Spaces:

Cata-Risk-Lab
/

Swiss-Risk-Calculator

Sleeping

App Files Files Community

dcata004 commited on 16 days ago

Commit

d3bbdc6

verified ·

1 Parent(s): bace1b2

Update app.py

Browse files

Files changed (1) hide show

app.py +88 -35

app.py CHANGED Viewed

@@ -1,48 +1,101 @@
 import gradio as gr
-def audit_check(vendor_name, server_location, model_type):
-    # This is simple logic to simulate your "Audit"
-    risk_score = 0
-    logs = []
-    logs.append(f"🔍 Auditing {vendor_name}...")
-    if server_location == "USA" or server_location == "Unknown":
-        risk_score += 50
-        logs.append("❌ CRITICAL: Data hosted in US Jurisdiction (Cloud Act Risk).")
-    else:
-        logs.append("✅ PASS: Data hosted in Safe Jurisdiction.")
-    if model_type == "Public LLM (ChatGPT/Claude)":
-        risk_score += 30
-        logs.append("⚠️ HIGH: Public Model detected. Zero-Retention Agreement required.")
-    else:
-        logs.append("✅ PASS: Private/Local Model detected.")
-    if risk_score > 40:
-        verdict = "🔴 NO-GO: High Compliance Risk"
-    elif risk_score > 20:
-        verdict = "🟡 CAUTION: Manual Review Needed"
     else:
-        verdict = "🟢 GO: Low Risk / Approved"
-    return verdict, "\n".join(logs)
-# The Interface
 with gr.Blocks(theme=gr.themes.Soft()) as demo:
-    gr.Markdown("# 🛡️ Toro Governance Lab: Vendor Risk Engine")
-    gr.Markdown("Instant preliminary risk assessment for Swiss/UK Banking Compliance (nFADP / EU AI Act).")
     with gr.Row():
-        v_name = gr.Textbox(label="Vendor Name")
-        loc = gr.Dropdown(["Switzerland", "EU (Germany/France)", "USA", "Unknown"], label="Server Location")
-        model = gr.Dropdown(["Private/Local Model", "Public LLM (ChatGPT/Claude)"], label="AI Model Type")
-    btn = gr.Button("Run Audit")
-    out_verdict = gr.Label(label="Audit Verdict")
-    out_logs = gr.Textbox(label="Audit Logs")
-    btn.click(audit_check, inputs=[v_name, loc, model], outputs=[out_verdict, out_logs])
-demo.launch()

 import gradio as gr
+def calculate_risk(data_type, users, location, use_case):
+    score = 0
+    reasons = []
+    # 1. Data Sensitivity Scoring (nFADP Art. 5)
+    if data_type == "Public Data":
+        score += 1
+    elif data_type == "Internal/Private":
+        score += 3
+    elif data_type == "Sensitive / Biometric / Medical":
+        score += 10
+        reasons.append("🚨 **High Risk Data:** Processing sensitive personal data requires explicit consent (nFADP) and strict DPIA (EU AI Act).")
+    # 2. User Volume (Systemic Risk)
+    if users == "< 1,000 DAU":
+        score += 1
+    elif users == "1,000 - 50,000 DAU":
+        score += 3
+    elif users == "> 50,000 DAU":
+        score += 5
+        reasons.append("📈 **High Volume:** Systems with >50k users are often classified as 'Systemic Risk' under EU AI Act.")
+    # 3. Server Location (Cross-Border Transfer)
+    if location == "Switzerland (CH)":
+        score += 0
+        reasons.append("✅ **Sovereign Hosting:** Data resides in Switzerland. nFADP compliant.")
+    elif location == "European Union (EU)":
+        score += 1
+        reasons.append("✅ **Adequate Protection:** EU is on the Swiss FDPIC 'Safe Country' list.")
+    elif location == "USA (Cloud Act Scope)":
+        score += 5
+        reasons.append("⚠️ **US Cloud Act Risk:** Transfer requires TIA (Transfer Impact Assessment) and SCCs.")
+    elif location == "Other / Global":
+        score += 7
+        reasons.append("🚨 **Unknown Jurisdiction:** High risk of data sovereignty violation.")
+    # Calculate Verdict
+    if score >= 12:
+        tier = "TIER 4: UNACCEPTABLE / HIGH RISK"
+        color = "red"
+        action = "🛑 STOP DEPLOYMENT. Requires full DPIA and Legal Review."
+    elif score >= 7:
+        tier = "TIER 3: SUBSTANTIAL RISK"
+        color = "orange"
+        action = "⚠️ PROCEED WITH CAUTION. Implement SCCs and Encryption."
     else:
+        tier = "TIER 1: LOW RISK"
+        color = "green"
+        action = "✅ APPROVED for Pilot. Standard monitoring applies."
+    # Formatted Output
+    report = f"""
+    ## 🛡️ Audit Verdict: <span style='color:{color}'>{tier}</span>
+    **Risk Score:** {score}/20
+    ### 📋 Compliance Actions Required:
+    {action}
+    ### 🔍 Detected Risk Factors:
+    """
+    for r in reasons:
+        report += f"\n- {r}"
+    return report
+# --- UI Layout ---
 with gr.Blocks(theme=gr.themes.Soft()) as demo:
+    gr.Markdown("""
+    # 🇨🇭 Swiss Risk Calculator
+    ### nFADP & EU AI Act Compliance Engine
+    **Cata Risk Lab** | Zurich • London • Miami
+    """)
     with gr.Row():
+        with gr.Column():
+            gr.Markdown("### 1. Deployment Details")
+            data_input = gr.Radio(
+                ["Public Data", "Internal/Private", "Sensitive / Biometric / Medical"],
+                label="Data Classification (nFADP Art. 5)"
+            )
+            users_input = gr.Radio(
+                ["< 1,000 DAU", "1,000 - 50,000 DAU", "> 50,000 DAU"],
+                label="Daily Active Users"
+            )
+            loc_input = gr.Radio(
+                ["Switzerland (CH)", "European Union (EU)", "USA (Cloud Act Scope)", "Other / Global"],
+                label="Hosting Jurisdiction"
+            )
+            btn = gr.Button("🔍 Run Compliance Audit", variant="primary")
+        with gr.Column():
+            gr.Markdown("### 2. Risk Assessment Report")
+            output_box = gr.Markdown()
+    btn.click(fn=calculate_risk, inputs=[data_input, users_input, loc_input], outputs=output_box)
+if __name__ == "__main__":
+    demo.launch()