AI generated content disclaimer

mandatory

Risk-tiered disclaimer mechanism for AI-generated content in Koder surfaces. Three tiers (label / label+modal / label+banner+confirmation) governed by `risk` field from gateway. Compliance basis: EU AI Act (entrando em vigor 2026+), LGPD transparency requirements, Microsoft Teams AI label spec, MIT Sloan labeling research. Companion policy `ai-content-disclosure.kmd` define quando/onde aplicar.

Spec — AI generated content disclaimer

Compliance: EU AI Act art. 50 (entrando em vigor 2026+); LGPD art. 9 (transparency); GDPR recital 71. Pattern reference: Microsoft Teams AI label spec; MIT Sloan labels research; UK ICO AI guidance.

Princípios

  1. *lwayslabeled*— todo AIgenerated content em produto distribuído carrega disclaimer. Não há "trusted enough to skip".
  2. *isk-proportional*— tier escala com risco da decisão induzida pelo content.
  3. *18n mandatory*— copy disponível em todo locale shipado; fallback en-US.
  4. *udit-trail*— dismissal decisions persistidas para forensics.
  5. *ditorial copy owner-curated*— IA não edita os textos do disclaimer autonomamente (memory feedback_kds_owner_curated_content).

R1 — Three tiers

R1.1 — Tier 1: Labelonly (default, lowrisk)

Chip subtle abaixo do bubble:

🤖 Generated by AI — verify
  • Color: text-muted (per themes/color-roles.kmd).
  • Typography: label-small (per themes/typography.kmd R1).
  • Click: expands tooltip explicativo (key ai.disclaimer.tooltip.low).

Applied to: text responses, suggestions, casual content (chat, notes, drafts).

R1.2 — Tier 2: Label + modal (medium-risk)

Same chip, mas firsttimein-session opens explanatory modal:

┌────────────────────────────────────────────┐
│  About this AI-generated content           │
│                                            │
│  This response was generated by an AI     │
│  model. It may contain inaccuracies or    │
│  bias. Please verify critical information  │
│  before acting on it.                      │
│                                            │
│  Source model: Claude Opus 4.7             │
│  Limitations: knowledge cutoff 2026-01    │
│                                            │
│  [Don't show again]   [Got it]             │
└────────────────────────────────────────────┘

Applied to: factual/technical responses, code suggestions, research summaries.

Dismissal persistida per (koder_user_id, workspace_id, tier); "Don't show again" suppresses future modals for that tier — chip ainda presente.

R1.3 — Tier 3: Label + banner + confirmation (high-risk)

Banner persistente ACIMA do bubble + checkbox antes do user agir:

┌─────────────────────────────────────────────────┐
│  ⚠ HIGH-RISK AI OUTPUT                          │
│  This response may affect important decisions   │
│  (deploy / financial / medical / legal). You    │
│  MUST verify it independently before acting.    │
│                                                 │
│  [ ] I understand this is AI-generated and     │
│      will verify before acting                  │
└─────────────────────────────────────────────────┘

Required actions on the bubble (Deploy, Pay, Sign, Submit) blocked until checkbox toggled.

Applied to: deployment actions, financial transactions, medical/legal advice, code that touches production.

R2 — Risk derivation

risk field comes from gateway response. Derivation:

Risk Triggers
*ow* Default; no tool calls; chatdraftcasual
*edium* Tool calls executed (R1.2 covers); RAG sources cited; factual claim
*igh* Tool calls with destructiveHint: true; explicit userfacing actions (deployfinancialmedical); productspecific override

Product can override via gateway request annotation koder_risk_tier_min: "high" (e.g., Kortex production-deploy view sempre forces tier 3).

Cross-link: gateway response includes _meta.koder.risk: "low"|"medium"|"high".

R3 — Dismissal persistence

Schema (kdb-kv):

key: ai_disclaimer_dismissal:<koder_user_id>:<workspace_id>:<tier>
value: {
  dismissed_at: ISO8601,
  expires_at: ISO8601 | null,
  granted_by: <koder_user_id>
}
  • Tier 1 (label): NÃO dismissable. Sempre presente.
  • Tier 2 (modal): dismissable per tier-2 globally; modal hides; chip stays.
  • Tier 3 (banner+confirmation): NÃO dismissable globally; checkbox per-message obrigatório.

Autoexpire: Tier 2 dismissal expires após 90 dias (redisclosure refresh).

R4 — Audit log

Toda dismissal + toda Tier 3 confirmation emit audit event:

{
  event_type: "ai.disclaimer.acknowledged" | "ai.disclaimer.dismissed",
  tier: 1 | 2 | 3,
  koder_user_id: ...,
  workspace_id: ...,
  conversation_id: optional,
  message_id: optional,
  model: <source model>,
  timestamp: ISO8601
}

Retention: respeita policies/identity-data-retention.kmd R2 (auth_events 24m success / 12m failure).

R5 — Risk derivation override (product opt-in)

Products que sabem ser highriskby-default declarar via gateway request:

# Kortex deploy view
gateway.complete({
  prompt: ...,
  koder_risk_tier_min: "high",  # forces tier 3 for ALL responses in this view
})

Once set, ALL bubbles in the session inherit min tier 3 regardless of gateway-derived tier.

Cross-link: products specify this in their product spec (e.g., Kortex deploy ratifies tier 3 default).

R6 — Surface bindings

Surface API
Flutter KoderAIDisclaimer({required tier, onDismiss, onConfirm}) em koder_kit/lib/src/ai/ai_disclaimer.dart
Web <koder-ai-disclaimer tier="...">
Compose Android KoderAIDisclaimer (futuro)
SwiftUI iOS idem (futuro)
CLI / TUI Inline marker: [AI] (tier 1), [AI · medium] (tier 2 firsttime prints explanation), `[AI · HIGHRISK]` + prompt confirmation (tier 3)

R7 — i18n

Editorial copy. NÃO editable por IA autonomamente per feedback_kds_owner_curated_content.

Key en-US pt-BR
ai.disclaimer.label.low "Generated by AI — verify" "Gerado por IA — verifique"
ai.disclaimer.label.medium "Generated by AI — verify carefully" "Gerado por IA — verifique com cuidado"
ai.disclaimer.label.high "⚠ HIGH-RISK AI OUTPUT" "⚠ SAÍDA DE IA DE ALTO RISCO"
ai.disclaimer.tooltip.low "This response was generated by AI and may be inaccurate." "Esta resposta foi gerada por IA e pode conter imprecisões."
ai.disclaimer.modal.title "About this AI-generated content" "Sobre este conteúdo gerado por IA"
ai.disclaimer.modal.body "This response was generated by an AI model. It may contain inaccuracies or bias. Please verify critical information before acting on it." "Esta resposta foi gerada por um modelo de IA. Pode conter imprecisões ou viés. Verifique informações críticas antes de agir com base nela."
ai.disclaimer.modal.cta_dismiss "Don't show again" "Não mostrar novamente"
ai.disclaimer.modal.cta_acknowledge "Got it" "Entendi"
ai.disclaimer.high.title "HIGH-RISK AI OUTPUT" "SAÍDA DE IA DE ALTO RISCO"
ai.disclaimer.high.body "This response may affect important decisions. You MUST verify it independently before acting." "Esta resposta pode afetar decisões importantes. Você DEVE verificá-la de forma independente antes de agir."
ai.disclaimer.high.checkbox "I understand this is AI-generated and will verify before acting" "Entendo que é gerado por IA e vou verificar antes de agir"

R8 — Acessibilidade

  • Label chip: role="status" (não interactive em tier 1; interactive em tier 2 quando clickable).
  • Modal: role="dialog" aria-modal="true".
  • Banner tier 3: role="alert" (announces immediately on render).
  • Checkbox tier 3: <input type="checkbox" aria-required="true" aria-describedby="disclaimer-body">.
  • Action buttons (DeployPaySign) que dependem do checkbox: aria-disabled="true" antes; aria-disabled="false" após.
  • Screen reader: tier 3 banner anuncia "High-risk AI output. Verification required before action."

R9 — Per-preset variation

Style do disclaimer respeita preset (color e shape), MAS conteúdo text + tier behavior é fixed.

Preset Disclaimer style
material3/material_expressive Defaults
terminal_classic [AI] text prefix inline (no chip)
brutalist Sharp border 2px, no fill
minimalist_mono Mono font, single-line text
cyberpunk_neon Warning state com glow

T-suite

  • *1*Tier 1 label: assistant bubble com risk low → chip "Generated by AI — verify" presente.
  • *2*Tier 1 not dismissable: spec validation prevents disabling tier 1.
  • *3*Tier 2 modal firsttime: first mediumrisk response → modal aparece; dismiss → modal hides; chip stays.
  • *4*Tier 2 dismissal persisted: navegar away + voltar → modal NÃO reaparece (within 90d).
  • *5*Tier 2 expiry: avançar clock 91d → modal reaparece on next medium response.
  • *6*Tier 3 banner: high-risk response → banner ABOVE bubble + checkbox.
  • *7*Tier 3 action gate: Deploy button starts aria-disabled; check checkbox → button enables.
  • *8*Tier 3 NOT globally dismissable: dismiss attempt rejected.
  • *9*Audit log emits: T3T5T7 each emit ai.disclaimer.* events.
  • *10*Product override: product sets koder_risk_tier_min: "high" → ALL bubbles in view tier 3.
  • *11*i18n switch: change locale to pt-BR → all keys translated.
  • *1*Missing disclaimer in assistant bubble: violates R1.1 → static check / lint warning OR runtime assertion.
  • *2*Tier 3 action without checkbox: attempt to Deploy without check → action blocked + screen reader announce.
  • Companion policy: policies/ai-content-disclosure.kmd — comportamento (quando + onde aplicar)
  • Consumer: chat-message-bubble.kmd R2 hosts the label
  • Colortypography: `themescolor-roles.kmd, themes/typography.kmd`
  • Retention: policies/identity-data-retention.kmd
  • Storage: policies/multi-tenant-by-default.kmd
  • Compliance basis: EU AI Act art. 50 · LGPD art. 9 · ICO AI guidance · MS Teams AI label spec

Source: ../home/koder/dev/koder/meta/docs/stack/specs/ai-ui/ai-disclaimer.kmd