AI_Sandbox/iesnieguma-izskatisana
MCP Server
Active
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
rg4444
2026-05-15 00:07:35 +03:00
parent 8dfaf82327
commit 41509710af
16 changed files with 961 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
docs/00-overview.md Normal file
View File

@@ -0,0 +1,23 @@
# Overview
## What this package does
Receives an incoming citizen complaint to the Office of the Ombudsman of Latvia, classifies it by topic, computes a priority, and routes it to the right department — all algorithmically, with audit trail, under explicit AI guardrails.
It does **not** assign the complaint to a specific human reviewer, draft a response, or close the case. Those operations require human judgment and stay in the host DMS.
## Why algorithmate this process
The 2025 Tiesībsarga annual report disclosed a record 2,499 complaints, +28% year on year. The largest category — violations of the good-governance principle — accounted for ~603 cases. With current case-handling capacity flat, manual classification and routing are a structural bottleneck.
Algorithmating the *classification and routing* portion of the process keeps the algorithm explicit (DMN, versioned in ProcessGit), keeps the AI invocation bounded and audited (guardrails-as-code), and frees jurists' time for the parts of the work that genuinely need human judgment.
## Where this package fits
In the UAPF-IP v0.1 architecture:
- The **runtime** (`uapf-engine`) loads and walks this package.
- The **host** (OpenDMS deployed for Tiesībsargs) provides the five capabilities and consumes the resulting classification.
- The **audit chain** is signed by both sides (DID-VC, deferred to v0.2; v0.1 uses bearer token).
- The whole orchestration runs under the [Latvian AI regulatory sandbox programme](https://www.ailatvia.lv).
The package is the algorithmic artefact. The runtime is the executor. The host is the workflow. ProcessGit is the source-of-truth distribution channel. Four separable concerns; this package owns one of them.

23
docs/01-legal-basis.md Normal file
View File

@@ -0,0 +1,23 @@
# Legal basis
The algorithmated portion of this process operates inside the following legal framework.
## Latvian law
- **Iesniegumu likums** — citizens have a right to address public authorities and receive a substantive answer. This package automates the *intake and triage* portion of fulfilling that right; the substantive answer remains the responsibility of a jurist.
- **Tiesībsarga likums** — defines the mandate of the Ombudsman, including the categories of cases the Office can investigate. The taxonomy in `resources/tiesibsargs-taxonomy.yaml` mirrors the categories used in the Office's own annual reporting.
- **Administratīvā procesa likums, 4. pants** — the good-governance principle that defines the largest topic category in the report.
## Data protection
- **Vispārīgā datu aizsardzības regula (GDPR)** — Articles 5 (lawfulness, fairness, transparency), 22 (automated individual decision-making), 35 (DPIA for high-risk processing).
- **Fizisko personu datu aizsardzības likums** — the Latvian implementation.
- Specifically: this process never makes a final substantive decision affecting a citizen (`decisions_ai_may_make_unattended` is empty). It produces a recommendation reviewed by a human jurist before any external action. This keeps the process outside the strictest scope of GDPR Art. 22.
## EU AI Act
See [`02-ai-act-classification.md`](./02-ai-act-classification.md).
## Sandbox basis
The package operates under the Latvian AI regulatory sandbox programme established by MIC (Mākslīgā intelekta centrs), in coordination with VARAM and DVI. The specific scope is documented in the administrative act issued for the project; the technical scope is defined by `resources/guardrails.yaml` in this package.

37
docs/02-ai-act-classification.md Normal file
View File

@@ -0,0 +1,37 @@
# EU AI Act classification
## Summary
This system is classified as **high-risk** under the EU AI Act. The classification anchors on multiple Annex III categories rather than a single one — a deliberate framing taken in the sandbox application, because the classification ambiguity itself justifies sandbox testing.
## Annex III mapping
- **§5(a) — access to and enjoyment of essential public services.** When the system classifies a citizen complaint and routes it to a department, it materially affects *how* the citizen's right to be heard by the Ombudsman is fulfilled. The system does not control *whether* the citizen has access (any complaint reaches the Ombudsman regardless), but it shapes the path through the Office.
- **§8(a) — administration of justice and democratic processes.** The Ombudsman exercises a quasi-judicial function — investigating complaints against public administration. AI systems that interpret normative acts (Iesniegumu likums, MK noteikumi) and apply them to concrete facts fall squarely under this category.
## Article 6(3) preparatory-task argument
The package's role can also be framed under Article 6(3)(c): a system that performs "a preparatory task to an assessment relevant for the purposes of the use cases listed in Annex III." When a public authority uses this package to algorithmate its complaint-handling process, the package is the *preparatory infrastructure*. Article 6 explicitly classifies such systems as high-risk.
The derogation in Article 6(3) — "merely detects decision-making patterns... and is not meant to replace or influence the previously completed human assessment" — does **not** apply here, because the package is explicitly meant to influence the human classification (and, in regulated cases, may eventually replace it for the simplest topics).
## Why this classification is appropriate
Three reasons:
1. **The outputs influence rights-related processes.** Even though no final administrative decision is automated, the priority and routing determine how quickly and by whom a citizen's complaint is examined. Wrong routing delays the response.
2. **The data is sensitive.** Complaints often disclose personal information about health, family situations, financial hardship, discrimination, or interactions with law enforcement. Even with redaction, the system processes information that demands the highest data-protection care.
3. **The reasoning is contestable.** A citizen has a right to understand how their complaint was classified. The DMN tables are auditable in a way that an opaque AI classifier wouldn't be — which is precisely why the system was structured this way.
## What the sandbox protocol assesses
The sandbox testing aims to validate, with regulator supervision (VARAM, DVI):
- That the guardrails policy is enforceable in code and audited at every AI invocation.
- That the audit chain is sufficient for a citizen requesting an explanation under GDPR Art. 15 or for a regulator under AI Act compliance review.
- That the classification accuracy on real (anonymised) complaint data is materially better than human-only baseline, and that the error patterns are bounded and predictable.
- That the human oversight required by Art. 14 is meaningful — that jurists genuinely have the information and time to review AI recommendations rather than rubber-stamping them.
## What we are not claiming
This package does not claim to make legally binding decisions. It does not claim to replace jurists. It does not claim to handle constitutional-rights cases without human review. It claims, narrowly, to make the intake and triage portion of the process algorithmically explicit, auditable, and faster.