HomeDevelopersKnowledge Graph
KEU AINISTISOGDPRSOC 2

Knowledge Graph

Why your regulator
will believe the answer.

Every governance decision KoraSafe makes cites the specific paragraph of law, control, or policy that fired. Your auditor gets the chain. Your engineer gets the node. Your CRO gets the defense.

See coverage Request a corpus sample
Cited
Every answer links to a paragraph
No hallucinated law
Traced
Chain from law to decision
Auditor, engineer, CRO
Live
Graph rebuilds when law moves
Diff job watches regulators
Typed
Obligations, controls, precedent
Cross-linked by reference

Query the graph

Ask the law a typed question

Obligations, defined terms, exceptions, controls, precedent, and evidence packs all live on the same graph. Every KoraSafe answer embeds the node ids it cites, so auditors and engineers can click through to the exact clause.

kg.query.graphqlnode.schema.jsondiff.log
# Ask the graph: which obligations apply to a high-risk hiring system?
query HighRiskHiring {
  obligations(
    framework: "eu-ai-act",
    annex: "III",
    system_class: "employment-hiring",
    as_of: "2026-04-18"
  ) {
    node_id          # e.g. eu-ai-act:annex-iii:1b
    text
    defined_terms    { node_id label }
    exceptions       { node_id effective_from }
    controls        { node_id family action_owner }
    precedent       { node_id regulator fine_eur ruling_date }
    evidence_packs  { id signed_at }
  }
}
# Every KoraSafe answer embeds these node_ids in its response. Clickable.

How it works

From law to answered question

Four steps from a new regulation hitting the feed to a Guardian Agent citing it in production. Click to inspect each stage.

Step 01Typed parsers, not scrapes
Regulator feeds, statute text, guidance, case law.

Daily diff job watches EUR-Lex, Federal Register, state legislature RSS, regulator PDFs, and enforcement dockets. Typed parsers extract the structure (article, paragraph, annex) rather than blind-scraping the text. Every ingest produces a signed change-log entry before the corpus is even touched.

Sources
EUR-Lex · Federal Register · states
Cadence
daily diff job
Parser
typed, versioned
Change log
signed before ingest
Step 02One schema
Obligations, defined terms, exceptions, effective dates.

Every parsed clause maps to a common schema: obligation node, defined-term edges, exception edges, effective_from and effective_until. Versioned; rolling back to yesterday is one query. Signed with an Anthropic-key so external auditors can verify the corpus lineage without a KoraSafe seat.

Schema
obligation + edges
Versioning
append-only
Signing
external verify
Rollback
one query
Step 03Many-to-many
Controls to obligations, precedent to both.

Control nodes connect to the obligations they satisfy. Precedent (AEPD, CNIL, ICO, FTC, Dutch DPA enforcement actions) attaches to both the obligation text it rested on and the specific control it affected. Graph is bidirectional, so agents can reason forward (what must we do?) or backward (which rule does this control satisfy?).

Relation
many-to-many
Direction
bidirectional
Precedent
fine + ruling + industry
Owner
RACI-mapped
Step 04Cited or not answered
Every answer embeds node_ids agents cite.

Guardian Agents query the graph via GraphQL. Every KoraSafe answer embeds the node_ids it used; renders as a clickable citation in the UI. Hallucination Auditor flags answers where grounding drops below 0.85 or where an obligation is cited without its supporting precedent.

Query
GraphQL typed
Citation
clickable · inline
Grounding floor
0.85 default
Flag
Hallucination Auditor

What lives inside

The knowledge your agents reason against

Law, control, policy. Click a family to see what your agents cite when they answer, and what your auditor can open in return.

01
Regulation
Obligations, defined terms, exceptions
obligation · edges

Each clause of a statute, regulation, or binding guidance becomes an obligation node with a stable node_id (e.g. eu-ai-act:art-14:para-4, nist-ai-rmf:govern-1.5:sub-a). Definitions and exceptions attach as typed edges so agents can reason about scope without re-parsing the original text. Every node carries effective_from, effective_until, and a link to the source PDF or official register entry.

Node type
Obligation
Edges
defined_term · exception
ID format
framework:clause:sub
Time
effective_from + until
EU AI ActGDPRNIST AI RMFISO 42001SR 11-7State laws
02
Control
What a company must actually do
operational action

Control nodes encode the operational action ("document training data provenance", "maintain human oversight on high-risk decisions"). A single obligation maps to many controls, and a single control often satisfies multiple obligations, so the graph is many-to-many and bidirectional. Each control carries an action_owner role (RACI-mapped) and a default evidence-pack template.

Node type
Control
Cardinality
many-to-many
Owner
RACI-mapped role
Evidence
default pack template
DocumentationMonitoringHuman oversightLoggingTestingReview
03
Precedent
Enforcement actions, fines, rulings
AEPD · CNIL · ICO · FTC · DPA

Every enforcement action links to the obligations it rested on, the fine amount in native currency and EUR, the ruling date, and the affected industry code. Useful when agents need to weigh interpretation, not just text; Hallucination Auditor flags answers that cite a text obligation without a supporting precedent where one exists.

Node type
Precedent
Regulator
AEPD · CNIL · ICO · FTC
Fine
native + EUR
Industry
NAICS code
BindingInterpretiveSettlementRuling

What makes it safe

Cited or not answered

Default
Grounded answers only
  • Every KoraSafe answer embeds the node ids it used
  • Missing or stale nodes trigger the Hallucination Auditor
  • Agents fall back to Tier 1 (advise) when grounding is weak
  • Citations rendered inline in the web UI and SDK responses
Never
What will not happen
  • Policy decisions based on uncited training knowledge
  • Silent ingests without human review
  • Graph edits without a diff trail
  • Partial answers without a clear "unknown" marker

Change feed

What changed, and when

Apr 16
EU AI Act Annex III v1.2 ingested
Added five high-risk system categories. Eleven controls updated.
Apr 11
Colorado SB 205 section 3 revised
Effective date clarified. Policy pack regenerated automatically.
Apr 07
ISO 42001 control set refreshed
Seven new control mappings published.