#✓ActProof
Events
ATOM LIFE-CYCLE / SOURCE-BINDING BEDROCKinstrument sentence · locator · atom · derivation · field · coverage · library usebounded claim: source identity binding, not legal certification
Source atoms / DORA / field-level meaning

The smallest useful piece of legal source.

An ActProof atom is the addressable source fragment that lets a reporting field point back to the instrument that gave it meaning.

This page shows the atom lifecycle: how a sentence, article, paragraph, template section or template cell is identified, selected, pinned, reviewed and then consumed by the library as the bedrock under fields, mappings, coverage and bank review artifacts.

Explore DORA atoms →Open source-atoms JSON →API atom inventory →Live DORA profile →
DORA source atoms26 recorded atoms
Used by fields25 used
Gap signal1 unused atom
Current text stateidentity-hashed, official text hash pending
01 / Why atoms exist

Without atoms, a field is just an assertion.

The field name is not the authority. The source binding is.

A reporting field such as classification_criteria_triggered is useful only if a reviewer can see what source material supports it. Atoms make that review possible: they point to an official instrument, a locator, a provision or template cell, a role, and a recomputable identity hash.

That is why ActProof starts below the field. It first records the source units that make field meaning inspectable.

Atoms make visible
  • which legal instrument a field draws from
  • whether the source is an article, paragraph, template section, template field, glossary entry or classification rule
  • whether the atom is primary or supporting
  • whether a source atom is used, contextual, or currently unused
Atoms do not claim
  • that the profile is legally complete
  • that a bank is compliant
  • that the atom text has been externally legally reviewed
  • that official-text fragment hashes are complete where they remain pending
02 / Atom lifecycle

From instrument sentence to library primitive.

The lifecycle is intentionally conservative. The source is not swallowed by the library; it is turned into a small, challengeable object.

01Instrument

The legal source is identified by official identifiers such as CELEX and ELI.

02Fragment

A specific article, paragraph, annex section, template field, glossary entry or rule is selected.

03Locator

The fragment receives an addressable locator: article, paragraph, annex, section, field, or rule reference.

04Atom

The locator and source metadata become a source atom with role, weight and binding status.

05Hash

The atom identity hash is recomputed over canonical identity fields; official text hash remains separate.

06Derivation

Fields draw on one or more atoms with mapping notes and interpretive load.

07Consumption

The package exports profile views, coverage, mappings, overlays, reports and bank packs built on those atoms.

03 / DORA atom inventory

Inspect the atoms currently recorded for the DORA initial-notification profile.

The current DORA profile records atoms across the base DORA regulation, content/time-limit rules, implementing template structure and classification rules. The table is loaded from the deployed dora.source-atoms.json file.

04 / Data structure

The atom is deliberately more than a citation.

A normal citation tells a human where to look. An ActProof atom adds machine-readable identity, binding role, maturity state and hash basis.

PropertyPurposeWhy it matters
source_atom_idStable atom identifierLets fields and derivations point to the same source unit.
celex / eliOfficial legal document identifiersSupports EU legal-source traceability and reuse.
locatorArticle, paragraph, annex, section, field or rule addressPrevents a field from pointing only to a whole regulation.
atom_typeArticle, template field, glossary entry, rule, thresholdShows whether the source is obligation, template structure or classification logic.
source_roleFunctional role in the profileDistinguishes base obligation, content requirement, template field and time limit.
normative_weightPrimary or supportingPrevents supporting context from being overclaimed as direct field authority.
atom_identity_sha256Recomputable identity hashLets the atom identity be checked independently.
official_text_sha256Hash of the captured official text fragmentCurrent maturity gate: many atoms remain identity-pinned but text-hash pending.
05 / Coverage and missingness

Atoms also show what the profile may not yet represent.

The inverse question matters: of the source atoms recorded, which ones are not used by any field?

Source-atom coverage is how ActProof avoids implying that “if it is not in the profile, it does not matter.” A recorded source atom with no field binding becomes a visible gap signal, not an invisible assumption.

SOURCE-ATOM COVERAGE
loading current atom usage…
Why banks care

Missingness becomes reviewable.

A bank, auditor or GRC implementer can see whether the profile uses each recorded source atom, which atoms are only contextual, and whether any source provision is waiting for review.

Open source-atom coverage →
06 / How the library consumes atoms

Everything above the atom inherits its source discipline.

Atoms are not decorative metadata. They are consumed by the library in field derivations, profile-view export, source-atom coverage, candidate schema mapping, bank overlays and overlay impact review.

Field derivationfield → atoms

Explains why a report field exists and how much interpretation enters.

Schema mappingexternal field → ActProof field → atoms

Keeps bank/vendor field names from becoming accidental authority.

Bank overlaybank decision → pinned profile → atoms

Lets an institution record reviewed mapping decisions against source-bound references.

actproof-events source-atom-coverage op:eu.dora.ict_incident_notification_initial.v1
actproof-events compare-schema op:eu.dora.ict_incident_notification_initial.v1 external-schema.json
actproof-events export-bank-poc-pack op:eu.dora.ict_incident_notification_initial.v1 --out bank-poc-pack
Library meaning

The atom is the root of the trust chain.

Profile fields, candidate mappings and bank overlays are safer because each one can be traced back to a source atom rather than a private label.

07 / Maturity gates

The next hardening step is official-text fragment sealing.

The current atom set is useful because atom identity, locator and role are explicit. The next depth step is to populate text excerpts and official text fragment hashes so reviewers can check not only atom identity, but also the exact captured source text.

Live now
  • 26 DORA source atoms in the public data file
  • CELEX and ELI identifiers
  • locators, roles, weights and binding status
  • recomputable atom identity hashes
  • source-atom coverage and unused-atom gap signal
Next hardening
  • populate text_excerpt with reviewed official source snippets
  • compute official_text_sha256 over captured text fragments
  • move selected atoms from provisional binding toward reviewed status
  • publish atom NDJSON for richer agent ingestion

Start below the field.

If a bank, GRC vendor, auditor or AI agent cannot inspect the source atom, it cannot safely rely on the field. That is the point of ActProof.

Open atoms JSON →Open API atom inventory →Field mapping boundary →Bank demo →PyPI ↗