Nothing can be cleared until the file is open. Currents opens the file.
Currents — step 1 of 3
Scan the system.
Then issue the passport.
Currents is the evidence scan. In ten working days it names every AI system reaching health, financial, or minors' data, classifies it against Annex III, and registers exactly what evidence is missing before a Ripple can be issued.
Currents — the open file
Triage model · A&E
Credit eligibility scorer
Minor-facing chat assistant
Claims RAG assistant
Procurement agent
No system is cleared at a border it was never presented at.
AL360° Oceans applies border control to AI: scan the system, issue the passport, grant the visa. Currents is step one. It establishes what is actually operating against health, financial, and minors’ data — the three contexts where a wrong model is wrong about a patient, a livelihood, or a childhood record — and what is not yet proven about any of it.
What forces a scan
Six conditions that mean the file is already overdue.
A competent authority has asked what AI you operate
The answer must be a register, not a recollection. A scan produces the register.
Your DPO cannot name which systems process Art. 9 data
Health, biometric, and special-category processing is running somewhere. No one can say where.
A vendor changed its underlying model and did not tell you
A silent model swap invalidates every fairness and accuracy claim you hold on file.
Agents are calling tools no one logged
EU AI Act Art. 12 requires automatic recording of events. Unlogged tool-calls are unevidenced acts.
A RAG assistant is retrieving from a corpus nobody has audited
An untrusted document is an untrusted instruction. Prompt injection enters through the corpus.
Procurement is about to renew AI it never scanned
Renewal without an updated scan re-approves last year's evidence for this year's model.
Failure modes
The scan looks for the failures nobody self-reports.
These are the conditions that survive a vendor questionnaire and fail a market-surveillance inspection.
Distribution shift
A triage or scoring model validated on a cohort that no longer resembles the population it serves. Accuracy holds in aggregate and collapses in a subgroup. EU AI Act Art. 15 requires accuracy and robustness to hold across the lifecycle — not on the day of validation.
Proxy discrimination
The protected attribute was removed; postcode, device class, and referral pathway reconstruct it. The disparity survives the deletion. Art. 10 requires examination of possible biases; GDPR Art. 22 requires the decision to be contestable when it is automated.
Prompt injection into a RAG corpus
A retrieved document carries an instruction, not just content. The assistant follows it. Where the corpus is a claims file, a patient record, or a safeguarding note, the injected instruction inherits the system's data access.
Silent vendor model swaps
The endpoint is unchanged; the model behind it is not. Every fairness metric, accuracy score, and Art. 11 technical document you hold now describes a system that is no longer running.
Unlogged agent tool-calls
An agent wrote to a core system and no event record exists. Art. 12 requires automatic recording over the system's lifetime. An unlogged act cannot be reconstructed, contested, or defended.
Oversight that exists only on paper
Art. 14 requires human oversight to be effective — a reviewer able to interpret the output and intervene. A reviewer who sees only an approve button, with no basis on which to disagree, is not oversight.
The shift
Before the scan, and after it.
Before the scan
- No register of AI systems — only recollection
- Art. 9 health data and Art. 8 minors' data processed at unknown locations
- No Annex III classification — high-risk status is an opinion
- Vendor claims held on file in place of findings
- No named review owner per system
- Agents and RAG pipelines outside every inventory
After the scan
- Atlas holds the register: every system, owner, and context
- Data categories mapped per system, with Art. 9 and Art. 8 flags raised
- Provisional Art. 6 / Annex III classification recorded per system
- Evidence gap register against Art. 10, 12, 14, 15 — gaps named, not implied
- DPO, CISO, and procurement each hold a named queue
- The passport queue: which Ripples to issue, in which order
How the scan runs
Ten working days. Fixed scope. One open file.
Week 1
Open the file
- Scope: entities, deployments, data categories, sensitive-context spine (health · financial · minors)
- Enumerate AI systems: vendor tools, model APIs, RAG pipelines, in-house models, agents
- Trace integration paths — inference calls, embeddings, egress boundaries, credential scope
- Classify data categories: GDPR Art. 9 special category, Art. 8 minors' data, financial profiling
Week 2
Name the gaps and decide
- Provisional EU AI Act Art. 6 / Annex III classification per system
- Evidence gap register — Art. 10 data governance, Art. 12 logging, Art. 14 oversight, Art. 15 accuracy
- Provisional access decisions: cleared · cleared with limits · blocked pending evidence
- Delivery: the open file, the gap register, and the queue of passports to issue
What the scan hands you
Six outputs, delivered at the end of week two.
Step 1 → step 2 → step 3
The scan is what makes the passport issuable.
Ripples — the evidence passport
Every system the scan opens a file on becomes a candidate for a Ripple: the durable, portable evidence record the system carries into every review. The scan supplies the gaps; the passport closes them.
Droplets — the context visa
A passport says what the system is. A Droplet says where it may operate: one deployment context, one data scope, time-bound and revocable. Agents and RAG assistants found in the scan cannot run without one.
The register stays open
Atlas holds the scan's findings permanently. Every passport issued, every visa granted or revoked, and every gap still open is written back to the same file. The scan is not a document — it is the start of a record.
Scan
Currents opens the file on every AI system reaching health, financial, or minors' data — and names what is unproven.
Issue
A Ripple is issued per system: the evidence passport it carries into every review, with its gaps closed and its diagnostics sealed.
Grant
A Droplet clears the system for ONE deployment context — time-bound, condition-bound, revocable on the day it drifts.
Addressed
Currents — the four objections we hear.
“We can build the inventory ourselves in a spreadsheet.”
A spreadsheet records names. A Currents records what a reviewer will actually ask for: the data categories each system processes, its provisional Annex III classification, its evidence gaps against Art. 10, 12, 14 and 15, the named review owner, and a provisional access decision. That output is the input to a passport. A spreadsheet is not.
“We already have a software asset inventory.”
Asset inventories track licences and hosts. They do not tell you which model provider sits behind an API, whether a vendor silently swapped that model last quarter, which agent holds write credentials to a clinical or core-banking system, or whether a RAG corpus has ever been checked for injected instructions. Those are the questions a scan answers.
“We are not ready for a full governance programme.”
The scan is not the programme. It is the border check that precedes it. It tells you what is already operating inside your perimeter, which systems are carrying no evidence at all, and which three need a passport first. Nothing is committed beyond the scan itself.
“Our vendors have already assured us they are compliant.”
Assurance is a claim. A scan produces a finding. The two diverge most often on distribution shift — a model validated on a population that no longer resembles the one it now scores — and on proxy discrimination, where a removed protected attribute is reconstructed from postcode, device, or referral pathway. Neither is visible in a vendor attestation.
Step 1 — the scan
Open the file
before someone else does.
Ten working days. Fixed scope. Every AI system reaching health, financial, or minors' data — named, classified against Annex III, and matched to the evidence it does not yet have.
AffectLog provides technical and operational evidence to support AI access decisions. Not legal advice, certification, notified-body conformity assessment, or regulatory approval.