Spec 12: Compliance & Governance
DWS Spec 12: Compliance & Regulatory Governance
Digital Worker Standard — DWS Specification
Version: 1.0 Tier: 4 — Governance Status: Release Candidate Dependencies: Spec 0 (Project Structure), Spec 1 (Worker Identity), Spec 11 (Events & Telemetry)
1. Overview
This specification defines how DWS definitions serve as compliance artifacts. A job spec is not just a technical specification for a digital worker; it is also a governance document that demonstrates how the worker satisfies regulatory requirements.
Regulatory frameworks increasingly require organisations to demonstrate structured human oversight, traceability, risk management, and accountability for AI systems. DWS’s existing primitives (authority levels, verification gates, event streams, approval gates) already satisfy many of these requirements. This spec formalises the mapping and adds the metadata needed to make compliance auditable.
2. Risk Classification
Every job spec MAY declare a risk classification in its manifest (Spec 0, Section 2.1). The classification determines which governance requirements apply.
2.1 Risk Tiers
| Tier | Label | Description | Governance Requirements |
|---|---|---|---|
| 0 | minimal | Low-risk worker with no significant impact. | Event logging only. |
| 1 | limited | Worker produces output that is visible to end users. | Transparency requirements. Must disclose AI involvement. |
| 2 | high | Worker operates in regulated domains or makes decisions affecting people. | Full governance: human oversight, verification gates, approval gates, audit retention. |
| 3 | unacceptable | Prohibited use cases. | DWS MUST NOT be used for prohibited purposes. Runtimes MUST refuse to instantiate. |
These tiers align with the EU AI Act risk classification. Organisations subject to different frameworks (NIST RMF, ISO 42001, Australian AI governance) can map their framework requirements to these tiers via the frameworks field.
2.2 Schema
{ "compliance": { "risk_classification": "high", "frameworks": ["eu-ai-act", "nist-rmf", "iso-42001"], "human_oversight_required": true, "audit_retention_days": 365, "transparency": { "disclose_ai_involvement": true, "disclosure_method": "output_metadata" } }}3. Regulatory Mapping
DWS primitives map to regulatory requirements:
3.1 EU AI Act (August 2026)
| EU AI Act Requirement | DWS Primitive | Evidence |
|---|---|---|
| Human oversight | Authority levels (Spec 1), Approval gates (Spec 10) | Worker descriptor shows authority level. Workflow shows approval gate placement. |
| Risk management | Risk classification (this spec), Guardrails (Spec 1) | Manifest declares risk tier. Guardrails document safety measures. |
| Record-keeping | Event stream (Spec 11) | Append-only event store with retention policies. |
| Transparency | Transparency block (this spec) | Disclosure method documented. Outcome envelopes include worker identity. |
| Technical documentation | Worker descriptor + full job spec | The job spec IS the technical documentation. |
| Accuracy, robustness | Verification framework (Spec 8) | Verification gates with structured findings provide ongoing accuracy measurement. |
| Corrective actions | Re-verification cycle (Spec 8), Escalation (Spec 7) | Failed verification triggers rework. Exhausted retries trigger escalation to humans. |
3.2 NIST AI Risk Management Framework
| NIST Function | DWS Primitive |
|---|---|
| Govern | Risk classification, compliance block, authority levels |
| Map | Worker descriptor (domain, role, boundaries) |
| Measure | Verification framework, event telemetry, cost tracking |
| Manage | Escalation protocol, approval gates, knowledge lifecycle |
3.3 ISO/IEC 42001
DWS definitions provide the technical implementation of ISO 42001 management system requirements. The job spec artifacts (git-committed, versioned, reviewed) serve as the documented AI policies that ISO 42001 requires.
4. Audit Trail Requirements
4.1 Minimum Audit Events
For workers classified as high risk, the following events MUST be retained:
- All
lifecycle.*events - All
workflow.*events - All
verification.*events - All
approval.*events - All
intent.*events - All
guardrail.blockedevents - All
coordination.escalation_*events
4.2 Retention
| Risk Tier | Minimum Retention | Recommended |
|---|---|---|
minimal | 30 days | 90 days |
limited | 90 days | 1 year |
high | 1 year | 5 years |
Retention periods are measured from event timestamp. Runtimes MUST NOT delete events before their retention period expires. Organisations MAY configure longer retention.
4.3 Audit Export
Runtimes MUST support exporting audit-relevant events in a structured format suitable for regulatory review. The export MUST include:
- Event data with all common fields (Spec 11, Section 2)
- Worker descriptor versions active during the audit period
- Intent artifacts (both git-committed and runtime mutations)
- Verification verdicts and findings
5. Compliance Validation
The dws validate tool SHOULD check compliance configuration:
Errors (block deployment):
- Worker classified as
highwith no verification gates in any workflow. - Worker classified as
highwithauthority: autonomousand no approval gates. - Worker classified as
highwithaudit_retention_daysbelow the minimum for its frameworks.
Warnings:
- Worker with no risk classification declared.
- Worker with
human_oversight_required: truebut nosupervisedorcollaborativeinteraction modes in any workflow phase. - Worker handling
confidentialorrestricteddata with no guardrails.
6. OWASP Agentic Risk Mapping
The OWASP Top 10 for Agentic Applications (2026) identifies risks that DWS addresses:
| OWASP Risk | DWS Mitigation |
|---|---|
| Excessive agent authority | Authority levels (Spec 1) with graduated trust. Boundary declarations prevent scope creep. |
| Unsafe tool use | Tool bindings in skills (Spec 3) with required/optional flags. Guardrails on tool inputs/outputs. |
| Broken access control in multi-agent systems | Coordination protocol (Spec 7) with awareness boundaries. Worker-to-worker contracts. |
| Knowledge poisoning | Knowledge entry confidence scoring, decay model, and data classification (Spec 2). |
| Insufficient output verification | Verification framework (Spec 8) with independent, context-isolated verifiers. |
| Lack of audit trail | Event stream (Spec 11) with mandatory events and retention policies. |
7. References
- EU AI Act — Risk classification framework and regulatory requirements.
- NIST AI Risk Management Framework — Federal AI governance framework.
- ISO/IEC 42001 — International standard for AI management systems.
- OWASP Top 10 for Agentic Applications (2026) — Security risk taxonomy for AI agents.
- Spec 0: Project Structure — Manifest compliance block.
- Spec 1: Worker Identity — Authority levels and guardrails.
- Spec 8: Verification Framework — Quality evaluation and evidence.
- Spec 11: Events & Telemetry — Event retention and audit trail.