Spanda's compliance framework validates autonomous systems against industry profiles and operational governance requirements — not embedded regulatory text.
- Program compliance (
spanda-compliance) — evaluate.sdprograms against signed industry profiles (defense, medical, automotive, …). - Operational governance (
spanda-governance) — validate deployment context: autonomy, maturity, certification, risk, accountability. - Readiness & assurance — existing engines provide health/readiness/trust inputs to governance validation.
Compliance and governance checks produce:
| Outcome | Meaning |
|---|---|
| Pass | Requirement satisfied |
| Warning | Gap that may be acceptable depending on maturity |
| Missing | Required attribute or evidence absent |
| Recommended action | Suggested remediation |
spanda compliance list
spanda compliance check [--strict] [--entity robot:alpha]
spanda compliance report mission.sd --profile defensePOST /v1/compliance/check
Content-Type: application/json
{"strict": true, "entity_id": "robot:alpha"}# spanda.governance.toml
[governance]
deployment_profile = "warehouse"
operational_maturity = "pilot"
risk_level = "medium"
certification_status = "validated"
responsible_person = "ops.lead@example.com"
deployment_owner = "fleet.ops@example.com"
standards_profiles = "industrial_safety,cybersecurity"
constraints = "indoor,connectivity"Spanda validates structural governance requirements. Organizations remain responsible for regulatory interpretation and legal compliance.