Regulatory Compliance

Compliance & Security

Built for auditors, not against them. Every architectural decision was made with regulatory conformity in mind — not retrofitted after the fact.

Compliance-Ansatz

Compliance by Design — Not by Checklist

AIMOS meets data protection and security requirements not through retrofitting, but through architectural decisions. Three design principles permeate the entire system:

Daten bleiben lokal

All processing on your server. Not a single byte leaves your network — unless you explicitly allow it.

Mensch entscheidet

The agent prepares, the human approves. No automatic sending, no automatic booking.

Alles protokolliert

Complete audit trail: who requested what and when, which tool was used, what response was received.

EU-Datenschutz

DSGVO / GDPR

AIMOS fulfills the GDPR not through retrofitting, but through architectural decisions — Privacy by Design.

Art. 25 — Data Protection by Design

  • Data processing locally by default (SovereignNode)
  • PII Vault anonymizes before any external transmission
  • No cloud service in the default configuration
  • Data minimization: only relevant context data in the LLM prompt

Art. 32 — Security of Processing

  • Encryption: PostgreSQL SSL, SQLite on-disk
  • Access control through Execution Rings (3 levels)
  • Complete audit trail of all processing operations
  • Session-bound PII mappings (no persistent PII storage)

EU AI Act

EU AI Regulation

Risk Classification · Transparency · Human Oversight · Documentation

In effect from August 2026

EU Regulation

EU AI Act

The EU AI Regulation (EU) 2024/1689 is taking effect in stages and applies to every company that deploys AI systems. AIMOS is architecturally designed for compliance — not retrofitted after the fact.

Risk Classification: Limited Risk

AIMOS agents are assistive systems with human oversight (human-in-the-loop). No autonomous decisions about individuals, no biometric surveillance, no social scoring functions. This places them in the "limited risk" category — not "high-risk."

Transparency Obligation: Fulfilled

Art. 50: Users must know they are interacting with an AI. Every AIMOS agent identifies itself as an AI assistant in its system prompt. All actions are traceable in the audit trail.

Human Oversight: Architecturally Enforced

Art. 14: Execution Rings ensure that no agent independently performs critical actions. Bookings, emails, and orders are presented as drafts — the human decides.

Technical Documentation: Complete

Art. 11: System architecture, data flows, model description, performance metrics, and risk assessment are documented and accessible. MIT License: full source code access.

Logging: Complete

Art. 12: Every agent action is logged — tool calls, LLM requests, token consumption, decision chains. Audit-proof trails with session IDs and timestamps.

Data Sovereignty: Complete

Art. 10: Training data and processing data never leave the SovereignNode. PII Vault automatically anonymizes external API calls. No cloud dependency.

Advantage of Local AI

Cloud AI services must comply with stricter requirements as "General Purpose AI" (GPAI). AIMOS uses a locally operated open-source model — the GPAI obligations apply to the model provider (Alibaba/Qwen), not the operator.

Standards Compliance

ISO & GoBD

ISO 9001 & 27001 · GoBD

Standards Compliance

ISO 9001 & 27001

AIMOS supports the requirements of both standards through built-in mechanisms.

ISO 9001 — Quality Management

  • Traceability: every decision in the audit log
  • Traceability: session IDs link all events
  • Documented processes: system prompts as SOPs
  • Corrective actions: dreaming cycle learns from errors

ISO 27001 — Informationssicherheit

  • Klassifizierung: Execution Rings definieren Zugriffsstufen
  • Zugriffskontrolle: Tool-Freischaltung pro Agent konfigurierbar
  • Event logging: all 6 event types captured
  • Physical security: data never leaves the SovereignNode

Bookkeeping

GoBD Compliance

The GoBD (Principles for the Proper Management and Storage of Books, Records, and Documents in Electronic Form) places special requirements on AI-assisted systems.

AIMOS solves this through strict architectural separation:

Separation: Draft vs. Finalisation

Agents prepare journal entries (draft). Finalization is performed exclusively by authorized staff in the target system (ETA V8, DATEV, etc.). No LLM has transaction rights.

Human-in-the-Loop

Ring 2 actions (write operations) require explicit authorisation. Accounting-relevant processes always require human approval — architecturally enforced, not by policy.

Finanz-Agent Creates booking draft DRAFT Journal entry (not finalized) HUMAN REVIEW Accountant reviews and approves FINALISATION Im Zielsystem (ETA, DATEV, etc.)

Privacy by Design

How AIMOS Implements This Technically

PII-Vault (Personally Identifiable Information — personal data protection) · Audit-Trail · Execution Rings · Token-Tracking

Data Sovereignty

Data Locality

All data stays on your SovereignNode. Not a single byte leaves your network — unless you explicitly allow it.

SovereignNode (Your Server) User Channels Agenten-Prozesse PostgreSQL + SQLite LLM (local runtime) PII-Vault Anonymisierung De-Anonymisierung Extern (optional) Cloud-LLM API Web-Search API anonymisiert Intern (sicher) Via PII-Vault (anonymisiert) External (anonymized data only)

Datenschutz-Engine

PII Vault

Automatic anonymisation of personal data before every external API call.

User "Max Müller hat" "3000 EUR bezahlt" Agent Processing PII-Vault Anonymisieren "[PER_1] has" "[AMT_1] bezahlt" Externe API Cloud-LLM PII-Vault De-Anonymisieren "Max Müller hat" "3000 EUR bezahlt" User Complete Response Mapping (session-gebunden) [PER_1] = "Max Müller" [AMT_1] = "3000 EUR"
Session

Mappings are bound to the session and are not persistently stored

Regex + NER

Detection via regex patterns and Named Entity Recognition

Audit

Every anonymisation is documented in the audit log

Protokollierung

Audit Trail

Every agent action is logged without gaps. The audit trail captures six event types:

SYSTEM_PROMPT Complete system prompt for traceability
REQUEST Eingehende User-Anfrage
RESPONSE Complete agent response
TOOL_START Tool call with parameters
TOOL_OK Tool result (success or error)
LLM_USAGE Token-Verbrauch, Modell, Latenz
// Beispiel: Audit log entry
{
  "id": 42847,
  "timestamp": "2026-03-22T14:32:17.445Z",
  "session_id": "ses_7f3a2b91",
  "agent": "logistik",
  "event_type": "TOOL_START",
  "tool": "sql_query",
  "ring": 1,
  "params": {
    "connector": "uyumsoft_db",
    "query": "SELECT item, qty FROM stock WHERE qty < 10"
  },
  "user_id": "tg_12345",
  "pii_anonymized": false
}
// Associated LLM_USAGE entry
{
  "event_type": "LLM_USAGE",
  "session_id": "ses_7f3a2b91",
  "model": "qwen3.5:27b",
  "prompt_tokens": 2847,
  "completion_tokens": 312,
  "total_tokens": 3159,
  "latency_ms": 4280,
  "cognitive_balance": 3
}

Access Control

Execution Rings — Trust Levels

Wie Execution Rings unautorisierte Aktionen verhindern.

Beispiel: Agent (Ring 1) versucht file_write (Ring 2) Logistik-Agent Ring 1 (Standard) file_write() Ring-Dispatcher Ring-Check: 1 < 2 BLOCKIERT "Tool file_write erfordert Ring 2" Audit log entry TOOL_BLOCKED | agent=logistik | tool=file_write | required=2 | actual=1

Resource Monitoring

Token-Tracking

Every LLM call is documented with exact token consumption, model name, and latency.

Prompt + Completion

Exact breakdown into prompt_tokens and completion_tokens per request.

Latenz-Messung

Every LLM request is captured with latency_ms, including model name and session context.

Cognitive Balance

Remaining LLM calls per session are tracked as cognitive_balance.

Nachweisbarkeit

Revisionssicherheit

Complete traceability of every AI-assisted decision.

Token-Tracking

Every LLM call is documented with exact token consumption (prompt + completion), model name, and latency.

Complete Trail

From the user request through tool calls to the response — every step is traceable with timestamp and session ID.

PII-Vault Traces

Session-gebundene Anonymisierungs-Mappings. Nachvollziehbar, which data was anonymized and de-anonymized when.

Source Code Access

MIT License: Auditors can review every line of code. No black box, no proprietary logic.

Verifiable through Audit-Logs · PII-Vault Traces · Session-IDs · Token-Tracking · Quellcode-Einsicht