HomeMy AuditsS48-2025-0041

HIGH RISK DETECTED

Scan Complete — 142 files

DeepFace — Biometric Analysis Engine

serengil/deepface·Audit ID: S48-2025-0041·June 14, 2025

CRITICAL

Risk Level

Libraries

Art. Fails

Summary

Compliance Score

CRITICAL

NON-COMPLIANT

CRITICALLOW RISK

Repository Audited

serengil/deepface

github.com/serengil/deepface

Total Files

142

Duration

48 Hours

Audit ID

S48-2025-0041

Date

June 14, 2025

Scoring Brain

Baseline

Perfect clean slate

LOW RISK

DeepFace — Annex III Biometric Match

Real-time face identification library in public contexts

LOW

Emotion Recognition Module

Prohibited sensitive attribute inference (EU AI Act Art. 5)

LOW

Race/Gender Attribute Profiling

Sensitive attribute inference without governance controls

LOW

TensorFlow / Keras framework

General AI framework — no specific high-risk imports isolated

LOW

OpenCV integration

Computer vision pipeline with no access controls documented

LOW

Final RatingCRITICAL

Risk Classifications

Biometric IDAnnex III §1(a)Emotion RecognitionSensitive AttributesArticle 14 Gap

Risk Map

Library scan · Annex triggers · Article compliance gaps

HIGH RISK DETECTED

Flagged Libraries

5 dependencies scanned

Audit Infrastructure

Encryption

AES-256

VPS Environment

Private VPS

Report Storage

Encrypted Vault

Chain of Custody

Audit Trail

EU AI Act Article Matrix

Compliance gap analysis

Article 12

Logging & Record-Keeping

No automatic logging mechanism — inference outputs not recorded

FAIL

Article 13

Transparency

Aggregate metrics only — no per-inference explainability or user disclosure

PARTIAL

Article 14

Human Oversight

No override, interrupt, or human-in-the-loop mechanism found

FAIL

Article 10

Data Governance

Race, emotion, gender profiling without consent framework or data governance doc

FAIL

Article 9

Risk Management

No risk management system documentation present in repo

FAIL

Article 15

Accuracy & Robustness

Accuracy benchmarks present but no adversarial robustness testing

PARTIAL

Maximum Penalty Exposure

€35,000,000

Or 7% of global annual turnover — whichever is higher. Enforcement begins August 2, 2026.

Dossier

Annex IV Technical Dossier

Legally-defensible · Regulator-ready

Certified EU AI Act Document

Pages

AES-256

Encrypted

48h

SLA

Deliver to Client

Secure, expiring link

Send the Dossier to your AI developer client via a branded, encrypted, time-limited link — no account required on their end.

Dossier Contents

Annex III Classification Report

12pp

Annex IV Technical Dossier

28pp

Data Governance Assessment

8pp

Human Oversight Mapping

6pp

Compliance Gap Analysis

14pp

Penalty Risk Exposure Report

4pp

30-Day Compliance Advisor

Get dedicated EU AI Act remediation support included with your $75K audit package.

View Full Audit Package