Raycaster / evalsBack to AI Agents for Privacy and GDPR Compliance

APEX-Agents · Law

World423_DPM_02

0/4Fail

APEX-Agents task World423_DPM_02 in AI Agents for Privacy and GDPR Compliance. Compare dual-harness agent runs across models — rubric criteria, scores, and public traces.

AI Agents for Privacy and GDPR ComplianceLaw World 423Dual harnessGrader: rubric
task_327f2507ef39488d9dfc3fbf05ef4c2f
Law World 423
message_in_console
7 models · dual config

Task prompt

What the agent was asked to do

Review the Controller-to-Supervisory Authority Notification Template, along with the timing set out in the V.2 Breach & Incident Response Policy, to ensure compliance with the notification requirements of the General Data Protection Regulation (GDPR). Draft a message to me here that answers Yes or No as to whether each policy is compliant. If not compliant, propose any necessary additions.

Published trajectories

Agent runs on this task

Curated dual-harness runs (parsed + original sandbox). Best scored run per model.

ModelHarnessScoreResultLinks
GPT-5.5showcasedual0/4Fail
fireworks models Kimi K2dual0/4Fail
Gemini 3 Flashdual0/4Fail
Gemini 3.1 Produal1/4Fail
GPT-5.4dual2/4Fail
GPT-5.4 minidual2/4Fail
GPT-5.4 nanodual0/4Fail

Grading rubric

Criteria and grader verdict (showcase run)

  1. States Yes, the Controller-to-Supervisory Authority Notification Template is compliant with the GDPR notification requirements

    Fail

    Evidence: TEXT_RESPONSE states “Controller-to-Supervisory Authority Notification Template — No, not fully compliant” and later “Conclusion: No — partially compliant, but not complete.” Assessment: The criterion requires stating Yes that the template is compliant; the response states the opposite, so fail.

  2. States Yes, the Breach & Incident Response Policy is compliant with the GDPR notification requirements

    Fail

    Evidence: TEXT_RESPONSE states “PRIV-04 V.2 Breach & Incident Response Policy timing — No, not fully compliant as written” and “Conclusion: No — not fully compliant as written.” Assessment: The criterion requires stating Yes that the policy is compliant; the response states the opposite, so fail.

  3. States that no additions are needed to make the Controller-to-Supervisory Authority Notification Template compliant with the GDPR’s notification requirements

    Fail

    Evidence: TEXT_RESPONSE says the template “should be amended to add explicit fields” and lists “Necessary additions” including supervisory authority, timing/delay, phased notice, and Article 34 status sections. Assessment: The criterion requires stating no additions are needed for the template; the response proposes additions, so fail.

  4. States that no additions are needed to make the V.2 Breach & Incident Response Policy compliant with the GDPR’s notification requirements

    Fail

    Evidence: TEXT_RESPONSE provides “Necessary additions / replacement language” for the policy, including replacement Section 5.4 language and added Article 34 and documentation paragraphs. Assessment: The criterion requires stating no additions are needed for the V.2 policy; the response proposes additions, so fail.