Governance Overview

Real-time cluster-based AI governance · every block, flag, and review logged immutably · 0-3ms p50

Today's Hiring
Decisions
📊
52,341
↑ 8.4% vs. 7-day avg
Decisions
Blocked / Flagged
🛑
4.2%
↓ 0.7% vs. last week
Awaiting
Your Review
👤
12
LIVE  1 nearing deadline
Hallucination
Vulnerability
⚠️
23.4/100
7-day rolling · UK ×1.3
Bias
Index
⚖️
42.8/100
7-day rolling · UK ×1.7
Compliance
Score
🏆
96.8%
↑ 1.2% this quarter
⚠️
Decisions Awaiting Your Review Compliance
9 pending reviews · 8 active semantic clusters · avg response 1h 23m
🏆
EU AI Act — Article Coverage
Live scoring on production traffic · Regulation (EU) 2024/1689
Last assessed 14 minutes ago · next refresh in 46m Composite: 96.8 / 100
Top Triggered Codes · Last 30d
Codes resolved across 8 active semantic clusters
2,156 interventions / 51,234 inferences 4.2% rate
⚠️
All Pending Reviews 12 pending
Human review queue · SLA monitored · EU AI Act Art. 14
#
Audit Ledger IMMUTABLE · HASH-CHAINED
1,842,034 entries · Merkle root verified 2h ago · Article 12 + 22
Seq Time Initiator Decision Cluster Codes Triggered Excerpt Hash
Showing 8 of 1,842,034 · Chain integrity verified
🏆
EU AI Act — Article Coverage
Regulation (EU) 2024/1689 · live scoring on production traffic
Last assessed 14 minutes ago · next refresh in 46m Composite: 96.8 / 100
Top Triggered Codes · Last 30d
Codes resolved across 8 active semantic clusters
2,156 interventions / 51,234 inferences 4.2% rate
🛡️
Automation Boundaries & Limits
Article 14 · custom deployer risk weight thresholds
Auto-blocks prompt if harm weight exceeds this
Auto-blocks prompt if bias weight exceeds this
Enqueues to review queue if harm exceeds this
Enqueues to review queue if bias exceeds this
Permissions required: tenant:write
📊
Policy Drift & Snapshots
Article 3(23) · active version control & metric shifts
Behavioral Drift Alarm
Last 24 hours vs. 7-day baseline (30% max limit)
Loading...
No snapshots recorded this session
EU AI Act Compliance & E2E Validation Docs
Official Mapping of the DBC Governance Layer to Regulation (EU) 2024/1689
AUDIT COMPLIANT
Under the **European Union Artificial Intelligence Act (EU AI Act)**, AI systems used in **employment, worker management, and access to self-employment** (specifically for recruitment, resume parsing, candidate evaluation, shortlisting, and task allocation) are classified as **High-Risk AI Systems** (Annex III, point 4). High-risk systems are subject to strict regulatory requirements. The dbc-hr-api has implemented autonomous safeguards across its database schema, middleware, and sovereign pre-processing engine to satisfy these obligations.
Regulatory Compliance Mapping Matrix
Core high-risk AI system controls mapped to the active DBC technical architecture
Article EU AI Act Requirement DBC Platform Safeguard Technical Components / Database Status
Article 9 Risk Management System
Establish continuous risk estimation, identification, and mitigation process. 		Stateless preprocessing sovereign engine checks logic against 150 HR & 150 safety rules. src/governance/engine.ts ACTIVE (PASS)
Article 10 Data & Data Governance
Ensure data minimization, privacy controls, and bias detection/mitigation. 		Bidirectional PII Gateway tokenizes names, emails, phones, IBANs, and credit cards on ingress. src/governance/pii-gateway/
Table: pii_events		 SANITISED (PASS)
Article 11 Technical Documentation
Compile detailed technical specs and dynamic compliance verification. 		E2E compliance integration test harness runs continuous verification suite. scripts/e2e-eu-ai-act.ts
Output: eu_ai_act_mapping.md		 VERIFIED (PASS)
Article 12 Record-Keeping
Enable automatic, lifetime event logging and decision audit trails. 		Chained SHA-256 ledger block chain prevents log modification. Superadmin access blocked via forced RLS. src/services/audit-store.ts
Table: audit_ledger (RLS active)		 LEDGER SECURED (PASS)
Article 13 Transparency to Users
Operate transparently to enable interpretation of decisions & limitations. 		System prompt injections automatically append flagged rule descriptions to downstream LLMs. src/index.ts
Payload: system_prompt_injection		 TRANSPARENT (PASS)
Article 14 Human Oversight
Enable natural persons to oversee, review, and override AI decisions. 		Flagged queries are enqueued automatically into the append-only HITL review queue. src/services/hitl-store.ts
Table: hitl_queue		 ENQUEUED (PASS)
Article 15 Robustness & Cyber Security
Achieve cybersecurity controls, resilient to prompt injections and jailbreaks. 		Adversarial rules block malicious jailbreak inputs. HMAC_SECRET check enforced on server boot. src/api/middleware/auth.ts
Rate limiting middleware active		 SECURED (PASS)
Risk Management, Data, & Logging (Art. 9, 10, 11, 12)
Technical implementation details for core system controls

Article 9 (Risk Management):
The rules engine runs in pre-check mode, scoring every query's potential for bias and hallucination vulnerability before downstream API delivery. Thresholds automatically block high-risk queries.

Article 10 (Data Governance & Privacy):
The 3-stage PII Gateway enforces state-of-the-art privacy by sanitising prompt inputs. Ingress names, emails, addresses, phones, credit cards, and bank credentials are tokenized into session-vault tokens (e.g. [NAME_a1b2c3d4]). Plaintext sensitive data is never saved to the database. Raw values are safely restored on egress before client delivery.

Article 12 (Immutable Record-Keeping):
Every transaction is logged to audit_ledger. Every entry contains a SHA-256 cryptographically chained hash computed over current row data and the previous row's hash. Postgres Row-Level Security (RLS) is forced, making the ledger append-only and immune to update/delete operations even by superadmins.

Transparency, Oversight, & Security (Art. 13, 14, 15)
Technical specifications for downstream safety

Article 13 (Downstream Transparency):
When compliance guidelines (like culture-fit bias or wage equity rules) are triggered, the engine dynamically injects transparency payloads (system_prompt_injection). This payload forces the LLM to provide clear inline citations (e.g., 🛡️ AI-DBC-006) for its decisions.

Article 14 (Human Oversight & HITL):
Flagged decisions automatically register a record with a unique identifier in the Human-in-the-loop (HITL) review queue. Reviewers can approve, reject, or escalate items directly in the queue widget.

Article 15 (Cybersecurity & Robustness):
Adversarial prompt injection rules block malicious inputs from bypassing system rules, defending downstream integrations from jailbreaks and unauthorized alterations. Server boots fail immediately unless a valid HMAC_SECRET is configured, protecting credentials.

📄
Reports
Monthly PDF exports, SOC 2 bundles, and custom date-range compliance reports.
🧪
Prompt Sandbox
Test any prompt through the live cluster engine · single-stage regex matching · ~1-3ms
Regression Suite
12 canonical test cases · validated against ported engine · 12/12 expected
📚
DBC Code Library
150 HR + 300 MDBC codes · grouped by semantic cluster · all 450 loaded
450 of 450 shown
450 total codes · 450 tested · 0 not yet covered 100% test coverage
🏢
Active Tenants
6 tenants · 2.5M calls this month · 4 on Enterprise
TenantPlanDomainCalls (30d)KeysStatusLast ActiveActions
6 tenants · sorted by call volume 2,549,100 calls this month
💚
System Health
All services operational · last checked 23s ago
ALL SYSTEMS GO
API Server
Operational
99.97% uptime · 82ms avg · us-east1 + eu-west2
PostgreSQL
Operational
99.99% uptime · 3ms query avg · Cloud SQL
Redis Cache
Operational
100% uptime · 0.4ms · 94% hit rate
Regex Engine
Operational
99.99% uptime · 0.8ms avg · 150 HR + 300 MDBC patterns loaded
Cluster Resolver
Operational
99.99% uptime · 0.2ms avg · 8 active clusters
HITL LLM Analysis
On-Demand Only
Haiku · 812ms · fires only when reviewer escalates · £0.30/mo
Audit Chain
Verified
1,842,034 entries · hash intact · 2h ago
Cron Jobs
All Running
chain-verify ✓ · bias-audit ✓ · key-rotate ✓
GCS / Storage
Operational
Exports healthy · 99.99% SLA · eu-west2
Recent Alerts
WARN
LLM fallback rate limit hit · 3 requests queued
14:22:05 · Haiku tier · auto-retry succeeded · no SLA breach
INFO
Audit chain verification completed successfully
12:04:11 · 1,842,034 entries verified · Merkle root unchanged
INFO
Tenant Hays plc API key rotation reminder sent
09:00:00 · Key age 87d · reminder threshold 90d
Make it Better
Report leakages, false positives, wrong codes, or missing rules
🚫
False Positive
Engine blocked a safe, legitimate prompt
⚠️
False Negative
Engine missed a harmful or non-compliant prompt
🏷️
Wrong Code
A DBC code was incorrectly assigned to the prompt
🔍
Missing Rule
A governance rule you expected doesn't exist yet
Your Submitted Feedback
ID Type Severity Status Summary Reporter Submitted
Loading…
Feedback Inbox
All client-reported issues across all tenants · review and triage
Loading…
All Feedback
ID Type Severity Status Summary Reporter Action Date
Loading…