In the rapidly evolving world of Data and AI, staying compliant with complex European regulations like the AI Act, GDPR, and the Data Act can feel like an uphill struggle for organisations. Today, we are excited to share the highlights from our latest milestone, Deliverable 2.2: ACCOMPLISH Compliance Methodology and Foundations.
This report establishes a practical, human-centric bridge between high-level legal requirements and concrete technical operations. Instead of simply checking boxes, we are building a framework that explains why requirements apply and how to meet them in real-world settings.
The Core Methodology: A Five-Step Approach
Our methodology (as shown in the accompanying infographic) is designed to transform abstract regulations into actionable intelligence through five key stages:
- Policy Analysis & Variable Extraction: We harvest machine-readable ODRL policy models to extract key variables—such as Targets, Actions, and Constraints—that are essential for mapping regulatory rules to actual business activities.
- Human Operations Mapping: We group multiple regulatory provisions into distinct “Human Operations”. By clustering these requirements into manageable areas (like “Use of Personal Data” or “Ensuring Transparency”), we identify specific actions that humans must perform to ensure compliance.
- Data & AI Categorisation: We merge these top-down templates with “bottom-up” empirical data from our four industrial demonstrators (Automotive, Aviation, Energy, and Manufacturing). This ensures our methodology is grounded in actual industry practices.
- Standard Templates for Recommendations: Using a decision-tree mechanism, the framework assesses an operation’s conditions and triggers human-readable recommendations. If a requirement is only partially met, the system provides clear instructions on the remedial actions needed.
- Validation & Refinement: Compliance is not a static event. We are currently validating these initial recommendations with stakeholders to ensure the language is clear and actionable before the methodology is integrated into the ACCOMPLISH prototype.
Beyond the Assessment: Key Innovations in D2.2
While the assessment methodology is the heart of D2.2, the deliverable also lays the groundwork for several other critical components of the ACCOMPLISH ecosystem:
- Actionable Certification Controls: We have translated complex legal articles into a stable library of testable and auditable controls, providing a clear route toward formal certification.
- The Compliance Digital Passport (CDP): A blockchain-powered record that captures the full compliance and certification history of an asset across its entire lifecycle.
- Certification Scorecards: Concise, dynamic summaries that allow organisations to communicate their compliance posture to internal and external stakeholders at a glance.
What’s Next?
D2.2 serves as the methodological baseline for our project. Moving forward, these foundations will be integrated into the ACCOMPLISH Compliance Platform, where they will power automated assessment services and recommendation engines. As the regulatory landscape for AI continues to evolve, our “living framework” is designed to stay responsive, ensuring that organisations can navigate the future of AI with confidence, transparency, and trust.
