Merge pull request #3 from billmarinocam/dev

app.py

@@ -0,0 +1,34 @@
+import gradio as gr
+import yaml
+from pathlib import Path
+from compliance_analysis import run_compliance_analysis_on_project, run_compliance_analysis_on_data, run_compliance_analysis_on_model
+
+def process_files(files):
+    results = []
+    for file in files:
+        with open(file.name, 'r') as f:
+            content = f.read()
+        if Path(file.name).name == "project_cc.yaml":
+            project_cc_yaml = yaml.safe_load(content)
+            msg = run_compliance_analysis_on_project(project_cc_yaml)
+            results.append(msg)            
+        # if Path(file.name).name == "data_cc.yaml":
+        #     data_cc_yaml = yaml.safe_load(content)
+        #     msg = run_compliance_analysis_on_data(data_cc_yaml)
+        #     results.append(msg)        
+        # if Path(file.name).name == "model_cc.yaml":
+        #     model_cc_yaml = yaml.safe_load(content)
+        #     msg = run_compliance_analysis_on_model(model_cc_yaml)
+        #     results.append(msg)
+            
+    return results
+
+# Gradio interface
+with gr.Blocks() as demo:
+    file_input = gr.File(label="Upload Files", file_count="multiple")
+    output = gr.Textbox(label="Output", lines=10)
+    
+    submit_button = gr.Button("Process Files")
+    submit_button.click(process_files, inputs=file_input, outputs=output)
+
+demo.launch()

compliance_analysis.py

@@ -1,330 +1,182 @@
-import os
 import yaml
-from enum import Enum
+from utils import set_type, set_operator_role_and_location, set_eu_market_status, check_within_scope
 
 # Create some variables we will use throughout our analysis
 
-# Type of AI project (AI system vs GPAI model)
-ai_system = False
-gpai_model = False
-high_risk_ai_system = False
-gpai_model_systematic_risk == False
-
-# Role and location of AI project operator
-provider = False
-deployer = False
-importer = False
-distributor = False
-product_manufacturer = False
-eu_located = False 
-
-#EU market status
-placed_on_market = False
-put_into_service = False 
-output_used = False
-
-#Define a function that creates a list of all the files in a provided folder. We will use this list for different things.
-def create_list_of_files(folder_path):
-    for root, dirs, files in os.walk(folder_path):
-        for filename in files:
-            found_files.append(os.path.join(root, filename))
-
-#Define a function that checks for a Project CC. Without this, there simply cannot be an analysis.
-def check_for_project_cc(folder_path):
-    found_files = []
-
-    # Walk through the directory
-    for root, dirs, files in os.walk(folder_path):
-        for filename in files:
-            if filename.lower() == 'project_cc.yaml':
-                found_files.append(os.path.join(root, filename))
-
-    # Check the results
-    if len(found_files) == 0:
-        print(f"We did not find a Project CC in your folder. We cannot run a compliance analysis without a Project CC.")
-        sys.exit()
-    elif len(found_files) == 1:
-        print(f"We found exactly one Project CC in your folder. Great job!:")
-        print(f"  - {found_files[0]}")
-        run_compliance_analysis(folder_path)
-    else:
-        print(f"Multiple Project CCs found:")
-        for file_path in found_files:
-            print(f"  - {file_path}")
-        print("We found multiple Project CCs in your folder. There should only be one Project CC per project.")
-
-def run_compliance_analysis(folder_path):
-
-    # Load the Project CC YAML file from the supplied folder. This will be our starting point. 
-    with open(folder_path + 'project_cc.yaml', 'r') as file:
-        project_cc_yaml = yaml.safe_load(file)
+project_variables = {
+    "ai_project_type": {
+        "ai_system": False,
+        "gpai_model": False,
+        "high_risk_ai_system": False,
+        "gpai_model_systematic_risk": False
+    },
+    "operator_role": {
+        "provider": False,
+        "deployer": False,
+        "importer": False,
+        "distributor": False,
+        "product_manufacturer": False,
+        "eu_located": False
+    },
+    "eu_market_status": {
+        "placed_on_market": False,
+        "put_into_service": False,
+        "output_used": False
+    }
+}
+
+def run_compliance_analysis_on_project(project_cc_yaml):
 
     # Determine project type (AI system vs. GPAI model) as well as operator type. We will use these for different things.
-    set_type(project_cc_yaml)
-    set_operator_role_and_location(projec_cc_yaml)
-    set_eu_market_status(project_cc_yaml)
+    project_type = set_type(project_variables, project_cc_yaml)
+    set_operator_role_and_location(project_variables, project_cc_yaml)
+    set_eu_market_status(project_variables, project_cc_yaml)
 
     # Check if the project is within scope of the Act. If it's not, the analysis is over.
     if check_within_scope(project_cc_yaml):
-        print("Project is within the scope of Act. Let's continue...") 
+        msg = ("Project is within the scope of Act. Let's continue...") 
     else: 
-        sys.exit("Project is not within the scope of what is regulated by the Act.")
+        msg = ("Project is not within the scope of what is regulated by the Act.")
 
-    # Check for prohibited practices. If any exist, the analysis is over.
-    if check_prohibited(project_cc_yaml) == True: 
-        print("Project contains prohibited practices and is therefore non-compliant.")
-        sys.exit("Project is non-compliant due to a prohibited practice.")
-    else: 
-        print("Project does not contain prohibited practies. Let's continue...")
+    # # Check for prohibited practices. If any exist, the analysis is over.
+    # if check_prohibited(project_cc_yaml) == True: 
+    #     print("Project contains prohibited practices and is therefore non-compliant.")
+    #     msg = ("Project is non-compliant due to a prohibited practice.")
+    # else: 
+    #     print("Project does not contain prohibited practies. Let's continue...")
 
     # If project is high-risk AI system, check that is has met all the requirements for such systems: 
 
-    if high_risk_ai_system:
+    if project_type == "high_risk_ai_system":
 
     # Do this by examining the Project CC
 
         for key, value in project_cc_yaml['risk_management_system']:
             if not value:
-                sys.exit("Because of project-level characteristics, this high-risk AI system fails the risk management requirements under Article 9.")
+                msg = ("Because of project-level characteristics, this high-risk AI system fails the risk management requirements under Article 9.")
         for key, value in project_cc_yaml['technical_documentation']:
             if not value:
-                sys.exit("Because of project-level characteristics, this high-risk AI system fails the risk management requirements under Article 11.")            
+                msg = ("Because of project-level characteristics, this high-risk AI system fails the risk management requirements under Article 11.")            
         for key, value in project_cc_yaml['record_keeping']:
             if not value:
-                sys.exit("Because of project-level characteristics, this high-risk AI system fails the risk management requirements under Article 12.")     
+                msg = ("Because of project-level characteristics, this high-risk AI system fails the risk management requirements under Article 12.")     
         for key, value in project_cc_yaml['transparency_and_provision_of_information_to_deployers']:
             if not value:
-                sys.exit("Because of project-level characteristics, this high-risk AI system fails the transparency requirements under Article 13.")  
+                msg = ("Because of project-level characteristics, this high-risk AI system fails the transparency requirements under Article 13.")  
         for key, value in project_cc_yaml['human_oversight']:
             if not value:
-                sys.exit("Because of project-level characteristics, this high-risk AI system fails the human oversight requirements under Article 14.")  
+                msg = ("Because of project-level characteristics, this high-risk AI system fails the human oversight requirements under Article 14.")  
         for key, value in project_cc_yaml['accuracy_robustness_cybersecurity']:
             if not value:
-                sys.exit("Because of project-level characteristics, this high-risk AI system fails the accuracy, robustness, and cybersecurity requirements under Article 15.")  
+                msg = ("Because of project-level characteristics, this high-risk AI system fails the accuracy, robustness, and cybersecurity requirements under Article 15.")  
         for key, value in project_cc_yaml['quality_management_system']:
             if not value:
-                sys.exit("Because of project-level characteristics, this high-risk AI system fails the accuracy, robustness, and cybersecurity requirements under Article 17.") 
-
-    # Do this by examining any and all Data CCs too
-
-        for filename in os.listdir(folder_path):
-            # Check if the search word is in the filename
-            if "data_cc.md" in filename.lower():
-
-                # If it is, load the yaml
-
-                with open(folder_path + filename, 'r') as file:
-                    data_cc_yaml = yaml.safe_load(file)
-
-                for key, value in data_cc_yaml['data_and_data_governance']:
-                    if not value:
-                        sys.exit(f"Because of the dataset represented by {filename}, this high-risk AI system fails the data and data governance requirements under Article 10.")
-                for key, value in data_cc_yaml['technical_documentation']:
-                    if not value:
-                        sys.exit(f"Because of the dataset represented by {filename}, this high-risk AI system fails the technical documentation requirements under Article 11.")
-                for key, value in data_cc_yaml['transparency_and_provision_of_information_to_deployers']:
-                    if not value:
-                        sys.exit(f"Because of the dataset represented by {filename}, this high-risk  AI system fails the transparency requirements under Article 13.")
-                for key, value in data_cc_yaml['quality_management_system']:
-                    if not value:
-                        sys.exit(f"Because of the dataset represented by {filename}, this high-risk  AI system fails the quality management requirements under Article 17.")
-
-    # Do this by examining any and all Model CCs too
-
-        for filename in os.listdir(folder_path):
-            # Check if the search word is in the filename
-            if "model_cc.md" in filename.lower():
-
-                # If it is, load the yaml
-
-                with open(folder_path + filename, 'r') as file:
-                    model_cc_yaml = yaml.safe_load(file)
-
-                for key, value in model_cc_yaml['risk_management_system']:
-                    if not value:
-                        sys.exit(f"Because of the model represented by {filename}, this high-risk AI system fails the risk management requirements under Article 9.")
-                for key, value in data_cc_yaml['technical_documentation']:
-                    if not value:
-                        sys.exit(f"Because of the model represented by {filename}, this high-risk AI system fails the technical documentation requirements under Article 11.")
-                for key, value in data_cc_yaml['transparency_and_provision_of_information_to_deployers']:
-                    if not value:
-                        sys.exit(f"Because of the model represented by {filename}, this high-risk  AI system fails the transparency requirements under Article 13.")
-                for key, value in data_cc_yaml['accuracy_robustness_cybersecurity']:
-                    if not value:
-                        sys.exit(f"Because of the model represented by {filename}, this high-risk  AI system fails the quality management requirements under Article 15.")
-                for key, value in data_cc_yaml['quality_management_system']:
-                    if not value:
-                        sys.exit(f"Because of the model represented by {filename}, this high-risk  AI system fails the quality management requirements under Article 17.")
-
-    # If the project is a GPAI model, check that is has met all the requirements for such systems: 
-
-    if gpai_model:
+                msg = ("Because of project-level characteristics, this high-risk AI system fails the accuracy, robustness, and cybersecurity requirements under Article 17.") 
 
-    # Do this by examining the Project CC
+    return msg
 
-        for key, value in project_cc_yaml['gpai_model_provider_obligations']:
-            if not value:
-                sys.exit("GPAI model fails the transparency requirements under Article 53.")
+def run_compliance_analysis_on_data(data_cc_yaml):
+    
+    for key, value in data_cc_yaml['data_and_data_governance']:
+        if not value:
+            msg = (f"Because of the dataset represented by , this high-risk AI system fails the data and data governance requirements under Article 10.")
+    for key, value in data_cc_yaml['technical_documentation']:
+        if not value:
+            msg = (f"Because of the dataset represented by , this high-risk AI system fails the technical documentation requirements under Article 11.")
+    for key, value in data_cc_yaml['transparency_and_provision_of_information_to_deployers']:
+        if not value:
+            msg = (f"Because of the dataset represented by , this high-risk  AI system fails the transparency requirements under Article 13.")
+    for key, value in data_cc_yaml['quality_management_system']:
+        if not value:
+            msg = (f"Because of the dataset represented by , this high-risk  AI system fails the quality management requirements under Article 17.")
+
+    return msg
+    
+def run_compliance_analysis_on_model(model_cc_yaml):
+    
+    for key, value in model_cc_yaml['risk_management_system']:
+        if not value:
+            msg = (f"Because of the model represented by , this high-risk AI system fails the risk management requirements under Article 9.")
+    for key, value in data_cc_yaml['technical_documentation']:
+        if not value:
+            msg = (f"Because of the model represented by , this high-risk AI system fails the technical documentation requirements under Article 11.")
+    for key, value in data_cc_yaml['transparency_and_provision_of_information_to_deployers']:
+        if not value:
+            msg = (f"Because of the model represented by , this high-risk  AI system fails the transparency requirements under Article 13.")
+    for key, value in data_cc_yaml['accuracy_robustness_cybersecurity']:
+        if not value:
+            msg = (f"Because of the model represented by , this high-risk  AI system fails the quality management requirements under Article 15.")
+    for key, value in data_cc_yaml['quality_management_system']:
+        if not value:
+            msg = (f"Because of the model represented by , this high-risk  AI system fails the quality management requirements under Article 17.")
+   
+    return msg
+
+
+    # # If the project is a GPAI model, check that is has met all the requirements for such systems: 
+
+    # if gpai_model:
 
-    # Do this by examining any and all Data CCs too
+    # # Do this by examining the Project CC
 
-        for filename in os.listdir(folder_path):
-            # Check if the search word is in the filename
-            if "data_cc.md" in filename.lower():
+    #     for key, value in project_cc_yaml['gpai_model_provider_obligations']:
+    #         if not value:
+    #             msg = ("GPAI model fails the transparency requirements under Article 53.")
 
-                # If it is, load the yaml
+    # # Do this by examining any and all Data CCs too
 
-                with open(folder_path + filename, 'r') as file:
-                    data_cc_yaml = yaml.safe_load(file)
+    #     for filename in os.listdir(folder_path):
+    #         # Check if the search word is in the filename
+    #         if "data_cc.md" in filename.lower():
 
-                for key, value in data_cc_yaml['gpai_requirements']['gpai_requirements']:
-                    if not value:
-                        sys.exit(f"Because of the dataset represented by {filename}, this GPAI fails the transparency requirements under Article 53.")
+    #             # If it is, load the yaml
 
-    # Do this by examining any and all Model CCs too
+    #             with open(folder_path + filename, 'r') as file:
+    #                 data_cc_yaml = yaml.safe_load(file)
+
+    #             for key, value in data_cc_yaml['gpai_requirements']['gpai_requirements']:
+    #                 if not value:
+    #                     msg = (f"Because of the dataset represented by {filename}, this GPAI fails the transparency requirements under Article 53.")
+
+    # # Do this by examining any and all Model CCs too
     
-        for filename in os.listdir(folder_path):
-            # Check if the search word is in the filename
-            if "model_cc.md" in filename.lower():
+    #     for filename in os.listdir(folder_path):
+    #         # Check if the search word is in the filename
+    #         if "model_cc.md" in filename.lower():
 
-                # If it is, load the yaml
+    #             # If it is, load the yaml
 
-                with open(folder_path + filename, 'r') as file:
-                    model_cc_yaml = yaml.safe_load(file)
+    #             with open(folder_path + filename, 'r') as file:
+    #                 model_cc_yaml = yaml.safe_load(file)
 
-                for key, value in model_cc_yaml['obligations_for_providers_of_gpai_models']:
-                    if not value:
-                        sys.exit(f"Because of the model represented by {filename}, this GPAI fails the transparency requirements under Article 53.")
+    #             for key, value in model_cc_yaml['obligations_for_providers_of_gpai_models']:
+    #                 if not value:
+    #                     msg = (f"Because of the model represented by {filename}, this GPAI fails the transparency requirements under Article 53.")
 
-    # If the project is a GPAI model with systematic risk, check that is has additionally met all the requirements for such systems: 
+    # # If the project is a GPAI model with systematic risk, check that is has additionally met all the requirements for such systems: 
 
-    if gpai_model_systematic_risk:
+    # if gpai_model_systematic_risk:
 
-    # Do this by examining the Project CC
+    # # Do this by examining the Project CC
 
-        for key, value in project_cc_yaml['gpai_obligations_for_systemic_risk_models']:
-            if not value:
-                sys.exit("GPAI model with systematic risk fails the transparency requirements under Article 55.")
-
-    # Do this by examining any and all Model CCs too
-
-       for filename in os.listdir(folder_path):
-            # Check if the search word is in the filename
-            if "model_cc.md" in filename.lower():
-
-                # If it is, load the yaml
-
-                with open(folder_path + filename, 'r') as file:
-                    model_cc_yaml = yaml.safe_load(file)
-
-                for key, value in model_cc_yaml['obligations_for_providers_of_gpai_models_with_systemic_risk']:
-                    if not value:
-                        sys.exit(f"Because of the model represented by {filename}, this GPAI model with systematic risk fails the transparency requirements under Article 55.")
-
-def set_type(project_cc_yaml):
-    if project_cc_yaml['ai_system']['ai_system']['value']:
-        ai_system = True
-    if project_cc_yaml['gpai_model']['ai_system']['value']:
-        gpai_model = True
-    if ai_system and gpai_model:
-        sys.exit("Your project cannot be both an AI system and a GPAI model. Please revise your Project CC accordingly.")
-    if ai_system == True:
-        for key, value in project_cc_yaml['high_risk_ai_system']:
-            if value and sum(map(bool, [project_cc_yaml['high_risk_ai_system']['filter_exception_rights'],project_cc_yaml['high_risk_ai_system']['filter_exception_narrow'],project_cc_yaml['high_risk_ai_system']['filter_exception_human'],project_cc_yaml['high_risk_ai_system']['filter_exception_deviation'], project_cc_yaml['high_risk_ai_system']['filter_exception_prep']])) < 1:
-                high_risk_ai_system == True
-    if gpai_model == True:
-        if project_cc_yaml['gpai_model_systematic_risk']['evaluation'] or project_cc_yaml['gpai_model_systematic_risk']['flops']:
-            gpai_model_systematic_risk == True
-
-def set_operator_role_and_location(project_cc):
-    if project_cc_yaml['operator_role']['eu_located']['value']:
-        eu_located = True
-    if project_cc_yaml['operator_role']['provider']['value']:
-        provider = True
-    if project_cc_yaml['operator_role']['deployer']['value']:
-        deployer = True
-    if project_cc_yaml['operator_role']['importer']['value']:
-        importer = True
-    if project_cc_yaml['operator_role']['distributor']['value']:
-        distributor = True
-    if project_cc_yaml['operator_role']['product_manufacturer']['value']:
-        product_manufacturer = True
-    if ai_system and gpai_model:
-        sys.exit("Your project cannot be both an AI system and a GPAI model. Please revise your Project CC accordingly.")
-    if sum(map(bool, [provider,deployer,importer,distributor, product_manufacturer])) != 1:
-        sys.exit("Please specify exactly one operator role.")
-
-def set_eu_market_status(project_cc):
-    if project_cc_yaml['eu_market']['placed_on_market']['value']:
-        placed_on_market = True
-    if project_cc_yaml['eu_market']['put_into_service']['value']: 
-        put_into_service = True
-    if project_cc_yaml['operator_role']['output_used']['value']:
-        output_used == True
-
-def check_within_scope(project_cc):
-    if not check_excepted(project_cc):
-        if provider and ((ai_system and (placed_on_market or put_into_service)) or (gpai_model and placed_on_market)):   # Article 2.1(a)
-            return True
-        if deployer and eu_located: # Article 2.1(b)
-            return True
-        if (provider or deployer) and (ai_system and eu_located and output_used): # Article 2.1(c)
-            return True
-        if (importer or distributor) and ai_system: # Article 2.1(d)
-            return True
-        if product_manufacturer and ai_system and (placed_on_market or put_into_service): # Article 2.1(e)
-            return True
-    else   
-        return False
-
-def check_excepted(project_cc):
-    if project_cc_yaml['excepted']['scientific'] or project_cc_yaml['excepted']['pre_market'] or (ai_system and project_cc_yaml['excepted']['open_source_ai_system']) or (gpai_model and project_cc_yaml['excepted']['open_source_gpai_system']):
-        return True
-    else:
-        return False 
-
-def check_prohibited (project_cc):
-    if ai_system:
-        for key in project_cc_yaml['prohibited_practice']['ai_system']:
-            if key[value]: 
-                print("You are engaged in a prohibited practice and thus the project is non-compliant.")
-                return True
-    if project_cc_yaml['prohibited_practice']['biometric']['categorization']:
-        print("You are engaged in a prohibited practice and thus the project is non-compliant.")
-        return True
-    if project_cc_yaml['prohibited_practice']['biometric']['real_time'] and sum(map(bool, [project_cc['prohibited_practice']['biometric']['real_time_exception_victim'],project_cc['prohibited_practice']['biometric']['real_time_exception_threat'], project_cc['prohibited_practice']['biometric']['real_time_exception_investigation']])) == 0:
-        print("You are engaged in a prohibited practice and thus the project is non-compliant.")
-        return True
-    else: 
-        print("You are not engaged in any prohibited practices.")
-        return False
+    #     for key, value in project_cc_yaml['gpai_obligations_for_systemic_risk_models']:
+    #         if not value:
+    #             msg = ("GPAI model with systematic risk fails the transparency requirements under Article 55.")
 
+    # # Do this by examining any and all Model CCs too
 
+    #     for filename in os.listdir(folder_path):
+    #         # Check if the search word is in the filename
+    #         if "model_cc.md" in filename.lower():
+
+    #             # If it is, load the yaml
+
+    #             with open(folder_path + filename, 'r') as file:
+    #                 model_cc_yaml = yaml.safe_load(file)
+
+    #             for key, value in model_cc_yaml['obligations_for_providers_of_gpai_models_with_systemic_risk']:
+    #                 if not value:
+    #                     msg = (f"Because of the model represented by {filename}, this GPAI model with systematic risk fails the transparency requirements under Article 55.")
 
 
 
-def check_all_true(file_path):
-        # Load the YAML file
-    with open(project_cc, 'r') as file:
-        data = yaml.safe_load(file)
-    
-    # Iterate through top-level keys
-    for top_key, top_value in data.items():
-        if isinstance(top_value, dict):
-            # Iterate through second-level keys
-            for second_key, second_value in top_value.items():
-                if not second_value:
-                    print("You are non-compliant with the Act")
-                    break
-            else:
-                print("No problems here")
-
-def main():
-    # Prompt the user to enter a filename
-    file_path = input("Please enter a file path to the folder containing all your AI project's Compliance Cards: ")
-
-    # Call the function with the entered filename
-    check_for_project_cc(file_path)
-
-if __name__ == "__main__":
-    main()

data_cc.yaml

@@ -68,13 +68,13 @@ data_and_data_governance:
   personal_data_deletion: # Art. 10(5)(e)
     verbose: 'Where special categories of personal data have been used to ensure the detection and correction of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations, the special categories of personal data were deleted once the bias was corrected or the personal data reached the end of its retention period (whichever came first)'
     value: !!bool false
-  personal_data_necessary: # Art. 10(5)(f)
+  personal_data_necessary_105f: # Art. 10(5)(f)
     verbose: 'Where special categories of personal data have been used to ensure the detection and correction of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations, the records of processing activities pursuant to Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive (EU) 2016/680 include the reasons why the processing of special categories of personal data was strictly necessary to detect and correct biases, and why that objective could not be achieved by processing other data'
     value: !!bool false
 
 technical_documentation:
   general_description: # Art. 11; Annex IV(2)(d)
-    verbose: 'Dataset carries technical documention, such as a dataseet, including a general description of the dataset." 
+    verbose: 'Dataset carries technical documention, such as a dataseet, including a general description of the dataset.'
     value: !!bool false
   provenance: # Art. 11; Annex IV(2)(d)
     verbose: 'Dataset carries technical documention, such as a dataseet, including information about its provenance' 

model_cc.yaml

@@ -13,7 +13,7 @@ risk_management_system:
     value: !!bool false
   testing_compliance: # Art. 9(6)
     verbose: 'Testing to ensure model complies with Act'
-   value: !!bool false
+    value: !!bool false
   testing_benchmark: # Art. 9(8)
     verbose: 'Testing against prior defined metrics appropriate to intended purpose'
     value: !!bool false
@@ -87,7 +87,7 @@ accuracy_robustness_cybersecurity:
     verbose: 'Model is designed and developed to achieve appropriate level of accuracy'
     value: !!bool false
   robustiness: # Art. 15(1)
-    verbose 'Model is designed and developed to achieve appropriate level of robustness'
+    verbose: 'Model is designed and developed to achieve appropriate level of robustness'
     value: !!bool false
   cybersecurity:  # Art. 15(1)
     verbose: 'Model is designed and developed to achieve appropriate level of cybersecurity'

project_cc.yaml

@@ -1,28 +1,16 @@
-smb:
-  smb: # Art. 11(1) 
-    verbose: 'AI project is operated by a small or medium-sized enterprise' 
-    value: !!bool false
 
-eu_market:
-  placed_on_market: # Art. 3(9)
-    verbose: 'AI project is being made available on the Union market for the first time'
-    value: !!bool false 
-  put_into_service: #Art. 3(11)
-    verbose: 'AI project is supplied for first use directly to the deployer or for own use in the Union for its intended purpose;'
+# Information related to high-level characteristics of AI project, including its market status, operator, and type of AI
 
 operator_role:
   provider: # Art. 2
-    verbose: 'The owner of this AI project is a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge'
+    verbose: 'The operator of this AI project is a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge'
     value: !!bool false 
-  on_market: # Art 2 
-    verbose: 'AI project is placed on the market or put into service in the Union'
-    value: !!bool false  
   deployer: # Art. 2
     verbose: 'AI project operator is a natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity'
     value: !!bool false 
   eu_located: # Art. 2
     verbose: 'AI project operator has its place of establishment or location within the Union'
-    value: !!bool false  
+    value: !!bool True  
   output_used: # Art. 2
     verbose: 'The output produced by the AI system is used in the Union'
     value: !!bool false 
@@ -36,6 +24,14 @@ operator_role:
     verbose: 'AI project operator is a product manufacturer'
     value: !!bool false # Art. 2
 
+eu_market_status:
+  placed_on_market: # Art. 3(9)
+    verbose: 'AI project is being made available on the EU market (i.e., supplied for distribution or use in the course of a commercial activity, whether in return for payment or free of charge) for the first time'
+    value: !!bool false 
+  put_into_service: #Art. 3(11)
+    verbose: 'AI project is being used for its intended purpose for the first time in the EU, either by the operator or by a deployer to whom it is directly supplied'
+    value: !!bool false 
+
 ai_system:
   ai_system: # Art. 3(1)
     verbose: 'AI project is a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments'
@@ -46,6 +42,19 @@ gpai_model:
     verbose: 'AI project is an AI model, including where such an AI model is trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications, except AI models that are used for research, development or prototyping activities before they are placed on the market'
     value: !!bool false  
 
+gpai_model_systematic_risk:
+  evaluation:  # Art. 51 (1)(a)
+    verbose: 'The AI project has high impact capabilities based on an evaluation using appropriate technical tools and methodologies, including indicators and benchmarks'
+    value: !!bool false 
+  committee:  # Art. 51 (1)(b)
+    verbose: 'The AI project has capabilities or an impact equivalent to high impact capabilities based on a decision of the Commission, ex officio or following a qualified alert from the scientific panel'
+    value: !!bool false 
+  flops: # Art. 51(2)
+    verbose: 'The cumulative amount of computation used for the training of the AI project, as measured in floating point operations (FLOPs), has been greater than 10^25'
+    value: !!bool false 
+
+# Information related to the Act's exceptions for scientific research, open-source AI, and more
+
 excepted:
   scientific: # Art. 2(6) 
     verbose: 'AI project is or was specifically developed and put into service for the sole purpose of scientific research and development'
@@ -60,6 +69,8 @@ excepted:
     verbose: 'AI project involves AI models that are released under a free and open-source licence that allows for the access, usage, modification, and distribution of the model, and whose parameters, including the weights, the information on the model architecture, and the information on model usage, are made publicly available. This exception shall not apply to general purpose AI models with systemic risks'
     value: !!bool false  
 
+# Information related to practices prohibited by the Act
+
 prohibited_practice:
   ai_system:
     manipulative: # Art. 5(1)(a)
@@ -96,6 +107,8 @@ prohibited_practice:
       verbose: 'The AI project involves use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purposes of law enforcement stricly for the localisation or identification of a person suspected of having committed a criminal offence, for the purpose of conducting a criminal investigation or prosecution or executing a criminal penalty for offences referred to in Annex II and punishable in the Member State concerned by a custodial sentence or a detention order for a maximum period of at least four years.'
       value: !!bool false 
 
+# Requirements for those projects which involve high-risk AI systems
+
 high_risk_ai_system:
   safety_component: # Art. 6(1)(a)
     verbose: 'AI project is intended to be used as a safety component of a product'
@@ -163,7 +176,7 @@ risk_management_system:
     verbose: 'Risk management system for AI system includes the identification and analysis of any known or reasonably foreseeable risks that the AI system might pose to health, safety or fundamental rights when used in accordance with its intended purpose'
     value: !!bool false 
   risk_estimation_foreseeable: # Art. 9(2)(b)
-    verbose: 'Risk management system for AI system includes the estimation and evaluation of the risks that may emerge when the high-risk AI system is used in accordance with its intended purpose, and under conditions of reasonably foreseeable misuse;
+    verbose: 'Risk management system for AI system includes the estimation and evaluation of the risks that may emerge when the high-risk AI system is used in accordance with its intended purpose, and under conditions of reasonably foreseeable misuse'
     value: !!bool false 
   risk_post_market: # Art. 9(2)(c)
     verbose: 'Risk management system for AI system includes the evaluation of other risks possibly arising, based on the analysis of data gathered from the post-market monitoring system'
@@ -190,7 +203,7 @@ technical_documentation:
     value: !!bool false 
   interaction: # Art. 11(1); Annex IV(1)(b)
     verbose: 'The Technical Documentation includes a general description of the AI system that covers how the AI system interacts with, or can be used to interact with, hardware or software, including with other AI systems, that are not part of the AI system itself, where applicable'
-   value: !!bool false 
+    value: !!bool false 
   versions: # Art. 11(1); Annex IV(1)(c)
     verbose: 'Technical Documentation includes a general description of the AI system that covers the versions of relevant software or firmware, and any requirements related to version updates'
     value: !!bool false 
@@ -361,6 +374,28 @@ quality_management_system:
     verbose: 'System includes examination, test, and validation procedures before, during, and after development'
     value: !!bool false 
 
+fundamental_rights_assessment:
+  process: # Art. 27(1)(a)
+    verbose: 'AI project has been subject to a fundamental rights impact assessment that includes a description of the deployer’s processes in which the high-risk AI system will be used in line with its intended purpose'
+    value: !!bool false 
+  time_period: # Art. 27(1)(b)
+    value: 'AI project has been subject to a fundamental rights impact assessment that includes a description of the period of time within which, and the frequency with which, each high-risk AI system is intended to be used'
+    value: !!bool false 
+  persons_affected: # Art. 27(1)(c)
+    verbose: 'AI project has been subject to a fundamental rights impact assessment that describes the categories of natural persons and groups likely to be affected by its use in the specific context'
+    value: !!bool false 
+  likely_harms: # Art. 27(1)(d)
+    verbose: 'AI project has been subject to a fundamental rights impact assessment that describes the specific risks of harm likely to have an impact on the categories of natural persons and groups likely to be affected by its use in the specific context'
+    value: !!bool false 
+  human_oversight: # Art. 27(1)(e)
+    verbose: 'AI project has been subject to a fundamental rights impact assessment that includes a description of the implementation of human oversight measures, according to the instructions for use'
+    value: !!bool false 
+  risk_mitigation: # Art. 27(1)(f)
+    verbose: 'AI project has been subject to a fundamental rights impact assessment that describes the measures to be taken in the case of the materialisation of risks of harm likely to have an impact on the categories of natural persons and groups likely to be affected by its use in the specific context, including the arrangements for internal governance and complaint mechanisms'
+    value: !!bool false 
+
+# Information related to the Act's requirements for all AI systems
+
 transparency_obligations:
   synthetic_content: # Art. 50(2)
     verbose: 'Providers of AI systems generating synthetic content ensure outputs are marked and detectable as artificially generated'
@@ -369,13 +404,7 @@ transparency_obligations:
     verbose: 'Technical solutions for marking are effective, interoperable, robust, and reliable'
     value: !!bool false 
 
-gpai_model_systematic_risk:
-  evaluation:  # Art. 51
-    verbose: 'Model impact capabilities were evaluated using appropriate technical tools and methodologies'
-    value: !!bool false 
-  flops: # Art. 51(2)
-    verbose: 'Cumulative compute for training measured in floating point operations (FLOPs)'
-    value: !!bool false 
+# Information related to the Act's requirements for GPAI models
 
 gpai_model_provider_obligations:
   intended_uses: # Art. 53(1)(a); Annex XI(1)(1)(a-c)
@@ -403,7 +432,9 @@ gpai_model_provider_obligations:
     verbose: 'To downstream providers, describe model elements, development process, and integration requirements'
     value: !!bool false 
 
-gpai_obligations_for_systemic_risk_models:
+# Information related to the Act's requirements for GPAI models with systematic risk 
+
+obligations_for_gpai_models_with_systemic_risk:
   evaluation: # Art. 55(1)(a)
     verbose: 'Perform model evaluation using standardized protocols and conduct adversarial testing'
     value: !!bool false 
@@ -414,3 +445,5 @@ gpai_obligations_for_systemic_risk_models:
     verbose: 'Ensure adequate cybersecurity protection for the model and infrastructure'
     value: !!bool false 
 
+
+

utils.py

@@ -0,0 +1,107 @@
+import yaml
+   
+def set_type(project_variables, project_cc_yaml):
+
+    project_type = None
+    
+    ai_system = project_variables['ai_project_type']['ai_system']
+    gpai_model = project_variables['ai_project_type']['gpai_model']
+    
+    if project_cc_yaml['ai_system']['ai_system']['value']:
+        ai_system = True
+    if project_cc_yaml['gpai_model']['gpai_model']['value']:
+        gpai_model = True
+    if ai_system and gpai_model:
+        msg = ("Your project cannot be both an AI system and a GPAI model. Please revise your Project CC accordingly.")
+    if ai_system == True:
+        for key, value in project_cc_yaml['high_risk_ai_system']:
+            if value and sum(map(bool, [project_cc_yaml['high_risk_ai_system']['filter_exception_rights'],project_cc_yaml['high_risk_ai_system']['filter_exception_narrow'],project_cc_yaml['high_risk_ai_system']['filter_exception_human'],project_cc_yaml['high_risk_ai_system']['filter_exception_deviation'], project_cc_yaml['high_risk_ai_system']['filter_exception_prep']])) < 1:
+                project_type = "high_risk_ai_system"
+                
+    if gpai_model == True:
+        if project_cc_yaml['gpai_model_systematic_risk']['evaluation'] or project_cc_yaml['gpai_model_systematic_risk']['flops']:
+            project_type = "gpai_model_systematic_risk"
+            
+    return project_type
+
+def set_operator_role_and_location(project_variables, project_cc_yaml):
+    operators = 0
+    
+    ai_system = project_variables['ai_project_type']['ai_system']
+    gpai_model = project_variables['ai_project_type']['gpai_model']
+    
+    for var in project_variables['operator_role']:
+        if project_cc_yaml['operator_role'][f'{var}']['value']:
+            project_variables['operator_role'][f'{var}'] = True
+            operators += 1 
+        
+    if ai_system and gpai_model:
+        msg = ("Your project cannot be both an AI system and a GPAI model. Please revise your Project CC accordingly.")
+    if operators != 1:
+        msg = ("Please specify exactly one operator role.")
+    
+    return project_variables
+
+def set_eu_market_status(project_variables, project_cc_yaml):
+    
+    if project_cc_yaml['eu_market_status']['placed_on_market']['value']:
+        project_variables['eu_market_status']["placed_on_market"] = True
+    if project_cc_yaml['eu_market_status']['put_into_service']['value']:
+        project_variables['eu_market_status']["put_into_service"] = True
+        
+    if project_cc_yaml['operator_role']['output_used']['value']:
+        project_variables['operator_role']["output_used"] = True
+        
+    return project_variables
+
+
+def check_within_scope(project_cc_yaml):
+    if not check_excepted(project_cc_yaml):
+        if provider and ((ai_system and (placed_on_market or put_into_service)) or (gpai_model and placed_on_market)):   # Article 2.1(a)
+            return True
+        if deployer and eu_located: # Article 2.1(b)
+            return True
+        if (provider or deployer) and (ai_system and eu_located and output_used): # Article 2.1(c)
+            return True
+        if (importer or distributor) and ai_system: # Article 2.1(d)
+            return True
+        if product_manufacturer and ai_system and (placed_on_market or put_into_service): # Article 2.1(e)
+            return True
+    else:
+        return False
+
+def check_excepted(project_cc_yaml):
+    if project_cc_yaml['excepted']['scientific'] or project_cc_yaml['excepted']['pre_market'] or (ai_system and project_cc_yaml['excepted']['open_source_ai_system']) or (gpai_model and project_cc_yaml['excepted']['open_source_gpai_system']):
+        return True
+    else:
+        return False 
+
+# def check_prohibited (project_cc_yaml):
+#     if ai_system:
+#         for key in project_cc_yaml['prohibited_practice']['ai_system']:
+#             if key[value]: 
+#                 print("You are engaged in a prohibited practice and thus the project is non-compliant.")
+#                 return True
+#     if project_cc_yaml['prohibited_practice']['biometric']['categorization']:
+#         print("You are engaged in a prohibited practice and thus the project is non-compliant.")
+#         return True
+#     if project_cc_yaml['prohibited_practice']['biometric']['real_time'] and sum(map(bool, [project_cc_yaml['prohibited_practice']['biometric']['real_time_exception_victim'],project_cc['prohibited_practice']['biometric']['real_time_exception_threat'], project_cc_yaml['prohibited_practice']['biometric']['real_time_exception_investigation']])) == 0:
+#         print("You are engaged in a prohibited practice and thus the project is non-compliant.")
+#         return True
+#     else: 
+#         print("You are not engaged in any prohibited practices.")
+#         return False
+
+# def check_all_true(file_path):
+#     data = yaml.safe_load(file_path)
+
+#     # Iterate through top-level keys
+#     for top_key, top_value in data.items():
+#         if isinstance(top_value, dict):
+#             # Iterate through second-level keys
+#             for second_key, second_value in top_value.items():
+#                 if not second_value:
+#                     print("You are non-compliant with the Act")
+#                     break
+#             else:
+#                 print("No problems here")