural_requirement",
|
||||
"fulfills_obligations": ["sbom_creation", "sbom_dependency_coverage", "sbom_format_standard", "sbom_tooling_automation"],
|
||||
"fulfills_obligations": [
|
||||
"sbom_creation",
|
||||
"sbom_dependency_coverage",
|
||||
"sbom_format_standard",
|
||||
"sbom_tooling_automation"
|
||||
],
|
||||
"steps": [
|
||||
"Komponenten und (direkte + transitive) Abhaengigkeiten inventarisieren",
|
||||
"SBOM automatisiert in der Build-/Toolchain generieren",
|
||||
@@ -24,15 +29,22 @@
|
||||
"Format ist maschinenlesbar und standardkonform (CycloneDX/SPDX)",
|
||||
"direkte und transitive Abhaengigkeiten enthalten"
|
||||
],
|
||||
"evidence": ["sbom.cyclonedx.json", "Format-Validierungs-Log", "Build-/Toolchain-Konfiguration"],
|
||||
"citation_spans": [], "citation_status": "pending_span_anchor"
|
||||
"evidence": [
|
||||
"sbom.cyclonedx.json",
|
||||
"Format-Validierungs-Log",
|
||||
"Build-/Toolchain-Konfiguration"
|
||||
],
|
||||
"citation_spans": [],
|
||||
"citation_status": "pending_span_anchor"
|
||||
},
|
||||
{
|
||||
"procedure_id": "sbom_update_process",
|
||||
"name": "SBOM-Aktualisierungsprozess",
|
||||
"description": "Halten der SBOM aktuell ueber den Produktlebenszyklus bei Komponenten-, Versions- und Patch-Aenderungen.",
|
||||
"source_role": "procedural_requirement",
|
||||
"fulfills_obligations": ["sbom_maintenance_update"],
|
||||
"fulfills_obligations": [
|
||||
"sbom_maintenance_update"
|
||||
],
|
||||
"steps": [
|
||||
"Komponentenaenderung erkennen (Dependency-/Patch-/Versionsaenderung)",
|
||||
"SBOM neu generieren",
|
||||
@@ -45,15 +57,24 @@
|
||||
"SBOM-Version passt zum Release",
|
||||
"Supplier-Komponenten enthalten"
|
||||
],
|
||||
"evidence": ["sbom.json", "CI-Log", "Release-Artefakt", "Supplier-SBOM"],
|
||||
"citation_spans": [], "citation_status": "pending_span_anchor"
|
||||
"evidence": [
|
||||
"sbom.json",
|
||||
"CI-Log",
|
||||
"Release-Artefakt",
|
||||
"Supplier-SBOM"
|
||||
],
|
||||
"citation_spans": [],
|
||||
"citation_status": "pending_span_anchor"
|
||||
},
|
||||
{
|
||||
"procedure_id": "sbom_supplier_integration_process",
|
||||
"name": "Lieferanten-SBOM-Integration",
|
||||
"description": "Beschaffen und Einarbeiten von Lieferanten-/Drittkomponenten-SBOMs in die Produkt-SBOM.",
|
||||
"source_role": "procedural_requirement",
|
||||
"fulfills_obligations": ["sbom_supply_chain_contracts", "sbom_dependency_coverage"],
|
||||
"fulfills_obligations": [
|
||||
"sbom_supply_chain_contracts",
|
||||
"sbom_dependency_coverage"
|
||||
],
|
||||
"steps": [
|
||||
"SBOM-Anforderung in Lieferantenvertraege aufnehmen",
|
||||
"Lieferanten-SBOMs einsammeln",
|
||||
@@ -65,15 +86,24 @@
|
||||
"Lieferanten-SBOMs eingegangen",
|
||||
"Drittkomponenten in der SBOM gelistet"
|
||||
],
|
||||
"evidence": ["Lieferantenvertrag-Klausel", "eingegangene Supplier-SBOMs", "gemergte SBOM"],
|
||||
"citation_spans": [], "citation_status": "pending_span_anchor"
|
||||
"evidence": [
|
||||
"Lieferantenvertrag-Klausel",
|
||||
"eingegangene Supplier-SBOMs",
|
||||
"gemergte SBOM"
|
||||
],
|
||||
"citation_spans": [],
|
||||
"citation_status": "pending_span_anchor"
|
||||
},
|
||||
{
|
||||
"procedure_id": "sbom_provision_process",
|
||||
"name": "SBOM-Bereitstellungsprozess",
|
||||
"description": "Zugaenglichmachen der SBOM fuer berechtigte Parteien (Nutzer, Behoerde) unter Wahrung der Vertraulichkeit.",
|
||||
"source_role": "procedural_requirement",
|
||||
"fulfills_obligations": ["sbom_access_provision", "sbom_authority_provision", "sbom_confidentiality"],
|
||||
"fulfills_obligations": [
|
||||
"sbom_access_provision",
|
||||
"sbom_authority_provision",
|
||||
"sbom_confidentiality"
|
||||
],
|
||||
"steps": [
|
||||
"Zugangskanal definieren (Portal/API/dokumentierter Pfad)",
|
||||
"Nutzer ueber den Zugangsweg informieren",
|
||||
@@ -85,15 +115,23 @@
|
||||
"Zugriffskontrolle/Vertraulichkeit umgesetzt",
|
||||
"Behoerden-Bereitstellungsprozess definiert"
|
||||
],
|
||||
"evidence": ["Zugangskanal-Dokumentation", "Behoerden-Anfrage-Log", "Zugriffskontroll-Konfiguration"],
|
||||
"citation_spans": [], "citation_status": "pending_span_anchor"
|
||||
"evidence": [
|
||||
"Zugangskanal-Dokumentation",
|
||||
"Behoerden-Anfrage-Log",
|
||||
"Zugriffskontroll-Konfiguration"
|
||||
],
|
||||
"citation_spans": [],
|
||||
"citation_status": "pending_span_anchor"
|
||||
},
|
||||
{
|
||||
"procedure_id": "sbom_conformity_documentation_process",
|
||||
"name": "SBOM in technischer Dokumentation/Konformitaet",
|
||||
"description": "Aufnehmen der SBOM in die technische Dokumentation und Verifizieren der Vollstaendigkeit fuer die Konformitaetsbewertung.",
|
||||
"source_role": "procedural_requirement",
|
||||
"fulfills_obligations": ["sbom_technical_documentation", "sbom_completeness_verification"],
|
||||
"fulfills_obligations": [
|
||||
"sbom_technical_documentation",
|
||||
"sbom_completeness_verification"
|
||||
],
|
||||
"steps": [
|
||||
"SBOM in die technische Dokumentation aufnehmen",
|
||||
"Vollstaendigkeit gegen die real eingesetzte Softwarekomposition pruefen",
|
||||
@@ -104,16 +142,22 @@
|
||||
"Vollstaendigkeit verifiziert",
|
||||
"Konformitaetsnachweis vorhanden"
|
||||
],
|
||||
"evidence": ["technische Dokumentation", "Vollstaendigkeits-Pruefbericht", "Konformitaetsnachweis"],
|
||||
"citation_spans": [], "citation_status": "pending_span_anchor"
|
||||
"evidence": [
|
||||
"technische Dokumentation",
|
||||
"Vollstaendigkeits-Pruefbericht",
|
||||
"Konformitaetsnachweis"
|
||||
],
|
||||
"citation_spans": [],
|
||||
"citation_status": "pending_span_anchor"
|
||||
},
|
||||
|
||||
{
|
||||
"procedure_id": "vuln_handling_process_setup",
|
||||
"name": "Schwachstellenbehandlungsprozess einrichten",
|
||||
"description": "Dokumentierten Prozess und Meldekanal (CVD) fuer die Schwachstellenbehandlung etablieren.",
|
||||
"source_role": "procedural_requirement",
|
||||
"fulfills_obligations": ["vuln_handling_process"],
|
||||
"fulfills_obligations": [
|
||||
"vuln_handling_process"
|
||||
],
|
||||
"steps": [
|
||||
"dokumentierten Schwachstellenbehandlungsprozess definieren",
|
||||
"Coordinated-Vulnerability-Disclosure-Richtlinie und Meldekanal veroeffentlichen",
|
||||
@@ -124,15 +168,22 @@
|
||||
"Meldekanal/Kontaktstelle auffindbar (z.B. security.txt)",
|
||||
"Triage-Verfahren vorhanden"
|
||||
],
|
||||
"evidence": ["Prozessdokument", "security.txt / Kontaktstelle", "Triage-Log"],
|
||||
"citation_spans": [], "citation_status": "pending_span_anchor"
|
||||
"evidence": [
|
||||
"Prozessdokument",
|
||||
"security.txt / Kontaktstelle",
|
||||
"Triage-Log"
|
||||
],
|
||||
"citation_spans": [],
|
||||
"citation_status": "pending_span_anchor"
|
||||
},
|
||||
{
|
||||
"procedure_id": "vuln_identification_process",
|
||||
"name": "Schwachstellen-Identifikation",
|
||||
"description": "Bekannte Schwachstellen in eingesetzten Komponenten erkennen und inventarisieren.",
|
||||
"source_role": "procedural_requirement",
|
||||
"fulfills_obligations": ["vuln_identification_inventory"],
|
||||
"fulfills_obligations": [
|
||||
"vuln_identification_inventory"
|
||||
],
|
||||
"steps": [
|
||||
"Advisories/CVE-Feeds beobachten",
|
||||
"gegen die SBOM-Komponenten abgleichen",
|
||||
@@ -143,15 +194,21 @@
|
||||
"SBOM-zu-CVE-Abgleich durchgefuehrt",
|
||||
"Schwachstellen-Inventar gepflegt"
|
||||
],
|
||||
"evidence": ["CVE-Abgleich-Report", "Schwachstellen-Register"],
|
||||
"citation_spans": [], "citation_status": "pending_span_anchor"
|
||||
"evidence": [
|
||||
"CVE-Abgleich-Report",
|
||||
"Schwachstellen-Register"
|
||||
],
|
||||
"citation_spans": [],
|
||||
"citation_status": "pending_span_anchor"
|
||||
},
|
||||
{
|
||||
"procedure_id": "vuln_assessment_process",
|
||||
"name": "Schwachstellen-Bewertung/Priorisierung",
|
||||
"description": "Identifizierte Schwachstellen nach Schweregrad, Ausnutzbarkeit und Exposition bewerten und priorisieren.",
|
||||
"source_role": "procedural_requirement",
|
||||
"fulfills_obligations": ["vuln_assessment_prioritization"],
|
||||
"fulfills_obligations": [
|
||||
"vuln_assessment_prioritization"
|
||||
],
|
||||
"steps": [
|
||||
"Schweregrad bewerten (z.B. CVSS)",
|
||||
"Ausnutzbarkeit/Exposition einschaetzen",
|
||||
@@ -161,15 +218,21 @@
|
||||
"Schweregrad standardisiert bewertet",
|
||||
"risikobasierte Priorisierung vorhanden"
|
||||
],
|
||||
"evidence": ["Bewertungsdatensatz (CVSS)", "Prioritaetenliste"],
|
||||
"citation_spans": [], "citation_status": "pending_span_anchor"
|
||||
"evidence": [
|
||||
"Bewertungsdatensatz (CVSS)",
|
||||
"Prioritaetenliste"
|
||||
],
|
||||
"citation_spans": [],
|
||||
"citation_status": "pending_span_anchor"
|
||||
},
|
||||
{
|
||||
"procedure_id": "vuln_remediation_process",
|
||||
"name": "Schwachstellen-Behebung",
|
||||
"description": "Bekannte Schwachstellen fristgerecht durch Patches/Gegenmassnahmen beheben und Sicherheitsupdates bereitstellen.",
|
||||
"source_role": "procedural_requirement",
|
||||
"fulfills_obligations": ["vuln_remediation_patching"],
|
||||
"fulfills_obligations": [
|
||||
"vuln_remediation_patching"
|
||||
],
|
||||
"steps": [
|
||||
"Fix/Gegenmassnahme entwickeln",
|
||||
"testen",
|
||||
@@ -181,15 +244,23 @@
|
||||
"Sicherheitsupdate bereitgestellt",
|
||||
"Follow-up bis Closure"
|
||||
],
|
||||
"evidence": ["Patch/Release", "Behebungs-Zeitleiste", "Follow-up-Log"],
|
||||
"citation_spans": [], "citation_status": "pending_span_anchor"
|
||||
"evidence": [
|
||||
"Patch/Release",
|
||||
"Behebungs-Zeitleiste",
|
||||
"Follow-up-Log"
|
||||
],
|
||||
"citation_spans": [],
|
||||
"citation_status": "pending_span_anchor"
|
||||
},
|
||||
{
|
||||
"procedure_id": "vuln_disclosure_process",
|
||||
"name": "Offenlegung + Nutzerinformation",
|
||||
"description": "Koordinierte Offenlegung behobener Schwachstellen und Information der Nutzer ueber Schutzmassnahmen.",
|
||||
"source_role": "procedural_requirement",
|
||||
"fulfills_obligations": ["coordinated_vulnerability_disclosure", "vuln_info_dissemination_users"],
|
||||
"fulfills_obligations": [
|
||||
"coordinated_vulnerability_disclosure",
|
||||
"vuln_info_dissemination_users"
|
||||
],
|
||||
"steps": [
|
||||
"Offenlegungszeitpunkt koordinieren",
|
||||
"Security Advisory / CVE-Eintrag veroeffentlichen",
|
||||
@@ -199,15 +270,22 @@
|
||||
"Advisory veroeffentlicht",
|
||||
"Nutzer informiert"
|
||||
],
|
||||
"evidence": ["Security Advisory", "CVE-Eintrag", "Nutzer-Benachrichtigung"],
|
||||
"citation_spans": [], "citation_status": "pending_span_anchor"
|
||||
"evidence": [
|
||||
"Security Advisory",
|
||||
"CVE-Eintrag",
|
||||
"Nutzer-Benachrichtigung"
|
||||
],
|
||||
"citation_spans": [],
|
||||
"citation_status": "pending_span_anchor"
|
||||
},
|
||||
{
|
||||
"procedure_id": "vuln_authority_reporting_process",
|
||||
"name": "Behoerdenmeldung aktiv ausgenutzter Schwachstellen",
|
||||
"description": "Aktiv ausgenutzte Schwachstellen fristgerecht an CSIRT/ENISA melden (CRA Art. 14-Kaskade).",
|
||||
"source_role": "procedural_requirement",
|
||||
"fulfills_obligations": ["exploited_vuln_reporting_authorities"],
|
||||
"fulfills_obligations": [
|
||||
"exploited_vuln_reporting_authorities"
|
||||
],
|
||||
"applicability_note": "bedingt: nur bei aktiv ausgenutzter Schwachstelle",
|
||||
"steps": [
|
||||
"aktive Ausnutzung erkennen",
|
||||
@@ -220,8 +298,19 @@
|
||||
"72h-Meldung erfolgt",
|
||||
"14d-Abschlussbericht erfolgt"
|
||||
],
|
||||
"evidence": ["CSIRT/ENISA-Meldungsbelege", "Zeitstempel der Kaskade"],
|
||||
"citation_spans": [], "citation_status": "pending_span_anchor"
|
||||
"evidence": [
|
||||
"CSIRT/ENISA-Meldungsbelege",
|
||||
"Zeitstempel der Kaskade"
|
||||
],
|
||||
"citation_spans": [],
|
||||
"citation_status": "pending_span_anchor"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"norm_id_contract": {
|
||||
"convention": "EU-<ACT>-Anhang<ROM> (Annex-Ebene) / EU-<ACT>-Art<N> (verify) — KB-v2 bp_compliance_kb_2026_1_build",
|
||||
"act_naming": "EU-MaschVO-* (NICHT MaschinenVO)",
|
||||
"granularity": "annex-grob — 'Annex I Part II (1)' -> EU-CRA-AnhangI; Part/Punkt = KB-Enhancement TBD",
|
||||
"article_status": "EU-<ACT>-Art<N> in KB-v2 noch zu verifizieren; Annex-IDs confirmed",
|
||||
"source": "Board Compliance/KB-v2 2026-07-01"
|
||||
}
|
||||
}
|
||||
@@ -46,7 +46,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I (1)(2)(d)",
|
||||
"citation": "Schutz vor unbefugtem Zugriff durch geeignete Kontrollmechanismen (Authentifizierung, Identitaets- und Zugriffsmanagement)"
|
||||
"citation": "Schutz vor unbefugtem Zugriff durch geeignete Kontrollmechanismen (Authentifizierung, Identitaets- und Zugriffsmanagement)",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -342,7 +346,7 @@
|
||||
"member_count": 277,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.92,
|
||||
@@ -370,7 +374,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I (1)(2)(b)(c)",
|
||||
"citation": "Schutz der Vertraulichkeit und Integritaet von Daten und Befehlen"
|
||||
"citation": "Schutz der Vertraulichkeit und Integritaet von Daten und Befehlen",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -656,7 +664,7 @@
|
||||
"member_count": 274,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.9,
|
||||
@@ -917,7 +925,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I (1)(2)(g)",
|
||||
"citation": "Aufzeichnung und Ueberwachung relevanter interner Aktivitaeten (Logging)"
|
||||
"citation": "Aufzeichnung und Ueberwachung relevanter interner Aktivitaeten (Logging)",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -959,7 +971,7 @@
|
||||
"member_count": 22,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.9,
|
||||
@@ -1145,7 +1157,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I (1)(2)(a)",
|
||||
"citation": "Bereitstellung ohne bekannte ausnutzbare Schwachstellen / minimierte Angriffsflaeche"
|
||||
"citation": "Bereitstellung ohne bekannte ausnutzbare Schwachstellen / minimierte Angriffsflaeche",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -1178,7 +1194,7 @@
|
||||
"member_count": 19,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.83,
|
||||
@@ -1210,7 +1226,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I (2)(1)",
|
||||
"citation": "Behandlung und Behebung von Schwachstellen, Sicherheitsupdates"
|
||||
"citation": "Behandlung und Behebung von Schwachstellen, Sicherheitsupdates",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1247,7 +1267,7 @@
|
||||
"member_count": 17,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.82,
|
||||
@@ -1662,5 +1682,12 @@
|
||||
],
|
||||
"note": "Physische Maschinen-Fernsteuerung/Ergonomie/Gefahrenzonen-Sicherheit (MaschinenVO 2023/1230), keine Cybersecurity-Fernwartung"
|
||||
}
|
||||
]
|
||||
],
|
||||
"norm_id_contract": {
|
||||
"convention": "EU-<ACT>-Anhang<ROM> (Annex-Ebene) / EU-<ACT>-Art<N> (verify) — KB-v2 bp_compliance_kb_2026_1_build",
|
||||
"act_naming": "EU-MaschVO-* (NICHT MaschinenVO)",
|
||||
"granularity": "annex-grob — 'Annex I Part II (1)' -> EU-CRA-AnhangI; Part/Punkt = KB-Enhancement TBD",
|
||||
"article_status": "EU-<ACT>-Art<N> in KB-v2 noch zu verifizieren; Annex-IDs confirmed",
|
||||
"source": "Board Compliance/KB-v2 2026-07-01"
|
||||
}
|
||||
}
|
||||
@@ -52,12 +52,20 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I (2)(c)",
|
||||
"citation": "Schwachstellen durch Sicherheitsupdates ohne Verzug behandeln, einschliesslich automatischer Updates und Benachrichtigung."
|
||||
"citation": "Schwachstellen durch Sicherheitsupdates ohne Verzug behandeln, einschliesslich automatischer Updates und Benachrichtigung.",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
},
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Art. 13",
|
||||
"citation": "Pflicht zur Bereitstellung von Sicherheitsupdates waehrend des Support-Zeitraums."
|
||||
"citation": "Pflicht zur Bereitstellung von Sicherheitsupdates waehrend des Support-Zeitraums.",
|
||||
"norm_ids": [
|
||||
"EU-CRA-Art13"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -661,7 +669,7 @@
|
||||
"member_count": 578,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.95,
|
||||
@@ -689,7 +697,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Art. 13(8)",
|
||||
"citation": "Bestimmung des Support-Zeitraums entsprechend der erwarteten Nutzungsdauer."
|
||||
"citation": "Bestimmung des Support-Zeitraums entsprechend der erwarteten Nutzungsdauer.",
|
||||
"norm_ids": [
|
||||
"EU-CRA-Art13"
|
||||
],
|
||||
"norm_id_status": "verify_pending"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -1275,7 +1287,7 @@
|
||||
"member_count": 574,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.85,
|
||||
@@ -1303,7 +1315,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I (1)(3)(f)",
|
||||
"citation": "Schutz der Integritaet von Daten, Befehlen und Konfigurationen vor Manipulation."
|
||||
"citation": "Schutz der Integritaet von Daten, Befehlen und Konfigurationen vor Manipulation.",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1382,7 +1398,7 @@
|
||||
"member_count": 58,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.9,
|
||||
@@ -1415,7 +1431,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I (1)(3)(d)",
|
||||
"citation": "Schutz vor unbefugtem Zugriff durch geeignete Kontrollmechanismen."
|
||||
"citation": "Schutz vor unbefugtem Zugriff durch geeignete Kontrollmechanismen.",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [
|
||||
@@ -1476,7 +1496,7 @@
|
||||
"member_count": 42,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.85,
|
||||
@@ -1642,7 +1662,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I (2)(c)",
|
||||
"citation": "Sicherheitsupdates werden, soweit moeglich, automatisch installiert mit Opt-out-Moeglichkeit des Nutzers."
|
||||
"citation": "Sicherheitsupdates werden, soweit moeglich, automatisch installiert mit Opt-out-Moeglichkeit des Nutzers.",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -1661,7 +1685,7 @@
|
||||
"member_count": 6,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.9,
|
||||
@@ -1690,7 +1714,11 @@
|
||||
{
|
||||
"source": "CRA",
|
||||
"anchor": "Annex I (1)(2)",
|
||||
"citation": "Cybersicherheits-Risikobeurteilung als Grundlage fuer Schwachstellenbehandlung."
|
||||
"citation": "Cybersicherheits-Risikobeurteilung als Grundlage fuer Schwachstellenbehandlung.",
|
||||
"norm_ids": [
|
||||
"EU-CRA-AnhangI"
|
||||
],
|
||||
"norm_id_status": "annex_confirmed"
|
||||
}
|
||||
],
|
||||
"guidance_basis": [],
|
||||
@@ -1704,7 +1732,7 @@
|
||||
"member_count": 2,
|
||||
"relationships": [],
|
||||
"citation_anchor_ids": [],
|
||||
"citation_status": "pending_span_anchor",
|
||||
"citation_status": "norm_id_linked",
|
||||
"review_status": "draft",
|
||||
"provenance": {
|
||||
"discovery_confidence": 0.8,
|
||||
@@ -1816,5 +1844,12 @@
|
||||
],
|
||||
"note": "M4 (digitale Veraenderungen allgemein) und M7 (TLS-Proxy-Kanalverwaltung) betreffen Konfigurations-/Netzwerkmanagement, nicht die Update-/Patch-Pflicht im engeren Sinne."
|
||||
}
|
||||
]
|
||||
],
|
||||
"norm_id_contract": {
|
||||
"convention": "EU-<ACT>-Anhang<ROM> (Annex-Ebene) / EU-<ACT>-Art<N> (verify) — KB-v2 bp_compliance_kb_2026_1_build",
|
||||
"act_naming": "EU-MaschVO-* (NICHT MaschinenVO)",
|
||||
"granularity": "annex-grob — 'Annex I Part II (1)' -> EU-CRA-AnhangI; Part/Punkt = KB-Enhancement TBD",
|
||||
"article_status": "EU-<ACT>-Art<N> in KB-v2 noch zu verifizieren; Annex-IDs confirmed",
|
||||
"source": "Board Compliance/KB-v2 2026-07-01"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,36 @@
|
||||
{
|
||||
"contract": "norm_id logical citation join (Domäne 2 legal_basis -> KB-v2 units)",
|
||||
"convention": "EU-<ACT>-Anhang<ROM> (annex, confirmed) / EU-<ACT>-Art<N> + EU-<ACT>-Kapitel<ROM> (verify_pending)",
|
||||
"act_naming": "EU-MaschVO-* (NICHT MaschinenVO)",
|
||||
"granularity": "annex-grob",
|
||||
"source": "KB-v2 bp_compliance_kb_2026_1_build (Board Compliance/KB-v2 2026-07-01)",
|
||||
"annex_confirmed": {
|
||||
"EU-CRA-AnhangI": 34,
|
||||
"EU-CRA-AnhangVII": 2,
|
||||
"EU-MaschVO-AnhangI": 2,
|
||||
"EU-MaschVO-AnhangIII": 14,
|
||||
"EU-MaschVO-AnhangIV": 2
|
||||
},
|
||||
"verify_pending_KBv2": {
|
||||
"EU-CRA-Art13": 3,
|
||||
"EU-CRA-Art14": 1,
|
||||
"EU-CRA-Art16": 1,
|
||||
"EU-CRA-Art3": 1,
|
||||
"EU-CRA-Art31": 3,
|
||||
"EU-MaschVO-Art1": 1,
|
||||
"EU-MaschVO-Art10": 1,
|
||||
"EU-MaschVO-Art11": 1,
|
||||
"EU-MaschVO-Art18": 1,
|
||||
"EU-MaschVO-Art21": 1,
|
||||
"EU-MaschVO-Art22": 1,
|
||||
"EU-MaschVO-Art25": 1,
|
||||
"EU-MaschVO-Art5": 1,
|
||||
"EU-MaschVO-Art50": 1,
|
||||
"EU-MaschVO-Art53": 1,
|
||||
"EU-MaschVO-Art54": 1,
|
||||
"EU-MaschVO-KapitelIV": 1,
|
||||
"EU-MaschVO-KapitelV": 1,
|
||||
"EU-MaschVO-KapitelVI": 1
|
||||
},
|
||||
"note": "KB-v2 bitte prüfen ob die verify_pending Artikel-/Kapitel-norm_ids als Units gemintet sind; Annex-IDs gelten als confirmed."
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
"""Zitierfähigkeits-Join (Wake-up #2): logischer norm_id-Join auf legal_basis.
|
||||
|
||||
KB-v2-Konvention (Board 2026-07-01, Compliance/KB-v2): `EU-<ACT>-Anhang<ROM>` (Annex-Ebene, grob) ·
|
||||
`EU-<ACT>-Art<N>` (Artikel, in KB-v2 noch zu verifizieren) · Kapitel = TBD-Konvention.
|
||||
Namensvariante: `EU-MaschVO-*` (NICHT MaschinenVO). Kein char-Span nötig — logischer Join auf norm_id.
|
||||
Fügt `norm_ids` (Liste) je legal_basis + `norm_id_status` hinzu; setzt obligation.citation_status
|
||||
auf `norm_id_linked` (annex-grob). KEINE neue Klasse (Attribut). Freeze-safe.
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import glob
|
||||
import json
|
||||
import re
|
||||
|
||||
ACT = {"CRA": "CRA", "MaschVO": "MaschVO", "MaschinenVO": "MaschVO"}
|
||||
FILES = sorted(glob.glob("obligations/cra*.json"))
|
||||
|
||||
|
||||
def derive(source: str, anchor: str) -> tuple[list[str], str]:
|
||||
act = ACT.get(source, source)
|
||||
ids: list[str] = []
|
||||
for rom in re.findall(r"An(?:hang|nex)\s+([IVX]+)", anchor, re.I):
|
||||
ids.append(f"EU-{act}-Anhang{rom.upper()}")
|
||||
articles = re.findall(r"\bArt(?:icle|\.)?\s*(\d+)", anchor)
|
||||
chapters = re.findall(r"Kapitel\s+([IVX/]+)", anchor, re.I)
|
||||
verify: list[str] = []
|
||||
for n in articles:
|
||||
verify.append(f"EU-{act}-Art{n}")
|
||||
for grp in chapters:
|
||||
for rom in grp.split("/"):
|
||||
rom = rom.strip()
|
||||
if rom:
|
||||
verify.append(f"EU-{act}-Kapitel{rom.upper()}")
|
||||
# dedup, Annexe zuerst (confirmed), dann verify
|
||||
seen: set[str] = set()
|
||||
ordered = [x for x in ids + verify if not (x in seen or seen.add(x))]
|
||||
status = "annex_confirmed" if ids else ("verify_pending" if verify else "unparsed")
|
||||
return ordered, status
|
||||
|
||||
|
||||
def main() -> None:
|
||||
total_lb = linked = unparsed = 0
|
||||
obl_linked = 0
|
||||
for f in FILES:
|
||||
d = json.load(open(f, encoding="utf-8"))
|
||||
d.setdefault("norm_id_contract", {
|
||||
"convention": "EU-<ACT>-Anhang<ROM> (Annex-Ebene) / EU-<ACT>-Art<N> (verify) — KB-v2 bp_compliance_kb_2026_1_build",
|
||||
"act_naming": "EU-MaschVO-* (NICHT MaschinenVO)",
|
||||
"granularity": "annex-grob — 'Annex I Part II (1)' -> EU-CRA-AnhangI; Part/Punkt = KB-Enhancement TBD",
|
||||
"article_status": "EU-<ACT>-Art<N> in KB-v2 noch zu verifizieren; Annex-IDs confirmed",
|
||||
"source": "Board Compliance/KB-v2 2026-07-01",
|
||||
})
|
||||
for o in d.get("obligations", []):
|
||||
got = False
|
||||
for b in o.get("legal_basis", []):
|
||||
total_lb += 1
|
||||
nids, st = derive(b.get("source", ""), b.get("anchor", ""))
|
||||
b["norm_ids"] = nids
|
||||
b["norm_id_status"] = st
|
||||
if nids:
|
||||
linked += 1
|
||||
got = True
|
||||
if st == "unparsed":
|
||||
unparsed += 1
|
||||
print(f" UNPARSED: {b.get('source')} \"{b.get('anchor')}\"")
|
||||
if got:
|
||||
o["citation_status"] = "norm_id_linked"
|
||||
obl_linked += 1
|
||||
json.dump(d, open(f, "w", encoding="utf-8"), ensure_ascii=False, indent=1)
|
||||
print(f"legal_basis gesamt {total_lb} | mit norm_ids {linked} | unparsed {unparsed}")
|
||||
print(f"Obligations citation_status -> norm_id_linked: {obl_linked}")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user