[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHyyoPh8L4FJt5ILFjxfhO2nVSSe0R4WEJgf9rWIh328":3},{"sections":4,"resultAnalysis":1207,"id":1497,"version":1498,"newVersion":30,"label":1499,"isPinned":30,"isShared":50,"sharingToken":1500,"isRevision":30,"isBlockAnalysisShared":50,"nbReferences":721,"referenceId":9,"nbResponses":11,"parentId":9,"revisionDescription":9,"logoUrl":1501,"description":1502,"scheduleIntervalDays":9,"versionNumber":1503,"dateCreation":1504,"dateUpdate":1505,"dateArchived":9,"archived":30,"type":1506,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":1506,"creator":1507,"objectType":9,"defaultOwners":1515,"tags":1517,"privacyHubs":9,"nbQuestions":1527,"nbQuestionsRequired":11,"nbDatas":11,"deadLineDays":9},[5,16,255,447,653,823,1052],{"id":6,"slug":7,"label":8,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":13,"questions":14,"sections":15},"e4c636b6-0f6e-44ed-b1b4-f7c50bdae569","initial","Introduction",null,"Default",0,"SectionType_Default","\u003Cp>This assessment identifies the \u003Cstrong>regulatory applicability\u003C/strong>, \u003Cstrong>risk classification\u003C/strong>, and \u003Cstrong>compliance obligations\u003C/strong> arising from global AI frameworks, including:\u003C/p>\u003Cul>\u003Cli>\u003Cp>\u003Cstrong>EU AI Act\u003C/strong>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>ISO/IEC 42001 – AI Management System\u003C/strong>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>NIST AI RMF (USA)\u003C/strong>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>China Algorithmic Regulation & Generative AI Measures\u003C/strong>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>PIPL (China)\u003C/strong>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>CPRA ADMT (California)\u003C/strong>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>Colorado AI Act\u003C/strong>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>Brazil PL 2338/2023\u003C/strong>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>Singapore Model AI Governance Framework\u003C/strong>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>OECD AI Principles\u003C/strong>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>UNESCO AI Ethics Recommendation\u003C/strong>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>Canada voluntary AI Code\u003C/strong>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>Japan / Korea / India AI Guidelines\u003C/strong>\u003C/p>\u003C/li>\u003C/ul>\u003Cp>A single assessment maps your system to all relevant frameworks.\u003C/p>\u003Ch2>Disclaimer\u003C/h2>\u003Cp>This questionnaire is not legal advice. It serves as a structured assessment to assist organizations in determining regulatory applicability. Always validate with legal counsel.\u003C/p>\u003Ch2>\u003Cstrong>SECTIONS (45 QUESTIONS TOTAL)\u003C/strong>\u003C/h2>\u003Col>\u003Cli>\u003Cp>\u003Cstrong>System Identification & Context\u003C/strong> (8 questions)\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>Data, Privacy & Sensitive Information\u003C/strong> (8 questions)\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>Risk & Impact Drivers\u003C/strong> (10 questions)\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>Transparency, Human Oversight & User Interaction\u003C/strong> (7 questions)\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>AI Lifecycle, Governance & Risk Management Maturity\u003C/strong> (8 questions)\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>Geographic Footprint & Jurisdiction Triggers\u003C/strong> (4 questions)\u003C/p>\u003C/li>\u003C/ol>\u003Cp>Go to next section to start.\u003C/p>",[],[],{"id":17,"slug":18,"label":19,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":20,"questions":21,"sections":254},"73ebb82f-528a-43ed-be6b-71bc1641138c","section-1-system-identification-context","SECTION 1 — SYSTEM IDENTIFICATION & CONTEXT","\u003Cp>8 questions — Identifies system category, purpose, and initial regulatory exposure.\u003C/p>",[22,56,96,136,167,196,217,236],{"id":23,"slug":24,"label":25,"tooltipHtml":9,"descriptionHtml":26,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":31,"displayConditions":9,"answers":32,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"7115d0f5-b561-4c1e-a84c-83be0c84c7f7","62ffa843-339c-45b1-8f16-de7f5f77ed71","Q1 — Does the system use machine learning, statistical inference, or algorithmic decision-making?","\u003Cp>Under the EU AI Act (Art. 3), NIST AI RMF, and ISO 42001, AI includes any system using statistical, logical, symbolic, or machine learning techniques to generate outcomes influencing decisions.\u003C/p>","Radio",7,"Unique choice list",false,[],[33,46],{"id":34,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":37,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":38},"d92a58c8-e27f-406a-a749-06536f2ccd37","Yes",10,"Regulatory triggers: EU AI Act (AI definition), NIST AI RMF, ISO/IEC 42001, OECD Principles, Singapore AI Governance",[39],{"id":40,"label":41,"userId":9,"color":9,"description":42,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"3eaff8af-5f36-490f-bbcf-84477e24a4cc","Document model logic and data sources","\u003Cp>Provide a clear overview of model architecture, datasets, and assumptions.\u003C/p>","Medium",2,"#ffc107",{"id":47,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":49,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":51},"2c9c499b-0879-4b95-a47a-d16562690af0","No","Why attention: Automated decision-making (ADM) remains regulated under CPRA, Colorado, GDPR Art. 22 & CNIL.\nRegulatory triggers: CPRA ADMT, GDPR Art. 22, Colorado AI Act (ADM definition)",true,[52],{"id":53,"label":54,"userId":9,"color":9,"description":55,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"e5ce808b-db61-414d-87aa-aceeb7a32d48","Cehck Automated Decision-Making (ADM) applicability","\u003Cp>Even rule-based systems may trigger regulatory duties.\u003C/p>",{"id":57,"slug":58,"label":59,"tooltipHtml":9,"descriptionHtml":60,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":61,"typeIndex":62,"typeColor":9,"typeIcon":9,"typeText":63,"dynamicSelectType":9,"editableOptions":30,"complianceRules":64,"displayConditions":9,"answers":65,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"483084f7-f136-4631-a4c2-bc5c9629bff2","9f798a1e-bc35-468e-89f4-1239c20df020","Q2 — What type of AI model does the system rely on?","\u003Cp>Different model types trigger different regulatory obligations (e.g., foundation models → AI Act GPAI, China GenAI Measures).\u003C/p>","Checkbox",8,"Multi choice list",[],[66,76,85,90],{"id":67,"color":9,"rangeValue":9,"label":68,"slug":9,"description":9,"score":69,"nonApplicable":30,"tooltip":70,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":71},"8250dd68-e24b-401e-9d07-c75ead9e584d","Foundation Model / LLM",15,"Triggers: AI Act GPAI, China GenAI Measures, NIST RMF GenAI",[72],{"id":73,"label":74,"userId":9,"color":9,"description":75,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"c4cb1f9d-4749-4e7d-a565-8f2172fc4567","Record foundation model documentation","\u003Cul>\u003Cli>\u003Cp>\u003Cem>Datasheet, source, model version, constraints.\u003C/em>\u003C/p>\u003C/li>\u003C/ul>",{"id":77,"color":9,"rangeValue":9,"label":78,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":79,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":80},"69c69da5-dd1b-492b-a2bd-9c97f12e073a","Deep Learning","Triggers: ISO 42001; NIST AI RMF",[81],{"id":82,"label":83,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"0bd992b2-503b-4a50-9455-3769403e8cb4","Describe training and evaluation pipeline","",{"id":86,"color":9,"rangeValue":9,"label":87,"slug":9,"description":9,"score":28,"nonApplicable":30,"tooltip":88,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":89},"932ad502-6c54-4b85-abee-41558de46a54","Classical ML","Triggers: AI Act general category",[],{"id":91,"color":9,"rangeValue":9,"label":92,"slug":9,"description":9,"score":93,"nonApplicable":30,"tooltip":94,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":95},"ff724988-ee34-4e23-9a6c-b6aa2ce29b02","Rule-based",3,"Triggers: CPRA ADM, GDPR 22 exceptions.\nWhy attention: Not considered “AI” under AI Act but still regulated elsewhere.",[],{"id":97,"slug":98,"label":99,"tooltipHtml":9,"descriptionHtml":100,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":61,"typeIndex":62,"typeColor":9,"typeIcon":9,"typeText":63,"dynamicSelectType":9,"editableOptions":30,"complianceRules":101,"displayConditions":9,"answers":102,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"0774d34d-19f7-4eef-a9f1-9d2ff688ab15","5cb1ad13-ac46-4b5e-9b07-2e22d34d15a3","Q3 — In which domain is the system used?","\u003Cp>High-risk domains are listed in EU AI Act Annex III; industry-specific rules exist in China, US, Brazil.\u003C/p>",[],[103,108,113,118,123,129],{"id":104,"color":9,"rangeValue":9,"label":105,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":106,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":107},"06a85380-1641-4cd2-8c01-e7661ebee895","HR / Employment","Triggers: EU AI Act Annex III(4) High-Risk, CPRA (employment ADM), Colorado High-Risk",[],{"id":109,"color":9,"rangeValue":9,"label":110,"slug":9,"description":9,"score":69,"nonApplicable":30,"tooltip":111,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":112},"94f1ed04-3925-4f47-b76f-ea6cd567c5a7","Healthcare / Medical","Triggers: AI Act Annex III(5), China Medical AI, ISO 42001 risk",[],{"id":114,"color":9,"rangeValue":9,"label":115,"slug":9,"description":9,"score":69,"nonApplicable":30,"tooltip":116,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":117},"b97b9271-25a5-4374-bd42-3ccda9677c39","Finance / Creditworthiness","Triggers: AI Act Annex III(6); CPRA; Colorado; Brazil PL 2338",[],{"id":119,"color":9,"rangeValue":9,"label":120,"slug":9,"description":9,"score":69,"nonApplicable":30,"tooltip":121,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":122},"b85d084f-4056-49bc-aafa-eadb450d094d","Manufacturing / Industrial Safety","Triggers: AI Act product safety integration",[],{"id":124,"color":9,"rangeValue":9,"label":125,"slug":9,"description":9,"score":126,"nonApplicable":30,"tooltip":127,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":128},"f5affabf-77fd-4520-91dc-11d1f186e8d3","Marketing / Recommender systems",5,"Triggers: China Algorithmic Recommendation Regs; CPRA profiling",[],{"id":130,"color":9,"rangeValue":9,"label":131,"slug":9,"description":9,"score":93,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":132},"5a137fdb-2447-4b2c-abf1-936a31284708","Other",[133],{"id":134,"label":135,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"17d45b10-75d7-4228-833e-d10b49a1329f","Describe business purpose clearly",{"id":137,"slug":138,"label":139,"tooltipHtml":9,"descriptionHtml":140,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":141,"displayConditions":9,"answers":142,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"7f94065a-5418-4635-a52d-81a25900a638","09f33fc6-6b71-4941-a8ce-00a98a5b819a","Q4 — Who develops the system (provider role)?","\u003Cp>Provider/Deployer distinction drives regulatory obligations (AI Act, Colorado, China).\u003C/p>",[],[143,151,159],{"id":144,"color":9,"rangeValue":9,"label":145,"slug":9,"description":9,"score":28,"nonApplicable":30,"tooltip":146,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":147},"814fea51-9ebc-4f6d-9cda-f739b9111822","Internal team","Triggers: AI Act (Provider), ISO 42001 governance",[148],{"id":149,"label":150,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"8eb948dd-7884-4203-8b61-b73e4f81ec47","Maintain full development documentation",{"id":152,"color":9,"rangeValue":9,"label":153,"slug":9,"description":9,"score":126,"nonApplicable":30,"tooltip":154,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":155},"65144613-ec43-4cb6-bc17-59846bb7b319","External vendor","Triggers: CPRA, Colorado, AI Act (Deployer obligations)",[156],{"id":157,"label":158,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"b039fce6-6dde-4315-8b58-8008f6eccfdd","Conduct vendor AI risk assessment",{"id":160,"color":9,"rangeValue":9,"label":161,"slug":9,"description":9,"score":62,"nonApplicable":30,"tooltip":162,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":163},"20d003d1-f663-43f8-bfef-8d142eede89d","Hybrid","Triggers: Multi-jurisdiction shared responsibility rules",[164],{"id":165,"label":166,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"e6a265f1-826c-4894-b0e6-f3623516fa5c","Define shared accountability matrix",{"id":168,"slug":169,"label":170,"tooltipHtml":9,"descriptionHtml":171,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":61,"typeIndex":62,"typeColor":9,"typeIcon":9,"typeText":63,"dynamicSelectType":9,"editableOptions":30,"complianceRules":172,"displayConditions":9,"answers":173,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"0ab6e132-2f6a-494e-a3d8-170484dfc85b","6906b7eb-bd94-48db-8ccf-db8f57dabb30","Q5 — Who are the impacted users?","\u003Cp>Vulnerability level increases the system’s risk under OECD, AI Act, and CPRA.\u003C/p>\u003Cp>\u003C/p>",[],[174,179,184,189],{"id":175,"color":9,"rangeValue":9,"label":176,"slug":9,"description":9,"score":28,"nonApplicable":30,"tooltip":177,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":178},"5bcb15b5-e61e-48f4-ac8a-2cca090ef274","General public","Triggers: AI Act transparency; OECD fairness",[],{"id":180,"color":9,"rangeValue":9,"label":181,"slug":9,"description":9,"score":126,"nonApplicable":30,"tooltip":182,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":183},"6b5cbf7e-4b95-4e31-ba29-5e092de26575","Employees","Triggers: EU AI Act HR high-risk; CPRA ADM employment decisions",[],{"id":185,"color":9,"rangeValue":9,"label":186,"slug":9,"description":9,"score":69,"nonApplicable":30,"tooltip":187,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":188},"e415e59a-32b7-4338-ae32-139fc6d48070","Vulnerable populations","Triggers: OECD; UNESCO; AI Act amplified risk",[],{"id":190,"color":9,"rangeValue":9,"label":191,"slug":9,"description":9,"score":93,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":192},"70df17ed-cc3c-42d9-8a7e-e548331bc708","Internal technical teams only",[193],{"id":194,"label":195,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"c766dbc7-e156-41c2-b822-ebf15e47a6af","Record limited audience justification",{"id":197,"slug":198,"label":199,"tooltipHtml":9,"descriptionHtml":200,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":201,"displayConditions":9,"answers":202,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"c46e616b-cc36-49fd-8c33-3b78d1755851","58bf22fb-7d3b-4260-97a6-94a11040245e","Q6 — Does the system produce decisions or recommendations affecting individuals?","\u003Cp>Decision-making systems fall under CPRA ADMT, Colorado, GDPR Art. 22.\u003C/p>",[],[203,210],{"id":204,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":205,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":206},"1694094e-af06-465f-9da5-1234604fd0f5","Triggers: CPRA ADMT; Colorado High-Risk; GDPR; AI Act",[207],{"id":208,"label":209,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"45898d31-fc42-4cae-a8ab-fab431263ee0","Map decision logic and risk factors",{"id":211,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":212,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":213},"0df2989c-706b-4d00-b923-0ceff34ba4b7","Attention: Outputs may implicitly influence individuals.",[214],{"id":215,"label":216,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"c99ff6d9-dd6f-4df8-a225-24ac0a765e37","Document non-decision output scope",{"id":218,"slug":219,"label":220,"tooltipHtml":9,"descriptionHtml":221,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":222,"displayConditions":9,"answers":223,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"199c032a-7e93-45e9-a814-373dc87a1a06","660af5e5-a4fa-460c-b60b-d307cc9d0083","Q7 — Does the system perform monitoring, surveillance, or tracking?","\u003Cp>Biometric or behavioral surveillance triggers strict regimes (AI Act prohibited, PIPL, China Algorithmic Regs).\u003C/p>\u003Cp>\u003C/p>",[],[224,232],{"id":225,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":226,"nonApplicable":30,"tooltip":227,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":228},"00bc53ba-1867-4466-8dc0-ce577cfd114f",12,"Triggers: AI Act prohibited practices; PIPL; China 2022 Regs",[229],{"id":230,"label":231,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"14e8f308-9e09-41cd-8c90-bbefc6dd5677","Perform surveillance risk assessment",{"id":233,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":234,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":235},"7fb12fdf-fe37-4d81-afb2-f45b34a4a315","Attention: Metadata tracking may still qualify.",[],{"id":237,"slug":238,"label":239,"tooltipHtml":9,"descriptionHtml":240,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":241,"displayConditions":9,"answers":242,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"93d863f9-8a16-4f31-abf0-4376c66c0842","c68c3720-0c29-47ab-b00c-1f1ad0a893d0","Q8 — Does the system interact with humans autonomously (chat, voice, avatars)?","\u003Cp>Triggers transparency duties under AI Act Art. 52, China GenAI Measures, OECD.\u003C/p>\u003Cp>\u003C/p>",[],[243,250],{"id":244,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":62,"nonApplicable":30,"tooltip":245,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":246},"09f40900-b55a-4ef3-bf21-e766e8d9e0f5","Triggers: AI Act transparency; China GenAI; OECD",[247],{"id":248,"label":249,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"a62c8438-f566-40f7-b62d-f4103834a45d","Explain user AI disclosure mechanism",{"id":251,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":252,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":253},"2aa87df2-a903-46b8-9226-0ad8f654c57b","Attention: Users must know when they interact with AI.",[],[],{"id":256,"slug":257,"label":258,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":259,"questions":260,"sections":446},"7c8067d7-80c3-4178-a9c5-4ccc5d628613","section-2-data-privacy-sensitive-information","SECTION 2 — DATA, PRIVACY & SENSITIVE INFORMATION","\u003Cp>This section assesses the uses of personal, sensitive, biometric, or inferred data and automatically identifies obligations under international privacy frameworks (GDPR, CPRA, PIPL, Colorado, LGPD) as well as their interactions with AI regulations (AI Act, China Algorithmic Regs, OECD).\u003C/p>",[261,284,307,330,350,372,394,424],{"id":262,"slug":263,"label":264,"tooltipHtml":9,"descriptionHtml":265,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":266,"displayConditions":9,"answers":267,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"aa78a79a-cc26-4c18-be9b-fe43b496386c","26663fe2-2e8f-48d8-a5e4-e052cbc779bd","Q9 — Does the system process personal data (directly or indirectly)?","\u003Cp>Personal data triggers GDPR, CPRA, PIPL, LGPD, and Colorado Privacy Act. Even pseudonymized or inferred data is considered personal under several laws.\u003C/p>",[],[268,276],{"id":269,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":270,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":271},"6ab20bfa-ebbc-4107-b070-d6809cfebf1b","Regulatory triggers:\n\nGDPR\n\nCPRA\n\nPIPL (China)\n\nLGPD (Brazil)\n\nColorado Privacy Act\n\nOECD data governance",[272],{"id":273,"label":274,"userId":9,"color":9,"description":275,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"8b70e59a-3232-4805-ba69-efb3e5e7e36c","Perform privacy impact screening","\u003Cp>Assess lawful basis, minimization, retention, and rights enablement.\u003C/p>",{"id":277,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":278,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":279},"595b517c-1e4e-4d7e-84d7-9856de487701","Why attention:\nMany AI systems infer personal data even if not explicitly provided.\nRegulatory triggers:If later inferred: GDPR, CPRA, PIPL",[280],{"id":281,"label":282,"userId":9,"color":9,"description":283,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"3c276f98-efdc-499e-9f4a-20e94f758745","Verify absence of inferred identifiers","\u003Cp>Check if model outputs can re-identify individuals.\u003C/p>",{"id":285,"slug":286,"label":287,"tooltipHtml":9,"descriptionHtml":288,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":289,"displayConditions":9,"answers":290,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"f968da03-a86b-4999-a6d8-4833d426e642","9f7b2d84-379e-495b-8bd3-f86c7e408e9d","Q10 — Does the system process sensitive personal data (health, biometrics, ethnicity, beliefs, criminal records, political opinions, genetic data)?","\u003Cp>Sensitive data triggers stricter regimes: GDPR Art. 9, CPRA “sensitive data”, PIPL “sensitive data”, Colorado sensitivity rules, and high-risk classification under AI Act Annex III.\u003C/p>",[],[291,299],{"id":292,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":69,"nonApplicable":30,"tooltip":293,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":294},"179c2df9-395b-466d-b240-eef169887359","Regulatory triggers:\n\nGDPR Art. 9\n\nCPRA Sensitive Data Rules\n\nPIPL Sensitive Data\n\nColorado High-Risk AI\n\nAI Act (may elevate risk)",[295],{"id":296,"label":297,"userId":9,"color":9,"description":298,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"7ff2534f-ed88-4400-92b3-9acfe348fb7d","Activate enhanced data protection controls","\u003Cp>Implement encryption, access limitations, and necessity justification.\u003C/p>",{"id":300,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":301,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":302},"98202a60-bc4c-4a41-b5bd-b947cc8cdbfc","Why attention: Machine learning models infer sensitive categories even if not explicit.",[303],{"id":304,"label":305,"userId":9,"color":9,"description":306,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"c50beb43-2f88-4444-8225-bf696e37af1c","Check absence of sensitive inference","\u003Cp>Audit model to ensure no sensitive predictions are generated.\u003C/p>",{"id":308,"slug":309,"label":310,"tooltipHtml":9,"descriptionHtml":311,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":312,"displayConditions":9,"answers":313,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"46b1c420-1d1d-425c-b445-b9ad60be2fa5","a6b0bb61-8a11-4f14-8ebb-0959a3252aa3","Q11 — Does the system perform profiling or scoring of individuals?","\u003Cp>Profiling = automated processing evaluating personal aspects (GDPR Art. 4(4)).\u003Cbr>Triggers CPRA ADMT & Colorado AI Act for “high-risk” automated decisions.\u003C/p>",[],[314,322],{"id":315,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":316,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":317},"8fd606ad-4971-44c4-9a81-e61ec54e7dc0","Regulatory triggers:\n\nCPRA ADMT\n\nColorado High-Risk AI\n\nGDPR Art. 22\n\nChina Algorithmic Recommendation Regs\n\nOECD fairness",[318],{"id":319,"label":320,"userId":9,"color":9,"description":321,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"fec4299e-a36b-4051-b337-b3a4e12b7442","Prepare automated decision-making notices","\u003Cp>Provide transparency, opt-out rights, and explainability.\u003C/p>",{"id":323,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":324,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":325},"a3a3b462-5f86-4824-97d1-7627bd7a6ca1","Why attention:\nRanking, recommendation, or scoring often happens implicitly.",[326],{"id":327,"label":328,"userId":9,"color":9,"description":329,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"4e62e427-b0fc-47c3-8cc1-6b252cca29d3","Confirm no implicit profiling occurs","\u003Cp>Review outputs for scoring, ranking or predictive patterns.\u003C/p>",{"id":331,"slug":332,"label":333,"tooltipHtml":9,"descriptionHtml":334,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":335,"displayConditions":9,"answers":336,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"dd0773f6-5483-47a8-825e-35cdb0ebe9e9","551a62ae-f58a-46ed-aea8-1d49629c7b3a","Q12 — Does the system collect or infer biometric data?","\u003Cp>(Face, voice, gait, keystroke dynamics, fingerprints, iris, vein patterns). \u003Cbr>\u003Cbr>Biometric data activates high-risk categories under EU AI Act (Annex III), restricted processing under GDPR, and strict obligations under PIPL & China biometrics regulations.\u003C/p>",[],[337,342],{"id":338,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":339,"nonApplicable":30,"tooltip":340,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":341},"ad5b40cb-41e2-4b72-9e8c-3e49e11570fb",20,"Regulatory triggers:\n\nEU AI Act High-Risk or Prohibited\n\nGDPR Art. 9\n\nCPRA Sensitive Data\n\nPIPL Biometric Data Guidelines\n\nChina Algorithmic Regs (Biometric security)",[],{"id":343,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":344,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":345},"f1d7004b-f007-42cb-9f1f-dae81a186c94","Why attention:\nVoice, image, or video inputs often enable biometric inference.",[346],{"id":347,"label":348,"userId":9,"color":9,"description":349,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"4ca05d8c-ccc3-40c5-a250-74f9326dfa83","Audit model to confirm no biometric inference","\u003Cp>Check embeddings & latent vectors.\u003C/p>",{"id":351,"slug":352,"label":353,"tooltipHtml":9,"descriptionHtml":354,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":355,"displayConditions":9,"answers":356,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"d531b437-4277-49e7-8ca7-1d0153990cf7","e7f05ee0-6850-4252-8593-a1574d61ff77","Q13 — Does the system use or impact children’s data (under local definitions)?","\u003Cp>Children’s data triggers heightened protection: CPRA minors, GDPR Art. 8, PIPL minors protection, China child-specific safeguards.\u003C/p>",[],[357,365],{"id":358,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":226,"nonApplicable":30,"tooltip":359,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":360},"f1740ab8-f25e-47f9-8380-ccc82f39711f","Regulatory triggers:\n\nCPRA minors\n\nGDPR children’s rights\n\nPIPL minors\n\nOECD vulnerability principles",[361],{"id":362,"label":363,"userId":9,"color":9,"description":364,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"738e8626-7989-40cb-a670-37d6b6a8a675","Activate child data safeguards","\u003Cul>\u003Cli>\u003Cp>\u003Cem>Age verification, parental consent, enhanced transparency.\u003C/em>\u003C/p>\u003Cp>\u003C/p>\u003C/li>\u003C/ul>",{"id":366,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":367,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":368},"d0b13ca3-d465-4913-9d3b-0bfca0db849d","Why attention:\nAI models often infer age—counts as children’s data if user is a minor.",[369],{"id":370,"label":371,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"f988f56b-7776-4c80-a04e-274ed4f20a4a","Check for age inference patterns",{"id":373,"slug":374,"label":375,"tooltipHtml":9,"descriptionHtml":376,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":377,"displayConditions":9,"answers":378,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"da0dd758-4f1b-48e3-91f0-9268a5b3114c","00e07efa-a5b4-46c0-93b6-b1f7901a4358","Q14 — Are training, validation, or test datasets sourced from external third parties?","\u003Cp>Third-party datasets require provenance, licensing, risk documentation (ISO 42001, AI Act data governance, NIST MAP).\u003C/p>",[],[379,387],{"id":380,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":28,"nonApplicable":30,"tooltip":381,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":382},"a018beb2-b8fd-4437-9171-cba8b262d266","Regulatory triggers:\n\nAI Act Data Governance obligations\n\nISO 42001 documentation\n\nNIST RMF (MAP) requirements",[383],{"id":384,"label":385,"userId":9,"color":9,"description":386,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"f05ad81f-1e39-449e-8d72-0bbc4c09cb0f","Record dataset provenance and licensing","\u003Cul>\u003Cli>\u003Cp>\u003Cem>Maintain documentation, lawful sources, and reuse rights.\u003C/em>\u003C/p>\u003Cp>\u003C/p>\u003C/li>\u003C/ul>",{"id":388,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":389,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":390},"5b685799-aa19-49f5-8ad1-baf790aff1ef","Why attention:\nEven internal datasets require lineage and quality checks.",[391],{"id":392,"label":393,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"feb5817a-b8e7-478b-8d25-b8aad536951e","Document internal dataset generation process",{"id":395,"slug":396,"label":397,"tooltipHtml":9,"descriptionHtml":398,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":61,"typeIndex":62,"typeColor":9,"typeIcon":9,"typeText":63,"dynamicSelectType":9,"editableOptions":30,"complianceRules":399,"displayConditions":9,"answers":400,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"52cbf8e4-1e86-48a2-b9a9-06a042f16f48","592082c1-103d-4af1-8e5d-35cc09cd49ee","Q15 — Are datasets synthetic, human-labeled, or both?","\u003Cp>Synthetic data may still embed bias; human-labeled data raises fairness and sourcing issues.\u003C/p>",[],[401,409,417],{"id":402,"color":9,"rangeValue":9,"label":403,"slug":9,"description":9,"score":126,"nonApplicable":30,"tooltip":404,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":405},"4885d12a-edc6-47d2-80bf-998d7edec646","Synthetic","Triggers: OECD transparency; NIST risk mapping",[406],{"id":407,"label":408,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"b9a2ab22-2164-4403-8862-d8e612565eae","Document synthetic data generation method",{"id":410,"color":9,"rangeValue":9,"label":411,"slug":9,"description":9,"score":126,"nonApplicable":30,"tooltip":412,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":413},"503ffe6f-4726-469e-bdd9-ce11e092028c","Human-labeled","Triggers: ISO 42001 data governance",[414],{"id":415,"label":416,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"3c35a069-d195-4413-b76d-13a313c2758b","Record labeling guidelines & QA",{"id":418,"color":9,"rangeValue":9,"label":419,"slug":9,"description":9,"score":62,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":420},"0c223eaf-32bb-4725-9278-b47362058ee0","Both",[421],{"id":422,"label":423,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"68a6682d-8972-4c96-b5dc-b4f8dc16a7d5","Document combined data governance pipeline",{"id":425,"slug":426,"label":427,"tooltipHtml":9,"descriptionHtml":428,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":429,"displayConditions":9,"answers":430,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"e2990c12-e183-4796-8060-7b8627115398","07c0dae3-ce8d-40d0-9034-3913b032ca90","Q16 — Does the system involve cross-border data transfer or processing?","\u003Cp>Cross-border transfers trigger GDPR Chapter V, PIPL export rules, LGPD Art. 33, CPRA data localization concerns.\u003C/p>",[],[431,439],{"id":432,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":433,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":434},"885e4f23-feaf-4081-a198-853269035c0f","Regulatory triggers:\n\nGDPR Cross-Border Transfers\n\nPIPL Export Rules\n\nLGPD transfers\n\nCPRA vendor disclosures",[435],{"id":436,"label":437,"userId":9,"color":9,"description":438,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"179c4f7d-16df-41ee-93c2-f38f10eb90e9","Perform cross-border transfer assessment","\u003Cul>\u003Cli>\u003Cp>\u003Cem>SCCs, transfer impact assessment, PIPL export filings.\u003C/em>\u003C/p>\u003Cp>\u003C/p>\u003C/li>\u003C/ul>",{"id":440,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":441,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":442},"8b175012-85f5-4c7d-84e2-7830f8553731","Why attention:\nCloud hosting often results in implicit transfers.",[443],{"id":444,"label":445,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"ff8a6f18-d105-4f00-9237-79f322430f91","Verify cloud provider geography",[],{"id":448,"slug":449,"label":450,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":451,"questions":452,"sections":652},"1ae267d3-e276-4fe3-b6e2-b4f38d34e809","section-3-risk-impact-drivers-global-high-risk-mapping","SECTION 3 — RISK & IMPACT DRIVERS (GLOBAL HIGH-RISK MAPPING)","\u003Cp>This section assesses the risk levels associated with your AI system according to the classification logic used in:\u003C/p>\u003Cul>\u003Cli>\u003Cp>EU AI Act (Annex III High-Risk categories)\u003C/p>\u003C/li>\u003Cli>\u003Cp>Colorado AI Act (High-Risk AI definition)\u003C/p>\u003C/li>\u003Cli>\u003Cp>California CPRA (Automated Decision-Making)\u003C/p>\u003C/li>\u003Cli>\u003Cp>China Algorithmic Regulation (2022)\u003C/p>\u003C/li>\u003Cli>\u003Cp>China Generative AI Measures (2023)\u003C/p>\u003C/li>\u003Cli>\u003Cp>OECD AI Principles (fairness, safety, rights)\u003C/p>\u003C/li>\u003Cli>\u003Cp>ISO/IEC 42001 (risk assessment & impact)\u003C/p>\u003C/li>\u003C/ul>",[453,480,495,514,529,555,573,588,603,628],{"id":454,"slug":455,"label":456,"tooltipHtml":9,"descriptionHtml":457,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":458,"displayConditions":9,"answers":459,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"30724dd7-b5cf-4edc-a57d-d34415e519f5","e60f73e4-416a-4a23-8702-17ae802f47bf","Q17 — Does the AI system have the potential to impact human safety (physical harm, operational safety, product safety)?","\u003Cp>Safety-sensitive applications trigger high-risk classification under EU AI Act Annex III (healthcare, machinery, transportation), ISO 42001, and OECD Safety Principle.\u003C/p>",[],[460,464,473],{"id":461,"color":9,"rangeValue":9,"label":462,"slug":9,"description":9,"score":339,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":463},"8c364492-afc1-4ab6-ab56-a27b7e239b2b","Yes — Safety-Critical ",[],{"id":465,"color":9,"rangeValue":9,"label":466,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":467,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":468},"b5992770-55ad-4aba-978e-07f3ebc1ab09","Partially — Operational Safety Only ","Regulatory triggers:\n\nISO 42001 \n\nOSHA/industry safety norms",[469],{"id":470,"label":471,"userId":9,"color":9,"description":472,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"99d13bfb-afeb-4bb4-a2c2-0b40c9336130","Document operational risk pathways","\u003Cp>Clarify risk modes, dependencies, mitigation controls.\u003C/p>",{"id":474,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":475,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":476},"1f238f31-c6c8-472b-bad0-d972c808202e","Why attention:\nIndirect safety effects often emerge from automation or model drift.",[477],{"id":478,"label":479,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"4599d81b-5fec-4748-bbda-b0cb5b0f37f7","Justify lack of safety relevance",{"id":481,"slug":482,"label":483,"tooltipHtml":9,"descriptionHtml":484,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":485,"displayConditions":9,"answers":486,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"f907b2b2-45f1-42d9-9d85-a93ba1c6d12c","ac026781-a1bf-45b2-9e2c-04b150e7d35a","Q18 — Does the system evaluate, classify, rank, or score individuals?","\u003Cp>This triggers CPRA ADMT, Colorado high-risk AI, GDPR Art. 22, and AI Act in domains like HR, credit, welfare.\u003C/p>\u003Cp>\u003C/p>",[],[487,491],{"id":488,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":69,"nonApplicable":30,"tooltip":489,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":490},"5f96b7f9-5280-4f84-b4d4-d2c878e71a2c","Regulatory triggers:\n\nCPRA ADMT\n\nColorado High-Risk AI\n\nGDPR Art. 22\n\nAI Act (HR, credit, welfare evaluation)\n\nChina Algorithmic Regs (ranking systems)",[],{"id":492,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":493,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":494},"9ed2ac88-d5a7-4c12-8a61-c8391c96bf5a","Why attention:\nMany ranking and recommendation systems implicitly “score” individuals.",[],{"id":496,"slug":497,"label":498,"tooltipHtml":9,"descriptionHtml":499,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":500,"displayConditions":9,"answers":501,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"88b5760b-ac45-41c8-973d-162a447381c1","1b5281e3-c95f-4716-92de-e005481a8731","Q19 — Does the system make or support decisions that may affect fundamental rights (credit, hiring, healthcare access, insurance, mobility)?","\u003Cp>EU AI Act Annex III covers creditworthiness, biometric identification, access to public services, employment. Colorado & CPRA apply to ADM systems affecting rights.\u003C/p>",[],[502,510],{"id":503,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":69,"nonApplicable":30,"tooltip":504,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":505},"42aaecd2-5de4-4759-9452-729aa4f10cbe","Regulatory triggers:\n\nEU AI Act Annex III (rights-affecting)\n\nCPRA ADMT\n\nColorado AI Act (rights impact)\n\nOECD human rights principle",[506],{"id":507,"label":508,"userId":9,"color":9,"description":509,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"ad71a74d-09c7-46f2-94ac-19942975dc26","Trigger fundamental rights impact analysis","\u003Cul>\u003Cli>\u003Cp>\u003Cem>Assess fairness, non-discrimination, equal access, and due process.\u003C/em>\u003C/p>\u003Cp>\u003C/p>\u003C/li>\u003C/ul>",{"id":511,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":512,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":513},"b52f6bb9-410d-466d-9a9e-9d40b385f280","Why attention:\nEven support systems may “materially influence” actual decisions.",[],{"id":515,"slug":516,"label":517,"tooltipHtml":9,"descriptionHtml":518,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":519,"displayConditions":9,"answers":520,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"fd3dcca2-7d3b-4a25-866d-b9f20a2d55ff","16399c93-3d37-42f4-a146-6ca431741d49","Q20 — Is the system used inside a regulated or critical infrastructure sector (transportation, energy, telecom, water supply, utilities)?","\u003Cp>AI Act Annex III includes critical infrastructure operation & safety functions.\u003C/p>",[],[521,525],{"id":522,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":339,"nonApplicable":30,"tooltip":523,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":524},"42bae6be-cfba-4235-b024-045f52519fc6","Regulatory triggers:\n\nAI Act Annex III(1)\n\nISO 42001\n\nOECD safety",[],{"id":526,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":527,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":528},"9362d019-4fdd-414f-894e-5d76b73c5c72","Why attention:\nSome AI systems indirectly influence critical infrastructure (HVAC, maintenance prediction).",[],{"id":530,"slug":531,"label":532,"tooltipHtml":9,"descriptionHtml":533,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":534,"displayConditions":9,"answers":535,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"43d1d989-63ed-4b2e-9a4a-2eaf6e5b9cf2","1230757f-7123-42a1-929e-f303234b534d","Q21 — Does the system operate autonomously without systematic human validation?","\u003Cp>Autonomy = higher risk. Many frameworks require “meaningful human oversight”.\u003C/p>",[],[536,544,551],{"id":537,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":69,"nonApplicable":30,"tooltip":538,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":539},"7f48e58d-5e7a-490f-85a6-06d3f3871f50","Triggers: AI Act oversight; ISO oversight; OECD oversight",[540],{"id":541,"label":542,"userId":9,"color":9,"description":543,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"b2d949d3-0a3a-4807-b4de-52b394ba99e6","Define fallback & override protocols","\u003Cp>AI Act Art. 14; ISO 42001 oversight requirements.\u003C/p>",{"id":545,"color":9,"rangeValue":9,"label":546,"slug":9,"description":9,"score":62,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":547},"120e0fae-068a-470c-aea0-00cc33b6ce14","Partially",[548],{"id":549,"label":550,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"cd2e0444-1f37-4fb1-82b3-eddaa710b28b","Evaluate oversight effectiveness",{"id":552,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":553,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":554},"ec4cdefb-8b20-43ab-816f-13a6b626c7bc","Why attention:\nApparent oversight may be superficial (“rubber-stamping”).",[],{"id":556,"slug":557,"label":558,"tooltipHtml":9,"descriptionHtml":559,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":560,"displayConditions":9,"answers":561,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"ee77568f-4fb4-41a6-850f-ac23ebad3656","209cc466-99a5-46a5-b0fc-1d22895e3214","Q22 — Does the system influence or personalize content presented to users (recommendation, ranking, feed optimization, nudging)?","\u003Cp>China Algorithmic Recommendation Regulation (2022) governs any personalized ranking or content curation.\u003C/p>",[],[562,569],{"id":563,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":564,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":565},"12683832-cf01-412d-b83b-82977f037665","Regulatory triggers:\n\nChina Algorithmic Regs (algorithm filing, transparency)\n\nCPRA profiling rules\n\nOECD transparency",[566],{"id":567,"label":568,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"4802b52d-5cb7-4811-abda-8610cba6adf1","Document recommendation logic & user rights",{"id":570,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":571,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":572},"99f8e8ef-280a-492e-9778-967d7b1c96b5","Why attention:\nMost machine learning models indirectly personalize content.",[],{"id":574,"slug":575,"label":576,"tooltipHtml":9,"descriptionHtml":577,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":578,"displayConditions":9,"answers":579,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"121b7e17-de98-420d-bbaf-9ae764fd90e0","4b71539a-18d2-4f5a-adea-a98159c0f5b3","Q23 — Does the system involve law enforcement, border control, surveillance, or forensic identification?","\u003Cp>EU AI Act prohibits certain biometric and predictive policing systems.\u003Cbr>China & US impose strict controls.\u003C/p>\u003Cp>\u003C/p>",[],[580,584],{"id":581,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":339,"nonApplicable":30,"tooltip":582,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":583},"f1cc4fb7-2d58-4611-ae9d-20ce020fb6ba","Regulatory triggers:\n\nAI Act prohibited practices\n\nPIPL + China biometrics\n\nOECD Human Rights",[],{"id":585,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":586,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":587},"7a42dde3-26aa-4e4b-ab7f-8966efe6a0fe","Why attention:\nEven internal security uses may fall under special regimes.",[],{"id":589,"slug":590,"label":591,"tooltipHtml":9,"descriptionHtml":592,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":593,"displayConditions":9,"answers":594,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"9f7d7933-16b6-4925-9122-4d44f2539d18","fdb850aa-74ef-408a-a3d0-31bd05eee936","Q24 — Does the system generate content accessible to the public (e.g., public-facing generative AI outputs)?","\u003Cp>China GenAI Measures (2023) regulate publicly accessible generative AI outputs.\u003C/p>\u003Cp>\u003C/p>",[],[595,599],{"id":596,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":597,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":598},"edda87eb-2024-406b-abad-e9309f8b07ce","Triggers:\n\nChina GenAI Measures\n\nAI Act transparency\n\nOECD transparenc",[],{"id":600,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":601,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":602},"db5b896e-017e-4baf-8a54-1afa25bd645e","Why attention:\n“Internal tools” may still leak externally or be shared downstream.",[],{"id":604,"slug":605,"label":606,"tooltipHtml":9,"descriptionHtml":607,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":608,"displayConditions":9,"answers":609,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"1e67bb96-4e56-4957-b2df-f8b7ae6abfe3","f0c6bd6b-394e-4ed7-bac5-60f8ca28b401","Q25 — Could a failure or incorrect output cause significant financial, physical, psychological, or reputational harm?","\u003Cp>Frameworks such as OECD, ISO 42001, NIST RMF require classification of risk severity.\u003C/p>\u003Cp>\u003C/p>",[],[610,619,624],{"id":611,"color":9,"rangeValue":9,"label":612,"slug":9,"description":9,"score":69,"nonApplicable":30,"tooltip":613,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":614},"efb5808e-74d0-465b-994d-3303fcc39d45","Yes — Significant Harm Possible","Regulatory triggers:\n\nOECD harm principle\n\nISO 42001 risk management\n\nAI Act risk categorization",[615],{"id":616,"label":617,"userId":9,"color":9,"description":618,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"c1f5f5f2-cb2a-40a7-b542-e1580f705eec","Perform harm-impact risk review","\u003Cul>\u003Cli>\u003Cp>\u003Cem>Identify severity, likelihood, and mitigation controls.\u003C/em>\u003C/p>\u003Cp>\u003C/p>\u003C/li>\u003C/ul>",{"id":620,"color":9,"rangeValue":9,"label":621,"slug":9,"description":9,"score":62,"nonApplicable":30,"tooltip":622,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":623},"7beb6000-4c87-44a3-833d-7537a4f51798","Moderate Harm","Triggers: ISO 42001; NIST; CPRA",[],{"id":625,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":626,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":627},"67737920-0678-46a4-8926-a27d4157af00","Why attention:\nHarm is often indirect (automation bias, drift).",[],{"id":629,"slug":630,"label":631,"tooltipHtml":9,"descriptionHtml":632,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":633,"displayConditions":9,"answers":634,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"a880446c-fc2b-4c08-b151-e9d83e849661","9c4588bc-ea6e-417f-a252-70b01eb24f5a","Q26 — Can affected individuals contest decisions or request human review?","\u003Cp>Contestability is required under GDPR Art. 22, CPRA ADMT, Colorado AI Act, and OECD Human Agency principle.\u003C/p>",[],[635,642,648],{"id":636,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":62,"nonApplicable":30,"tooltip":637,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":638},"83625282-0b2a-439c-a973-248d72d6b52a","Regulatory triggers: GDPR, CPRA, Colorado",[639],{"id":640,"label":641,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"f15712c7-7647-4bfe-a1c3-7c60bdb2af1a","Document contestability workflow",{"id":643,"color":9,"rangeValue":9,"label":546,"slug":9,"description":9,"score":93,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":644},"8b2c2664-b89f-4f9a-a19d-a3402410ad3d",[645],{"id":646,"label":647,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"9654232b-0c43-49fa-8477-8abc73f95102","Improve human review clarity",{"id":649,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":650,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":651},"f07d0a8d-5fe7-48cb-9c28-244e6b5edbaf","Why attention:\nLack of contestability triggers high-risk classification (CPRA, Colorado, AI Act).\n\nTriggers:\n\nCPRA High-Risk ADM\n\nColorado High-Risk\n\nOECD Human Agency",[],[],{"id":654,"slug":655,"label":656,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":657,"questions":658,"sections":822},"95045fbe-f326-4ead-ad4c-aeec46a9f25d","section-4-transparency-human-oversight-user-interaction","SECTION 4 — TRANSPARENCY, HUMAN OVERSIGHT & USER INTERACTION","\u003Cp>This section identifies obligations related to transparency, explainability, human oversight, and auditability of the system. These elements are imposed by the EU AI Act (Art. 13–15), CPRA ADMT, Colorado AI Act, China Algorithmic Regulation (2022), China GenAI Measures (2023), and the ISO 42001, NIST AI RMF, OECD, and UNESCO regulatory frameworks.\u003C/p>",[659,682,705,734,755,777,795],{"id":660,"slug":661,"label":662,"tooltipHtml":9,"descriptionHtml":663,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":664,"displayConditions":9,"answers":665,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"448e69f2-eed0-4b5b-8940-9d2d99cd8a5c","5f091f3f-ada0-4a90-8cd1-944863845d9c","Q27 — Does the system clearly disclose to users that they are interacting with an AI system?","\u003Cp>AI Act Art. 52 requires AI-generated content or interactions to be clearly disclosed. China GenAI Measures impose explicit disclosure, especially for public-facing systems.\u003C/p>",[],[666,674],{"id":667,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":668,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":669},"1a471cd4-f921-491a-a74a-c1c0b76cb17a","Regulatory triggers:\n\nEU AI Act Art. 52\n\nChina GenAI Measures\n\nOECD transparency\n\nUNESCO / Singapore AI Ethics",[670],{"id":671,"label":672,"userId":9,"color":9,"description":673,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"d58233d9-7d7a-45ee-bc01-9e47e7002c16","Maintain AI disclosure guidelines","\u003Cp>Specify how and when users are informed.\u003C/p>",{"id":675,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":676,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":677},"13f0cbe6-e925-4872-96bf-de258acccd10","Why attention:\nHidden AI interactions violate transparency principles and legal mandates.\nTriggers:\n\nAI Act transparency failure\n\nOECD / UNESCO ethics warnings",[678],{"id":679,"label":680,"userId":9,"color":9,"description":681,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"7e98bfda-9378-4316-bd23-2e301420ed46","Implement AI transparency notice","\u003Cul>\u003Cli>\u003Cp>\u003Cem>Define banners, icons, or disclaimers for user awareness.\u003C/em>\u003C/p>\u003Cp>\u003C/p>\u003C/li>\u003C/ul>",{"id":683,"slug":684,"label":685,"tooltipHtml":9,"descriptionHtml":686,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":687,"displayConditions":9,"answers":688,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"d7e2f984-6ad2-47e0-9305-a859ced744d9","b4d91c17-122b-4cfe-ba8d-86f7f17bdc78","Q28 — Are individuals informed when decisions about them are made or supported by automated systems?","\u003Cp>CPRA ADMT, Colorado AI Act, GDPR Art. 22 and OECD mandate user notification for automated decisions affecting rights.\u003C/p>",[],[689,697],{"id":690,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":691,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":692},"49d8812a-3a60-42cf-a88d-31618dac46dd","Regulatory triggers:\n\nCPRA ADMT\n\nColorado\n\nGDPR Art. 22\n\nOECD transparency",[693],{"id":694,"label":695,"userId":9,"color":9,"description":696,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"8f6034c8-fd9b-4c95-ab92-85757be1e258","Prepare automated decision notice templates","\u003Cp>Enable user awareness, rights, and documentation.\u003C/p>",{"id":698,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":699,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":700},"93419bf8-bee5-40cf-9a9f-f815d8e99606","Why attention:\nThis is mandatory under CPRA, GDPR and Colorado for high-risk ADM.",[701],{"id":702,"label":703,"userId":9,"color":9,"description":704,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"400c3d60-e01e-4935-a805-13778654d7a6","Add ADM notification mechanism","\u003Cul>\u003Cli>\u003Cp>\u003Cem>Define templates for rights-affecting decisions.\u003C/em>\u003C/p>\u003C/li>\u003C/ul>",{"id":706,"slug":707,"label":708,"tooltipHtml":9,"descriptionHtml":709,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":710,"displayConditions":9,"answers":711,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"5f1a1133-fa6e-4c7b-82da-68ab2bd11994","a46637e2-3d56-4714-9857-2dffd18cd05f","Q29 — Is meaningful human oversight integrated into the AI’s critical outputs or decisions?","\u003Cp>AI Act Art. 14 requires human oversight for high-risk AI. Oversight must be effective, not symbolic (“rubber-stamping”). NIST & ISO also require governance oversight.\u003C/p>",[],[712,719,727],{"id":713,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":226,"nonApplicable":30,"tooltip":714,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":715},"5a0b0d1d-0737-4096-be78-7524cec7b59c","Regulatory triggers:\n\nEU AI Act Art. 14\n\nColorado\n\nOECD human agency\n\nISO 42001 oversight",[716],{"id":717,"label":718,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"1fcaf5f8-274c-4670-bd96-6e08f32ab0bf","Document oversight procedures & escalation paths",{"id":720,"color":9,"rangeValue":9,"label":546,"slug":9,"description":9,"score":721,"nonApplicable":30,"tooltip":722,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":723},"b4278b4e-879c-4797-9751-6e331b6f4efc",6,"Triggers: OECD; UNESCO",[724],{"id":725,"label":726,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"d70ed649-3344-4f39-9f30-09b6ef4dd71a","Strengthen oversight processes",{"id":728,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":729,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":730},"ad06e0bc-ff90-4b0f-b073-d6cad7942a8f","Why attention:\nLack of oversight = automatic high-risk classification in many regimes.\nRegulatory triggers:\n\nCPRA high-risk ADM\n\nColorado\n\nAI Act oversight non-compliance",[731],{"id":732,"label":733,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"f3afa47f-53b0-46e7-bdb8-2a2281b5d1b6","Define human oversight strategy",{"id":735,"slug":736,"label":737,"tooltipHtml":9,"descriptionHtml":738,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":739,"displayConditions":9,"answers":740,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"b10bd430-8c43-456f-bb35-a6077c9c7717","ae7a2922-749e-49b7-bc51-dfe26b54d1cb","Q30 — Are fallback, override, or fail-safe mechanisms defined and documented?","\u003Cp>Required under EU AI Act for high-risk systems (Art. 15 safety), ISO 42001 safety controls, NIST RMF “Manage”.\u003C/p>",[],[741,748],{"id":742,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":743,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":744},"435f98bb-fd8d-4978-8568-bc951d2bfcb5","Triggers: AI Act, ISO 42001, NIST, OECD",[745],{"id":746,"label":747,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"4e48289f-6028-4de0-a6db-e1c333020567","Maintain incident & fallback documentation",{"id":749,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":750,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":751},"a13175c6-8419-430e-8b91-98a189ba77f2","Why attention:\nFail-safe mechanisms are required for high-risk systems.",[752],{"id":753,"label":754,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"07dc40e7-c860-4913-b9ec-2432998dabf7","Define fallback & override protocol",{"id":756,"slug":757,"label":758,"tooltipHtml":9,"descriptionHtml":759,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":760,"displayConditions":9,"answers":761,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"1f8b8c45-6f48-4b0f-8e23-3b01de67593f","6fc7ad89-430f-4aa2-a2f2-bc315e79a6c1","Q31 — Are model outputs explainable to users, auditors, or regulators?","\u003Cp>Explainability is mandated by CPRA ADMT, Colorado, OECD Principles, China Rules (algorithmic transparency), and required by AI Act for high-risk AI.\u003C/p>",[],[762,769],{"id":763,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":764,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":765},"f0e7942f-6732-4686-8146-d6d6726fad32","Regulatory triggers:\n\nAI Act (explainability)\n\nCPRA ADMT\n\nColorado\n\nOECD transparency\n\nChina Algorithmic Regs",[766],{"id":767,"label":768,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"f6d80c31-725f-4b5b-9c04-9843679b4786","Generate explainability documentation",{"id":770,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":771,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":772},"dc49e23b-adce-4022-ac9c-9028cddc36b6","Why attention:\nLack of explainability increases regulatory exposure significantly.",[773],{"id":774,"label":775,"userId":9,"color":9,"description":776,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"0ab1eac6-77ae-4189-ac6f-cd7aafbdf294","Define explainability roadmap","\u003Cp>Specify method (SHAP, LIME, rule extraction, counterfactuals).\u003C/p>",{"id":778,"slug":779,"label":780,"tooltipHtml":9,"descriptionHtml":781,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":782,"displayConditions":9,"answers":783,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"c68501ce-781d-4053-bdc1-b606e0b507bb","54561759-f020-46d4-af40-4ce8d6eb5701","Q32 — Are logs maintained for training, inference, errors, and user interactions?","\u003Cp>Logging is required by EU AI Act (Art. 12), ISO 42001 (documented lifecycle), and NIST RMF for traceability and auditability.\u003C/p>",[],[784,788],{"id":785,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":786,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":787},"3ead1fad-7621-4f71-a684-14b85d04ce99","Regulatory triggers:\n\nEU AI Act (logging)\n\nISO 42001\n\nNIST RMF\n\nOECD",[],{"id":789,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":790,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":791},"c04a1607-e641-401e-83fe-684c993b2c6f","Why attention:\nNo logs = non-compliance for any high-risk system.",[792],{"id":793,"label":794,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"dfe43154-c110-4629-9b65-82c5d6e71e80","Create logging & auditability framework",{"id":796,"slug":797,"label":798,"tooltipHtml":9,"descriptionHtml":799,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":800,"displayConditions":9,"answers":801,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"aada09c9-0251-42bb-903a-f379f7ffacd4","33abbf3d-112e-4611-b5a2-774dc338e04f","Q33 — Are output quality, fairness, drift, and bias monitored regularly?","\u003Cp>Monitoring is a requirement under AI Act (Art. 15 Post-Market Monitoring), NIST RMF (Manage), ISO 42001 (continuous improvement), and China Regs (algorithm stability).\u003C/p>",[],[802,809,815],{"id":803,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":226,"nonApplicable":30,"tooltip":804,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":805},"5f83043b-d690-4756-b084-7322f6a5693f","Regulatory triggers:\n\nEU AI Act post-market monitoring\n\nNIST RMF\n\nISO 42001\n\nChina Algorithmic Regs",[806],{"id":807,"label":808,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"4ebf782a-ccba-4e85-b557-b2080d4400d6","Maintain ongoing monitoring documentation",{"id":810,"color":9,"rangeValue":9,"label":546,"slug":9,"description":9,"score":126,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":811},"387ca8b6-d31d-42d1-a48e-5266ef30f1b1",[812],{"id":813,"label":814,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"9491f054-40b3-4801-8ab6-f0444f8d8829","Improve monitoring coverage",{"id":816,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":817,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":818},"3b23c382-8b0b-4637-a2a8-fba8c5c74b87","Why attention:\nA system without monitoring cannot be compliant under any modern AI governance framework.",[819],{"id":820,"label":821,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"a3c8c8c9-0851-4aff-af9f-339d030d0685","Define monitoring strategy & KPIs",[],{"id":824,"slug":825,"label":826,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":827,"questions":828,"sections":1051},"66e412d8-80c3-4d65-b23a-65966f8f719c","section-5-ai-lifecycle-governance-risk-management-maturity","SECTION 5 — AI LIFECYCLE, GOVERNANCE & RISK MANAGEMENT MATURITY","\u003Cp>This section assesses the governance maturity of your AI system: documentation, lifecycle management, versioning, production monitoring, incident management, roles and responsibilities, regular assessments, and audits.\u003C/p>\u003Cp>The answers activate analysis blocks to identify obligations under:\u003C/p>\u003Cul>\u003Cli>\u003Cp>ISO/IEC 42001 (AIMS)\u003C/p>\u003C/li>\u003Cli>\u003Cp>NIST AI RMF (MAP, MEASURE, MANAGE steps)\u003C/p>\u003C/li>\u003Cli>\u003Cp>EU AI Act (Articles 9–17: risk management, data, monitoring, logging, documentation, oversight)\u003C/p>\u003C/li>\u003Cli>\u003Cp>China Algorithmic Regulation (documentation & testing)\u003C/p>\u003C/li>\u003Cli>\u003Cp>OECD and UNESCO (accountability, governance, safety)\u003C/p>\u003C/li>\u003Cli>\u003Cp>Singapore AI Model Governance Framework\u003C/p>\u003C/li>\u003C/ul>",[829,858,887,914,942,970,997,1024],{"id":830,"slug":831,"label":832,"tooltipHtml":9,"descriptionHtml":833,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":834,"displayConditions":9,"answers":835,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"5fb2aee1-f8af-4486-b784-a2cc03b02563","cc8791ef-04e3-4f99-8391-79d00db6436c","Q34 — Is data lineage documented (sources, transformations, quality checks)?","\u003Cp>Data lineage is required under ISO/IEC 42001 §6.3, EU AI Act data governance (Art. 10), and NIST RMF “MAP” for traceability and auditability.\u003C/p>",[],[836,844,851],{"id":837,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":226,"nonApplicable":30,"tooltip":838,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":839},"6f218a15-d129-4e6f-893c-3c6f89d3b33a","Regulatory triggers:\n\nEU AI Act Art. 10\n\nISO 42001 documentation\n\nNIST RMF (traceability)\n\nOECD accountability",[840],{"id":841,"label":842,"userId":9,"color":9,"description":843,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"8b01d7f3-cae0-4946-af65-1f5259885c85","Maintain full dataset lineage registry","\u003Cp>Include provenance, transformations, versioning, quality checks.\u003C/p>",{"id":845,"color":9,"rangeValue":9,"label":546,"slug":9,"description":9,"score":721,"nonApplicable":30,"tooltip":846,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":847},"04c5d09a-8d4f-4747-9401-1ee16d740668","Regulatory triggers: OECD; ISO",[848],{"id":849,"label":850,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"6bbb94bb-0b00-44f4-8d77-18ada87036e1","Complete missing lineage segments",{"id":852,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":853,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":854},"c9305dc5-e10a-4d73-8da8-7fbe98035bb6","Why attention:\nAbsence of lineage documentation = immediate non-compliance for any high-risk system.",[855],{"id":856,"label":857,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"452665c1-f8e7-4ed6-a1a3-e5b26e96ee65","Create data lineage documentation",{"id":859,"slug":860,"label":861,"tooltipHtml":9,"descriptionHtml":862,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":863,"displayConditions":9,"answers":864,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"b5b671cc-946e-44a9-b891-6c3df9526ba9","017d5e57-ba9c-4045-8c93-8e5f74e699ee","Q35 — Are AI model versions tracked, logged, and uniquely identifiable?","\u003Cp>Version tracking ensures auditability and impacts safety & compliance. Required under ISO 42001, NIST RMF, OECD and AI Act (technical documentation).\u003C/p>",[],[865,873,880],{"id":866,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":62,"nonApplicable":30,"tooltip":867,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":868},"f546d85c-363a-42fb-a357-db4c74c26f91","Regulatory triggers:\n\nISO 42001\n\nNIST RMF (traceability)\n\nEU AI Act documentation",[869],{"id":870,"label":871,"userId":9,"color":9,"description":872,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"595bc7ff-35e4-4fd4-b8c4-e42505c92600","Maintain model version registry","\u003Cul>\u003Cli>\u003Cp>\u003Cem>Record weights, parameters, training runs, release notes.\u003C/em>\u003C/p>\u003Cp>\u003C/p>\u003C/li>\u003C/ul>",{"id":874,"color":9,"rangeValue":9,"label":546,"slug":9,"description":9,"score":875,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":876},"e8348324-b24b-43ee-84cb-4353a211511f",4,[877],{"id":878,"label":879,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"589ddbb5-9a2c-45d1-8c92-e18a4f2b51b7","Improve model version tracking system",{"id":881,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":882,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":883},"df790dd4-1e02-4dd1-b4d9-3d0a61fab884","Why attention:\nImpossible to perform audits or rollback without versioning.",[884],{"id":885,"label":886,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"f0661ca4-f403-4694-b734-eb378b408b95","Implement versioning system (MLflow, Git, registry)",{"id":888,"slug":889,"label":890,"tooltipHtml":9,"descriptionHtml":891,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":892,"displayConditions":9,"answers":893,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"9bda5009-1a56-468c-949b-f1fb3f2af7c0","1ee86dca-c653-4f5c-9e92-ef00427f1f0f","Q36 — Are training procedures and evaluation methods documented?","\u003Cp>Training documentation is required by EU AI Act Annex IV, ISO 42001, and NIST RMF (“MAP” and “MEASURE”).\u003C/p>",[],[894,901,907],{"id":895,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":28,"nonApplicable":30,"tooltip":896,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":897},"61781691-71e7-499d-bc69-20760222a925","Regulatory triggers:\n\nEU AI Act Annex IV\n\nISO 42001\n\nNIST RMF",[898],{"id":899,"label":900,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"c52ba7ff-4504-4e13-96f4-cd4337968b6f","Maintain training & testing documentation",{"id":902,"color":9,"rangeValue":9,"label":546,"slug":9,"description":9,"score":93,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":903},"401e10c2-6529-412c-95b8-70f998158ac6",[904],{"id":905,"label":906,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"7e3f342d-6ec5-42b5-9c26-f98af832534b","Complete missing documentation areas",{"id":908,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":909,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":910},"004511b1-151e-4c7f-a5db-7cf357d466f9","Why attention:\nLack of documentation weakens trustworthiness and regulatory defensibility.",[911],{"id":912,"label":913,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"2353968a-7b07-4e58-b62c-f8845b3e518b","Document training pipeline",{"id":915,"slug":916,"label":917,"tooltipHtml":9,"descriptionHtml":918,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":919,"displayConditions":9,"answers":920,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"da450dfe-9c6d-4f5c-a6bb-11a3f90da5db","012ed38c-64be-45db-9194-8dc24d2f9cdb","Q37 — Is the system monitored in production (drift, quality, anomalies, fairness)?","\u003Cp>Monitoring is required under EU AI Act Art. 15 (post-market monitoring), ISO 42001, NIST RMF (“MANAGE”), China Algorithmic Regs “algorithm stability”.\u003C/p>",[],[921,929,935],{"id":922,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":226,"nonApplicable":30,"tooltip":923,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":924},"a89587aa-1439-4ec3-968a-25e6ef98bbc3","Regulatory triggers:\n\nEU AI Act (post-market monitoring)\n\nISO 42001\n\nNIST RMF\n\nChina Algorithmic Regs",[925],{"id":926,"label":927,"userId":9,"color":9,"description":928,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"e99d07b3-18b0-449c-86a1-5ad5a3b0da29","Maintain production monitoring logs","\u003Cul>\u003Cli>\u003Cp>\u003Cem>Track drift, bias, anomalies, stability indicators.\u003C/em>\u003C/p>\u003C/li>\u003C/ul>",{"id":930,"color":9,"rangeValue":9,"label":546,"slug":9,"description":9,"score":721,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":931},"09bba0a0-e21d-4a24-9499-b56fa416fdaa",[932],{"id":933,"label":934,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"8033afdc-915d-47f4-bf8e-b1024c9167a7","Improve monitoring pipeline",{"id":936,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":937,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":938},"defc8623-91d5-432e-8ecd-621bb0bb9f29","Why attention:\nA non-monitored AI system cannot be compliant under any major framework.",[939],{"id":940,"label":941,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"9a956e81-bb12-46b2-b0c5-295b855f075e","Define monitoring plan and KPIs",{"id":943,"slug":944,"label":945,"tooltipHtml":9,"descriptionHtml":946,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":947,"displayConditions":9,"answers":948,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"575cdeae-eaa1-47d1-9402-a116eb13de5d","8f6e169b-8e5a-47fa-b92f-43a39135c53a","Q38 — Are AI incidents logged, classified, and remediated?","\u003Cp>Incident management is required under EU AI Act Art. 62 reporting, ISO 42001 incident process, NIST RMF risk mitigation, and OECD accountability.\u003C/p>",[],[949,957,963],{"id":950,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":951,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":952},"0c03da0b-51c5-4bc5-9290-d252fc6469f5","Regulatory triggers:\n\nEU AI Act (incident reporting)\n\nISO 42001\n\nOECD",[953],{"id":954,"label":955,"userId":9,"color":9,"description":956,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"4c56ec02-21fd-42ab-900a-51bd325e5923","Maintain AI incident response register","\u003Cul>\u003Cli>\u003Cp>\u003Cem>Classify incidents, root causes, remediations, timelines.\u003C/em>\u003C/p>\u003C/li>\u003C/ul>",{"id":958,"color":9,"rangeValue":9,"label":546,"slug":9,"description":9,"score":875,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":959},"48ab029d-8c86-4445-863b-3b5f491fe723",[960],{"id":961,"label":962,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"5197e32d-7f3c-46d4-bae4-6de06388f998","Add incident classification mechanism",{"id":964,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":965,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":966},"68704579-522a-4ea4-8f81-4c0ea6f5edc6","Why attention:\nSystems without incident logs cannot demonstrate compliance or safety.",[967],{"id":968,"label":969,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"19952cee-7af3-43fb-a846-dc1e46684d0a","Define incident management workflow",{"id":971,"slug":972,"label":973,"tooltipHtml":9,"descriptionHtml":974,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":975,"displayConditions":9,"answers":976,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"e8955597-dea2-4230-a5ef-71978e30dc9d","2aa6f0b4-f233-4bad-9821-52fa524b85b3","Q39 — Are governance roles clearly defined (AI owner, risk officer, reviewer, operator)?","\u003Cp>ISO 42001 requires role assignment; AI Act distinguishes provider/deployer responsibilities; OECD requires accountability; NIST RMF expects clear governance structure.\u003C/p>",[],[977,984,990],{"id":978,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":979,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":980},"ce562108-1e85-470e-9e7d-b62aae007d74","Regulatory triggers:\n\n- ISO 42001 (roles)\n\n- OECD\n\n- AI Act (provider vs deployer responsibilities)",[981],{"id":982,"label":983,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"3a66e1e5-da1e-4231-8753-02413c9e4ef0","Maintain AI governance role matrix",{"id":985,"color":9,"rangeValue":9,"label":546,"slug":9,"description":9,"score":126,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":986},"9e3e2290-9cdd-4773-8da6-2155bf68eb94",[987],{"id":988,"label":989,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"2e19698b-a857-45b4-ab39-621076f8cec2","Clarify governance accountability",{"id":991,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":992,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":993},"8be85c62-bd2a-4295-9852-679e04dbecbb","Why attention:\nLack of governance roles = non-compliance with ISO 42001 & NIST RMF.",[994],{"id":995,"label":996,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"f806240d-9f9e-4a26-a5e5-f09aea6d9358","Define governance responsibilities",{"id":998,"slug":999,"label":1000,"tooltipHtml":9,"descriptionHtml":1001,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":1002,"displayConditions":9,"answers":1003,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"bfb86f7a-2948-4119-8f55-ad6735c6d3d7","c58d0a80-9470-4413-a77b-e426f992829a","Q40 — Are third-party vendors or external AI providers assessed for AI risks?","\u003Cp>Vendor risk management is required under CPRA (service providers), Colorado (developers), ISO 42001 (supply chain), NIST RMF, China (provider accountability).\u003C/p>",[],[1004,1011,1017],{"id":1005,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":62,"nonApplicable":30,"tooltip":1006,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1007},"5bc4d931-1dbc-470b-92f9-29e97f8c8024","Regulatory triggers:\n\n- CPRA (ADMT vendor disclosures)\n\n- Colorado AI Act\n\n- ISO 42001 supply chain\n\n- NIST RMF (supply chain risk)\n\n- AI Act deployer responsibilities",[1008],{"id":1009,"label":1010,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"fca2900f-a9cc-4aab-b152-f8ecf18efe48","Maintain vendor AI risk assessments",{"id":1012,"color":9,"rangeValue":9,"label":546,"slug":9,"description":9,"score":875,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1013},"adda17ed-c5f2-4606-88b9-51686da843d2",[1014],{"id":1015,"label":1016,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"7fb351d2-83be-4c1c-8464-df3e8befe73e","Complete missing vendor controls",{"id":1018,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":1019,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":1020},"7129e0e4-5d6b-4c7a-87d6-64a8900ea6bd","Why attention:\nExternal AI components transfer regulatory liability to the deployer.",[1021],{"id":1022,"label":1023,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"63ec6a4f-6916-4e3a-ae7f-a0cf25e1873e","Implement vendor risk evaluation process",{"id":1025,"slug":1026,"label":1027,"tooltipHtml":9,"descriptionHtml":1028,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":1029,"displayConditions":9,"answers":1030,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"7e366b68-c99f-4088-a003-3b0bfdaac0f3","5cbb11e9-23c9-4b7c-8d4f-3d0785b26eb0","Q41 — Are periodic internal reviews or audits performed (quarterly, annual, per release)?","\u003Cp>Continuous improvement is required under ISO 42001, NIST RMF (“IMPROVE”), China Regulations (periodic reviews), and OECD accountability.\u003C/p>",[],[1031,1038,1044],{"id":1032,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":1033,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1034},"46d86c80-4095-46d0-902b-48a6e64e623e","Regulatory triggers:\n- ISO 42001\n- NIST RMF\n- China Algorithmic Regs\n- OECD",[1035],{"id":1036,"label":1037,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"8bd2ad0d-7a30-404d-9a51-bf0967e25b6f","Maintain AI audit evidence repository",{"id":1039,"color":9,"rangeValue":9,"label":546,"slug":9,"description":9,"score":875,"nonApplicable":30,"tooltip":9,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1040},"8ebe9e47-48d3-440b-a68e-79f73e868aa3",[1041],{"id":1042,"label":1043,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"06964c33-5777-4d2c-90db-261aa68671d7","Increase audit frequency",{"id":1045,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":1046,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":1047},"8bb653b6-0ded-4026-9494-324031516318","Why attention:\nA system without periodic reviews cannot be compliant with ISO/AIMS.",[1048],{"id":1049,"label":1050,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"1a9699ee-6ef1-4475-8463-f7f19711af2b","Define internal AI audit plan",[],{"id":1053,"slug":1054,"label":1055,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":1056,"questions":1057,"sections":1206},"687e6693-3887-487d-b1bc-c72f998dae14","section-6-geographic-footprint-jurisdiction-triggers","SECTION 6 — GEOGRAPHIC FOOTPRINT & JURISDICTION TRIGGERS","\u003Cp>This section identifies the jurisdictions in which the AI system is developed, deployed, or used, as well as the location of the individuals concerned and the infrastructure.\u003C/p>\u003Cp>This forms the basis for the extraterritoriality of AI and privacy laws, and therefore for the automated triggering of Dastra analysis blocks.\u003C/p>\u003Cp>The responses will automatically identify the applicable frameworks according to region: EU, USA (states), China, Asia-Pacific, Middle East, Americas, etc.\u003C/p>",[1058,1126,1166,1185],{"id":1059,"slug":1060,"label":1061,"tooltipHtml":9,"descriptionHtml":1062,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":61,"typeIndex":62,"typeColor":9,"typeIcon":9,"typeText":63,"dynamicSelectType":9,"editableOptions":30,"complianceRules":1063,"displayConditions":9,"answers":1064,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"703740a8-c717-4923-a178-34cd2f5f403c","3f5fdd7e-5e82-48ef-bdd9-1ce0f2266168","Q42 — In which regions or countries will the AI system be deployed or used?","\u003Cp>Deployment location triggers extraterritorial applicability of AI regulations such as EU AI Act, CPRA, Colorado AI Act, China Algorithmic Regulation, PIPL, Brazil PL 2338, Singapore Guidelines, Japan/Korea/India AI frameworks.\u003C/p>",[],[1065,1073,1081,1089,1097,1105,1113,1118],{"id":1066,"color":9,"rangeValue":9,"label":1067,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":1068,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1069},"88f139c5-5c9d-4a1e-a831-9b0c460dd1fa","European Union (EU)","Regulatory triggers:\n- EU AI Act (exterritorial)\n- GDPR (if personal data is processed)",[1070],{"id":1071,"label":1072,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"5af0b7bb-1d62-405c-8790-a5ad749bc281","Check AI Act risk category & transparency rules",{"id":1074,"color":9,"rangeValue":9,"label":1075,"slug":9,"description":9,"score":28,"nonApplicable":30,"tooltip":1076,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1077},"c8e15101-716b-43a5-bade-95902c70d738","United States (any state)","Regulatory triggers:\n- CPRA (California)\n- Colorado AI Act\n- Other sectorial & emerging US AI bills",[1078],{"id":1079,"label":1080,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"3b537d2c-f0f2-4356-aaff-878b02c49519","Check local AI regulations (CPRA/Colorado)",{"id":1082,"color":9,"rangeValue":9,"label":1083,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":1084,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1085},"c233f22c-6a1a-4e63-a438-c1a6fd5e25c9","China (including Hong Kong)","Regulatory triggers:\n- PIPL (if personal data)\n- China Algorithmic Recommendation Regulation\n- China Generative AI Measures",[1086],{"id":1087,"label":1088,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"f277cd2a-065e-44d5-a549-11c97ce7f4c6","Review China AI rules (algorithm filing, GenAI, PIPL)",{"id":1090,"color":9,"rangeValue":9,"label":1091,"slug":9,"description":9,"score":126,"nonApplicable":30,"tooltip":1092,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1093},"8dcbc0c7-dda5-448d-bedb-96c950b0a0be","APAC (Singapore, Japan, Korea, India)","Regulatory triggers:\n- Singapore Model AI Governance Framework\n- Japan AI Guidelines\n- Korea AI Ethics Guidelines\n- India Responsible AI Framework",[1094],{"id":1095,"label":1096,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"c79a4039-a0b8-43e1-ba2f-25b70a01ef95","Check applicable AI ethics guidelines",{"id":1098,"color":9,"rangeValue":9,"label":1099,"slug":9,"description":9,"score":875,"nonApplicable":30,"tooltip":1100,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1101},"f8a9b2da-e1f1-4d4c-adcd-6a4ece65a8d4","Latin America (Brazil, Mexico, Chile)","Triggers:\n- Brazil LGPD\n- Brazil AI regulatory proposal",[1102],{"id":1103,"label":1104,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"eeb1120a-9ba7-41b5-8789-ed7f780e072a","Check emerging AI bills (Brazil PL 2338)",{"id":1106,"color":9,"rangeValue":9,"label":1107,"slug":9,"description":9,"score":875,"nonApplicable":30,"tooltip":1108,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1109},"12f530f1-cbe3-438c-b54f-92a676a0913e","Middle East (Israel, UAE, Saudi Arabia)","Triggers:\n- Israel AI Strategy\n- GCC national AI initiatives",[1110],{"id":1111,"label":1112,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"e1dbe6c2-e4de-4262-81dd-0280e3b9784a","Check local AI strategy requirements",{"id":1114,"color":9,"rangeValue":9,"label":1115,"slug":9,"description":9,"score":93,"nonApplicable":30,"tooltip":1116,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1117},"d555eee2-8657-4fe3-bd27-027f33709064","Africa","Triggers local emerging AI & privacy laws",[],{"id":1119,"color":9,"rangeValue":9,"label":1120,"slug":9,"description":9,"score":69,"nonApplicable":30,"tooltip":1121,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1122},"c90dd44f-df6d-47bf-a913-a3cea8eee0f1","Global deployment","Triggers:\n- OECD\n- ISO/IEC 42001\n- UNESCO",[1123],{"id":1124,"label":1125,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"616cb3cc-b5da-48b0-8df4-d8eefd68582f","Implement multi-jurisdiction AI compliance",{"id":1127,"slug":1128,"label":1129,"tooltipHtml":9,"descriptionHtml":1130,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":61,"typeIndex":62,"typeColor":9,"typeIcon":9,"typeText":63,"dynamicSelectType":9,"editableOptions":30,"complianceRules":1131,"displayConditions":9,"answers":1132,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"e164af90-6277-4707-9f89-f3be5878f977","9161976f-b708-4571-a2a2-f59d343db3e1","Q43 — Where are the data subjects located (users, employees, customers)?","\u003Cp>Laws usually protect the \u003Cem>individual\u003C/em>, not the server.\u003Cbr>Even if the processing is done elsewhere, the law applies if the user lives in the jurisdiction (e.g., PIPL, GDPR, CPRA).\u003C/p>",[],[1133,1141,1146,1151,1156,1161],{"id":1134,"color":9,"rangeValue":9,"label":1135,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":1136,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1137},"2d409402-82a3-4946-b6af-b5eeef5d5e19","EU residents","Triggers: GDPR; AI Act",[1138],{"id":1139,"label":1140,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"be25348d-ab15-4091-a05c-81d00c6da526","Check GDPR + AI Act compliance",{"id":1142,"color":9,"rangeValue":9,"label":1143,"slug":9,"description":9,"score":28,"nonApplicable":30,"tooltip":1144,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1145},"fc99343f-4849-4741-9d34-1cf5d9d14eb6","US residents","Triggers: CPRA ADMT; Colorado; state-level privacy laws",[],{"id":1147,"color":9,"rangeValue":9,"label":1148,"slug":9,"description":9,"score":36,"nonApplicable":30,"tooltip":1149,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1150},"ab7b05ce-c0b4-4c9b-9a76-5a712b1b1ab2","Chinese residents","Triggers: PIPL; China AI Regulations",[],{"id":1152,"color":9,"rangeValue":9,"label":1153,"slug":9,"description":9,"score":721,"nonApplicable":30,"tooltip":1154,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1155},"69ec9fa2-ad01-402f-89a2-714117088f59","Brazilian residents","Triggers: LGPD; Brazil AI Bill",[],{"id":1157,"color":9,"rangeValue":9,"label":1158,"slug":9,"description":9,"score":126,"nonApplicable":30,"tooltip":1159,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1160},"4eb7a7e4-4ba9-4432-a2f7-e4d0314beccf","APAC residents","Triggers: Singapore; Japan; Korea; India",[],{"id":1162,"color":9,"rangeValue":9,"label":1163,"slug":9,"description":9,"score":93,"nonApplicable":30,"tooltip":1164,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1165},"19bcb8ef-64f3-470b-a3af-d769bf6a2bab","Other regions","Triggers: OECD; ISO 42001",[],{"id":1167,"slug":1168,"label":1169,"tooltipHtml":9,"descriptionHtml":1170,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":1171,"displayConditions":9,"answers":1172,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"c048741b-509b-455b-b88d-4b5957a29f2a","ef4200db-ba4c-45af-b28e-bd4f34a1be5a","Q44 — Are infrastructure, cloud providers, or data centers located outside the country of operation?","\u003Cp>Even if AI processing occurs in-region, cloud-vendor infrastructure may create implicit cross-border transfers: GDPR Ch. V, PIPL Export Rules, LGPD, CPRA vendor requirements.\u003C/p>",[],[1173,1181],{"id":1174,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":28,"nonApplicable":30,"tooltip":1175,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1176},"647e727b-c794-448d-88db-77680a201d54","Regulatory triggers:\n- GDPR cross-border\n- PIPL data export\n- LGPD transfer rules\n- CPRA vendor restrictions",[1177],{"id":1178,"label":1179,"userId":9,"color":9,"description":1180,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"e2f3bb14-40d6-453f-842a-08ad9d9cf3de","Perform data transfer assessment (TIA/PIPL export)","\u003Cp>Identify data flow maps, providers, transfer mechanisms.\u003C/p>",{"id":1182,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":1183,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":1184},"b0ffb8e5-d9c8-46ab-8bdb-add2832d3fb2","Why attention:\nModern cloud deployments often involve distributed infrastructure even when not disclosed.",[],{"id":1186,"slug":1187,"label":1188,"tooltipHtml":9,"descriptionHtml":1189,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":27,"typeIndex":28,"typeColor":9,"typeIcon":9,"typeText":29,"dynamicSelectType":9,"editableOptions":30,"complianceRules":1190,"displayConditions":9,"answers":1191,"listQuestions":9,"required":30,"requiredJustification":30,"suggestTask":30,"riskEnabled":50,"native":30},"44433716-fdc4-47f9-b0c5-c707848f02e3","13747852-ed44-4e48-8dbc-1eac20f6bb69","Q45 — Will the decisions or outputs of the AI system affect individuals located in foreign jurisdictions?","\u003Cp>AI regulations apply whenever users in the jurisdiction are affected, regardless of where the AI system is hosted or developed (AI Act Art. 2, CPRA extraterritoriality, PIPL extraterritorial effect).\u003C/p>",[],[1192,1199],{"id":1193,"color":9,"rangeValue":9,"label":35,"slug":9,"description":9,"score":62,"nonApplicable":30,"tooltip":1194,"goodAnswer":30,"redFlag":30,"impact":9,"probability":9,"taskSuggestions":1195},"c3751263-d5d1-4f84-97c6-2dee0cedfed8","Regulatory triggers:\n- EU AI Act\n- CPRA\n- Colorado\n- PIPL\n- OECD\n- ISO 42001",[1196],{"id":1197,"label":1198,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"61f1a568-82c0-4534-86b1-695e536d7096","Map cross-border impact scenarios",{"id":1200,"color":9,"rangeValue":9,"label":48,"slug":9,"description":9,"score":11,"nonApplicable":30,"tooltip":1201,"goodAnswer":30,"redFlag":50,"impact":9,"probability":9,"taskSuggestions":1202},"65bcca9d-a07a-49bc-a25f-184e26bc08c9","Why attention:\nOutputs may be shared downstream or reused by other regions unexpectedly.",[1203],{"id":1204,"label":1205,"userId":9,"color":9,"description":84,"priority":43,"priorityIndex":44,"priorityColor":45,"priorityIcon":9,"priorityText":43},"eddc4b50-2b9a-46e8-868c-0f654a3ccee1","Validate downstream data flows",[],[1208,1230,1269,1286,1299,1333,1346,1359,1384,1400,1416,1432,1445,1458,1471],{"id":1209,"label":1210,"variant":1211,"variantIndex":11,"variantColor":1212,"variantIcon":1213,"variantText":1214,"contentHtml":1215,"displayConditions":1216},"410a6783-ef3a-4833-b836-e57f12c078e9","EU AI Act Applicability","Info","#1E8EE1","icon-alert-circle","Information","\u003Cp>Your system qualifies as an AI system under the EU AI Act. Risk category assessment is required to determine obligations.\u003C/p>",{"id":1217,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1220},"6d2ed71a-274c-4e45-a942-b8be1181f020","Or","equal",[1221,1224,1227],{"id":1222,"separator":9,"field":23,"operator":1219,"value":34,"rules":1223},"af7ae496-b127-44a5-a75d-25bd75b11a0f",[],{"id":1225,"separator":9,"field":197,"operator":1219,"value":204,"rules":1226},"85838b1c-8fce-4ccd-a5ce-f6a7b2e742f1",[],{"id":1228,"separator":9,"field":218,"operator":1219,"value":225,"rules":1229},"caf16333-fa5b-40d3-bdcf-9e9b0f375881",[],{"id":1231,"label":1232,"variant":1233,"variantIndex":93,"variantColor":1234,"variantIcon":1235,"variantText":1233,"contentHtml":1236,"displayConditions":1237},"9e2e1701-dbdc-4318-814b-08aca4794211","EU AI ACT — High-Risk Classification","Danger","#DC3545","icon-alert-triangle","\u003Cp>Your system is classified as High-Risk under Annex III of the EU AI Act. Full compliance with documentation, testing, human oversight, logging, and post-market monitoring is required.\u003C/p>",{"id":1238,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1239},"709b5246-5ed3-4fdd-aa31-dfc0bc9ffe3b",[1240],{"id":1241,"separator":1242,"field":9,"operator":1219,"value":9,"rules":1243},"b41d10b7-f73f-41c2-ac07-c46ded226dc8","And",[1244,1248,1251],{"id":1245,"separator":9,"field":97,"operator":1246,"value":104,"rules":1247},"435c4df8-cb7a-4d2d-ae7d-e452679243f4","contains",[],{"id":1249,"separator":9,"field":308,"operator":1219,"value":315,"rules":1250},"c873fe38-3387-45ba-94b8-900ee2ee56f1",[],{"id":1252,"separator":1242,"field":9,"operator":1219,"value":9,"rules":1253},"43dcdd02-ebf3-4a49-906b-ebad3980b81d",[1254,1257,1260],{"id":1255,"separator":9,"field":97,"operator":1246,"value":114,"rules":1256},"ca53d54d-be82-4b1b-bebc-39fe29d0cd06",[],{"id":1258,"separator":9,"field":496,"operator":1219,"value":503,"rules":1259},"199c805a-073a-4d63-af7b-2f2c1d720642",[],{"id":1261,"separator":1242,"field":9,"operator":1219,"value":9,"rules":1262},"73fd299d-30b7-45fb-bead-917bc1e2eb9d",[1263,1266],{"id":1264,"separator":9,"field":331,"operator":1219,"value":338,"rules":1265},"bbe214ea-b4ac-45a4-b33a-b8eb2c0ff4bb",[],{"id":1267,"separator":9,"field":218,"operator":1219,"value":225,"rules":1268},"44760bb7-ac92-4df6-8372-b2925ea9b9d5",[],{"id":1270,"label":1271,"variant":1272,"variantIndex":44,"variantColor":45,"variantIcon":1213,"variantText":1272,"contentHtml":1273,"displayConditions":1274},"89e62f37-7401-4a2e-b582-079d6c6491d8","GPAI / Foundation Model Requirements","Warning","\u003Cp>Your system uses a Foundation Model or LLM. General-purpose AI obligations apply under the EU AI Act, including documentation, dataset transparency, evaluation reports, and risk mitigation requirements.\u003C/p>",{"id":1275,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1276},"9c097228-1010-4a41-9a4c-3c996e195376",[1277,1280,1283],{"id":1278,"separator":9,"field":57,"operator":1246,"value":67,"rules":1279},"bb48dcca-06d2-40bd-a52f-e7d2ddde66c9",[],{"id":1281,"separator":9,"field":57,"operator":1246,"value":77,"rules":1282},"006338cd-ef0e-41f8-8c73-50d68b688fc7",[],{"id":1284,"separator":9,"field":57,"operator":1246,"value":86,"rules":1285},"eaca168f-5b1a-4874-9986-87feb37126a1",[],{"id":1287,"label":1288,"variant":1211,"variantIndex":11,"variantColor":1212,"variantIcon":1213,"variantText":1214,"contentHtml":1289,"displayConditions":1290},"89a04dff-0700-48ff-a599-9ccd11c9bc91","CPRA (California) Automated Decision-Making Technology (ADMT) Applicability","\u003Cp>Your system qualifies as an Automated Decision-Making Technology under CPRA. You must provide notices, opt-out mechanisms, impact assessments, and explainability.\u003C/p>",{"id":1291,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1292},"6d505754-664c-42ab-ba92-c84ec049fc15",[1293,1296],{"id":1294,"separator":9,"field":308,"operator":1219,"value":315,"rules":1295},"82a84348-bbdc-4a78-aa19-0c6f942d7399",[],{"id":1297,"separator":9,"field":197,"operator":1219,"value":204,"rules":1298},"b9fed2fd-9d18-4deb-b3eb-4b105141baf8",[],{"id":1300,"label":1301,"variant":1272,"variantIndex":44,"variantColor":45,"variantIcon":1213,"variantText":1272,"contentHtml":1302,"displayConditions":1303},"15cd75f6-6e0d-43e0-856b-c80bbc3721e3","Colorado AI Act — High-Risk AI System","\u003Cp>Your system is considered High-Risk under the Colorado AI Act. An Algorithmic Impact Assessment is required.\u003C/p>",{"id":1304,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1305},"42572e23-e099-4cad-9f60-8bc0a3568f40",[1306,1315],{"id":1307,"separator":1242,"field":9,"operator":1219,"value":9,"rules":1308},"1a35a0b9-e760-4e01-ab4f-38a5ffb304db",[1309,1312],{"id":1310,"separator":9,"field":197,"operator":1219,"value":204,"rules":1311},"fc260d31-4d69-402b-8e2f-15532601f483",[],{"id":1313,"separator":9,"field":604,"operator":1246,"value":611,"rules":1314},"c751bbd4-cb12-470d-81b9-0d675390bcac",[],{"id":1316,"separator":1242,"field":9,"operator":1219,"value":9,"rules":1317},"f73ddd44-0677-41ff-89e4-322d793019ba",[1318,1321],{"id":1319,"separator":9,"field":308,"operator":1219,"value":315,"rules":1320},"c3fbf407-63f5-4651-90f6-07cfaf5479d4",[],{"id":1322,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1323},"f3d84bde-a45e-422e-8afc-bd0f45097ff1",[1324,1327,1330],{"id":1325,"separator":9,"field":97,"operator":1246,"value":104,"rules":1326},"60da39c6-ee0d-4b0c-8969-9cd93d45622f",[],{"id":1328,"separator":9,"field":97,"operator":1246,"value":114,"rules":1329},"6c6be4e8-5d9b-4b8c-926b-c8878c4a2597",[],{"id":1331,"separator":9,"field":97,"operator":1246,"value":109,"rules":1332},"00768110-75c5-4413-a401-727af27d68fd",[],{"id":1334,"label":1335,"variant":1272,"variantIndex":44,"variantColor":45,"variantIcon":1213,"variantText":1272,"contentHtml":1336,"displayConditions":1337},"8e6474f7-eb0c-4a1f-bd78-a3ba563623bc","China Algorithmic Recommendation Compliance Regulation (2022)","\u003Cp>Your system triggers China’s Algorithmic Recommendation Regulation. Algorithm filing, transparency, user control, and content management obligations apply.\u003C/p>",{"id":1338,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1339},"097e4509-b0a4-489c-a224-eacc32455cb3",[1340,1343],{"id":1341,"separator":9,"field":556,"operator":1219,"value":563,"rules":1342},"9cd9ab8f-9860-4dc9-aea1-eeb9aa7ae41a",[],{"id":1344,"separator":9,"field":97,"operator":1246,"value":124,"rules":1345},"1ce667e6-c269-41b4-b858-6167e1ceee56",[],{"id":1347,"label":1348,"variant":1233,"variantIndex":93,"variantColor":1234,"variantIcon":1235,"variantText":1233,"contentHtml":1349,"displayConditions":1350},"76f5f2f8-575f-4d60-9c0c-d8fe0369149a","China Generative AI Measures (2023)","\u003Cp>Your system is subject to China’s Generative AI Measures. Security assessments, dataset documentation, and content moderation obligations apply.\u003C/p>",{"id":1351,"separator":1242,"field":9,"operator":1219,"value":9,"rules":1352},"74ab3d30-23a5-48ed-bad3-a59d68cd4454",[1353,1356],{"id":1354,"separator":9,"field":57,"operator":1246,"value":67,"rules":1355},"3be71dd7-733c-41a9-a0d1-be59a3d1fd2c",[],{"id":1357,"separator":9,"field":589,"operator":1219,"value":596,"rules":1358},"b94a4ed2-3ae1-4a3a-a09b-62723e70e300",[],{"id":1360,"label":1361,"variant":1211,"variantIndex":11,"variantColor":1212,"variantIcon":1213,"variantText":1214,"contentHtml":1362,"displayConditions":1363},"2e45ac4b-7b19-4302-b516-6d2dadc51b10","China PIPL Applicability","\u003Cp>Your system processes personal data of individuals located in China. PIPL obligations apply for consent, minimization, data export, and security assessments.\u003C/p>",{"id":1364,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1365},"2e2e096d-e2aa-4095-bae3-97d90e86763d",[1366,1375],{"id":1367,"separator":1242,"field":9,"operator":1219,"value":9,"rules":1368},"c8f8268e-a2f1-41b9-ad8a-32c9670a7591",[1369,1372],{"id":1370,"separator":9,"field":262,"operator":1219,"value":269,"rules":1371},"ecad3851-18a7-48ad-b9aa-23b479af037d",[],{"id":1373,"separator":9,"field":1059,"operator":1246,"value":1082,"rules":1374},"0c0506e9-7e8a-40f0-a30e-2a506ebc87f1",[],{"id":1376,"separator":1242,"field":9,"operator":1219,"value":9,"rules":1377},"79987656-253c-4883-82bb-4fd24300c03a",[1378,1381],{"id":1379,"separator":9,"field":262,"operator":1219,"value":269,"rules":1380},"90d4c7c2-2045-4352-9ef2-796bb6c77f3d",[],{"id":1382,"separator":9,"field":1127,"operator":1246,"value":1147,"rules":1383},"ea798c75-e73a-43f7-992a-19ba2cac2fa8",[],{"id":1385,"label":1386,"variant":1272,"variantIndex":44,"variantColor":45,"variantIcon":1213,"variantText":1272,"contentHtml":1387,"displayConditions":1388},"c78f7c22-3ee1-419f-9eb2-61f632beb9f8","ISO/IEC 42001 — AI Management System Recommended","\u003Cp>Your AI governance maturity does not meet ISO/IEC 42001 expectations. Implementing an AI Management System (AIMS) is recommended.\u003C/p>",{"id":1389,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1390},"0d6b80cf-626c-44af-98a1-b4a2dc18209b",[1391,1394,1397],{"id":1392,"separator":9,"field":830,"operator":1219,"value":852,"rules":1393},"70b318ef-5cf5-44bd-adfd-2dcd1c980b8b",[],{"id":1395,"separator":9,"field":915,"operator":1219,"value":936,"rules":1396},"d9deac86-c8e0-494b-a7b4-2139c3cfcf7c",[],{"id":1398,"separator":9,"field":971,"operator":1219,"value":991,"rules":1399},"e9696a79-50f6-49ea-8af7-3398b140c8b6",[],{"id":1401,"label":1402,"variant":1211,"variantIndex":11,"variantColor":1212,"variantIcon":1213,"variantText":1214,"contentHtml":1403,"displayConditions":1404},"776ee788-7bbb-4c42-a365-45da436b9c75","NIST AI RMF Alignment Needed","\u003Cp>Your system lacks some essential components of the NIST AI RMF. A structured approach to risk identification, measurement, and management is recommended.\u003C/p>",{"id":1405,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1406},"b75e14b9-4f18-4208-a11f-b5cbd63e6df8",[1407,1410,1413],{"id":1408,"separator":9,"field":351,"operator":1219,"value":366,"rules":1409},"f71edd37-37f3-4830-b5e0-a8befe8dea93",[],{"id":1411,"separator":9,"field":859,"operator":1219,"value":881,"rules":1412},"ee230182-9e16-4d2a-8c18-03306269990d",[],{"id":1414,"separator":9,"field":943,"operator":1219,"value":964,"rules":1415},"6930df79-2266-48f8-8b01-1c79faff759f",[],{"id":1417,"label":1418,"variant":1211,"variantIndex":11,"variantColor":1212,"variantIcon":1213,"variantText":1214,"contentHtml":1419,"displayConditions":1420},"57e3350f-94ac-49d0-b8e1-c4144f1d1438","OECD AI Principles Apply","\u003Cp>Your system impacts fairness, rights, transparency, or vulnerable individuals. OECD AI Principles apply.\u003C/p>",{"id":1421,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1422},"8d83e49c-189b-4d91-aa6e-4d0c9f5e3d0f",[1423,1426,1429],{"id":1424,"separator":9,"field":308,"operator":1219,"value":315,"rules":1425},"a447c0a1-e933-466b-9600-3491a9012d68",[],{"id":1427,"separator":9,"field":168,"operator":1246,"value":185,"rules":1428},"7d075985-aa7d-46b6-b8c1-aaa78ce72fa6",[],{"id":1430,"separator":9,"field":604,"operator":1246,"value":611,"rules":1431},"7304aaea-bc42-4da5-9f62-9c41f19b2357",[],{"id":1433,"label":1434,"variant":1272,"variantIndex":44,"variantColor":45,"variantIcon":1213,"variantText":1272,"contentHtml":1435,"displayConditions":1436},"b09e23db-8c23-4291-8942-669e2371992b","Ethical AI Safeguards Required","\u003Cp>Your system lacks required ethical safeguards such as transparency or oversight according to UNESCO and Singapore AI ethical frameworks.\u003C/p>",{"id":1437,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1438},"10e3213a-7fbf-40b1-acd0-b1c81572b1b5",[1439,1442],{"id":1440,"separator":9,"field":660,"operator":1219,"value":675,"rules":1441},"9c7de7b7-6c4e-400e-8f92-f96e1a584cb2",[],{"id":1443,"separator":9,"field":706,"operator":1219,"value":728,"rules":1444},"be7db0cd-7d2f-45c3-992f-facfbd53032c",[],{"id":1446,"label":1447,"variant":1272,"variantIndex":44,"variantColor":45,"variantIcon":1213,"variantText":1272,"contentHtml":1448,"displayConditions":1449},"c6dda1ee-7c5e-40df-bcfc-4766a7a77540","Brazil AI & Privacy Obligations (PL 2338 / LGPD)","\u003Cp>Your system operates in Brazil or involves Brazilian residents. LGPD and Brazil’s emerging AI regulations apply.\u003C/p>",{"id":1450,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1451},"fb1ce7db-f968-4336-b88d-133c01f8180d",[1452,1455],{"id":1453,"separator":9,"field":1059,"operator":1246,"value":1098,"rules":1454},"dc83959d-97c5-4c2e-ad08-13dd879b0487",[],{"id":1456,"separator":9,"field":1127,"operator":1246,"value":1152,"rules":1457},"8117191d-4e7e-4957-928c-644533e85001",[],{"id":1459,"label":1460,"variant":1211,"variantIndex":11,"variantColor":1212,"variantIcon":1213,"variantText":1214,"contentHtml":1461,"displayConditions":1462},"1e6adaba-0f68-4f42-91ef-4391afa876a9","Global Privacy Obligations - GDPR / LGPD / CPRA / PIPL — Privacy Impact Required","\u003Cp>Your system processes personal or sensitive data. Privacy requirements from GDPR, LGPD, CPRA, Colorado, and PIPL apply.\u003C/p>",{"id":1463,"separator":1218,"field":9,"operator":1219,"value":9,"rules":1464},"cd1134da-9e88-4f1c-9583-17b0ca7496d0",[1465,1468],{"id":1466,"separator":9,"field":262,"operator":1219,"value":269,"rules":1467},"db41a5d0-3f56-4d85-a150-f0fbd43fc62d",[],{"id":1469,"separator":9,"field":285,"operator":1219,"value":292,"rules":1470},"8843d63b-c9f4-47fd-8d6b-7a52dbce9cf3",[],{"id":1472,"label":1473,"variant":1233,"variantIndex":93,"variantColor":1234,"variantIcon":1235,"variantText":1233,"contentHtml":1474,"displayConditions":1475},"b2959564-4431-45c0-8fe5-ef28d09d24d7","Global High-Risk AI Exposure — Multi-Jurisdiction Exposure","\u003Cp>Your system meets high-risk criteria across multiple jurisdictions. Comprehensive multi-framework compliance is required.\u003C/p>",{"id":1476,"separator":1242,"field":9,"operator":1219,"value":9,"rules":1477},"08bdfd2b-2ce9-461f-ac9e-75e066f163e2",[1478,1482,1485,1488,1491,1494],{"id":1479,"separator":9,"field":97,"operator":1480,"value":130,"rules":1481},"aafab701-63bf-4288-94bc-156f4cc35698","notEqual",[],{"id":1483,"separator":9,"field":308,"operator":1219,"value":315,"rules":1484},"f373c57c-a911-4591-a107-8b9ad4e3a92f",[],{"id":1486,"separator":9,"field":331,"operator":1219,"value":338,"rules":1487},"cb50a2a4-9abb-4ed2-8b2b-fcc3a38acd5d",[],{"id":1489,"separator":9,"field":604,"operator":1219,"value":611,"rules":1490},"825c6977-98be-4c78-a03c-92e7db42cff2",[],{"id":1492,"separator":9,"field":629,"operator":1219,"value":649,"rules":1493},"951b7f7c-80f0-42df-9b28-a40bc82bc1de",[],{"id":1495,"separator":9,"field":660,"operator":1219,"value":675,"rules":1496},"0b95fd2e-6463-4ace-90a0-ffd20b424dab",[],"af0d4dcd-2f0a-47be-7337-08de2357ae70","1.0","Global AI Regulatory Eligibility Questionnaire","DA3kI7uDOzZhahDvOQlDANRiAzDgI0vFXqjjYm3HP6EFumrgvaiKMdAdBCtm","https://static.dastra.eu/tenant-3/audit/njRKyxPlWbjfq0/icon-audit500x-150-150.png","This assessment identifies the regulatory applicability, risk classification, and compliance obligations arising from global AI frameworks",1,"2025-11-17T14:37:56.4126455","2025-12-01T14:31:21.8161504","Standard",{"id":1508,"displayName":1509,"familyName":1510,"givenName":1511,"email":1512,"active":50,"color":1513,"avatarUrl":1514,"tenantId":11},38,"Paul-Emmanuel Bidault","Bidault","Paul-Emmanuel","paulemmanuel.bidault@dastra.eu","#FA4115","https://static.dastra.eu/tenant-27/avatar/38/paul-emmanuel-bidault-150.jpg",[1516],{"id":1508,"displayName":1509,"familyName":1510,"givenName":1511,"email":1512,"active":50,"color":1513,"avatarUrl":1514,"tenantId":11},[1518],{"id":1519,"label":1520,"type":1521,"typeIndex":1522,"typeColor":1523,"typeIcon":1524,"typeText":1525,"color":1526},"8522aba8-44be-49ba-92d6-c83a9655d2ce","AI","AuditTemplate",9,"#83d162","ds-icon-audit","Questionnaire template","#5AADAA",45]