Auditable Artificial Intelligence

Technical foundations and verifiable characteristics

Our architecture implements a hybridisation between knowledge graphs semantically interpreted through ontologies and state-of-the-art language models — a distinction worth clarifying, since this is not a conventional RAG system that retrieves textual fragments through vector similarity. The system reasons over explicit relational structures expressed in W3C standards: OWL ontologies that conceptually model knowledge domains, RDF graphs that represent data through subject-predicate-object triples, SPARQL queries that enable precise retrieval of structured information, and description logic that enables automated reasoning over the encoded relationships.

This neurosymbolic architecture preserves the interpretive and generative capabilities of language models whilst anchoring them to the logical precision provided by structured knowledge-based systems. When the system processes a natural language query, the language model does not generate a response directly from its trained parameters; instead, it translates the communicative intent into a formal query that it executes against the knowledge graph, retrieves the relevant RDF triples, and linguistically synthesises a response grounded in those verified relationships. The practical result is that the system maintains conversational fluency without sacrificing verifiability — a balance that proves elusive for purely neural or purely symbolic architectures considered in isolation.

Each generated statement possesses verifiable provenance in a structurally precise sense: any proposition in the response can be traced back to the specific triples in the graph that underpin it, not through approximate attribution techniques but through direct inspection of the query mechanisms. The system exposes the complete path from the initial natural language query, through its translation into a formal SPARQL query, the execution of that query against the graph, the retrieval of specific triples, and on to the final linguistic synthesis that articulates those structured results into a comprehensible response. This transparency does not require additional explainability components overlaid onto an opaque architecture; rather, it emerges inevitably from how the system is built, where every intermediate operation is recorded and can be inspected.

The distinction between structural traceability and approximate explainability is crucial when evaluating AI architectures in regulated contexts. Explainability methods applied to deep neural networks — activation maps, input gradients, feature attribution — offer statistical approximations of which regions of the input data most probably influenced the output, but cannot guarantee that these explanations faithfully correspond to how the model actually processes information. By contrast, when each step of the reasoning is mediated by operations on explicit symbolic structures, the explanation is not an inferred reconstruction but a literal record of the process executed.

Alignment with the European regulatory framework and operational transparency

Regulation (EU) 2024/1689 of the European Parliament and of the Council, together with the Spanish National Artificial Intelligence Strategy, establishes a comprehensive regulatory framework that recognises in its Recital 6 that "it is essential that AI and its regulatory framework be developed in accordance with Union values, fundamental rights and freedoms". This principle is given concrete form in specific technical requirements for high-risk systems used in essential public services, requiring them to maintain detailed technical records and ensure that their decisions are comprehensible to the people affected — requirements that our architecture satisfies not through subsequent adaptations but as a direct consequence of its fundamental design.

The prohibitions in Chapter II of the Regulation, in force since 2 February 2025, aim according to Recital 26 to prevent "practices considered unacceptable due to their risk to democratic values" — an objective that presupposes effective supervisory capacity over the internal functioning of AI systems. Verifying that a system does not employ subliminal manipulation techniques or exploit the vulnerabilities of specific groups requires the ability to inspect both the knowledge it uses and the mechanisms through which that knowledge influences its decisions. In black-box architectures, this supervision is limited to external behavioural testing which, though useful, cannot exhaustively guarantee the absence of latent problems. In our architecture, where knowledge exists as an explicit graph and reasoning mechanisms operate through inspectable formal queries, verification becomes a straightforward technical exercise of examining ontologies, reviewing RDF triples, and auditing the SPARQL queries that mediate between input and output.

Systems classified as high-risk under Article 6 must undergo "strict conformity assessments and have risk management systems in place" — a requirement that the W3C standards-based architecture substantially facilitates. OWL ontologies provide explicit conceptual modelling of the domain that can be reviewed independently before deploying the system; the SPARQL queries that mediate access to knowledge can be exhaustively tested against formalised test cases; and the description logic underpinning automated reasoning offers deductive guarantees on the consistency of the inferences produced. This architecture also enables the system's knowledge to be updated in a controlled manner by modifying specific triples in the graph without altering the reasoning mechanisms, which simplifies risk management by allowing surgical corrections when problems are detected in the content without introducing uncertainty about unintended changes in overall behaviour.

Transparency in this architecture is not a requirement that must be implemented but an emergent property of the design. When information processing takes place through operations on explicit symbolic structures governed by formal standards, the observability of the process arises automatically because every intermediate operation has an inspectable representation. The separation between declarative knowledge — expressed in RDF graphs interpreted by OWL ontologies — and processing capabilities — provided by language models — allows precise interventions on content without compromising the functional stability of the system. Updating outdated information, correcting erroneous semantic relationships, or deleting specific data to comply with the right to erasure are all operations that modify concrete triples in the graph without generating unpredictable side effects, an essential property for effectively exercising the rights of rectification and erasure recognised by the European regulatory framework.

The explicitly relational structure of RDF graphs exposes associations between concepts that can be audited through specific SPARQL queries designed to detect problematic patterns. If the system encodes, for example, inappropriate connections between demographic groups and negative attributes, these associations appear as explicit triples that can be identified systematically and removed with precision — a capability that contrasts with the inherent difficulty of locating and neutralising biases distributed implicitly across millions of parameters in deep neural networks, where no direct representation exists of the semantic associations that the model has internalised during training.

Reliability, accountability, and human-centred AI

Both the European regulatory framework and the Spanish National Strategy promote the development of genuinely human-centred AI — an orientation that goes beyond formal compliance with technical requirements to demand systems capable of generating verifiable trust through predictable, explainable, and correctable operation. This centrality of the human being implies that technology must serve people without subordinating them to the opaque logic of systems whose functioning is inaccessible even to those who design them — a principle that materialises in architectures where the properties of auditability, data governance, and effective human oversight emerge from the design rather than being added as superficial layers over essentially opaque systems.

Neurosymbolic hybridisation reduces the erratic behaviour characteristic of purely statistical systems by anchoring response generation to structured knowledge that the model consults explicitly. When the system produces a statement, it is not statistically sampling from distributions learned during training but linguistically synthesising information retrieved through formal queries against the graph, which drastically reduces the probability of generating content without verifiable foundation. This improvement in basic reliability is complemented by precise diagnostic capability when errors inevitably occur: the architecture makes it possible to determine whether the problem lay in incorrect information in the graph, in a poorly formulated SPARQL query that retrieved irrelevant triples, or in inadequate linguistic synthesis that distorted correctly retrieved information. This discrimination between sources of error directly determines which technical intervention will resolve the problem, enabling effective corrections rather than speculative adjustments to systems whose internal functioning remains opaque.

The reproducibility guaranteed through formal standards enables independent retrospective verification that is crucial in high-risk applications. When an automated decision is called into question, the system's records allow independent auditors to reproduce exactly the process that was executed: examining which SPARQL query was generated from the natural language input, verifying which RDF triples were retrieved when that query was executed against the graph, inspecting which description logic reasoning was applied to those triples, and evaluating whether the final linguistic synthesis faithfully represents the retrieved information. This scrutiny does not depend on approximate interpretability techniques but on direct inspection of the process actually executed, which transforms auditing from a forensic investigation of black boxes into technical verification of documented operations — a capability that is fundamental to keeping people at the centre of the technological system by ensuring they retain effective capacity for understanding and oversight of the decisions that affect them.

Regulatory compliance in this architecture does not result from implementing lists of requirements through added components but emerges inevitably from the fundamental properties of the system. When every decision is anchored in structured knowledge accessible through open standards and every step of the reasoning is recorded in inspectable formal operations, external audit becomes a straightforward technical exercise of verifying conformity between declared specifications and observable behaviour. Transparency, precise data governance, and effective human oversight are not compliance layers superimposed on an opaque architecture but properties inherent to a design where knowledge and reasoning mechanisms are explicit structures governed by formal semantics that can be interpreted, verified, and corrected by agents external to the system — thereby ensuring that technology remains in the service of people and their fundamental values rather than becoming an inscrutable technical authority that erodes the human autonomy and dignity that the regulatory framework seeks to protect.