| Article | Requirement | ETHRAEON Control | Status |
|---|---|---|---|
| Art. 9 | Risk Management System | CDASA 6-dim scoring + mutation gate thresholds | MET |
| Art. 10 | Data Governance | DELTASUM canonical hashes, PROMOTION_ONLY policy | MET |
| Art. 11 | Technical Documentation | CONSTITUTION.md, MANIFEST.yaml, CDASA_MANIFEST.yaml | MET |
| Art. 12 | Record Keeping | Evidence Graph (EDG), DIRECTIVE_LEDGER, events.jsonl | MET |
| Art. 13 | Transparency | Trust snapshot, assurance.html, architecture diagram | MET |
| Art. 14 | Human Oversight | AC-1 authority hierarchy, CANON_MUTATION requires manual approval | MET |
| Art. 15 | Accuracy, Robustness, Cybersecurity | 27 SSA tests, sovereign mode, tamper detection, SBOM | MET |
| Art. 17 | Quality Management System | T5-RIGID governance, validate_canon_pack.js, full_estate_validate.sh | MET |
| Art. 52 | Transparency for AI interaction | All AI agents declared in AGENT.md, evidence-mandatory | MET |
| Art. 72 | Post-market monitoring | Nightly chron, monitoring dashboard, health.json | MET |
| Clause | Requirement | ETHRAEON Control | Status |
|---|---|---|---|
| 4.1 | Context of the Organization | CONSTITUTION.md defines organizational purpose and AI principles | MET |
| 5.1 | Leadership & Commitment | AC-1 authority, Founder's Law, immutable governance docs | MET |
| 5.2 | AI Policy | T5-RIGID policy, PROMOTION_ONLY, FAIL-CLOSED | MET |
| 6.1 | Risk Assessment | CDASA scoring dimensions: regulatory, ethical, IP, temporal, sovereign | MET |
| 7.2 | Competence | Authority level matrix (AC-1 through AC-4), CODEOWNERS | MET |
| 7.5 | Documented Information | 420+ evidence directives, SHA-256 receipts, DIRECTIVE_LEDGER | MET |
| 8.1 | Operational Planning & Control | Deployment scripts, CI pipelines, estate validation harness | MET |
| 8.4 | AI System Impact Assessment | CDASA mutation gate, canon threshold enforcement | MET |
| 9.1 | Monitoring & Measurement | status.html, health.json, metering pipeline, nightly chron | MET |
| 10.1 | Continual Improvement | Directive wave system, promotion-only expansion | MET |
| Function | Category | ETHRAEON Control | Status |
|---|---|---|---|
| GOVERN | 1.1 Legal & regulatory compliance | Entity tracker, compliance mapping, AI Act alignment | MET |
| GOVERN | 1.3 Organizational AI policies | CONSTITUTION.md, PROMOTION_ONLY, T5-RIGID | MET |
| MAP | 2.1 Context of use documented | CDASA_MANIFEST.yaml, system registry, architecture diagrams | MET |
| MAP | 2.3 Scientific integrity | Canonical hashes, evidence trails, peer-review ready artifacts | MET |
| MEASURE | 3.1 Appropriate metrics used | 6-dimension scoring, threshold constants, classification bands | MET |
| MEASURE | 3.3 Tracked, documented, auditable | EDG nodes, evidence directives, trust snapshots | MET |
| MANAGE | 4.1 Risk prioritized & managed | Mutation gate thresholds, canon candidate escalation | MET |
| MANAGE | 4.2 Actionable plans maintained | OPERATIONS_RUNBOOK.md, key rotation playbook, deploy scripts | MET |
| Criteria | Principle | ETHRAEON Control | Status |
|---|---|---|---|
| CC6.1 | Security | SECURITY.md, CODEOWNERS, branch protection, key rotation, sovereign mode | MET |
| CC7.2 | Availability | Health monitoring, status page, deploy bundle validation, CF Pages | MET |
| CC8.1 | Processing Integrity | DELTASUM hashes, canon pack validation, estate validation harness | MET |
| PI1.3 | Processing Integrity | CDASA mutation gate — no unscored data enters canon | MET |
| ETHRAEON System | Frameworks Addressed |
|---|---|
| CONSTITUTION.md | EU AI ActISO 42001NIST RMF |
| CDASA Scoring | EU AI ActISO 42001NIST RMF |
| DELTASUM Hashes | EU AI ActSOC 2 |
| Evidence Graph | EU AI ActISO 42001NIST RMFSOC 2 |
| Sovereign Mode | EU AI ActSOC 2 |
| Mutation Gate | ISO 42001NIST RMFSOC 2 |
| Key Rotation | SOC 2 |
| SBOM | EU AI ActSOC 2 |