How Aegis decides what to show — and what it refuses to claim.

Every entry in the Rights Graph carries one of three provenance levels, visible on the entry itself:

Verified — added and checked by Aegis against a cited primary source (a regulation, court decision, supervisory-authority action, or documented investigation by a recognised body).

Expert-validated — reviewed and confirmed by an approved contributor with relevant domain expertise.

Community — proposed by a contributor and awaiting review. New submissions enter at this level by default and are labelled as unverified until checked.

Provenance is never hidden. An expert can see at a glance what is solid and what is still pending.

The live count is shown on the home page and on the Rights Graph itself — and it is deliberately modest.

Aegis does not claim exhaustive coverage of every AI system deployed across 27 Member States. No tool can. What it offers is a small, fully-sourced base that grows only through verified contribution.

Wherever a figure is shown — the FRIA Coverage Gap, the number of diverging topics — the size of the underlying sample is shown alongside it. A gap of 'X systems without a known FRIA' is always stated as a gap across the systems mapped so far, never as a claim about all of Europe.

The graph updates continuously as contributions are reviewed and as Aegis adds verified systems and regulatory positions.

Each entry records when it was added; regulatory positions record the date the authority stated them. Because the field moves quickly, Aegis favours dated, sourced positions over a claim of permanent currency — you can always see how recent a given data point is.

A system is linked to a fundamental right only where that connection is supported by a cited source — a court finding, a supervisory-authority decision, or documented analysis. The link carries its own provenance and an impact note explaining the basis.

Aegis does not infer rights impacts algorithmically. A link exists because a source supports it, not because a model predicted it. This is a deliberate constraint: it keeps the graph defensible at the cost of breadth.

Regulatory divergence is established the same way: two or more authorities are shown as diverging on a topic only when each position is backed by a dated, linked source. No consensus is invented, and no conflict is invented.

Three safeguards. First, classification is conservative — where the risk tier or the applicability of an exception is genuinely uncertain, it is marked undetermined rather than overstated.

Second, nothing is published as a confident finding on the strength of a model's output. A system's classification reflects the cited legal basis and documented facts, not an automated guess.

Third, the platform separates what it knows from what it infers. 'No known FRIA' means exactly that — no assessment is known to exist in the public record — not that none exists. The wording is chosen to avoid asserting more than the evidence supports.