ANCHORED IMPACT-ASSESSMENT RECEIPTS

Anchored Impact-Assessment Receipts

Records the DPIA lifecycle — necessity check, risk assessment, mitigation plan, DPO advice, and supervisory-authority prior consultation. Composes with APuR, ATR, AER, ALR, and ABR for a complete risk-evidence bundle.

AIR · Shipped11 wire typesApache-2.0 · CC0 spec
← All familiesVerify a receipt →

WIRE TYPES

ar.impact.v1 (dpia.threshold_triggered)

Records that a DPIA threshold was crossed — the processing activity meets the criteria in Art. 35(3) that mandate a data protection impact assessment.

ar.impact.v1 (dpia.scope_locked)

Records the locked scope of the impact assessment — which processing operations, data categories, and systems are in scope.

ar.impact.v1 (dpia.dpo_advised)

Records that the DPO's advice was sought per Art. 35(2) — the DPO's assessment and recommendations.

ar.impact.v1 (dpia.stakeholders_consulted)

Records stakeholder or data-subject representative consultation. The only AIR event that MAY carry a subject commit (representative-org or NGO-review context only).

ar.impact.v1 (dpia.completed)

Records the completed DPIA — risk assessment outcome, mitigation measures, residual risk. Recommended TSA for deadline evidence.

ar.impact.v1 (dpia.reviewed)

Records a periodic review of the DPIA. May be triggered by a breach (ABR composition ref) or material change in processing.

ar.impact.v1 (dpia.prior_consultation_initiated)

Records that Art. 36 prior consultation with the supervisory authority was initiated — required when residual risk remains high after mitigation.

ar.impact.v1 (dpia.prior_consultation_resolved)

Records the supervisory authority's response to the prior consultation.

ar.impact.v1 (dpia.processing_authorised)

Terminal: processing is authorised to proceed based on the DPIA outcome.

ar.impact.v1 (dpia.processing_blocked)

Terminal: processing is blocked — the residual risk is too high and the supervisory authority has not authorised it.

ar.impact.v1 (dpia.terminated)

Terminal: the DPIA is terminated without a processing decision — the assessment is abandoned.

WHAT IT PROVES

  • A DPIA was conducted before high-risk processing began (Merkle inclusion proof).
  • The DPO was consulted per Art. 35(2) (chain walk confirms ordering).
  • Prior consultation was initiated when required (Art. 36 event present in chain).
  • The complete assessment lifecycle — from threshold trigger through authorisation or block (chain walk).

WHAT IT DOESN'T PROVE

  • The risk assessment was thorough or accurate.
  • Mitigation measures were actually implemented.
  • The residual risk level is acceptable.
  • Stakeholder consultation was meaningful or representative.

COMPOSES WITH

AIR receipts reference other family members via body-level composition pointers — verifier-coordinated, not signature-mandated.

AERAnchored Evaluation Receipts

DPIA cites AER conformity receipts for algorithmic-impact evidence under Art. 35(3)(a).

ATRAnchored Transfer Receipts

DPIA cites ATR receipts for cross-border transfer mechanisms in scope.

ALRAnchored Lineage Receipts

DPIA cites ALR receipts for data-flow lineage in scope.

APuRAnchored Purpose Receipts

DPIA cites purpose-binding receipts being assessed.

ABRAnchored Breach Receipts

A DPIA review may be triggered by a breach — the ABR receipt is cited as the cause.

Verify any
AIR receipt.

verify.dekimu.com ↗

Paste any claim ID to verify a receipt, check its anchor, and inspect the issuer signature.

REFERENCES

GDPR Art. 35 — Data protection impact assessment (EUR-Lex)
GDPR Art. 36 — Prior consultation (EUR-Lex)

Anchored Impact-Assessment Receipts are cryptographic provenance and privacy-lifecycle protocols. verify.dekimu.com is a reference implementation, not a qualified trust service under Regulation (EU) No 910/2014 (eIDAS) or successor.