APEX-Agents · Law
World423_DPM_01
APEX-Agents task World423_DPM_01 in AI Agents for Privacy and GDPR Compliance. Compare dual-harness agent runs across models — rubric criteria, scores, and public traces.
Task prompt
What the agent was asked to do
Evaluate whether the breach notification requirements to EU/EEA customers in Version 1 of the Breach and Incident Response Policy are compliant with the GDPR, by answering the following questions: 1) Whether the notification section in the policy is compliant in regards to EU/EEA customers (Yes/No). 2) If not, what must be added to the notification? If complaint, state no revisions are required. Tell me your answer right here.
Published trajectories
Agent runs on this task
Curated dual-harness runs (parsed + original sandbox). Best scored run per model.
| Model | Harness | Score | Result | Links |
|---|---|---|---|---|
| GPT-5.5showcase | dual | 0/2 | Fail | Share pagePublic trace |
| fireworks models Kimi K2 | dual | 0/2 | Fail | Share pagePublic trace |
| Gemini 3 Flash | dual | 0/2 | Fail | Share pagePublic trace |
| Gemini 3.1 Pro | dual | 0/2 | Fail | Share pagePublic trace |
| GPT-5.4 | dual | 0/2 | Fail | Share pagePublic trace |
| GPT-5.4 mini | dual | 2/2 | Pass | Share pagePublic trace |
| GPT-5.4 nano | dual | 0/2 | Fail | Share pagePublic trace |
Grading rubric
Criteria and grader verdict (showcase run)
States “Yes”, the notification section in the Breach & Incident Response Policy is compliant with the GDPR regarding EU/EEA customers
FailEvidence: TEXT_RESPONSE states “1) **No.** The Version 1 notification section is **not fully compliant** for EU/EEA customer notifications.” Assessment: The criterion requires the response to state “Yes” that the notification section is compliant regarding EU/EEA customers; it states the opposite, so fail.
States that no additions need to be added to the notification requirements
FailEvidence: TEXT_RESPONSE states “**Revisions required:**” and lists items that “should add” GDPR-aligned information. Assessment: The criterion requires stating that no additions need to be added to the notification requirements; the response says additions are required, so fail.