Vauban / Trust Center

Compliance — Vauban Trust Center

Audience: regulators + auditors + investors + DPO

Last updated:

Compliance Matrix

Vauban targets multi-régulation compliance avec timing window asymmétrique pour positioning institutional. Phase 0 done_when targets Q4 2026 = juste APRÈS EU AI Act + Colorado AI Act enforcement.

Compliance Matrix

RégulationEnforcement DateStatus VaubanCoverageEvidence
EU AI Act (Article 12 audit trail)August 2026🟡 Phase 0 in progressBrain decision chains anchored L3 sprint-483 patterneu-ai-act-readiness
Colorado AI ActJune 2026🟡 Phase 0 in progressSame audit trailcolorado-ai-act-readiness
GDPRActive since 2018🟡 Phase 0 — DPIA per produit Phase 1+DPO contact + sub-processors documentedsub-processors + DPIA roadmap
eIDAS (EU digital identity)Phase 1+🟡 Glacis Identity Phase 1+ targetPost-quantum signatures + Glacis sub-charter Phase 1+TBD Phase 1+
DORA (Digital Operational Resilience Act)Active 2026🟡 Vauban Finance applicableDR runbooks sprint-487 sealed + multi-region failover Phase 1+DR runbooks
NIS2 (Network and Information Security 2)Active 2026🟡 Vauban Auth + Vauban Finance applicableIncident response SLA + audit trail.claude/rules/core/incident-response.md
CSPN Visa (ANSSI)Phase 0 done_when target Q4 2026🟡 Dossier in preparationPair 2 standards engagement + Rempart audit firm partnershipdocs/standards/ (Pair 2 deep RETAINED)
SOC2 Type IIPhase 2+ post-CSPN visa⏳ Planned Phase 2+Audit firm selection Phase 1+TBD Phase 2+
ISO 27001Phase 2+⏳ Planned Phase 2+Audit firm selection Phase 1+TBD Phase 2+
AFNOR commission identité numérique 2026Active 2026🟡 Standards engagement (per ADR-ECO-011)Mirror committee participationdocs/standards/
Annexe Arcom (audiovisual)TBD per produit applicable⏳ TBDPer Pair 4 legal RETAINEDdocs/legal/

Légende : 🟢 Compliant + audited · 🟡 In progress · ⏳ Planned · ❌ Gap

EU AI Act — Article-by-Article Coverage

Article 9 Risk Management

  • Status : 🟡 Active
  • Evidence : governance/threat-model/per-product-surface.md (10 F-THREAT × 14 produits scoring) + docs/threat-model/* Pair 5 deep
  • Risk register : governance/risks/ecosystem-risk-register.md

Article 10 Data Governance

  • Status : 🟡 Active
  • Evidence : .claude/rules/core/security-boundaries.md (no PII unencrypted, validate boundaries) + ZK Privacy patterns

Article 11 Technical Documentation

  • Status : 🟢 Active
  • Evidence : governance/architecture/00-vision-framework-canonical.md + docs/architecture/ Pair 1 deep + 14 charters

Article 12 Audit Trail (Record Keeping)

  • Status : 🟢 Active
  • Evidence : Brain Protocol decision chains (986+ entries) anchored L3 Cairo MerkleAnchor mainnet (sprint-483 universal proof-layer pattern sealed 2026-04-23)

Article 13 Transparency

  • Status : 🟢 Active
  • Evidence : This Trust Center (10 pages structurées self-hosted Astro static site) + 14 charters public + 13 ADR-ECO public

Article 14 Human Oversight

  • Status : 🟢 Active
  • Evidence : governance/council/charter.md (founder-solo Phase 0 → 3-person quorum Phase 1+) + .claude/rules/ai/tiered-gates.md (T1-T4 capability tiers, T4 require founder approval + L3 anchor)

Article 15 Accuracy, Robustness, Cybersecurity

  • Status : 🟢 Active
  • Evidence : .claude/rules/core/craft-standards.md (Robust + Reusable + Resilient + Anti-fragile + Quality) + .claude/rules/security/mcp-tool-hardening.md + axiom Robuste enforcement

GDPR Coverage

Data Subject Rights

  • Right to access : DPO contact dpo@vauban.tech
  • Right to erasure : implementing per produit (Phase 1+)
  • Right to portability : Brain export + audit reports portable Markdown

Data Processing

  • Sub-processors : sub-processors
  • Data flows : per produit DPIA Phase 1+
  • Retention policies : per produit Phase 1+

Cross-references

  • EU AI Act details : governance/compliance/eu-ai-act-readiness.md
  • Colorado AI Act details : governance/compliance/colorado-ai-act-readiness.md
  • Per-product roadmap : governance/compliance/per-product-roadmap.md
  • Threat model : governance/threat-model/per-product-surface.md
  • Council process : governance/council/charter.md
  • Tiered gates : .claude/rules/ai/tiered-gates.md
  • Audit reports : audit-reports.md
  • Sub-processors : sub-processors.md