Skip to content

AI Agents — GDPR Art. 7(3) + AI Act Art. 14 talking points

This page is a sales- and legal-team-facing explainer for how Rakomi’s agent identity model satisfies the regulatory requirements your enterprise customers (and their DPOs / compliance officers) will ask about. Use it verbatim in RFPs, security questionnaires, and DPIA appendices.

Every AI agent that acts on a user’s behalf is a first-class identity in Rakomi — separately registered, separately revocable, separately audited. Users retain GDPR Art. 7(3) consent-withdrawal control over individual agents. Tenants retain bounded blast-radius (≤15-minute token TTL ceiling + admin-revoke-all-tokens-now). Auditors get one cohesive evidence stream: “which agent did what, on whose behalf, when, from where”.

Rakomi maintains a tenant-isolated, RLS-scoped activity feed (agent_actions, 180-day retention) plus an immutable archive (audit_log, 3-year retention). Critical events (token issuance, revocation, blocked-on-revocation) are dual-written. Every action carries: actor user, agent client_id, JTI, scope, IP+UA SHA-256 prefixes (raw hashes never leave the server), and ISO timestamp.

Each end user has a self-service surface:

  • GET /v1/users/me/agents lists every agent that has ever acted on their behalf.
  • DELETE /v1/users/me/agents/{agentClientId} revokes consent for that specific agent. The revocation is recorded with reason='gdpr_art_7_withdrawal' and is idempotent (repeated revocation requests do not create duplicate records or audit entries).

The withdrawal takes effect at the next token-mint event for that (user, agent) pair (token-exchange + CIBA both consult user_agent_revocations before issuing). Already-issued tokens remain valid until their TTL expires — bounded by the agent’s agent_token_max_ttl_sec (≤900 seconds, project ceiling). Tenants requiring instant revocation across all users use the admin path (DELETE /v1/auth/dashboard/tenants/{slug}/agents/{agentId}) which inserts a denylist row consulted on every Bearer authentication.

Every user’s data export (DSAR) includes a section “Agent-mediated actions on your account” listing each row from agent_actions joined to the agent’s name. The CSV columns: agent name, action type, resource, created_at. PII-safe (no IP / UA shown — only their hashes’ 12-char prefixes if needed for fraud investigation context).

When a user account is hard-deleted, agent_actions.actor_user_id is set to NULL (FK ON DELETE SET NULL). The agent-attribution timeline at tenant level survives — the data is now unattributable to the deleted user. This is a deliberate design: the tenant-side accountability record (Art. 5(2)) outlives the user account, but the user’s identifying link is severed.

Art. 35 — Data Protection Impact Assessment

Section titled “Art. 35 — Data Protection Impact Assessment”

Story 23.4 is high-risk processing under Art. 35(3)(a) (systematic + extensive evaluation of personal aspects via automation). A DPIA supplement authored at story-completion lives at _bmad-output/compliance/dpia-supplement-agent-identity.md (eight sections; mapped against GDPR Art. 7(3) / 15 / 17 / 20). Available to enterprise customers under NDA on request.

AI Act mapping (Regulation (EU) 2024/1689)

Section titled “AI Act mapping (Regulation (EU) 2024/1689)”

The agent_actions table is the AI Act Art. 12 evidence stream: it captures (per AI-system act) the input scope, the actor user, the action type, the resource accessed, and the timestamp — sufficient for reconstructing post-incident “what did the agent do, on whose behalf, when”. Retention 180 days operational + 3 years archive. Tenants extending beyond 3 years use the SIEM-forwarder webhook (agent.alert_triggered plus the dual-written audit_log events; roadmap: agent_actions → SIEM batch forwarder per innovation-hunt AC #14-OPT.10).

Three primitives implement the human-oversight requirement:

  1. Per-agent rate limits (agent_settings.rate_limits) cap the agent’s throughput; hits emit agent.rate_limited events for SOC review.
  2. Tenant-admin revocation invalidates all of an agent’s tokens within ≤900 seconds. The denylist consult is on every Bearer authentication — no cache layer between revocation and enforcement.
  3. Per-user revocation lets the human-in-the-loop withdraw at the (user, agent) granularity without a global revoke.

Art. 26(7) — Notification of high-risk AI deployment

Section titled “Art. 26(7) — Notification of high-risk AI deployment”

Rakomi’s agent.created audit + webhook event gives tenants the trigger to notify their internal AI registry (or, for high-risk classifications under Annex III, the relevant supervisory authority).

CRA — Cyber Resilience Act (Regulation (EU) 2024/2847)

Section titled “CRA — Cyber Resilience Act (Regulation (EU) 2024/2847)”

The agents SDK module (packages/sdk/src/agents.ts + the in-tree CIBA / token-exchange modules) is under CRA jurisdiction (Class I important products, Annex III — identity-management SDKs distributed under the CRE8EVE brand). Vulnerability records are retained for 10 years per Art. 14 under security/cra-vulnerability-records/SEC.23.CR-PLACEHOLDER-agents-sdk.md (real findings replace the placeholder as they arise).

FrameworkControlRakomi evidence
ISO 27001 A.9.2.5Review of access rightsActivity timeline (180 days) + per-user revocation surface
ISO 27001 A.9.2.6Removal / adjustment of accessDELETE /v1/.../agents/{id} — admin revoke-all-tokens-now
ISO 27001 A.12.4Logging and monitoringagent_actions operational feed + audit_log archive (dual-write)
SOC 2 CC6.3Logical access removalSame as ISO A.9.2.6
SOC 2 CC7.2Anomaly detectionagent.rate_limited + agent.alert_triggered events + per-agent alert configs

The two paragraphs to lead with on a customer call:

“Every AI agent in your tenant — whether an MCP server, an LLM, a voice client, or a CLI — gets registered as a first-class identity, with its own scoped credentials, its own short-lived token cap (max 15 minutes), and its own activity timeline. You see what each agent did, on whose behalf, when, from where. You can revoke any agent in one click and the revocation propagates to every issued token within seconds.”

“Your end users keep GDPR Art. 7(3) control. Without involving you, they can revoke any agent that has ever acted on their behalf via a standard endpoint or via your in-app account UI. Rakomi gates every future token-mint on the per-user revocation list — the agent is locked out for that user without affecting the agent’s other authorisations.”