Compliance

Storsko provides built-in tooling for GDPR data rights and EU AI Act risk classification.

Compliance

Storsko provides built-in tooling for GDPR data rights and EU AI Act risk classification.

GDPR

Data export

Export all data held for a user:

GET /api/v1/audit/:user_id/export
Authorization: Bearer <root-api-key>

Returns a JSON bundle of audit log entries, agent assignments, and HITL decisions associated with the user.

Data erasure

Delete all personal data for a user (right to erasure):

DELETE /api/v1/users/:id/data
Authorization: Bearer <root-api-key>

Storsko pseudonymises audit log entries (replacing user_id with a tombstone marker) rather than hard-deleting them, to preserve the hash-chain integrity of the audit log.

EU AI Act — risk classification

Every agent has a risk_level field aligned with the EU AI Act categories:

LevelDescription
minimalNo meaningful risk — informational or productivity tooling
limitedSome transparency obligations apply
highRegulated domains: hiring, credit, law enforcement, biometrics
unacceptableProhibited use cases

Setting risk level

PATCH /api/v1/agents/:id/risk-level
Authorization: Bearer <root-api-key>
Content-Type: application/json

{ "risk_level": "high" }

high-risk agents automatically have all HITL requests escalated to org admin regardless of individual capability settings.

Compliance engine package

The compliance-engine package (packages/compliance-engine) exposes:

  • classifyRiskLevel(agent) — returns the appropriate EU AI Act tier.
  • buildGdprExport(userId, db) — assembles the full data export bundle.
  • validateErasure(userId, db) — checks whether erasure can proceed safely.
Edit this page
Quick Start
This guide walks you through the core Storsko workflow end to end. By the end you will have:
Task Routing
Storsko's task router assigns incoming work to the most appropriate agent based on capabilities, ownership, and node freshness.