Regula — AI Governance Report

cv-screening-app (bundled example)
Generated: 2026-07-09 23:35 UTC
Regula v1.7.4
Important: This report contains pattern-based risk indications, not legal risk classifications. The EU AI Act (Article 6) requires contextual assessment of intended purpose and deployment context. Results should be reviewed by qualified personnel. This is not legal advice.
0
Prohibited Patterns
1
High-Risk Indicators
0
Limited-Risk
0
Credential Findings
1
AI Files Scanned

Executive Summary

High-risk indicators detected — compliance review needed

This codebase contains 1 indicator(s) of high-risk AI functionality (Article 6). If this system is deployed in the EU in a high-risk context (e.g. credit scoring, employment, healthcare), it will be subject to mandatory obligations including risk management, data governance, human oversight, and technical documentation. A compliance review is recommended before deployment.

Scanned 1 file(s) · 0 prohibited · 1 high-risk · 0 limited-risk · 0 credential finding(s) · Generated 2026-07-09 23:35 UTC

Priority Risk Indicators

Regulatory Framework Mappings

ArticleEU AI ActNIST AI RMFISO 42001UK ICO
Art. 9 Risk Management System GOVERN 1.1: Legal and regulatory requirements are identified, GOVERN 1.2: Trustworthy AI characteristics are integrated into organizational policies 6.1: Actions to address risks and opportunities, A.5.3: AI risk management DSIT Principle 1 — Safety, security and robustness: Risk management processes must identify and mitigate foreseeable harms before deployment; DSIT Principle 5 — Accountability and governance: Organisations must implement appropriate governance structures and assign clear accountability for AI risk
Art. 10 Data and Data Governance MAP 2.1: The specific tasks and methods for the AI system are defined, MAP 2.2: Information about the AI systems knowledge limits is documented A.6.6: Data for AI systems, A.7.4: Documentation of data ICO Data minimisation (Art. 5(1)(c) UK GDPR): Only personal data adequate, relevant and limited to what is necessary; ICO Storage limitation (Art. 5(1)(e) UK GDPR): Data not kept longer than necessary for training or evaluation
Art. 11 Technical Documentation MAP 1.1: Intended purposes, context of use, deployment are understood, MAP 1.2: Interdisciplinary AI actors, competencies, skills, and capacities for AI are documented A.6.4: AI system documentation, 7.5: Documented information DSIT Principle 5 — Accountability and governance: Document AI system design, data sources and intended purpose; ICO Accountability (Art. 5(2) UK GDPR): Maintain records of processing activities where AI processes personal data
Art. 12 Record-Keeping MEASURE 2.7: AI system evaluations are logged and documented, MEASURE 2.8: Measurement results are logged A.6.10: Logging and monitoring ICO Accountability (Art. 5(2) UK GDPR): Maintain records sufficient to demonstrate compliance with data protection principles; DSIT Principle 5 — Accountability and governance: Audit logs support post-incident review and regulatory enquiry
Art. 13 Transparency and Provision of Information to Deployers MAP 3.1: Approaches for mapping AI risks are established, MAP 3.2: AI system capabilities are documented A.6.8: Transparency and explainability DSIT Principle 2 — Appropriate transparency and explainability: Users should understand when AI is involved in decisions and how it works; ICO 'Explaining decisions made with AI': Meaningful information about AI-driven decisions must be provided to individuals
Art. 14 Human Oversight GOVERN 1.3: Processes for human oversight are defined, MAP 4.1: Approaches for mapping AI risks in deployment contexts are identified A.6.3: Human oversight of AI systems DSIT Principle 5 — Contestability and redress: Individuals should be able to challenge AI decisions; appropriate mechanisms must exist; ICO Art. 22 UK GDPR: Solely automated decisions with legal/significant effects require human review mechanism on request
Art. 15 Accuracy, Robustness and Cybersecurity MEASURE 1.1: Approaches for measurement of AI risks are documented, MEASURE 1.2: Appropriateness of AI metrics and effectiveness of measurement are evaluated A.6.9: Performance and monitoring, A.8.1: Cybersecurity for AI DSIT Principle 1 — Safety, security and robustness: AI systems must be technically secure and perform reliably across foreseeable contexts; ICO Accuracy (Art. 5(1)(d) UK GDPR): AI outputs used in decisions about individuals must be accurate; inaccurate outputs that lead to wrong decisions may breach UK GDPR

All Findings

FileRisk TierCategoryConfidenceDescriptionRemediation
app.py HIGH-RISK Annex III, Category 4 63 Employment and workers management Add human oversight before automated hiring/employment decisions
Articles 9-15 (current law: Aug 2026; Omnibus agreed: Dec 2027 for Annex III)