{ "schema": "actproof.atoms_for_machines_page.v1", "page": "https://actproof.org/atoms-for-machines/", "profile_id": "op:eu.dora.ict_incident_notification_initial.v1", "purpose": "Explain why source atoms and their combinations are better machine-consumable elements for compliance infrastructure than PDFs, field names or vendor labels.", "core_thesis": "Compliance infrastructure starts below the form: machines need source-bound atoms they can inspect, combine, hash, map and review before a workflow begins.", "atom_definition": "Smallest pinned, addressable unit of legal source material that a profile field can be bound to.", "machine_value": [ { "need": "source identity", "atom_response": "CELEX, ELI, instrument, authority and language" }, { "need": "exact legal location", "atom_response": "article, paragraph, annex, template field, glossary entry or rule locator" }, { "need": "text integrity", "atom_response": "official text excerpt and official_text_sha256 where captured" }, { "need": "meaning boundary", "atom_response": "atom type, source role, normative weight and maturity status" }, { "need": "dependency graph", "atom_response": "fields, derivations and profiles that consume the atom" }, { "need": "safe agent use", "atom_response": "non-claims, boundaries and next-step guidance" }, { "need": "missingness signal", "atom_response": "unused atoms, coverage gaps and captured-but-unmapped source material" }, { "need": "stable retrieval", "atom_response": "small stable atom records suitable for caching, indexing, re-fetching and line-by-line NDJSON consumption" }, { "need": "provenance trail", "atom_response": "source identity, capture basis, hash basis, maturity state and dependency edges" }, { "need": "change impact", "atom_response": "atom hash or maturity changes can trigger field, mapping, overlay and report re-review" }, { "need": "agent proof object", "atom_response": "compact evidence-carrying record with boundaries, non-claims and safe next-call guidance" } ], "composition_principle": "A report field is usually a composition of atoms: base obligation + content rule + template cell + glossary/classification context.", "positioning": { "stance": "complementary_beneath", "summary": "OSCAL, Rules-as-Code and policy-as-code structure controls, requirements, assessments and executable compliance logic. ActProof atoms sit one layer earlier: they make the official legal or template fragment itself machine-consumable and verifiable.", "distinction": "Controls and rules are structured interpretations. ActProof atoms are source anchors that controls, rules, assessments and agent workflows can point to when they need to show what official material they rest on.", "layers": [ { "layer": "policy-as-code", "primary_object": "executable policy logic", "source_role": "should cite source" }, { "layer": "Rules-as-Code", "primary_object": "machine-readable rule", "source_role": "should cite source" }, { "layer": "OSCAL", "primary_object": "controls and assessments", "source_role": "can reference supporting resources" }, { "layer": "ActProof atom", "primary_object": "official source fragment", "source_role": "source anchor plus locator plus hash where captured" } ], "claim": "ActProof does not replace OSCAL or rules engines. It gives them a source object to point at." }, "coverage": { "total_source_atoms": 26, "atoms_used_by_fields": 25, "unused_source_atoms": 1, "unused_source_atom_ids": [ "src.eu.dora.32025R0301.art1.content_rules" ], "template_field_atoms": 15, "primary_atoms": 24 }, "maturity": { "atom_identity_hashes": "present", "official_text_hashes": "pending_where_null", "review_status": "draft/provisional unless otherwise indicated", "next_hardening": "populate reviewed text_excerpt and official_text_sha256 for selected atoms" }, "machine_surfaces": { "atom_inventory_json": "https://actproof.org/api/v1/profiles/dora/atoms.json", "source_atoms_json": "https://actproof.org/assets/data/dora.source-atoms.json", "source_atoms_ndjson": "https://actproof.org/api/v1/profiles/dora/source-atoms.ndjson", "profile_stream_ndjson": "https://actproof.org/api/v1/profiles/dora/stream.ndjson", "agent_card": "https://actproof.org/.well-known/actproof-agent.json" }, "non_claims": [ "not legal advice", "not compliance certification", "not supervisory approval", "not a claim that every atom is fully text-bound", "not law-as-code execution" ], "example_fields": [ { "field_id": "entity_legal_identifier", "required": true, "derivation_type": "direct_template_field", "source_atoms": [ "src.eu.dora.32025R0302.annexI.entity_lei", "src.eu.dora.32025R0302.annexII.data_glossary" ], "mapping_confidence": "draft", "interpretive_load": 0, "derivation_note": "The field is a direct institutional identifier in the reporting template and glossary instructions.", "non_claims": [], "release_scope": "required_release_scope", "binding_granularity": "template_field" }, { "field_id": "financial_entity_type", "required": true, "derivation_type": "transformed_template_field", "source_atoms": [ "src.eu.dora.32025R0302.annexI.financial_entity_type", "src.eu.dora.32025R0302.annexII.data_glossary", "src.eu.dora.32022R2554.art19.reporting_obligation" ], "mapping_confidence": "draft", "interpretive_load": 2, "derivation_note": "The field records the regulated-entity category using the template and glossary context; selection depends on the entity taxonomy.", "non_claims": [], "release_scope": "required_release_scope", "binding_granularity": "template_field" }, { "field_id": "classification_criteria_triggered", "required": true, "derivation_type": "interpretive_classification_mapping", "source_atoms": [ "src.eu.dora.32025R0302.annexI.classification_criteria", "src.eu.dora.32024R1772.art1to7.classification_criteria", "src.eu.dora.32024R1772.art8.major_incident_determination", "src.eu.dora.32025R0301.art2.initial_notification_content" ], "mapping_confidence": "draft", "interpretive_load": 4, "derivation_note": "The field records which classification criteria were triggered. The template carries the field; the classification RTS supplies the substantive criteria; the initial-notification RTS supplies the content context.", "non_claims": [ "does_not_constitute_final_legal_classification", "does_not_replace_competent_authority_assessment" ], "release_scope": "required_release_scope", "binding_granularity": "template_field" }, { "field_id": "business_continuity_plan_activated", "required": true, "derivation_type": "normalised_boolean_field", "source_atoms": [ "src.eu.dora.32025R0302.annexI.bcp_activated", "src.eu.dora.32025R0301.art2.initial_notification_content" ], "mapping_confidence": "draft", "interpretive_load": 1, "derivation_note": "The field normalises business-continuity activation evidence into a boolean reporting field.", "non_claims": [], "release_scope": "required_release_scope", "binding_granularity": "template_field" } ], "agent_proof_principle": "Agents should not be asked to infer compliance meaning from broad legal text alone. They need proof-carrying records: source identity, exact locator, official text hash where captured, provenance, dependency edges, maturity state, boundaries and safe next actions.", "agent_needs": [ "evidence-backed grounding", "provenance and traceability", "small context windows and streamable records", "stable identifiers for caching and comparison", "explicit non-claims to avoid unsafe conclusions", "recoverable uncertainty and review-required signals" ], "oscal_positioning": { "relationship": "complementary_upstream_source_fragment_layer", "summary": "OSCAL is the closest neighbour, but the point is simple: OSCAL primarily structures controls and assessments; ActProof atoms primarily structure official source fragments. A control, rule, assessment or agent workflow can reference an atom when it needs a verifiable legal-source anchor.", "not_claimed": [ "not an OSCAL replacement", "not a policy-as-code engine", "not a compliance certification layer" ], "integration_thesis": "The rule remains the interpretation. The atom remains the proof object it must answer to.", "comparison": [ { "layer": "policy-as-code", "primary_object": "executable policy logic", "source_fragment_role": "should cite source" }, { "layer": "Rules-as-Code", "primary_object": "machine-readable rule", "source_fragment_role": "should cite source" }, { "layer": "OSCAL", "primary_object": "controls and assessments", "source_fragment_role": "can reference supporting resources" }, { "layer": "ActProof source atom", "primary_object": "official source fragment", "source_fragment_role": "source anchor plus locator plus hash where captured" } ] }, "why_atoms_are_better_machine_elements": [ { "reason": "smaller_than_regulations", "plain_english": "A machine can consume one source fragment instead of a whole legal act." }, { "reason": "source_bound", "plain_english": "Each atom points back to an official instrument and locator before interpretation starts." }, { "reason": "recomputable", "plain_english": "Where text is captured, the official text hash can be checked again." }, { "reason": "composable", "plain_english": "A field can be built from several atoms: obligation, template cell, glossary entry, timing rule or classification rule." }, { "reason": "missingness", "plain_english": "Coverage can show which recorded source atoms are not yet represented by fields." }, { "reason": "schema_mapping", "plain_english": "Banks and vendors can map internal fields by source basis, not by name similarity alone." }, { "reason": "agent_safety", "plain_english": "An agent gets a bounded proof object with provenance, dependencies and non-claims before it acts." } ] }