A Benchmark for Strategic Auditee Gaming Under Continuous Compliance Monitoring

TL;DR

This paper formalizes and analyzes strategic gaming in continuous compliance audits, proposing new policies and tools to understand and mitigate gaming tactics under emerging regulations.

Contribution

It introduces a formal Stackelberg game model for continuous audits, identifies structural limitations of static auditing, and develops new policies and a simulation library for empirical study.

Findings

Two minimal extension policies close coverage and granularity gaps separately.

An audit-aware strategy exploiting Stackelberg commitment defeats static policies.

A library of strategies and policies calibrated to real audit data supports empirical analysis.

Abstract

Continuous post-deployment compliance audits, mandated by emerging regulations such as the EU AI Act and Digital Services Act, create a class of strategic gaming distinct from the one-shot input/output gaming studied in prior work. Regulated systems can delay outcome reporting, drift their reports within plausible noise envelopes, exploit longitudinal sample attrition, and cherry-pick among ambiguous metric definitions. We formalize continuous auditing as a $T$-round Stackelberg game between an auditor that commits to a temporal policy and an adaptive auditee, and identify a structural feature of any noise-aware static-auditor design: a cover regime in which coverage gaps and granularity gaps cannot be closed simultaneously. We make this formal as Observation 1 and show that two minimal extension policies, each derived from the observation, close the regime along orthogonal axes: a sample-size-aware static rule (Periodic-with-floor) closes the granularity-failure case, while a history-conditioned suspicion-escalation policy closes the coverage-failure case for the naive Drift strategy -- and neither closes both, exactly as the observation predicts; an audit-aware OffAuditDrift strategy that exploits Stackelberg commitment defeats both. To support empirical study we contribute a non-additive harm decomposition (welfare loss $W$, coverage loss $C$) that exposes how attrition shifts harm from the regulator-accountable surface to a regulator-invisible one; an initial library of five auditee strategies (Delay, Drift, Cherry-pick, Attrition, OffAuditDrift) and five auditor policies, calibrated to summary statistics from published audits of the DSA Transparency Database; and a reproducible simulator with a small, extensible Python interface.