rotalabs-comply

Comprehensive AI compliance and audit logging infrastructure for regulatory adherence.

What is rotalabs-comply?

rotalabs-comply provides a complete toolkit for ensuring AI systems meet regulatory compliance requirements. It offers:

• Audit Logging -- Comprehensive logging of AI interactions with encryption, multiple storage backends (file, S3, memory), and configurable retention policies
• Compliance Frameworks -- Built-in support for EU AI Act, SOC2 Type II, and HIPAA with extensible framework architecture
• Privacy-First Design -- Hash-only mode for privacy-preserving audit trails, or encrypted content storage when full records are needed
• Report Generation -- Automated compliance reports with executive summaries, risk assessments, and remediation recommendations

Package Overview

rotalabs_comply/
├── core/              # Core types, configuration, and exceptions
│   ├── types          # RiskLevel, Framework, AuditEntry, ComplianceProfile
│   ├── config         # AuditConfig, StorageConfig
│   └── exceptions     # ComplianceError hierarchy
├── audit/             # Audit logging infrastructure
│   ├── logger         # AuditLogger main interface
│   ├── encryption     # EncryptionManager, Fernet encryption
│   └── storage        # FileStorage, MemoryStorage, S3Storage
├── frameworks/        # Compliance framework implementations
│   ├── base           # BaseFramework, ComplianceRule, ComplianceFramework
│   ├── eu_ai_act      # EU AI Act (2024) compliance checks
│   ├── soc2           # SOC2 Type II Trust Service Criteria
│   └── hipaa          # HIPAA Security and Privacy Rules
├── reports/           # Report generation
│   ├── generator      # ReportGenerator, ComplianceReport
│   └── templates      # ReportTemplate, ReportSection, section generators
└── utils/             # Utility functions
    └── helpers        # Period formatting, statistics, JSON serialization

Supported Compliance Frameworks

Framework	Description	Categories
EU AI Act	European Union AI regulation (2024)	Transparency, oversight, risk management, documentation, security
SOC2 Type II	AICPA Trust Service Criteria	Security, availability, processing integrity, confidentiality, privacy
HIPAA	Health data protection (US)	Access control, audit, integrity, authentication, transmission, privacy

Key Features

Privacy Modes

Choose the right privacy level for your compliance requirements:

• Hash-Only Mode (default): Store SHA-256 hashes of inputs/outputs for verification without exposing content
• Encrypted Mode: Store encrypted content when you need full audit trails with data protection
• Plaintext Mode: Store content as-is for internal development environments

Storage Backends

Flexible storage options for different deployment scenarios:

• FileStorage: Local JSONL files with automatic rotation
• S3Storage: AWS S3 for cloud-native deployments with lifecycle management
• MemoryStorage: In-memory storage for testing and development

Report Formats

Generate compliance reports in multiple formats:

• Markdown: Human-readable documentation
• JSON: Machine-readable for integration
• HTML: Standalone reports for stakeholders

Quick Links

• Getting Started - Installation and first steps
• Core Concepts - Understanding compliance infrastructure
• API Reference - Detailed API documentation
• Tutorials - Step-by-step guides

Use Cases

Enterprise AI Governance

Track all AI interactions across your organization with centralized audit logging, ensuring consistent compliance with internal policies and external regulations.

Healthcare AI Applications

Meet HIPAA requirements for AI systems processing Protected Health Information (PHI) with encryption, access controls, and comprehensive audit trails.

EU AI Act Compliance

Prepare for EU AI Act requirements with built-in checks for transparency, human oversight, risk management, and technical documentation.

SOC2 Audits

Demonstrate operational effectiveness of security controls for AI systems with audit logs and compliance reports suitable for SOC2 Type II audits.