AI generated content disclaimer
ai-ui specs/ai-ui/ai-disclaimer.kmd
Risk-tiered disclaimer mechanism for AI-generated content in Koder surfaces. Three tiers (label / label+modal / label+banner+confirmation) governed by `risk` field from gateway. Compliance basis: EU AI Act (entrando em vigor 2026+), LGPD transparency requirements, Microsoft Teams AI label spec, MIT Sloan labeling research. Companion policy `ai-content-disclosure.kmd` define quando/onde aplicar.
Quando esta spec se aplica
Triggers primários
- Render any AI-generated text/image/code to a Koder user
Todos os triggers
- Display AI-generated content in any user-facing Koder product
- Implement chat-message-bubble or any AI output surface
- Audit Koder product for EU AI Act / LGPD compliance
Corpo da especificação
Spec — AI generated content disclaimer
Compliance: EU AI Act art. 50 (entrando em vigor 2026+); LGPD art. 9 (transparency); GDPR recital 71. Pattern reference: Microsoft Teams AI label spec; MIT Sloan labels research; UK ICO AI guidance.
Princípios
- Always-labeled — todo AI-generated content em produto distribuído carrega disclaimer. Não há "trusted enough to skip".
- Risk-proportional — tier escala com risco da decisão induzida pelo content.
- i18n mandatory — copy disponível em todo locale shipado; fallback en-US.
- Audit-trail — dismissal decisions persistidas para forensics.
- Editorial copy owner-curated — IA não edita os textos do disclaimer autonomamente (memory
feedback_kds_owner_curated_content).
R1 — Three tiers
R1.1 — Tier 1: Label-only (default, low-risk)
Chip subtle abaixo do bubble:
🤖 Generated by AI — verify
- Color:
text-muted(perthemes/color-roles.kmd). - Typography:
label-small(perthemes/typography.kmdR1). - Click: expands tooltip explicativo (key
ai.disclaimer.tooltip.low).
Applied to: text responses, suggestions, casual content (chat, notes, drafts).
R1.2 — Tier 2: Label + modal (medium-risk)
Same chip, mas first-time-in-session opens explanatory modal:
┌────────────────────────────────────────────┐
│ About this AI-generated content │
│ │
│ This response was generated by an AI │
│ model. It may contain inaccuracies or │
│ bias. Please verify critical information │
│ before acting on it. │
│ │
│ Source model: Claude Opus 4.7 │
│ Limitations: knowledge cutoff 2026-01 │
│ │
│ [Don't show again] [Got it] │
└────────────────────────────────────────────┘
Applied to: factual/technical responses, code suggestions, research summaries.
Dismissal persistida per (koder_user_id, workspace_id, tier); "Don't show again" suppresses future modals for that tier — chip ainda presente.
R1.3 — Tier 3: Label + banner + confirmation (high-risk)
Banner persistente ACIMA do bubble + checkbox antes do user agir:
┌─────────────────────────────────────────────────┐
│ ⚠ HIGH-RISK AI OUTPUT │
│ This response may affect important decisions │
│ (deploy / financial / medical / legal). You │
│ MUST verify it independently before acting. │
│ │
│ [ ] I understand this is AI-generated and │
│ will verify before acting │
└─────────────────────────────────────────────────┘
Required actions on the bubble (Deploy, Pay, Sign, Submit) blocked until checkbox toggled.
Applied to: deployment actions, financial transactions, medical/legal advice, code that touches production.
R2 — Risk derivation
risk field comes from gateway response. Derivation:
| Risk | Triggers |
|---|---|
| low | Default; no tool calls; chat/draft/casual |
| medium | Tool calls executed (R1.2 covers); RAG sources cited; factual claim |
| high | Tool calls with destructiveHint: true; explicit user-facing actions (deploy/financial/medical); product-specific override |
Product can override via gateway request annotation koder_risk_tier_min: "high" (e.g., Kortex production-deploy view sempre forces tier 3).
Cross-link: gateway response includes _meta.koder.risk: "low"|"medium"|"high".
R3 — Dismissal persistence
Schema (kdb-kv):
key: ai_disclaimer_dismissal:<koder_user_id>:<workspace_id>:<tier>
value: {
dismissed_at: ISO8601,
expires_at: ISO8601 | null,
granted_by: <koder_user_id>
}
- Tier 1 (label): NÃO dismissable. Sempre presente.
- Tier 2 (modal): dismissable per tier-2 globally; modal hides; chip stays.
- Tier 3 (banner+confirmation): NÃO dismissable globally; checkbox per-message obrigatório.
Auto-expire: Tier 2 dismissal expires após 90 dias (re-disclosure refresh).
R4 — Audit log
Toda dismissal + toda Tier 3 confirmation emit audit event:
{
event_type: "ai.disclaimer.acknowledged" | "ai.disclaimer.dismissed",
tier: 1 | 2 | 3,
koder_user_id: ...,
workspace_id: ...,
conversation_id: optional,
message_id: optional,
model: <source model>,
timestamp: ISO8601
}
Retention: respeita policies/identity-data-retention.kmd R2 (auth_events 24m success / 12m failure).
R5 — Risk derivation override (product opt-in)
Products que sabem ser high-risk-by-default declarar via gateway request:
# Kortex deploy view
gateway.complete({
prompt: ...,
koder_risk_tier_min: "high", # forces tier 3 for ALL responses in this view
})
Once set, ALL bubbles in the session inherit min tier 3 regardless of gateway-derived tier.
Cross-link: products specify this in their product spec (e.g., Kortex deploy ratifies tier 3 default).
R6 — Surface bindings
| Surface | API |
|---|---|
| Flutter | KoderAIDisclaimer({required tier, onDismiss, onConfirm}) em koder_kit/lib/src/ai/ai_disclaimer.dart |
| Web | <koder-ai-disclaimer tier="..."> |
| Compose Android | KoderAIDisclaimer (futuro) |
| SwiftUI iOS | idem (futuro) |
| CLI / TUI | Inline marker: [AI] (tier 1), [AI · medium] (tier 2 first-time prints explanation), [AI · HIGH-RISK] + prompt confirmation (tier 3) |
R7 — i18n
Editorial copy. NÃO editable por IA autonomamente per
feedback_kds_owner_curated_content.
| Key | en-US | pt-BR |
|---|---|---|
ai.disclaimer.label.low | "Generated by AI — verify" | "Gerado por IA — verifique" |
ai.disclaimer.label.medium | "Generated by AI — verify carefully" | "Gerado por IA — verifique com cuidado" |
ai.disclaimer.label.high | "⚠ HIGH-RISK AI OUTPUT" | "⚠ SAÍDA DE IA DE ALTO RISCO" |
ai.disclaimer.tooltip.low | "This response was generated by AI and may be inaccurate." | "Esta resposta foi gerada por IA e pode conter imprecisões." |
ai.disclaimer.modal.title | "About this AI-generated content" | "Sobre este conteúdo gerado por IA" |
ai.disclaimer.modal.body | "This response was generated by an AI model. It may contain inaccuracies or bias. Please verify critical information before acting on it." | "Esta resposta foi gerada por um modelo de IA. Pode conter imprecisões ou viés. Verifique informações críticas antes de agir com base nela." |
ai.disclaimer.modal.cta_dismiss | "Don't show again" | "Não mostrar novamente" |
ai.disclaimer.modal.cta_acknowledge | "Got it" | "Entendi" |
ai.disclaimer.high.title | "HIGH-RISK AI OUTPUT" | "SAÍDA DE IA DE ALTO RISCO" |
ai.disclaimer.high.body | "This response may affect important decisions. You MUST verify it independently before acting." | "Esta resposta pode afetar decisões importantes. Você DEVE verificá-la de forma independente antes de agir." |
ai.disclaimer.high.checkbox | "I understand this is AI-generated and will verify before acting" | "Entendo que é gerado por IA e vou verificar antes de agir" |
R8 — Acessibilidade
- Label chip:
role="status"(não interactive em tier 1; interactive em tier 2 quando clickable). - Modal:
role="dialog" aria-modal="true". - Banner tier 3:
role="alert"(announces immediately on render). - Checkbox tier 3:
<input type="checkbox" aria-required="true" aria-describedby="disclaimer-body">. - Action buttons (Deploy/Pay/Sign) que dependem do checkbox:
aria-disabled="true"antes;aria-disabled="false"após. - Screen reader: tier 3 banner anuncia "High-risk AI output. Verification required before action."
R9 — Per-preset variation
Style do disclaimer respeita preset (color e shape), MAS conteúdo text + tier behavior é fixed.
| Preset | Disclaimer style |
|---|---|
material3/material_expressive | Defaults |
terminal_classic | [AI] text prefix inline (no chip) |
brutalist | Sharp border 2px, no fill |
minimalist_mono | Mono font, single-line text |
cyberpunk_neon | Warning state com glow |
T-suite
- T1 Tier 1 label: assistant bubble com risk low → chip "Generated by AI — verify" presente.
- T2 Tier 1 not dismissable: spec validation prevents disabling tier 1.
- T3 Tier 2 modal first-time: first medium-risk response → modal aparece; dismiss → modal hides; chip stays.
- T4 Tier 2 dismissal persisted: navegar away + voltar → modal NÃO reaparece (within 90d).
- T5 Tier 2 expiry: avançar clock 91d → modal reaparece on next medium response.
- T6 Tier 3 banner: high-risk response → banner ABOVE bubble + checkbox.
- T7 Tier 3 action gate: Deploy button starts
aria-disabled; check checkbox → button enables. - T8 Tier 3 NOT globally dismissable: dismiss attempt rejected.
- T9 Audit log emits: T3/T5/T7 each emit ai.disclaimer.* events.
- T10 Product override: product sets
koder_risk_tier_min: "high"→ ALL bubbles in view tier 3. - T11 i18n switch: change locale to pt-BR → all keys translated.
- N1 Missing disclaimer in assistant bubble: violates R1.1 → static check / lint warning OR runtime assertion.
- N2 Tier 3 action without checkbox: attempt to Deploy without check → action blocked + screen reader announce.
Cross-link
- Companion policy:
policies/ai-content-disclosure.kmd— comportamento (quando + onde aplicar) - Consumer:
chat-message-bubble.kmdR2 hosts the label - Color/typography:
themes/color-roles.kmd,themes/typography.kmd - Retention:
policies/identity-data-retention.kmd - Storage:
policies/multi-tenant-by-default.kmd - Compliance basis: EU AI Act art. 50 · LGPD art. 9 · ICO AI guidance · MS Teams AI label spec
Referências
meta/docs/stack/specs/ai-ui/chat-message-bubble.kmdmeta/docs/stack/policies/ai-content-disclosure.kmdmeta/docs/stack/specs/i18n/contract.kmdmeta/docs/stack/policies/security.kmd