Raycaster / evalsAll benchmarks

Cross-benchmark category

US State Privacy Law

Compare AI agent runs for US State Privacy Law: prompts, scores, grades, and public traces. This page showcases APEX-Agents tasks that test whether AI agents can apply US state privacy laws, including breach notification requirements and state-specific privacy obligations.

US privacy complianceColorado Privacy Act, New York breach notification
13Tasks
1Primary
1Benchmarks

Published model evidence

A quick view of shareable runs in this category. Open task and trace pages for the prompt, response, files, and grading details.

Gemini 3 Flash56% pass

5/9 runs · avg score 67%

gpt-5.4-mini31% pass

4/13 runs · avg score 73%

GPT-5.423% pass

3/13 runs · avg score 59%

gpt-5.515% pass

2/13 runs · avg score 49%

gpt-5.4-nano15% pass

2/13 runs · avg score 41%

Gemini 3.1 Pro15% pass

2/13 runs · avg score 41%

Primary tasks

1 tasks with this category as their main focus.

  1. Determine Outcome of Shipyard Fire and DelayAPEX-Agents(task_8ec48c4dfa5e4f06b8bac76409c74d83)3/6 · Fail

    Blue Anchor recently sued us (LNG Shipping Inc.) for claims of fraudulent inducement. We filed a motion to compel arbitration after Nakamura experienced a catastrophic fire at its shipyard. The motion…

Related tasks

12 tasks that also exercise this work as part of a broader assignment.

  1. Law_World_423_DM_03APEX-Agents(task_39431bef81164cd2843e9369b8f7fdc5)2/3 · Fail

    Northstar is evaluating a situation where Bluequill had utilized the EU personal data received by its analytics module from Northstar, and utilized it for the purposes of sending out marketing emails …

  2. Law_World_423_DM_04APEX-Agents(task_3e4eba49c9cd4d3fa0de912ab1b1501e)7/10 · Fail

    Northstar's CEO sent me an email asking for a summary of the company’s liability under US privacy law if the incident occurred to a US customer based in Colorado. Please take the lead on drafting a hi…

  3. Law_World_423_DM_05APEX-Agents(task_58e8668c0a7c47808ff26e7b1e5105ae)2/9 · Fail

    Northstar's US customer, Zellwerk, reported a system-wide outage that delayed access to shipment-tracking data containing health-related product identifiers and customer account IDs. During the outage…

  4. Task Seed #13APEX-Agents(task_ada7c5e9d1a149e780af8d519a9171f6)1/1 · Pass

    During the first 48 minutes of the EU production outage, Northstar's engineering team exported one or two bundled sets of EU production event logs containing personal data to the U.S. analytics vendor…

  5. World423_AW_01APEX-Agents(task_56c618b6f1884f168f3e508af61b2d3d)2/3 · Fail

    Our client needs to know if any of that data that was transmitted in the breach is considered personal data under GDPR. Review the four attached incident reports and provide your reply to me with ex…

  6. World423_DPM_01APEX-Agents(task_73363f7afa084f98aeb61ff19ecfabad)0/2 · Fail

    Evaluate whether the breach notification requirements to EU/EEA customers in Version 1 of the Breach and Incident Response Policy are compliant with the GDPR, by answering the following questions: 1) …

  7. World423_DPM_02APEX-Agents(task_327f2507ef39488d9dfc3fbf05ef4c2f)0/4 · Fail

    Review the Controller-to-Supervisory Authority Notification Template, along with the timing set out in the V.2 Breach & Incident Response Policy, to ensure compliance with the notification requirement…

  8. World423_JS_01APEX-Agents(task_afcdcb040d924d4289b2a739e6ac4c49)3/5 · Fail

    Let's assess the applicability of the statement of "[t[hese data elements constitute personal data for GDPR purposes because they relate to identifiable users, even though no directly identifying attr…

  9. World423_JS_02APEX-Agents(task_7e51ed8994924d8d9f92938fd8cf9fd2)5/9 · Fail

    It has come to our attention that some of the data transferred by the "Diagnostics Analytics Module" related to residents of Colorado. Does Colorado Law require us to notify Colorado residents of this…

  10. World423_JS_03APEX-Agents(task_28f0924227374bcea8d59b13e605be90)2/2 · Pass

    Northstar is reviewing its policies for notifying American data subjects in case there is another unauthorized data transfer. Specifically, a lot of Northstar's data subjects reside in the State of Ne…

  11. World423_JS_07APEX-Agents(task_c9fa280149be4bbb99fc9f9065b443cf)1/2 · Fail

    Will Northstar be required to compensate affected data subjects under the General Data Protection Regulation ("GDPR") for the Data Analytics Module's (the "Module") unauthorized data transfer if the d…

  12. World423_JS_08APEX-Agents(task_25e49967231547cab553ed451d6fa338)0/2 · Fail

    Determine if Northstar can be fined under Article 83 of the General Data Protection Regulation ("GDPR") for a violation of Article 14(2)(e) of the GDPR for the data transfer from the Data Analytics Mo…