|
|
import gradio as gr |
|
|
|
|
|
def calculate_risk(data_type, users, location, use_case): |
|
|
score = 0 |
|
|
reasons = [] |
|
|
|
|
|
|
|
|
if data_type == "Public Data": |
|
|
score += 1 |
|
|
elif data_type == "Internal/Private": |
|
|
score += 3 |
|
|
elif data_type == "Sensitive / Biometric / Medical": |
|
|
score += 10 |
|
|
reasons.append("π¨ **High Risk Data:** Processing sensitive personal data requires explicit consent (nFADP) and strict DPIA (EU AI Act).") |
|
|
|
|
|
|
|
|
if users == "< 1,000 DAU": |
|
|
score += 1 |
|
|
elif users == "1,000 - 50,000 DAU": |
|
|
score += 3 |
|
|
elif users == "> 50,000 DAU": |
|
|
score += 5 |
|
|
reasons.append("π **High Volume:** Systems with >50k users are often classified as 'Systemic Risk' under EU AI Act.") |
|
|
|
|
|
|
|
|
if location == "Switzerland (CH)": |
|
|
score += 0 |
|
|
reasons.append("β
**Sovereign Hosting:** Data resides in Switzerland. nFADP compliant.") |
|
|
elif location == "European Union (EU)": |
|
|
score += 1 |
|
|
reasons.append("β
**Adequate Protection:** EU is on the Swiss FDPIC 'Safe Country' list.") |
|
|
elif location == "USA (Cloud Act Scope)": |
|
|
score += 5 |
|
|
reasons.append("β οΈ **US Cloud Act Risk:** Transfer requires TIA (Transfer Impact Assessment) and SCCs.") |
|
|
elif location == "Other / Global": |
|
|
score += 7 |
|
|
reasons.append("π¨ **Unknown Jurisdiction:** High risk of data sovereignty violation.") |
|
|
|
|
|
|
|
|
if score >= 12: |
|
|
tier = "TIER 4: UNACCEPTABLE / HIGH RISK" |
|
|
color = "red" |
|
|
action = "π STOP DEPLOYMENT. Requires full DPIA and Legal Review." |
|
|
elif score >= 7: |
|
|
tier = "TIER 3: SUBSTANTIAL RISK" |
|
|
color = "orange" |
|
|
action = "β οΈ PROCEED WITH CAUTION. Implement SCCs and Encryption." |
|
|
else: |
|
|
tier = "TIER 1: LOW RISK" |
|
|
color = "green" |
|
|
action = "β
APPROVED for Pilot. Standard monitoring applies." |
|
|
|
|
|
|
|
|
report = f""" |
|
|
## π‘οΈ Audit Verdict: <span style='color:{color}'>{tier}</span> |
|
|
|
|
|
**Risk Score:** {score}/20 |
|
|
|
|
|
### π Compliance Actions Required: |
|
|
{action} |
|
|
|
|
|
### π Detected Risk Factors: |
|
|
""" |
|
|
for r in reasons: |
|
|
report += f"\n- {r}" |
|
|
|
|
|
return report |
|
|
|
|
|
|
|
|
with gr.Blocks(theme=gr.themes.Soft()) as demo: |
|
|
gr.Markdown(""" |
|
|
# π¨π Swiss Risk Calculator |
|
|
### nFADP & EU AI Act Compliance Engine |
|
|
**Cata Risk Lab** | Zurich β’ London β’ Miami |
|
|
""") |
|
|
|
|
|
with gr.Row(): |
|
|
with gr.Column(): |
|
|
gr.Markdown("### 1. Deployment Details") |
|
|
data_input = gr.Radio( |
|
|
["Public Data", "Internal/Private", "Sensitive / Biometric / Medical"], |
|
|
label="Data Classification (nFADP Art. 5)" |
|
|
) |
|
|
users_input = gr.Radio( |
|
|
["< 1,000 DAU", "1,000 - 50,000 DAU", "> 50,000 DAU"], |
|
|
label="Daily Active Users" |
|
|
) |
|
|
loc_input = gr.Radio( |
|
|
["Switzerland (CH)", "European Union (EU)", "USA (Cloud Act Scope)", "Other / Global"], |
|
|
label="Hosting Jurisdiction" |
|
|
) |
|
|
btn = gr.Button("π Run Compliance Audit", variant="primary") |
|
|
|
|
|
with gr.Column(): |
|
|
gr.Markdown("### 2. Risk Assessment Report") |
|
|
output_box = gr.Markdown() |
|
|
|
|
|
btn.click(fn=calculate_risk, inputs=[data_input, users_input, loc_input], outputs=output_box) |
|
|
|
|
|
if __name__ == "__main__": |
|
|
demo.launch() |
