# Demo 5: Build Compliance Checklist for AI Chatbots
_Aligned to D05.pdf — Cybersecurity Specialization: AI Risk Management Framework Demo Guide_


## Task 1: Define compliance domains
Group individual compliance checklist items under key AI governance areas.


In [None]:
# Task 1 imports (needed for Task 3 as well)
import json
from datetime import datetime


In [None]:
# Define compliance domains exactly as in D05.pdf
compliance_areas = {
    "Data Privacy": {
        "description": "Ensure protection of personal user data (GDPR, HIPAA).",
        "checks": ["User data is anonymized", "Consent collected"]
    },
    "Explainability": {
        "description": "Ensure outputs are interpretable to humans (EU AI Act, IEEE guidelines).",
        "checks": ["Model outputs are interpretable", "Feature importance is logged"]
    },
    "Auditability": {
        "description": "Ensure chatbot decisions can be traced (NIST AI RMF).",
        "checks": ["All conversations are stored securely", "Logs include timestamps and user IDs"]
    },
    "Fairness": {
        "description": "Ensure equal treatment and inclusive language (AI Fairness 360, IBM).",
        "checks": ["Bias metrics are checked monthly", "Language models use inclusive vocabulary"]
    }
}
print("Compliance domains defined.")

## Task 2: Generate a compliance report
Loop through checklist items and mark them as completed or not.


In [None]:
def generate_checklist(status: dict):
    for domain, details in compliance_areas.items():
        print(f"\n{domain} - {details['description']}")
        for check in details["checks"]:
            status_flag = status.get(check, "Not Done")
            print(f" - {check}: {status_flag}")
print("Function generate_checklist(status) is ready.")

In [None]:
# Sample status dictionary (example values from D05.pdf)
status_dict = {
    "User data is anonymized": "Yes",
    "Consent collected": "Yes",
    "Model outputs are interpretable": "Yes",
    "Feature importance is logged": "No"
}

# Display the checklist
generate_checklist(status_dict)

## Task 3: Export report
Save the compliance status to a structured JSON file for audit records.


In [None]:
# Build export structure with metadata and persist to JSON
export_report = {
    "report_generated_at": datetime.now().isoformat(),
    "responsible_contact": {
        "name": "Compliance Officer",
        "email": "compliance@ai-chatbot.org"
    },
    "compliance_status": {}
}

for domain, details in compliance_areas.items():
    export_report["compliance_status"][domain] = {
        "description": details["description"],
        "items": {}
    }
    for check in details["checks"]:
        export_report["compliance_status"][domain]["items"][check] = status_dict.get(check, "Not Done")

with open("chatbot_compliance_report.json", "w") as f:
    json.dump(export_report, f, indent=4)

print("Compliance report saved to chatbot_compliance_report.json")

### Notes
- This notebook is aligned to the exact code structure in **D05.pdf**.
- Run cells top-to-bottom. After Task 3, a file named `chatbot_compliance_report.json` will appear in the working directory.
- You may edit `status_dict` to reflect your system's current compliance state.
