Compliance exports

Conformity bundles, Annex IV packs, and regulator-ready evidence

Compliance exports

Nexus generates regulator-ready evidence packs from live audit data, AI system inventory, and policy manifests. Exports are designed for compliance officers preparing EU AI Act conformity assessments and ongoing supervisory requests.

Available export types

ExportEndpointFormat
Conformity bundlePOST /api/v1/compliance/export/conformity-bundleJSON + manifest hash
Annex IVPOST /api/v1/compliance/export/annex-ivPDF
Deployer packPOST /api/v1/compliance/export/deployer-packZIP (JSON + audit sample)
EU database submissionPOST /api/v1/compliance/export/eu-databaseJSON (ESMA schema)
Article 12 logGET /api/v1/compliance/export/art12JSON / CSV
Supply chainGET /api/v1/compliance/export/supply-chainJSON
Audit trailGET /api/v1/audit/exportJSON / CSV

All exports require tenant-scoped API keys (hnx_…) or authenticated console session.

Conformity bundle

Primary artifact for EU AI Act Article 43 conformity assessments:

curl -X POST "https://nexus.hardalion.com/api/v1/compliance/export/conformity-bundle" \
  -H "Authorization: Bearer $TENANT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "ai_system_id": "ais_trading_agent_v2",
    "include_audit_sample": true,
    "policy_pin": "hardalion://nato-prou-strict-financial@1.0.0"
  }'

Response includes:

  • manifestHash for tamper detection
  • Pinned NPL policy version with link to npl-spec
  • AI system inventory snapshot
  • Sample of hash-chained audit entries
  • Operator configuration summary

Annex IV technical documentation

curl -X POST "https://nexus.hardalion.com/api/v1/compliance/export/annex-iv" \
  -H "Authorization: Bearer $TENANT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "aiSystemId": "ais_trading_agent_v2" }' \
  -o annex-iv-ais_trading_agent_v2.pdf

Generates Annex IV aligned technical documentation from registered system metadata.

Deployer pack

For deployers exercising Article 26 obligations:

curl -X POST "https://nexus.hardalion.com/api/v1/compliance/export/deployer-pack" \
  -H "Authorization: Bearer $TENANT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "ai_system_id": "ais_trading_agent_v2",
    "include_fria": true
  }' \
  -o deployer-pack.zip

Dashboard workflow

  1. Open Compliance in the Nexus console
  2. Select the registered AI system
  3. Review policy pin and shadow metrics summary
  4. Click Export conformity bundle
  5. Store manifestHash in your GRC system
  6. Optionally run offline verification with npl-spec audit tools

Verify exported evidence

curl -X POST "https://nexus.hardalion.com/api/v1/audit/verify" \
  -H "Authorization: Bearer $TENANT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "manifest_hash": "abc123..." }'

Public compliance API

Stateless compliance checks (no tenant audit write) are available at api.hardalion.com: