Glossary
Definitions for the Adjudon-specific eigennames and the regulatory references this site cites. Each entry links to its primary reference page. Entries are alphabetical.
Jump: A · B · C · D · E · F · G · H · I · M · N · O · P · R · S · T
A
Annex III
The list of high-risk AI use cases in the EU AI Act (Regulation (EU) 2024/1689) covering credit scoring, recruitment, education, law enforcement, migration, and administration of justice. Deployer of Annex III systems carries the FRIA obligation under Art. 27. See EU AI Act Compliance.
adj_live_ / adj_agent_
The two Adjudon API-key prefixes. adj_live_<64-hex> is a
workspace-level key; adj_agent_<48-hex> is per-agent. The prefix
is recognised by GitHub's secret scanner. See
Authentication.
AuditLog
The Operations Audit Log: the second SHA-256 chain, distinct from
the Decision Hash Chain, that records admin events (policy edits,
key rotations, login). Read-access requires admin or owner role.
B
BaFin
The German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht) — the supervisor for credit institutions, payment institutions, insurers, and investment firms in Germany; the canonical reader of DORA Art. 19 incident reports for German entities.
C
chainHash
The SHA-256 link of every Decision Hash Chain row, computed as
sha256(prevHash || payloadDigest || sequence || createdAt). See
Audit Log & Security.
Confidence Engine
The three-pillar score generator: base probability, variance across
ensemble passes, and historical precedent. Outputs a
confidenceScore (0.0–1.0) and tags like LOW_CONFIDENCE.
CRA
The EU Cyber Resilience Act (Regulation (EU) 2024/2847). Art. 11 sets the manufacturer-reporting cadence (24h / 72h / 14d) tracked by the Multi-Clock.
D
Decision Audit Layer
Adjudon's product category. Sits downstream of the LLM rail; records every AI decision into a tamper-evident chain. Distinct from prompt-layer guardrails (Lakera, CalypsoAI, NeMo Guardrails).
DecisionTrace
The per-decision record. Carries inputContext, outputDecision,
confidenceScore, tags, status, and a back-reference to its
HashChainEntry.
DORA
The EU Digital Operational Resilience Act (Regulation (EU) 2022/2554), enforceable since 17 January 2025. Art. 30 governs the exit-plan obligation. See DORA Compliance.
E
eu-central-1
AWS Frankfurt. Adjudon's primary database (MongoDB Atlas) and API server (Fly.io) both run here. See Data Residency & GDPR.
F
Frankfurt
Adjudon's primary residency — both MongoDB Atlas and Fly.io
operate from eu-central-1. The one documented exception to
EU residency is OpenAI under GDPR Chapter V SCCs.
FRIA
Fundamental Rights Impact Assessment. Required under EU AI Act Art. 27
for Annex III deployers. Adjudon's FRIA model carries its own
chainHash, separate from the Decision Hash Chain. See
FRIA Wizard.
G
GDPR
The EU General Data Protection Regulation (Regulation (EU) 2016/679). Adjudon is a Data Processor under Art. 28; customer is the Data Controller. See Data Residency & GDPR.
GENESIS_HASH
The chain-start sentinel. Sixty-four zeros for the Decision Hash
Chain, the literal string "0" for the Operations Audit Log; never
re-keyed.
H
HashChainEntry
A single row in the Decision Hash Chain. Carries sequence,
traceId, prevHash, payloadDigest, chainHash, and
createdAt. See Hash Chain API.
I
Idempotency-Key
The header that lets a client retry a mutating call safely. Adjudon auto-generates one from the request payload if the client does not supply it. See Quickstart.
IncidentClock
A regulatory deadline clock attached to an Incident. Carries a
regulator enum (gdpr, aiact, dora, nis2, cra), an
articleRef, and checkpoints[].
M
MDCG 2019-11
The Medical Device Coordination Group's guidance on the qualification and classification of software under MDR/IVDR. Rule 11 places most clinical-AI software at Class IIa or higher. See Medtech Compliance.
MDR
The EU Medical Device Regulation (Regulation (EU) 2017/745). Article 10(8) sets the manufacturer-retention obligation: 10 years for non-implantable, 15 years for implantable.
Multi-Clock
The Multi-Clock Incident Hub: five parallel regulator clocks (GDPR
Art. 33, EU AI Act Art. 73, DORA Art. 19, NIS2 Art. 23, CRA Art. 11)
running off one Incident. See
Multi-Clock Incidents.
N
NIS2
EU Network and Information Security Directive 2 (Directive (EU) 2022/2555). Art. 23 sets the significant-incident reporting cadence (24h / 72h / 30d).
O
OpenAI exception
The one documented sub-processor outside the EU. Used by the Confidence Engine's third pillar for embedding generation under GDPR Chapter V SCCs. Opt-in per organization. See Sub-Processors.
P
payloadDigest
A trace's sha256(canonicalJson(traceView)). Computed at chain-append
time and stable across soft-delete / GDPR Art. 17 nullification.
Policy Engine
The deterministic gate that decides 201 (approve), 202 (flag for
review), or 403 (block) on every trace. Priority: block > flag > notify > approve.
R
ReviewItem
A row on the Review Queue: a flagged decision awaiting human
oversight per EU AI Act Art. 14. Linked back to its
DecisionTrace by traceId.
S
SCCs
Standard Contractual Clauses under GDPR Chapter V; the legal mechanism authorising the OpenAI third-country transfer.
Sandbox / Scale / Governance / Enterprise / Custom
The five Adjudon plan tiers. Hash-chain audit, Multi-Clock incidents, and the FRIA Wizard are available from Governance upward. See Plans & Features.
T
tamper-evident
The Adjudon chain detects modification loudly via the next entry's
prevHash mismatch; it does not prevent the write. The accurate
phrase is tamper-evident, never tamper-proof.
TPSP
ICT third-party service provider, per DORA Art. 3(19). Adjudon is a TPSP for any financial entity that uses it to support a critical or important function.