Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0cce8a20119a6793ebac25f34aa3f447bc3124cb
breakpilot-core/control-pipeline/tests/demo_cases.yaml
Benjamin Admin e8ec50e0fc feat(control-pipeline): 24 demo test cases for applicability engine 
YAML-based test package with 4 categories (6 each):
- Standard sector cases (Telko, SaaS, Energie, Automotive, Health, Law)
- Scope-beats-sector (Bank+Battery, KI-Recruiting, White-Label, Payments)
- False friends (Stripe!=PSD2, Hotline!=TKG, Repo-signals!=regulation)
- Escalation (IoT-SIM, FinTech unclear, Treuhand, KI-Diagnose)

Enforces 5 acceptance rules: no false certainty, scope>sector,
repo signals insufficient, standard first, 40%+ negative tests.

Scoring framework: must_include + must_not_include + reasoning + escalation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-23 17:42:38 +02:00

726 lines
23 KiB
YAML
Raw Blame History

# ============================================================================
# BreakPilot Compliance — Demo Test Cases
# ============================================================================
#
# 24 Use Cases in 4 Kategorien:
# A. Standard (6) — Branchen-Default korrekt?
# B. Scope schlaegt Branche (6) — Sonderfaelle additiv?
# C. Falsche Freunde / Negativ (6) — Keine Falschzuweisung?
# D. Eskalation (6) — Unsicherheit erkannt?
#
# Jeder Case erzwingt 5 Outputs:
# 1. applicable_industries
# 2. scope_triggers
# 3. excluded_by_default
# 4. reasoning_summary
# 5. confidence + escalation
#
# Akzeptanzregeln:
# R1: Keine harte Falschsicherheit bei unklarem Sachverhalt
# R2: Scope schlaegt Branchen-Default (additiv)
# R3: Repo-Signale allein reichen nicht fuer harte Regulierung
# R4: Standardfall zuerst, Sonderfall additiv
# R5: Mindestens 40% Negativtests
#
# Scoring pro Case:
# must_include_match: 0..1
# must_not_include_match: 0..1
# reasoning_correct: 0..1
# escalation_correct: 0..1
# total_score: 0..4
# ============================================================================
# ============================================================================
# A. STANDARD-BRANCHENFAELLE (6)
# ============================================================================
- id: DEMO-APP-005
title: "Telekommunikationsanbieter"
category: standard
goal: "TKG/Telko-Pflichten im Standardfall"
company_profile:
sector: "Telekommunikation"
size: "medium"
country: "DE"
facts:
- "Erbringt Kommunikationsdienste"
- "Bietet Mobilfunkvertraege"
scope_answers:
provides_telecom_service: true
is_kritis_operator: true
expected:
applicable_industries: ["Telekommunikation"]
scope_triggers: ["provides_telecom_service", "is_kritis_operator"]
applicable_controls_should_include:
- "TKG"
- "TTDSG"
- "NIS2"
- "DSGVO"
applicable_controls_should_not_include:
- "PSD2"
- "Batterieverordnung"
- "MDR"
excluded_by_default: ["PSD2", "Batterieverordnung", "MDR"]
reasoning_summary: "Telko-Anbieter ist KRITIS-Betreiber, TKG und TTDSG direkt anwendbar."
confidence: 0.95
escalation_expected: false
- id: DEMO-APP-009
title: "Reines SaaS-Unternehmen"
category: standard
goal: "Batterie-/Produktregulierung darf nicht anspringen"
company_profile:
sector: "Technologie/IT"
size: "small"
country: "DE"
facts:
- "Nur Browser-Anwendung"
- "Keine Hardware"
scope_answers:
distributes_physical_products: false
contains_battery: false
uses_ai: false
expected:
applicable_industries: ["Technologie/IT"]
scope_triggers: []
applicable_controls_should_include:
- "DSGVO"
- "OWASP"
applicable_controls_should_not_include:
- "Batterieverordnung"
- "Maschinenverordnung"
- "MDR"
- "TKG"
- "PSD2"
excluded_by_default: ["Batterieverordnung", "Maschinenverordnung", "MDR", "TKG", "PSD2"]
reasoning_summary: "Reines SaaS ohne Hardware, ohne KI, ohne Finanzfunktion."
confidence: 0.95
escalation_expected: false
- id: DEMO-STD-003
title: "Mittelstaendischer Energieversorger (Stadtwerk)"
category: standard
goal: "KRITIS + NIS2 korrekt zugewiesen"
company_profile:
sector: "Energie"
size: "medium"
country: "DE"
facts:
- "Stadtwerk mit 200 Mitarbeitern"
- "Strom- und Gasversorgung"
- "Leitwarte mit Kameraueberwachung"
scope_answers:
is_kritis_operator: true
employee_monitoring: true
expected:
applicable_industries: ["Energie"]
scope_triggers: ["is_kritis_operator", "employee_monitoring"]
applicable_controls_should_include:
- "NIS2"
- "KRITIS"
- "BSI Grundschutz"
- "DSGVO"
- "BDSG"
applicable_controls_should_not_include:
- "PSD2"
- "AI Act"
- "MDR"
excluded_by_default: ["PSD2", "AI Act", "MDR", "TKG"]
reasoning_summary: "Stadtwerk ist KRITIS-Betreiber im Energiesektor, NIS2 ab medium."
confidence: 0.95
escalation_expected: false
- id: DEMO-STD-004
title: "Automobilzulieferer mit Prototypen"
category: standard
goal: "TISAX-Readiness korrekt vorbereitet"
company_profile:
sector: "Automobil"
size: "large"
country: "DE"
facts:
- "500 Mitarbeiter"
- "Prototypenfertigung fuer OEMs"
- "Internationale Lieferkette"
scope_answers:
handles_prototypes: true
supply_chain_automotive: true
third_country_transfer: true
expected:
applicable_industries: ["Automobil"]
scope_triggers: ["handles_prototypes", "supply_chain_automotive", "third_country_transfer"]
applicable_controls_should_include:
- "ISO 27001"
- "Prototypenschutz"
- "NIS2"
- "DSGVO"
- "CE"
applicable_controls_should_not_include:
- "PSD2"
- "TKG"
- "MDR"
excluded_by_default: ["PSD2", "TKG", "MDR"]
reasoning_summary: "Automobilzulieferer braucht TISAX-Readiness (ISO 27001 Basis), Prototypenschutz."
confidence: 0.90
escalation_expected: false
- id: DEMO-STD-005
title: "Gesundheits-App mit KI (DiGA)"
category: standard
goal: "KI + Gesundheitsdaten + MDR korrekt"
company_profile:
sector: "Gesundheitswesen"
size: "small"
country: "DE"
facts:
- "KI-basierte Gesundheits-App"
- "Verarbeitet Gesundheitsdaten"
- "Automatisierte Empfehlungen"
scope_answers:
uses_ai: true
processes_health_data: true
automated_decisions: true
expected:
applicable_industries: ["Gesundheitswesen"]
scope_triggers: ["uses_ai", "processes_health_data", "automated_decisions"]
applicable_controls_should_include:
- "DSGVO Art. 9"
- "DSGVO Art. 22"
- "DSGVO Art. 35"
- "AI Act"
- "MDR"
- "BSI TR-03161"
applicable_controls_should_not_include:
- "PSD2"
- "TKG"
- "Batterieverordnung"
excluded_by_default: ["PSD2", "TKG", "Batterieverordnung"]
reasoning_summary: "Gesundheits-App mit KI trifft DSGVO Art. 9/22/35, AI Act Hochrisiko, MDR."
confidence: 0.90
escalation_expected: false
- id: DEMO-STD-006
title: "Rechtsanwaltskanzlei mit KI und US-Cloud"
category: standard
goal: "Berufsrecht + KI + Drittland korrekt"
company_profile:
sector: "Recht/Kanzlei"
size: "small"
country: "DE"
facts:
- "30 Anwaelte"
- "KI fuer Dokumentenanalyse"
- "US-Cloud-Dienste"
scope_answers:
uses_ai: true
third_country_transfer: true
handles_legal_privilege: true
expected:
applicable_industries: ["Recht/Kanzlei"]
scope_triggers: ["uses_ai", "third_country_transfer", "handles_legal_privilege"]
applicable_controls_should_include:
- "DSGVO"
- "DSGVO Art. 46 (SCC)"
- "AI Act"
- "BRAO"
applicable_controls_should_not_include:
- "NIS2"
- "PSD2"
- "TKG"
excluded_by_default: ["NIS2", "PSD2", "TKG", "MDR"]
reasoning_summary: "Kanzlei mit KI und US-Cloud braucht DSGVO+SCC, AI Act, Berufsrecht."
confidence: 0.90
escalation_expected: false
# ============================================================================
# B. SCOPE SCHLAEGT BRANCHE (6)
# ============================================================================
- id: DEMO-APP-003
title: "Bank vertreibt TAN-Generator mit Batterie"
category: scope_beats_sector
goal: "Batterie-Controls trotz Bankensektor additiv"
company_profile:
sector: "Finanzdienstleistungen"
size: "large"
country: "DE"
facts:
- "Bank gibt TAN-Generatoren an Kunden aus"
- "Geraet enthaelt Batterie"
- "Physisches Produkt wird in Verkehr gebracht"
scope_answers:
distributes_physical_products: true
contains_battery: true
financial_institution: true
expected:
applicable_industries: ["Finanzdienstleistungen"]
scope_triggers: ["distributes_physical_products", "contains_battery"]
applicable_controls_should_include:
- "bankenspezifische Controls"
- "batteriebezogene Controls"
applicable_controls_should_not_include:
- "TKG"
excluded_by_default: ["TKG", "Maschinenverordnung"]
reasoning_summary: "Bank bringt physisches Produkt mit Batterie in Verkehr — Batterieverordnung additiv."
confidence: 0.85
escalation_expected: false
- id: DEMO-APP-008
title: "Chemieunternehmen mit akkubetriebenen Messgeraeten"
category: scope_beats_sector
goal: "Batteriepflichten im naheliegenden Fall"
company_profile:
sector: "Chemie"
size: "medium"
country: "DE"
facts:
- "Vertreibt Messgeraete mit Akku"
scope_answers:
distributes_physical_products: true
contains_battery: true
expected:
applicable_industries: ["Chemie"]
scope_triggers: ["distributes_physical_products", "contains_battery"]
applicable_controls_should_include:
- "Batterieverordnung"
- "CE"
applicable_controls_should_not_include:
- "PSD2"
- "TKG"
excluded_by_default: ["PSD2", "TKG"]
reasoning_summary: "Chemieunternehmen bringt akkubetriebene Geraete in Verkehr."
confidence: 0.90
escalation_expected: false
- id: DEMO-APP-011
title: "KI im Recruiting"
category: scope_beats_sector
goal: "KI/HR/AGG Controls unabhaengig von Branche"
company_profile:
sector: "Beliebig"
size: "medium"
country: "DE"
facts:
- "KI priorisiert Bewerbungen"
- "Automatisierte Absagen werden vorbereitet"
scope_answers:
uses_ai: true
automated_decisions: true
expected:
applicable_industries: ["all"]
scope_triggers: ["uses_ai", "automated_decisions"]
applicable_controls_should_include:
- "DSGVO Art. 22"
- "AGG"
- "AI Act"
excluded_by_default: []
reasoning_summary: "KI im Recruiting loest DSGVO Art. 22, AGG-Diskriminierungsschutz und AI Act aus."
confidence: 0.70
escalation_expected: true
escalation_reason: "KI-basierte HR-Entscheidungen sind AI Act Hochrisiko — vertiefte Pruefung"
- id: DEMO-APP-013
title: "Schulmessenger mit KI-Uebersetzung"
category: scope_beats_sector
goal: "KI + Kinderdaten + Drittland erkennen"
company_profile:
sector: "Bildung"
size: "medium"
country: "DE"
facts:
- "Zwei-Wege-Kommunikation Schule-Eltern"
- "Nachrichten werden automatisch uebersetzt"
- "Personenbezogene Daten von Eltern und Kindern"
scope_answers:
processes_minors_data: true
uses_ai: true
third_country_transfer: true # Uebersetzungs-API
expected:
applicable_industries: ["Bildung"]
scope_triggers: ["processes_minors_data", "uses_ai", "third_country_transfer"]
applicable_controls_should_include:
- "DSGVO Art. 8"
- "AI Act"
- "DSGVO Art. 46 (SCC)"
applicable_controls_should_not_include:
- "TKG"
- "PSD2"
excluded_by_default: ["TKG", "PSD2"]
reasoning_summary: "Schulkommunikation mit KI-Uebersetzung und Kinderdaten loest DSGVO Art. 8 + AI Act + SCC aus."
confidence: 0.70
escalation_expected: true
escalation_reason: "KI-Drittland-/Modellgovernance-Review fuer Uebersetzungs-API"
- id: DEMO-APP-016
title: "White-Label-Hardwarevertrieb"
category: scope_beats_sector
goal: "Inverkehrbringen unter eigener Marke = Produktpflichten"
company_profile:
sector: "E-Commerce/Handel"
size: "small"
country: "DE"
facts:
- "Vertreibt Geraete unter eigener Marke"
- "Produktion durch Dritten"
- "Geraet enthaelt Akku"
scope_answers:
places_product_on_market_under_own_brand: true
contains_battery: true
distributes_physical_products: true
expected:
applicable_industries: ["E-Commerce/Handel"]
scope_triggers: ["places_product_on_market_under_own_brand", "contains_battery"]
applicable_controls_should_include:
- "Batterieverordnung"
- "CE"
- "Produkthaftung"
excluded_by_default: ["PSD2", "TKG"]
reasoning_summary: "White-Label = Inverkehrbringer unter eigener Marke, traegt Produktpflichten."
confidence: 0.90
escalation_expected: false
- id: DEMO-APP-002
title: "Industrieplattform mit eigener Zahlungsabwicklung"
category: scope_beats_sector
goal: "Echte Finanzregulierung bei Geschaeftsmodell-Wechsel"
company_profile:
sector: "Produktion/Industrie"
size: "medium"
country: "DE"
facts:
- "Betreibt B2B-Marktplatz"
- "Haelt Kundengelder kurzzeitig zwischen"
- "Leitet Zahlungen an Haendler weiter"
scope_answers:
operates_payment_service: true
holds_client_funds: true
marketplace_model: true
expected:
applicable_industries: ["Produktion/Industrie"]
scope_triggers: ["operates_payment_service", "holds_client_funds"]
applicable_controls_should_include:
- "PSD2"
- "AML/KYC"
excluded_by_default: []
reasoning_summary: "Industrieplattform mit eigenem Payment = regulatorische Zahlungsdienstpflicht."
confidence: 0.60
escalation_expected: true
escalation_reason: "Regulatorische Einordnung erfordert vertiefte Pruefung (Erlaubnispflicht)"
# ============================================================================
# C. FALSCHE FREUNDE / NEGATIVTESTS (6)
# ============================================================================
- id: DEMO-APP-001
title: "Industrieunternehmen mit Webshop und Stripe Checkout"
category: false_friends
goal: "Stripe darf nicht PSD2 ausloesen"
company_profile:
sector: "Produktion/Industrie"
size: "medium"
country: "DE"
business_model: "B2B-Hersteller mit ergaenzendem Webshop"
facts:
- "Verkauft Ersatzteile ueber Webshop"
- "Nutzt Stripe Checkout als externen Zahlungsdienstleister"
- "Speichert keine vollstaendigen Kartendaten selbst"
- "Keine Zahlungsabwicklung im eigenen Namen"
scope_answers:
operates_payment_service: false
stores_card_data: false
sells_physical_products: true
repo_signals:
- "stripe checkout"
expected:
applicable_industries: ["Produktion/Industrie"]
scope_triggers: []
applicable_controls_should_include:
- "DSGVO Datenschutzhinweise"
- "DSGVO Empfaenger-/Dienstleistertransparenz"
- "VVT"
applicable_controls_should_not_include:
- "PSD2"
- "AML"
- "Batterieverordnung"
- "TKG"
excluded_by_default: ["PSD2", "AML", "Batterieverordnung", "TKG"]
reasoning_summary: "Stripe ist externer Zahlungsdienstleister; Haendler wird nicht reguliertes Zahlungsinstitut."
confidence: 0.92
escalation_expected: false
- id: DEMO-APP-004
title: "Direktbank ohne physische Produkte"
category: false_friends
goal: "Keine Batteriepflichten nur wegen Bank"
company_profile:
sector: "Finanzdienstleistungen"
size: "large"
country: "DE"
facts:
- "Nur Mobile App und Webbanking"
- "Keine Token, keine TAN-Geraete, keine Hardware"
scope_answers:
distributes_physical_products: false
contains_battery: false
expected:
applicable_industries: ["Finanzdienstleistungen"]
scope_triggers: []
applicable_controls_should_include:
- "PSD2"
- "DSGVO"
- "BaFin"
applicable_controls_should_not_include:
- "Batterieverordnung"
- "Maschinenverordnung"
- "CE"
excluded_by_default: ["Batterieverordnung", "Maschinenverordnung", "CE"]
reasoning_summary: "Reine Digitalbank ohne physische Produkte — keine Produktregulierung."
confidence: 0.95
escalation_expected: false
- id: DEMO-APP-006
title: "Maschinenbauer mit Kundenhotline"
category: false_friends
goal: "Hotline darf nicht TKG triggern"
company_profile:
sector: "Produktion/Industrie"
size: "medium"
country: "DE"
facts:
- "Hat Support-Hotline fuer Kunden"
- "Erbringt keinen oeffentlichen Telekommunikationsdienst"
scope_answers:
provides_telecom_service: false
operates_customer_hotline: true
expected:
applicable_industries: ["Produktion/Industrie"]
scope_triggers: []
applicable_controls_should_not_include:
- "TKG"
- "TTDSG Telko-Kernpflichten"
excluded_by_default: ["TKG"]
reasoning_summary: "Kundenhotline ist kein oeffentlicher Telekommunikationsdienst."
confidence: 0.92
escalation_expected: false
- id: DEMO-APP-012
title: "Schule mit Einweg-Elternkommunikation"
category: false_friends
goal: "Einweg-Nachrichten sind kein Telko-Dienst"
company_profile:
sector: "Bildung"
size: "medium"
country: "DE"
facts:
- "Eltern erhalten Einweg-Nachrichten"
- "Keine offene Chat-Funktion"
scope_answers:
provides_telecom_service: false
processes_minors_data: true
expected:
applicable_industries: ["Bildung"]
scope_triggers: ["processes_minors_data"]
applicable_controls_should_include:
- "DSGVO"
- "DSGVO Art. 8"
applicable_controls_should_not_include:
- "TKG"
excluded_by_default: ["TKG", "PSD2"]
reasoning_summary: "Einweg-Elterninfo ist kein oeffentlicher Kommunikationsdienst."
confidence: 0.90
escalation_expected: false
- id: DEMO-APP-014
title: "Repo enthaelt Stripe SDK — nur SaaS-Billing"
category: false_friends
goal: "Repo-Signale duerfen Scope nicht uebersteuern"
company_profile:
sector: "Technologie/IT"
size: "small"
country: "DE"
facts:
- "Repo enthaelt stripe dependency"
- "Nur Billing fuer eigenes SaaS-Abo"
- "Keine Zahlungsabwicklung fuer Dritte"
repo_signals:
- "stripe"
scope_answers:
operates_payment_service: false
expected:
applicable_industries: ["Technologie/IT"]
scope_triggers: []
applicable_controls_should_not_include:
- "PSD2"
applicable_controls_should_include:
- "DSGVO"
- "Vendor-/Security-Controls"
excluded_by_default: ["PSD2"]
reasoning_summary: "Stripe SDK im Repo = SaaS-Billing, nicht eigene Zahlungsabwicklung."
confidence: 0.90
escalation_expected: false
- id: DEMO-APP-017
title: "Interne Nutzung batteriebetriebener Geraete"
category: false_friends
goal: "Keine Batterie-Inverkehrbringungspflichten"
company_profile:
sector: "Beliebig"
size: "medium"
country: "DE"
facts:
- "Mitarbeiter nutzen Laptops und Scanner"
- "Kein Vertrieb eigener Batterieprodukte"
scope_answers:
distributes_physical_products: false
places_battery_products_on_market: false
expected:
applicable_industries: ["all"]
scope_triggers: []
applicable_controls_should_not_include:
- "Batterieverordnung (Inverkehrbringen)"
excluded_by_default: ["Batterieverordnung"]
reasoning_summary: "Interne Nutzung von Geraeten mit Batterien loest keine Inverkehrbringungspflichten aus."
confidence: 0.95
escalation_expected: false
# ============================================================================
# D. ESKALATIONSFAELLE (6)
# ============================================================================
- id: DEMO-APP-007
title: "IoT-Hersteller mit vernetztem Geraet (SIM + Funkmodul)"
category: escalation
goal: "Abgrenzung Hardware vs. Kommunikationsdienst"
company_profile:
sector: "Produktion/Industrie"
size: "medium"
country: "DE"
facts:
- "Verkauft Geraet mit Funkmodul"
- "Geraet kommuniziert ueber Mobilfunk"
- "SIM-Konnektivitaet wird mitgeliefert"
scope_answers:
sells_connected_device: true
provides_embedded_connectivity: true
expected:
applicable_industries: ["Produktion/Industrie"]
scope_triggers: ["sells_connected_device", "provides_embedded_connectivity"]
applicable_controls_should_include:
- "CE"
- "Cyber Resilience Act"
- "Funkgeraeterichtlinie (RED)"
escalation_expected: true
escalation_reason: "Abgrenzung Hardwareprodukt vs. Kommunikationsdienst vertieft pruefen"
confidence: 0.55
- id: DEMO-APP-010
title: "Plattform mit Verkaeufer-Onboarding und Transaktionsmonitoring"
category: escalation
goal: "AML/KYC Relevanz differenziert"
company_profile:
sector: "Technologie/IT"
size: "medium"
country: "DE"
facts:
- "Onboardet externe Verkaeufer"
- "Prueft Identitaet gewerblicher Anbieter"
- "Ueberwacht verdaechtige Zahlungsstroeme"
scope_answers:
marketplace_model: true
performs_kyc: true
monitors_transactions: true
expected:
applicable_industries: ["Technologie/IT"]
scope_triggers: ["marketplace_model", "performs_kyc", "monitors_transactions"]
applicable_controls_should_include:
- "AML/KYC Review-Controls"
escalation_expected: true
escalation_reason: "Klaerung ob GwG-/aufsichtsrechtliche Pflichten oder nur Fraud-/Plattformkontrollen"
confidence: 0.50
- id: DEMO-APP-015
title: "Repo zeigt Wallet-/Custody-Funktionen"
category: escalation
goal: "Technische Signale deuten auf Regulierung"
company_profile:
sector: "Technologie/IT"
size: "small"
country: "DE"
facts:
- "Produktbeschreibung unvollstaendig"
repo_signals:
- "wallet_service"
- "custody"
- "kyc_provider"
- "transaction_monitoring"
scope_answers: {}
expected:
applicable_controls_should_include:
- "Finanz-/AML-nahe Review-Controls"
escalation_expected: true
escalation_reason: "Technische Signale deuten auf regulierungsnahe Funktion hin"
confidence: 0.35
- id: DEMO-APP-018
title: "Unklare FinTech-Beschreibung"
category: escalation
goal: "Unsicherheit explizit erkennen"
company_profile:
sector: "Technologie/IT"
size: "small"
country: "DE"
facts:
- "App verwaltet Geldfluesse zwischen Nutzern"
- "Details zur Vertragsrolle unklar"
scope_answers: {}
expected:
escalation_expected: true
escalation_reason: "Geschaeftsmodell fuer finale regulatorische Einordnung zu unbestimmt"
confidence: 0.30
pass_criteria:
- "Keine harte Falschaussage"
- "Gezielte Nachfragen oder LLM-Review"
- id: DEMO-ESC-005
title: "Unternehmen bietet Treuhandkonto fuer Immobilienkauf"
category: escalation
goal: "Finanzregulierung bei Treuhandmodell"
company_profile:
sector: "Immobilien"
size: "medium"
country: "DE"
facts:
- "Bietet Treuhandkonto fuer Immobilientransaktionen"
- "Haelt Kundengelder temporaer"
- "Nicht als Finanzinstitut lizenziert"
scope_answers:
holds_client_funds: true
expected:
escalation_expected: true
escalation_reason: "Treuhandmodell kann Erlaubnispflicht nach ZAG ausloesen — juristische Pruefung noetig"
confidence: 0.40
- id: DEMO-ESC-006
title: "Startup nutzt KI fuer medizinische Diagnoseunterstuetzung"
category: escalation
goal: "MDR + AI Act Hochrisiko Abgrenzung"
company_profile:
sector: "Gesundheitswesen"
size: "micro"
country: "DE"
facts:
- "KI gibt Diagnosevorschlaege"
- "Aerzte treffen finale Entscheidung"
- "Unklar ob Medizinprodukt"
scope_answers:
uses_ai: true
processes_health_data: true
provides_diagnostic_support: true
expected:
applicable_controls_should_include:
- "AI Act Hochrisiko"
- "DSGVO Art. 9"
escalation_expected: true
escalation_reason: "Abgrenzung KI-Diagnoseunterstuetzung vs. Medizinprodukt (MDR) vertieft pruefen"
confidence: 0.45
Reference in New Issue View Git Blame Copy Permalink