Each regulatory requirement, met or unmet at the agent level.
DORA, the EU AI Act, MiFID II, and GDPR each impose a discrete supervisory requirement on the AI agent estate of regulated financial institutions. The substrate decomposes each requirement into the specific evidence that an external supervisor would need to verify compliance. Where the evidence is structurally unobservable from public sources, the institution is non-compliant under a verifiability standard regardless of any internal documentation it may hold. The two largest gaps are DORA Article 28 (third-party identifiability) at 53.3 percent and DORA Article 11 (ICT business continuity, halt mechanism) at 46.2 percent. MiFID II RTS 6 algorithmic trading control documentation tracks the same evidence as Article 11 and carries the same gap. The narrower gaps under EU AI Act Articles 11 and 14 reflect the regulation's more granular disclosure requirements; the architecture of the AI Act builds external observability into compliance from inception.
Each row decomposes a discrete regulatory requirement into the agent-level evidence required to verify compliance externally. The bar measures the share of 95,876 agents in the v13.1.0 sealed substrate at which the named evidence is unobservable from public sources. Severity coding reflects the supervisory weight typically assigned to each requirement: DORA Article 28 and Article 11 are coded as high-severity gaps, EU AI Act Articles 11 and 14 as moderate, DORA Article 5 as low, and GDPR Articles 22 and 35 as minimal because data sensitivity is near-universally observable. The matrix is computed on v13.1.0 evidence only; institutional self-reporting may close some gaps inside the institution.