ACF
acfstandard.io
Developer docs
FR
Resources

Resources — Regulator guides

Five operational guides — AI Act, GDPR, DORA, NIS2, ISO 42001 — that translate regulator text into agentic obligations mapped onto ACF® principles, dimensions and cards. Twenty-two individually addressable articles through the acf.regulation.article tool.

!Warning
ACF® guides are not legal advice. Each article’s text field is a faithful summary — not the verbatim legal text. The mapping / operational_note fields are ACF® doctrine, not an official regulator reading. Any qualification produced by REASON tools ships marked requires_human_review: true.

What this contains

Five regulator-level guide resources (URIs acf://guide/{slug}) served as bilingual Markdown. Inside each guide, twenty-two individual articles are indexed and accessed through the acf.regulation.article READ tool. Each article exposes its summary text, its official source, its applicable date, and a mapping onto ACF® principles / dimensions / cards.

See also — READ tool acf.regulation.article (one specific article) and REASON tool acf.map-ai-act-obligations (exhaustive obligations for a qualified high-risk system).

Exhaustive list 5 guides · 22 articles

AI Act — Regulation (EU) 2024/1689

acf://guide/ai-actMarkdownFR + EN

Scope — Providers and deployers of AI systems placed on the EU market, with reinforced obligations for high-risk systems.

Applicability — High-risk obligations apply from 2 December 2027 (Digital Omnibus deferral).

Indexed articles · 5

  • ai-act/9Risk management system (high-risk AI)
  • ai-act/10Data and data governance (high-risk AI)
  • ai-act/12Record-keeping (logging)
  • ai-act/13Transparency and information to deployers
  • ai-act/14Human oversight (high-risk AI)

GDPR — Regulation (EU) 2016/679

acf://guide/gdprMarkdownFR + EN

Scope — Any processing of personal data of EU data subjects.

Applicability — In force since 25 May 2018.

Indexed articles · 5

  • gdpr/5Principles relating to processing
  • gdpr/22Automated individual decision-making
  • gdpr/25Data protection by design and by default
  • gdpr/30Records of processing activities
  • gdpr/35Data protection impact assessment (DPIA)

DORA — Regulation (EU) 2022/2554

acf://guide/doraMarkdownFR + EN

Scope — EU financial entities — banks, insurers, investment firms, crypto-asset service providers, critical ICT third parties.

Applicability — Applicable since 17 January 2025.

Indexed articles · 5

  • dora/5Governance and organisation (ICT risk management)
  • dora/6ICT risk management framework
  • dora/11Response and recovery (ICT business continuity)
  • dora/17ICT-related incident management process
  • dora/28Third-party ICT risk management

NIS2 — Directive (EU) 2022/2555

acf://guide/nis2MarkdownFR + EN

Scope — Essential and important entities across 18 sectors — transposed into national law (deadline 17 October 2024).

Applicability — Applicable as transposed by member state legislation.

Indexed articles · 3

  • nis2/20Governance — management bodies' responsibility
  • nis2/21Cybersecurity risk-management measures
  • nis2/23Incident reporting obligations

ISO/IEC 42001:2023 — AI management system (AIMS)

acf://guide/iso-42001MarkdownFR + EN

Scope — Voluntary management-system standard — certifiable, suited to organisations claiming a mature AI governance posture.

Applicability — Voluntary; usable as a baseline AI Act demonstrability scheme.

Indexed articles · 4

  • iso-42001/6Planning — risks, opportunities, AI impact assessment
  • iso-42001/8Operation (operational controls)
  • iso-42001/9Performance evaluation
  • iso-42001/AAnnex A — reference controls

Fetching a regulator guide

The guide resource gives the full operational reading at the regulator level. To target a precise article with its mapping, prefer the acf.regulation.article tool which returns the summary text, official source, applicable date, and ACF® mapping in a single signed response.

fetch-regulator.tsts
// Read the full AI Act operational guide
const guide = await client.readResource({
  uri: "acf://guide/ai-act",
});
console.log(guide.contents[0].mimeType); // "text/markdown"

// Cited an article precisely — use the READ tool instead
const article = await client.callTool({
  name: "acf.regulation.article",
  arguments: { regulation: "ai-act", article: "14" },
});
// Returns:
// {
//   title: "Human oversight (high-risk AI)",
//   text: "High-risk AI systems shall be designed so they can be effectively...",
//   source: "Regulation (EU) 2024/1689, Article 14",
//   applicable_date: "2027-12-02",
//   mapping: {
//     principles: ["P3"],
//     dimensions: ["D3", "D4"],
//     fiches: ["ACF-07", "ACF-09", "ACF-14"],
//     operational_note: "ACF operationalises Art. 14 via P3 (ultimate human control)..."
//   },
//   requires_human_review: true,
//   doctrine_signature: "ed25519:..."
// }