| Article | Requirement | ETHRAEON Control | Status |
|---|---|---|---|
| Art. 9 | Risk Management System | CDASA 6-dim scoring + mutation gate thresholds | MET |
| Art. 10 | Data Governance | DELTASUM canonical hashes, PROMOTION_ONLY policy | MET |
| Art. 11 | Technical Documentation | CONSTITUTION.md, MANIFEST.yaml, the systems manifest | MET |
| Art. 12 | Record Keeping | Evidence Graph (EDG), DIRECTIVE_LEDGER, events.jsonl | MET |
| Art. 13 | Transparency | Trust snapshot, assurance.html, architecture diagram | MET |
| Art. 14 | Human Oversight | Sovereign authority (CEO) hierarchy, CANON_MUTATION requires manual approval | MET |
| Art. 15 | Accuracy, Robustness, Cybersecurity | 27 SSA tests, sovereign mode, tamper detection, SBOM | MET |
| Art. 17 | Quality Management System | deterministic governance, validate_canon_pack.js, full_estate_validate.sh | MET |
| Art. 52 | Transparency for AI interaction | All AI agents declared in AGENT.md, evidence-mandatory | MET |
| Art. 72 | Post-market monitoring | Nightly chron, monitoring dashboard, health.json | MET |
| Clause | Requirement | ETHRAEON Control | Status |
|---|---|---|---|
| 4.1 | Context of the Organization | CONSTITUTION.md defines organizational purpose and AI principles | MET |
| 5.1 | Leadership & Commitment | Founder authority (Founder), Founder's Law, immutable governance docs | MET |
| 5.2 | AI Policy | deterministic governance policy, PROMOTION_ONLY, FAIL-CLOSED | MET |
| 6.1 | Risk Assessment | CDASA scoring dimensions: regulatory, ethical, IP, temporal, sovereign | MET |
| 7.2 | Competence | Authority level matrix (CEO sovereign through AC-4 contributor), CODEOWNERS | MET |
| 7.5 | Documented Information | 420+ evidence directives, SHA-256 receipts, DIRECTIVE_LEDGER | MET |
| 8.1 | Operational Planning & Control | Deployment scripts, CI pipelines, estate validation harness | MET |
| 8.4 | AI System Impact Assessment | CDASA mutation gate, canon threshold enforcement | MET |
| 9.1 | Monitoring & Measurement | status.html, health.json, metering pipeline, nightly chron | MET |
| 10.1 | Continual Improvement | Directive wave system, promotion-only expansion | MET |
| Function | Category | ETHRAEON Control | Status |
|---|---|---|---|
| GOVERN | 1.1 Legal & regulatory compliance | Entity tracker, compliance mapping, AI Act alignment | MET |
| GOVERN | 1.3 Organizational AI policies | CONSTITUTION.md, PROMOTION_ONLY, deterministic governance | MET |
| MAP | 2.1 Context of use documented | the systems manifest, system registry, architecture diagrams | MET |
| MAP | 2.3 Scientific integrity | Canonical hashes, evidence trails, peer-review ready artifacts | MET |
| MEASURE | 3.1 Appropriate metrics used | 6-dimension scoring, threshold constants, classification bands | MET |
| MEASURE | 3.3 Tracked, documented, auditable | EDG nodes, evidence directives, trust snapshots | MET |
| MANAGE | 4.1 Risk prioritized & managed | Mutation gate thresholds, canon candidate escalation | MET |
| MANAGE | 4.2 Actionable plans maintained | OPERATIONS_RUNBOOK.md, key rotation playbook, deploy scripts | MET |
| Criteria | Principle | ETHRAEON Control | Status |
|---|---|---|---|
| CC6.1 | Security | SECURITY.md, CODEOWNERS, branch protection, key rotation, sovereign mode | MET |
| CC7.2 | Availability | Health monitoring, status page, deploy bundle validation, CF Pages | MET |
| CC8.1 | Processing Integrity | DELTASUM hashes, canon pack validation, estate validation harness | MET |
| PI1.3 | Processing Integrity | CDASA mutation gate - no unscored data enters canon | MET |
| ETHRAEON System | Frameworks Addressed |
|---|---|
| CONSTITUTION.md | EU AI ActISO 42001NIST RMF |
| CDASA Scoring | EU AI ActISO 42001NIST RMF |
| DELTASUM Hashes | EU AI ActSOC 2 |
| Evidence Graph | EU AI ActISO 42001NIST RMFSOC 2 |
| Sovereign Mode | EU AI ActSOC 2 |
| Mutation Gate | ISO 42001NIST RMFSOC 2 |
| Key Rotation | SOC 2 |
| SBOM | EU AI ActSOC 2 |
Every AI company implicitly makes these when shipping. ETHRAEON makes them explicit.
Durability under cost volatility. Token prices are structurally underpriced. Only infrastructure owners survive margin compression.
Accountability for output at scale. Every agent action emits evidence. Immutable audit trails. Cryptographic proof of compliance.
EU AI Act, NIST RMF, ISO 42001. Compliance cost curve steepening. Governance architecture addresses all three commitments natively.