Calls ai.redact@1 over the source text. Beyond masking, the host runs the four Latvian PII regex detectors (personas kods, IBAN, e-mail, phone) and returns the deterministic signal set the risk decision consumes: personasKodaPresent, financialDataPresent, contactDataPresent, piiCategoryCount, detectedEntityTypes, plus redactedContent. No model inference — pure pattern detection. DMN dmn/assess-personal-data-risk.dmn. Maps the PII signal set to personalDataRisk (NONE | LOW | MEDIUM | HIGH) by explicit ranked rules. Personas kods or IBAN forces HIGH; two or more categories or contact data gives MEDIUM. Deterministic and auditable. DMN dmn/gdpr-processing-route.dmn. From personalDataRisk and allowCentralization decides processingRoute (CENTRAL | LOCAL), anonymizationRequired and redactionLevel. This is the routing rule extracted from the host's generate_semantic_metadata: a sensitive document where centralisation is not permitted stays LOCAL with full redaction. Calls ai.extract@1 on redactedContent with the VDVC v1.1 output schema. This is the single bounded model step: it produces the semanticSummary (topic, summary, keywords, urgency, risk) and must validate against resources/schemas/vdvc-semantic-summary. The host also returns flat aiConfidenceScore and the result of the post-extraction PII re-scan as outputPiiErrorCount. DMN dmn/human-validation-gate.dmn. From outputPiiErrorCount, aiConfidenceScore and personalDataRisk decides humanValidationStatus (REJECTED | PENDING_REVIEW | APPROVED_AUTO) and requiresHumanReview. Any leaked PII or confidence below 0.3 rejects; below 0.7, or HIGH risk, forces review; 0.7 and above with clean output auto-approves. The thresholds are the weights. Calls event.emit@1 to publish a CloudEvent carrying the semantic summary, the routing decision and the validation status.