Compliance Reporting

Generate multi-framework compliance reports with per-control scoring, gap analysis, and remediation steps.

Enterprise compliance reporting evaluates your governance posture against multiple regulatory frameworks: HIPAA, SOC 2, PCI-DSS, EU AI Act, and a baseline standard. Each framework is scored at the individual control level.

Generate a Report

import { generateTenantComplianceReport } from '@lua-ai-global/governance-enterprise';

const report = await generateTenantComplianceReport({
  storage: tenantStorage,
  tenantId: 'org_acme',
  frameworks: ['hipaa', 'soc2', 'eu-ai-act'],
});

// report:
// {
//   frameworks: [
//     { framework: 'hipaa', score: 72, status: 'partial', controls: [...] },
//     { framework: 'soc2', score: 85, status: 'compliant', controls: [...] },
//     { framework: 'eu-ai-act', score: 68, status: 'partial', controls: [...] },
//   ],
//   overallScore: 75,
//   overallStatus: 'partial',
//   totalAgents: 12,
//   recommendations: [
//     'Enable HMAC audit integrity for HIPAA §164.312(c)',
//     '3 agents below L2 — review governance metadata',
//   ],
// }

Supported Frameworks

Framework	Controls	Key Requirements
HIPAA	§164.312(a), §164.312(c), §164.312(e), §164.308	Access controls, audit integrity, transmission security, workforce training
SOC 2	CC6, CC2, CC9	Logical access, system operations, risk mitigation
PCI-DSS	Req 7, Req 12	Role-based access, information security policies
EU AI Act	Art. 9, Art. 13, Art. 14	Risk management, transparency, human oversight
Baseline	5 controls	Authentication, audit logging, tool scoping, governance scoring, policy enforcement

Control-Level Results

Each control in the report includes a status, evidence, and remediation:

interface ControlResult {
  id: string;         // e.g. 'hipaa-164.312a'
  name: string;       // e.g. 'Access Control (§164.312(a))'
  status: 'compliant' | 'partial' | 'non-compliant';
  evidence: string;   // What was checked
  remediation: string | null;  // Fix suggestion (null if compliant)
}

Framework Report Structure

interface FrameworkReport {
  framework: string;
  score: number;           // 0-100
  status: FrameworkStatus; // compliant | partial | non-compliant
  controls: ControlResult[];
  agentsPassing: number;
  agentsFailing: number;
  criticalGaps: string[];
}

Export for Auditors

import { exportAuditTrail, COMPLIANCE_EXPORT_PRESETS } from '@lua-ai-global/governance-enterprise';

const exportResult = await exportAuditTrail(tenantStorage, {
  format: 'json',    // or 'csv'
  since: '2026-01-01',
  until: '2026-03-10',
  ...COMPLIANCE_EXPORT_PRESETS.hipaa,
});

Available export presets: hipaa, soc2, pci_dss, eu_ai_act, full.