Compliance
How many compliance checks does Areev include?
Areev includes 88 baseline compliance verification checks (up to 92 with distributed + auth features) spanning 7 regulatory frameworks. This context database verifies encryption, erasure, audit trail integrity, policy enforcement, and regulation-specific requirements for AI memory in a single pass.
The 88 checks break down into 39 core checks (10 encryption, 6 erasure, 7 blind index, 6 audit, 6 policy, 4 authorization), 36 regulation-specific checks (8 HIPAA, 16 EU AI Act, 6 SOC 2, 6 CCPA/LGPD/PIPL), 4 tiered storage checks, 2 agent identity checks, 6 policy lifecycle checks, and 1 GDPR Art. 30 record-of-processing check. POST /api/memories/{id}/verify/run executes all applicable checks and reports the pass rate, warnings, and skipped items. Areev treats compliance as a first-class operational concern rather than an afterthought.
The catalog totals above (88 baseline, up to 92) are the universe of available checks. The total returned by POST /verify/run reflects only the checks actually evaluated for your build profile and active policy preset — Free-tier memories lock regulation-specific checks that aren’t part of the active plan, and distributed / auth checks only execute when those features are compiled in. A live run reporting total_checks: 67, passed: 59, warned: 3, skipped: 5 on a Free-tier memory is expected, not a regression — the missing 22 are Locked for tier-gating reasons. Upgrading the memory’s policy preset (or moving to a paid plan) unlocks them.
import requests
# Run all compliance checks via API
resp = requests.post("https://acme.areev.ai/api/memories/default/verify/run")
result = resp.json()
# result["total_checks"], result["passed"], result["pass_rate"]POST /api/memories/default/verify/run HTTP/1.1
Host: acme.areev.ai
Authorization: Bearer ar_...How do compliance checks map to regulatory frameworks?
Each check maps to one or more regulatory articles. The primary mapping is stored per check, and multi-regulation checks (such as encryption, which spans GDPR Art. 32 and HIPAA 164.312) reference the primary regulation with cross-references available via the check_regulations() API.
Compliance reports also include mappings to NIST AI RMF (6 controls) and ISO 42001 Annex A (6 controls) for organizations using those frameworks. This AI agent memory system maps every check to its source regulation article, so audit teams can trace each verification result back to the specific legal requirement it satisfies.
| Group | Primary Regulation | Articles |
|---|---|---|
| Encryption | GDPR | Art. 32 (security of processing) |
| Erasure | GDPR | Art. 17 (right to erasure) |
| Blind Index | GDPR | Art. 25 (data protection by design) |
| Audit | GDPR | Art. 30 (records of processing) |
| HIPAA | HIPAA | §164.308, §164.312, §164.400-414, §164.514 |
| EU AI Act | EU AI Act | Art. 5, 9, 10, 11, 12, 13, 14, 19, 50, 52 |
| SOC 2 | SOC 2 | CC6, CC7, CC8 |
How does real-time compliance monitoring work?
The ComplianceMonitor attaches to the Areev engine as an EventHook and checks compliance rules on every add, forget, and supersede operation. It uses lock-free atomic counters for sub-millisecond overhead, so this context database monitors compliance continuously without affecting query latency.
The monitor detects excessive forget rates (indicating a possible data destruction attack), unencrypted writes when encryption policy is active, deep supersession chains exceeding a configurable threshold, and policy violations during write operations. Each violation carries a severity level (Info, Warning, Critical) and a remediation action (Alert, LogElevated, RateLimit, Block). Recent violations are stored in a bounded ring buffer (1,000 entries max) and accessible via the /api/memories/default/compliance/violations endpoint.
# Check recent compliance violations
resp = requests.get("https://acme.areev.ai/api/memories/default/compliance/violations", params={"limit": 10})
violations = resp.json()How do I generate a compliance report?
Areev generates structured compliance reports that include verification results, encryption posture, policy configuration, audit trail status, and framework mappings. Reports are available as JSON or human-readable text, and include the OMS conformance level (L3), Areev version, and generation timestamp.
Each report covers the AI memory database’s current state: algorithm details (AES-256-GCM, HKDF-SHA256), active policies, PII detection status, audit chain verification, entry count, and mappings to NIST AI RMF and ISO 42001. Data protection officers and SOC 2 auditors can use these reports as evidence artifacts without needing direct database access.
# Generate a compliance report
resp = requests.get("https://acme.areev.ai/api/memories/default/compliance/export")
report = resp.json()GET /api/memories/default/compliance/export HTTP/1.1
Host: acme.areev.ai
Authorization: Bearer ar_...Related
- Policy: Configuring governance policy presets
- GDPR: GDPR-specific compliance details
- Audit Trail: Hash-chained audit log
- Encryption: Encryption posture details