AI Agents — GDPR Art. 7(3) + AI Act Art. 14 talking points
This page is a sales- and legal-team-facing explainer for how Rakomi’s agent identity model satisfies the regulatory requirements your enterprise customers (and their DPOs / compliance officers) will ask about. Use it verbatim in RFPs, security questionnaires, and DPIA appendices.
The headline
Section titled “The headline”Every AI agent that acts on a user’s behalf is a first-class identity in Rakomi — separately registered, separately revocable, separately audited. Users retain GDPR Art. 7(3) consent-withdrawal control over individual agents. Tenants retain bounded blast-radius (≤15-minute token TTL ceiling + admin-revoke-all-tokens-now). Auditors get one cohesive evidence stream: “which agent did what, on whose behalf, when, from where”.
GDPR mapping
Section titled “GDPR mapping”Art. 5(2) — Accountability
Section titled “Art. 5(2) — Accountability”Rakomi maintains a tenant-isolated, RLS-scoped activity feed
(agent_actions, 180-day retention) plus an immutable archive (audit_log,
3-year retention). Critical events (token issuance, revocation, blocked-on-revocation)
are dual-written. Every action carries: actor user, agent client_id, JTI,
scope, IP+UA SHA-256 prefixes (raw hashes never leave the server), and ISO
timestamp.
Art. 7(3) — Right to withdraw consent
Section titled “Art. 7(3) — Right to withdraw consent”Each end user has a self-service surface:
GET /v1/users/me/agentslists every agent that has ever acted on their behalf.DELETE /v1/users/me/agents/{agentClientId}revokes consent for that specific agent. The revocation is recorded withreason='gdpr_art_7_withdrawal'and is idempotent (repeated revocation requests do not create duplicate records or audit entries).
The withdrawal takes effect at the next token-mint event for that
(user, agent) pair (token-exchange + CIBA both consult
user_agent_revocations before issuing). Already-issued tokens remain
valid until their TTL expires — bounded by the agent’s
agent_token_max_ttl_sec (≤900 seconds, project ceiling). Tenants
requiring instant revocation across all users use the admin path
(DELETE /v1/auth/dashboard/tenants/{slug}/agents/{agentId}) which
inserts a denylist row consulted on every Bearer authentication.
Art. 15 — Right of access
Section titled “Art. 15 — Right of access”Every user’s data export (DSAR) includes a section “Agent-mediated actions
on your account” listing each row from agent_actions joined to the
agent’s name. The CSV columns: agent name, action type, resource,
created_at. PII-safe (no IP / UA shown — only their hashes’ 12-char
prefixes if needed for fraud investigation context).
Art. 17 — Right to erasure
Section titled “Art. 17 — Right to erasure”When a user account is hard-deleted, agent_actions.actor_user_id is set
to NULL (FK ON DELETE SET NULL). The agent-attribution timeline at
tenant level survives — the data is now unattributable to the deleted user.
This is a deliberate design: the tenant-side accountability record (Art.
5(2)) outlives the user account, but the user’s identifying link is severed.
Art. 35 — Data Protection Impact Assessment
Section titled “Art. 35 — Data Protection Impact Assessment”Story 23.4 is high-risk processing under Art. 35(3)(a) (systematic +
extensive evaluation of personal aspects via automation). A DPIA supplement
authored at story-completion lives at
_bmad-output/compliance/dpia-supplement-agent-identity.md (eight sections;
mapped against GDPR Art. 7(3) / 15 / 17 / 20). Available to enterprise
customers under NDA on request.
AI Act mapping (Regulation (EU) 2024/1689)
Section titled “AI Act mapping (Regulation (EU) 2024/1689)”Art. 12 — Record-keeping
Section titled “Art. 12 — Record-keeping”The agent_actions table is the AI Act Art. 12 evidence stream: it
captures (per AI-system act) the input scope, the actor user, the action
type, the resource accessed, and the timestamp — sufficient for
reconstructing post-incident “what did the agent do, on whose behalf,
when”. Retention 180 days operational + 3 years archive. Tenants
extending beyond 3 years use the SIEM-forwarder webhook
(agent.alert_triggered plus the dual-written audit_log events;
roadmap: agent_actions → SIEM batch forwarder per
innovation-hunt AC #14-OPT.10).
Art. 14 — Human oversight
Section titled “Art. 14 — Human oversight”Three primitives implement the human-oversight requirement:
- Per-agent rate limits (
agent_settings.rate_limits) cap the agent’s throughput; hits emitagent.rate_limitedevents for SOC review. - Tenant-admin revocation invalidates all of an agent’s tokens within ≤900 seconds. The denylist consult is on every Bearer authentication — no cache layer between revocation and enforcement.
- Per-user revocation lets the human-in-the-loop withdraw at the
(user, agent)granularity without a global revoke.
Art. 26(7) — Notification of high-risk AI deployment
Section titled “Art. 26(7) — Notification of high-risk AI deployment”Rakomi’s agent.created audit + webhook event gives tenants the trigger to
notify their internal AI registry (or, for high-risk classifications under
Annex III, the relevant supervisory authority).
CRA — Cyber Resilience Act (Regulation (EU) 2024/2847)
Section titled “CRA — Cyber Resilience Act (Regulation (EU) 2024/2847)”The agents SDK module (packages/sdk/src/agents.ts + the in-tree CIBA /
token-exchange modules) is under CRA jurisdiction (Class I important
products, Annex III — identity-management SDKs distributed under the
CRE8EVE brand). Vulnerability records are retained for 10 years per Art. 14
under security/cra-vulnerability-records/SEC.23.CR-PLACEHOLDER-agents-sdk.md
(real findings replace the placeholder as they arise).
ISO 27001 + SOC 2 mapping
Section titled “ISO 27001 + SOC 2 mapping”| Framework | Control | Rakomi evidence |
|---|---|---|
| ISO 27001 A.9.2.5 | Review of access rights | Activity timeline (180 days) + per-user revocation surface |
| ISO 27001 A.9.2.6 | Removal / adjustment of access | DELETE /v1/.../agents/{id} — admin revoke-all-tokens-now |
| ISO 27001 A.12.4 | Logging and monitoring | agent_actions operational feed + audit_log archive (dual-write) |
| SOC 2 CC6.3 | Logical access removal | Same as ISO A.9.2.6 |
| SOC 2 CC7.2 | Anomaly detection | agent.rate_limited + agent.alert_triggered events + per-agent alert configs |
What to tell sales prospects
Section titled “What to tell sales prospects”The two paragraphs to lead with on a customer call:
“Every AI agent in your tenant — whether an MCP server, an LLM, a voice client, or a CLI — gets registered as a first-class identity, with its own scoped credentials, its own short-lived token cap (max 15 minutes), and its own activity timeline. You see what each agent did, on whose behalf, when, from where. You can revoke any agent in one click and the revocation propagates to every issued token within seconds.”
“Your end users keep GDPR Art. 7(3) control. Without involving you, they can revoke any agent that has ever acted on their behalf via a standard endpoint or via your in-app account UI. Rakomi gates every future token-mint on the per-user revocation list — the agent is locked out for that user without affecting the agent’s other authorisations.”
See also
Section titled “See also”- AI agents guide — how to register, revoke, and observe
- Agents API reference
- DPIA supplement (NDA — request via account team)