Brazil AI Bill (PL 2338/2023) — Senate-approved Draft
PL 2338/2023 is Brazil's Senate-approved AI bill, establishing a rights-based framework that includes a right to explanation, a right to human review of automated decisions, and a risk-classification regime for AI providers and operators. Ledgix customers operating in Brazil can produce per-decision explanation and traceability evidence today.
Status: Full — every control resolves to an artifact Ledgix produces today, including the Phase 4 impact-assessment records that underpin the full risk classification.
Scope
The draft law applies to providers and operators of AI systems affecting persons in Brazil, and classifies systems into excessive-risk, high-risk, and other tiers. Controls span individual rights (explanation, human review), provider-side governance measures for high-risk systems, and recordkeeping/traceability for post-market oversight.
Controls covered
| Field | Type | Required | Description |
|---|---|---|---|
| BR-AI-Art3-IV | events_jsonl | Right to information and explanation | Per-decision explanation suitable for direct disclosure to affected persons. |
| BR-AI-Art3-VI | events_jsonl | Right to human review of automated decisions | Human-principal + HITL-review fields demonstrate availability and execution of human review. |
| BR-AI-Art13 | events_jsonl / policy_snapshots | Preliminary risk classification | Coarse-grained risk classification by action category; full AIA available via Phase 4 impact assessments. |
| BR-AI-Art20 | policy_snapshots / checkpoint_chain | Governance measures for high-risk AI | Versioned governance documents per policy plus continuous operational integrity. |
| BR-AI-Art25 | events_jsonl / proof_index / key_history | Record-keeping and traceability | Complete per-decision record with Merkle inclusion proofs and signing-key custody. |
Evidence types referenced
- events_jsonl — per-decision reason, citations, and evidence chunks.
- policy_snapshots — versioned governance documents per policy.
- checkpoint_chain — operational integrity evidence.
- proof_index — Merkle inclusion proofs for each decision.
- key_history — signing-key custody history enabling long-horizon traceability.
Known gaps (if any)
None at the control level today — coarse-grained risk classification is provided by action_category on every decision. Tenants handling high-impact systems can attach structured Phase 4 impact assessments (AIAs) for richer Art. 13 coverage when the bill requires formal AIA documentation.
Audit pack workflow
Export an evidence ZIP for this framework from the admin console's Evidence Exports panel by selecting Brazil AI Bill (PL 2338/2023) — Senate-approved Draft and a time window. Each control's evidence_locators[] in the included framework_mapping.json points to the corresponding file in the ZIP.
References
- Framework mapping JSON:
vault/internal/compliance/frameworks/brazil_pl_2338.json - Canonical source: PL n° 2338, de 2023 — Senado Federal