Governance

Audit trail

Auditability is not a separate system in Qorpera. Because the wiki is the source of truth, every decision trail — detection, investigation, reasoning, action plan, step results, outcomes — lives on a single page. This makes audit straightforward and makes EU AI Act compliance a structural consequence of the architecture rather than a bolted-on feature.

What’s captured

For every situation:

Trigger. Which signal, from which source, at what timestamp.
Context assembly. Which wiki pages were loaded into the reasoning context, with citations.
Policy evaluation. Which rules applied, pre-reasoning and post-reasoning.
Reasoning. The four-stage trace — Understand, Investigate, Decide, Produce. Which tools were called. Which reflection invocations fired.
Action plan. The proposed steps with citations to supporting evidence.
Human disposition. Approved, edited, or rejected — with the operator’s identity and timestamp.
Execution results. For each step, the connector response, the outcome, and any errors.
Resolution. Final status, lessons extracted.

The full lifecycle is readable on one page. No stitching together log aggregators, database records, and stream archives — the situation page is the audit record.

EU AI Act Article 26

Deployer transparency obligations under Article 26 require keeping logs of each high-risk AI system’s operation for a minimum period. Qorpera’s wiki-first architecture means compliance documentation and operational state are the same thing — the situation page is already the log. Admin-tier operators with regulatory requirements can opt into full trace viewing.

The audit trail respects data subject rights. Right-to-erasure requests cascade across wiki pages and activity streams; data export produces the full operator-scoped wiki. Audit trails for terminated subjects are retained only as required for legal and regulatory defence.

Governance telemetry

Separate from the per-situation audit trail, aggregate telemetry powers the delegation dashboard: approval rate, consecutive approvals, rejection patterns, correction history per situation type. This is the data operators use to make delegation decisions — data about their own operation, not opinions about what Qorpera thinks they should do.

Previous← Policy engine NextSecurity & compliance →

What’s captured

For every situation:

Trigger. Which signal, from which source, at what timestamp.

Context assembly. Which wiki pages were loaded into the reasoning context, with citations.

Policy evaluation. Which rules applied, pre-reasoning and post-reasoning.

Reasoning. The four-stage trace — Understand, Investigate, Decide, Produce. Which tools were called. Which reflection invocations fired.

Action plan. The proposed steps with citations to supporting evidence.

Human disposition. Approved, edited, or rejected — with the operator’s identity and timestamp.

Execution results. For each step, the connector response, the outcome, and any errors.

Resolution. Final status, lessons extracted.

The full lifecycle is readable on one page. No stitching together log aggregators, database records, and stream archives — the situation page is the audit record.

EU AI Act Article 26

Governance telemetry

What’s captured

EU AI Act Article 26

GDPR

Governance telemetry

What’s captured

EU AI Act Article 26

GDPR

Governance telemetry