@blamejs/core 0.7.107 → 0.8.4

package/lib/compliance-ai-act-transparency.js

@@ -0,0 +1,200 @@
+"use strict";
+/**
+ * EU AI Act Article 50 — transparency obligations.
+ *
+ * Per Regulation (EU) 2024/1689 Art. 50, providers / deployers of
+ * certain AI systems must inform end-users that they are interacting
+ * with an AI system, OR that content was AI-generated, OR that AI
+ * detected emotions / biometric attributes. Effective 2026-08-02.
+ *
+ * Four obligations:
+ *
+ *   §1 — AI systems intended to interact directly with natural
+ *        persons MUST disclose to the user that they are interacting
+ *        with AI (unless this is obvious from context).
+ *
+ *   §2 — Providers of GPAI / generative AI systems generating synthetic
+ *        audio / image / video / text MUST mark the output as
+ *        artificially generated or manipulated, in a machine-readable
+ *        format and detectable as such.
+ *
+ *   §3 — Deployers of emotion-recognition or biometric categorisation
+ *        systems MUST inform exposed natural persons.
+ *
+ *   §4 — Deployers generating / manipulating image / audio / video
+ *        constituting a deep fake MUST disclose that the content is
+ *        artificially generated. Deployers generating / manipulating
+ *        text published to inform on matters of public interest MUST
+ *        disclose that the text is AI-generated, unless reviewed by a
+ *        human editor with editorial responsibility.
+ *
+ * The framework provides:
+ *
+ *   - banner({ kind })           → builder for the standard disclosure banner
+ *   - watermark({ kind, ... })   → builder for content-marking tags
+ *   - cspMetaTag({ ... })        → meta tag pair for HTML pages
+ *   - jsonLdDisclosure({ ... })  → JSON-LD <script> for structured-data emit
+ *   - C2pa-stub                  → operator-feeds-claims pattern for
+ *                                  C2PA Content Credentials integration
+ */
+
+var validateOpts  = require("./validate-opts");
+var { ComplianceError } = require("./framework-error");
+
+var BANNER_KINDS = Object.freeze([
+  "ai-interaction",          // Art. 50(1)
+  "ai-generated-content",    // Art. 50(2) / 50(4)
+  "emotion-recognition",     // Art. 50(3)
+  "biometric-categorisation", // Art. 50(3)
+  "deep-fake",               // Art. 50(4)
+  "ai-text-public-interest", // Art. 50(4) text variant
+]);
+
+var BANNER_TEXT_EN = Object.freeze({
+  "ai-interaction":            "You are interacting with an AI system.",
+  "ai-generated-content":      "This content was generated or modified by AI.",
+  "emotion-recognition":       "This system uses AI to recognise emotional state.",
+  "biometric-categorisation":  "This system uses AI biometric categorisation.",
+  "deep-fake":                 "This media was generated or modified by AI (deep-fake).",
+  "ai-text-public-interest":   "This text was generated by AI on a matter of public interest.",
+});
+
+function banner(opts) {
+  opts = opts || {};
+  validateOpts(opts, [
+    "kind", "lang", "deployerName", "controllerContact",
+    "linkPolicy", "linkContact",
+  ], "compliance.aiAct.transparency.banner");
+  if (BANNER_KINDS.indexOf(opts.kind) === -1) {
+    throw new ComplianceError("compliance-ai-act/bad-banner-kind",
+      "transparency.banner: kind must be one of " + BANNER_KINDS.join(", ") +
+      " — got " + JSON.stringify(opts.kind));
+  }
+  var lang = (typeof opts.lang === "string" && opts.lang.length > 0) ? opts.lang : "en";
+  var text = BANNER_TEXT_EN[opts.kind];
+  // Operators with a non-en lang supply their own translation via the
+  // returned object — the framework only ships en defaults for now.
+  var out = {
+    kind:    opts.kind,
+    lang:    lang,
+    text:    text,
+    article: _articleFor(opts.kind),
+  };
+  if (typeof opts.deployerName === "string" && opts.deployerName.length > 0) {
+    out.deployerName = opts.deployerName;
+  }
+  if (typeof opts.controllerContact === "string" && opts.controllerContact.length > 0) {
+    out.controllerContact = opts.controllerContact;
+  }
+  if (typeof opts.linkPolicy === "string" && opts.linkPolicy.length > 0) {
+    out.linkPolicy = opts.linkPolicy;
+  }
+  if (typeof opts.linkContact === "string" && opts.linkContact.length > 0) {
+    out.linkContact = opts.linkContact;
+  }
+  return out;
+}
+
+function _articleFor(kind) {
+  switch (kind) {
+    case "ai-interaction":            return "Art. 50(1)";
+    case "ai-generated-content":      return "Art. 50(2)";
+    case "emotion-recognition":       return "Art. 50(3)";
+    case "biometric-categorisation":  return "Art. 50(3)";
+    case "deep-fake":                 return "Art. 50(4)";
+    case "ai-text-public-interest":   return "Art. 50(4)";
+    default:                          return null;
+  }
+}
+
+function htmlBanner(opts) {
+  var b = banner(opts);
+  var attrs =
+    'role="status" data-blamejs-aiAct="' + b.article +
+    '" data-blamejs-kind="' + b.kind +
+    '" lang="' + b.lang + '"';
+  return '<div ' + attrs + '>' + _escapeHtml(b.text) + '</div>';
+}
+
+function _escapeHtml(s) {
+  if (typeof s !== "string") return "";
+  return s.replace(/&/g, "&amp;")
+          .replace(/</g, "&lt;")
+          .replace(/>/g, "&gt;")
+          .replace(/"/g, "&quot;");
+}
+
+// Watermark builder for Art. 50(2). Operators integrate with C2PA /
+// SynthID / SoundID / hidden-watermark schemes; the framework emits a
+// machine-readable manifest fragment that downstream tooling can attach
+// or hash into the asset.
+function watermark(opts) {
+  opts = opts || {};
+  validateOpts(opts, [
+    "mediaKind", "modelId", "modelVersion", "createdAt", "promptHash",
+    "manipulation", "deployerName", "encoding",
+  ], "compliance.aiAct.transparency.watermark");
+  if (typeof opts.mediaKind !== "string" ||
+      ["image", "audio", "video", "text"].indexOf(opts.mediaKind) === -1) {
+    throw new ComplianceError("compliance-ai-act/bad-watermark",
+      "transparency.watermark: mediaKind must be one of image/audio/video/text — got " +
+      JSON.stringify(opts.mediaKind));
+  }
+  validateOpts.requireNonEmptyString(opts.modelId,
+    "transparency.watermark: modelId", ComplianceError, "compliance-ai-act/bad-watermark");
+  var manifest = {
+    "@context":         "https://blamejs.com/schemas/ai-act-watermark/v1",
+    aiActArticle:       "Art. 50(2)",
+    mediaKind:          opts.mediaKind,
+    modelId:            opts.modelId,
+    modelVersion:       opts.modelVersion || null,
+    createdAt:          opts.createdAt || new Date().toISOString(),
+    promptHash:         opts.promptHash || null,
+    manipulation:       opts.manipulation === true ? true : false,
+    deployerName:       opts.deployerName || null,
+    encoding:           opts.encoding || "json",
+  };
+  return manifest;
+}
+
+function jsonLdDisclosure(opts) {
+  var w = watermark(opts);
+  var script = '<script type="application/ld+json" ' +
+               'data-blamejs-aiAct="Art. 50(2)">' +
+               JSON.stringify(w) + '</script>';
+  return script;
+}
+
+// CSP-meta-tag pair for HTML pages — the disclosure-policy URI plus
+// the AI-Act-Notice header are emitted as <meta> equivalents so static
+// renderers can include them.
+function metaTags(opts) {
+  opts = opts || {};
+  validateOpts(opts, [
+    "kind", "policyUri", "deployerName",
+  ], "compliance.aiAct.transparency.metaTags");
+  if (BANNER_KINDS.indexOf(opts.kind) === -1) {
+    throw new ComplianceError("compliance-ai-act/bad-banner-kind",
+      "transparency.metaTags: kind must be one of " + BANNER_KINDS.join(", "));
+  }
+  var out = [];
+  out.push('<meta name="ai-act-notice" content="' + _escapeHtml(opts.kind) + '">');
+  out.push('<meta name="ai-act-article" content="' + _escapeHtml(_articleFor(opts.kind)) + '">');
+  if (typeof opts.policyUri === "string" && opts.policyUri.length > 0) {
+    out.push('<link rel="ai-act-policy" href="' + _escapeHtml(opts.policyUri) + '">');
+  }
+  if (typeof opts.deployerName === "string" && opts.deployerName.length > 0) {
+    out.push('<meta name="ai-act-deployer" content="' + _escapeHtml(opts.deployerName) + '">');
+  }
+  return out.join("\n");
+}
+
+module.exports = {
+  BANNER_KINDS:      BANNER_KINDS,
+  BANNER_TEXT_EN:    BANNER_TEXT_EN,
+  banner:            banner,
+  htmlBanner:        htmlBanner,
+  watermark:         watermark,
+  jsonLdDisclosure:  jsonLdDisclosure,
+  metaTags:          metaTags,
+};