# üèõÔ∏è XPLIA Compliance - GDPR & EU AI Act

**XPLIA is the ONLY XAI library with built-in regulatory compliance!**

## What You'll Learn:
1. GDPR Compliance (Right to Explanation, DPIA)
2. EU AI Act Risk Assessment
3. HIPAA Compliance for Healthcare
4. Audit Trails and Documentation
5. Fairwashing Detection (UNIQUE to XPLIA!)

In [None]:
from xplia import create_explainer
from xplia.compliance import GDPRCompliance, AIActCompliance, HIPAACompliance
from xplia.explainers.trust import FairwashingDetector, UncertaintyQuantifier
from sklearn.ensemble import RandomForestClassifier
from sklearn.datasets import make_classification
import pandas as pd
import numpy as np

## 1. Setup: Train a Credit Scoring Model

This is a HIGH RISK use case under EU AI Act!

In [None]:
# Create synthetic credit scoring data
X, y = make_classification(
    n_samples=1000,
    n_features=10,
    n_informative=8,
    random_state=42
)

feature_names = [
    'income', 'debt_ratio', 'credit_history', 'employment_years',
    'age', 'num_dependents', 'assets', 'liabilities',
    'loan_amount', 'loan_purpose'
]

X_df = pd.DataFrame(X, columns=feature_names)

# Train model
model = RandomForestClassifier(n_estimators=100, random_state=42)
model.fit(X_df, y)

print(f"Model trained with accuracy: {model.score(X_df, y):.2%}")

## 2. GDPR Compliance

### Article 13-15: Right to Explanation
### Article 35: DPIA (Data Protection Impact Assessment)

In [None]:
# Create GDPR compliance checker
gdpr = GDPRCompliance(model, model_metadata={
    'name': 'Credit Scoring Model v1.0',
    'purpose': 'Automated loan approval decision',
    'legal_basis': 'legitimate_interest',
    'data_retention': '7 years',
    'data_processor': 'ACME Bank',
    'dpo_contact': 'dpo@acmebank.com'
})

print("‚úÖ GDPR Compliance Checker Created")

### Generate DPIA Report (Required by GDPR Article 35)

In [None]:
# Generate Data Protection Impact Assessment
dpia_report = gdpr.generate_dpia()

print("DPIA Report Summary:")
print(f"  - Risk Level: {dpia_report.risk_level}")
print(f"  - Data Categories: {dpia_report.data_categories}")
print(f"  - Processing Activities: {len(dpia_report.processing_activities)}")
print(f"  - Safeguards: {len(dpia_report.safeguards)}")

# Export to PDF for auditors
dpia_report.export('gdpr_dpia_report.pdf')
print("\n‚úÖ DPIA Report exported to: gdpr_dpia_report.pdf")

### Provide Explanation to User (Right to Explanation)

In [None]:
# Create explainer
explainer = create_explainer(model, method='shap', background_data=X_df.sample(100))

# Explain a rejection decision
rejected_applicant = X_df.iloc[0:1]
explanation = explainer.explain(rejected_applicant)

# Generate GDPR-compliant explanation for user
user_explanation = gdpr.generate_user_explanation(
    explanation,
    decision='REJECTED',
    audience='basic'  # Non-technical language
)

print("GDPR-Compliant Explanation for User:")
print(user_explanation.summary)
print("\nKey Factors:")
for factor in user_explanation.key_factors:
    print(f"  - {factor}")
print("\nYour Rights:")
for right in user_explanation.user_rights:
    print(f"  - {right}")

## 3. EU AI Act Compliance

### Risk Category Assessment

In [None]:
# Create AI Act compliance checker
ai_act = AIActCompliance(model, usage_intent='credit_scoring')

# Assess risk category
risk_category = ai_act.assess_risk_category()

print(f"EU AI Act Risk Category: {risk_category}")
print("\n‚ö†Ô∏è  Credit scoring is classified as HIGH RISK under EU AI Act!")
print("\nCompliance Requirements:")
for req in ai_act.get_requirements(risk_category):
    print(f"  - {req}")

### Generate Compliance Report

In [None]:
# Generate comprehensive compliance report
compliance_report = ai_act.generate_compliance_report()

print("EU AI Act Compliance Report:")
print(f"  - Risk Category: {compliance_report.risk_category}")
print(f"  - Compliance Status: {compliance_report.compliance_status}")
print(f"  - Requirements Met: {compliance_report.requirements_met}/{compliance_report.total_requirements}")
print(f"  - Outstanding Issues: {len(compliance_report.outstanding_issues)}")

# Export report
compliance_report.export('eu_ai_act_report.pdf')
print("\n‚úÖ AI Act Compliance Report exported to: eu_ai_act_report.pdf")

## 4. Fairwashing Detection (UNIQUE TO XPLIA!)

Detect if explanations are hiding biases

In [None]:
# Create fairwashing detector
detector = FairwashingDetector(model, explainer)

# Detect fairwashing
X_test = X_df.sample(100)
y_test = model.predict(X_test)

result = detector.detect(
    X_test,
    y_test,
    sensitive_features=['age', 'gender']  # Example
)

print(f"Fairwashing Detected: {result.detected}")

if result.detected:
    print(f"\n‚ö†Ô∏è  ALERT: Fairwashing Detected!")
    print(f"Types: {result.fairwashing_types}")
    print(f"Severity: {result.severity}")
    print(f"\nRecommendations:")
    for rec in result.recommendations:
        print(f"  - {rec}")
else:
    print("\n‚úÖ No fairwashing detected - explanations are trustworthy")

## 5. Uncertainty Quantification (Required for High-Risk AI)

In [None]:
# Quantify uncertainty (important for compliance)
uq = UncertaintyQuantifier(model, explainer)

uncertainty = uq.quantify(X_test)

print(f"Average Total Uncertainty: {uncertainty.total_uncertainty.mean():.3f}")
print(f"Average Epistemic Uncertainty: {uncertainty.epistemic_uncertainty.mean():.3f}")
print(f"Average Aleatoric Uncertainty: {uncertainty.aleatoric_uncertainty.mean():.3f}")

# Identify high-uncertainty predictions
high_uncertainty_mask = uncertainty.total_uncertainty > 0.3
high_uncertainty_count = high_uncertainty_mask.sum()

print(f"\nHigh Uncertainty Predictions: {high_uncertainty_count} ({high_uncertainty_count/len(X_test)*100:.1f}%)")
print("\n‚ö†Ô∏è  Recommendation: Flag high-uncertainty cases for manual review")

## 6. HIPAA Compliance (for Healthcare)

In [None]:
# For healthcare models
hipaa = HIPAACompliance(model)

# Log access (required by HIPAA)
audit_trail = hipaa.log_access(
    user_id='dr_smith_123',
    patient_id='patient_456',
    purpose='diagnostic_support',
    explanation=explanation
)

print(f"‚úÖ Access logged to HIPAA audit trail")
print(f"Audit ID: {audit_trail.id}")
print(f"Timestamp: {audit_trail.timestamp}")
print(f"User: {audit_trail.user_id}")
print(f"Patient: {audit_trail.patient_id}")

## 7. Generate Comprehensive Compliance Dashboard

In [None]:
from xplia.visualizations import ChartGenerator

# Create compliance dashboard
chart_gen = ChartGenerator()

chart_gen.create_compliance_dashboard(
    gdpr_report=dpia_report,
    ai_act_report=compliance_report,
    fairwashing_result=result,
    uncertainty=uncertainty,
    output='compliance_dashboard.html'
)

print("‚úÖ Comprehensive Compliance Dashboard created: compliance_dashboard.html")

## üí° Key Takeaways

XPLIA is the ONLY XAI library with:

- ‚úÖ **GDPR Compliance** - DPIA generation, Right to Explanation
- ‚úÖ **EU AI Act Compliance** - Risk assessment, Documentation
- ‚úÖ **HIPAA Compliance** - Audit trails for healthcare
- ‚úÖ **Fairwashing Detection** - UNIQUE feature!
- ‚úÖ **Uncertainty Quantification** - For high-risk AI
- ‚úÖ **Automated Reports** - PDF export for auditors

### Perfect for:
- üè¶ Financial Services (Credit, Insurance, Trading)
- üè• Healthcare (Diagnosis, Treatment Planning)
- ‚öñÔ∏è Legal Tech (Risk Assessment)
- üèõÔ∏è Government (Public Services)
- üè¢ Any Regulated Industry

**XPLIA makes compliance easy, automatic, and trustworthy!**