Regulatory operations API

Put verified legal change into the workflow that already runs your business.

Trusq does not stop at another dashboard. When a verified EU change affects one of your registered AI systems, use the tenant-scoped API or a signed webhook to route the exact system, legal source, article match and next action into your own workflow.

One end-to-end event

Official source → affected system → machine action.

01

Trusq verifies the change

Only published records with their official source enter the customer feed.

02

The obligation graph finds impact

The event names the registered system, framework, articles and structured match basis.

03

Your workflow receives it once

Use a cursor-based API or an HMAC-signed webhook with a stable event id for idempotency.

04

The dossier stays reconstructable

Retrieve the systems, obligations, approved evidence, automatic rule updates and audit trail as JSON.

Machine contract

Small surface. Strong guarantees.

Tenant-bound credentials

Workspace admins issue revocable, expiring credentials with separate changes:read and dossier:read scopes. Reusable token values are never stored.

Signed, retryable delivery

Every POST carries event, delivery and idempotency identifiers plus a SHA-256 HMAC over the raw body. Failures back off and move to dead letter after eight attempts.

Outbound network boundary

Only public HTTPS endpoints on port 443 are accepted. Redirects, credentials in URLs and private-network destinations are refused before delivery.

Endpoints

Everything needed to automate the regulatory-change loop.

GET https://app.trusq.io/api/v1/changes
Cursor-paginated, system-specific regulatory impacts with official source URL, articles, action and match basis.

GET https://app.trusq.io/api/v1/dossier
Machine-readable systems, obligations, approved evidence, automatic rule updates and audit trail.

GET https://app.trusq.io/api/v1/dossier/package
Tamper-evident package with payload/content hashes and checkpoint continuity. Verify against /.well-known/trusq-audit-key.pem. Production key fingerprint: sha256:e7aa0f395b32d2f88cebf04e6a8a1efa86c6921b7952eef939bb446de921d8fb.

GET https://app.trusq.io/api/v1/releases
Signed central corpus releases with validation, aggregate impact preview and reconciliation result.

regulatory.impact.created
A verified published change affects a registered system.

obligation.reconciled
A new rule-corpus version has been applied automatically without rewriting historical assessments or approved evidence.

corpus.released
A source-bound, content-signed central corpus passed validation and was promoted across tenants.

dossier.notarized
A daily signed dossier checkpoint was created without storing a second copy of customer content.

Trusq provides sourced attention points and workflow support, not legal advice. Your organisation remains responsible for decisions and sign-off.