opencomplai gaps¶
Print a per-article EU AI Act gap report: for every tracked article, whether it is Met, Partial, Missing, or Unverified, and which subsystem (rule, obligation catalog, code scan, or pipeline evaluator) produced that status.
gaps is purely a projection of results that other commands already compute — it runs no new analysis. It is informational only and never gates CI; the exit-code contract stays exclusively with opencomplai check.
Usage¶
Options¶
| Flag | Default | Description |
|---|---|---|
--manifest / -m | system-manifest.json | System manifest path |
--commit-ref | HEAD | Commit reference for provenance |
--scan-report | (none) | Path to a CorroborationReport JSON from a prior opencomplai scan --output json — resolves scan-sourced article rows |
--sample-set | (none) | Path to an EvalSampleSet JSON — resolves evaluator-sourced article rows (safety, bias, data-leakage) |
--output / -o | human | human or json |
Understanding gap statuses¶
| Status | Meaning |
|---|---|
| MET | The mapped rule passed, or the mapped scan/evaluator source found no discrepancy. |
| PARTIAL | A mapped evaluator returned a warn outcome. |
| MISSING | A mapped rule failed, a scan found a discrepancy against the declared purpose, or a mapped evaluator failed. |
| UNVERIFIED | No automated source was run for this article in this invocation — not the same as "failing." An obligation-only article (e.g. Art. 11, Art. 12) is always UNVERIFIED, since Opencomplai has no automated check for it; a rule/scan/evaluator-backed article is UNVERIFIED only when you didn't supply the input needed to resolve it (--scan-report and/or --sample-set). |
This distinction is deliberate, not a limitation to work around silently: the rule engine alone cannot see everything. An article whose only mapped source is a pipeline evaluator (e.g. Art. 15's EVAL_SAFETY_LEXICAL_V1) will read UNVERIFIED — not MISSING — until you pass --sample-set. Passing more inputs turns more rows from UNVERIFIED into a real MET/PARTIAL/MISSING verdict; it never turns a real MISSING back into UNVERIFIED.
Example: rule-sourced and evaluator-sourced rows together¶
Given a manifest with intended_purpose: "recruitment screening of candidates" (an Annex III high-risk use case) and a --sample-set whose outputs contain an adversarial-prompt fixture that fails EVAL_SAFETY_LEXICAL_V1:
{
"system_id": "hiring",
"commit_ref": "HEAD",
"generated_at": "2026-07-12T10:00:00+00:00",
"articles": [
{
"article": "Art. 6",
"status": "missing",
"source": "rule",
"evidence_ref": "EU_AIA_ART6_HIGH_RISK",
"rationale": "Intended purpose matches Annex III employment category."
},
{
"article": "Art. 15",
"status": "missing",
"source": "evaluator",
"evidence_ref": "sha256:...",
"rationale": "EVAL_SAFETY_LEXICAL_V1 (NIST AI RMF MEASURE 2.6 / EU AI Act Art. 15 (robustness)): fail."
},
{
"article": "Art. 11",
"status": "unverified",
"source": "obligation",
"evidence_ref": "none",
"rationale": "No source data supplied for this article in this run."
}
],
"evidence_hashes": [],
"principle_summary": { "principles": [ "..." ] }
}
The Art. 6 row is rule-sourced — it comes from the static rule engine and needs no extra input. The Art. 15 row is evaluator-sourced — it only resolves to a real verdict (here, MISSING) because --sample-set was supplied; run gaps without --sample-set against the same manifest and Art. 15 reads UNVERIFIED instead. This is the mechanism behind [1.5 in the roadmap]: --sample-set affects gaps output the same way it affects check --sample-set.
Principle Summary¶
Every gaps invocation (human or JSON) also rolls the per-article statuses up into the 6 EU Trustworthy AI principles (Technical Robustness & Safety, Privacy & Data Governance, Transparency, Diversity/Non-discrimination/Fairness, Societal & Environmental Wellbeing, Accountability). Each principle shows the worst-case status across its mapped articles — the same "MISSING beats PARTIAL beats UNVERIFIED beats MET" convention used for individual article rows.
Human output:
Principle Summary
Principle Status Articles
Technical Robustness and Safety MISSING Art. 15, Art. 25
Privacy and Data Governance UNVERIFIED Art. 10
Transparency UNVERIFIED Art. 12, Art. 50
Diversity, Non-discrimination and Fairness MISSING Art. 5, Art. 6, Art. 10
Societal and Environmental Wellbeing UNVERIFIED Art. 5
Accountability UNVERIFIED Art. 4, Art. 11, Art. 53, Art. 55
See EU AI Act Principles for the full article-to-principle mapping and which rule/obligation/scan/evaluator backs each article.
principle_summary is an additive, optional field on GapReport — existing gaps --output json consumers that don't read it are unaffected by its presence.
Next step¶
Run opencomplai recommend to generate copy-paste remediation templates for every MISSING/PARTIAL row in the gap report — see recommend.