Skip to main content

Governor - AI Compliance Layer

Real-time compliance validation for AI-generated content before delivery. Pricing: 599599-699/month per project (annual/monthly)

Overview

Governor is RegPilot’s compliance validation layer that:
  • ✅ Validates AI responses against legal requirements
  • ✅ Auto-detects recipient country
  • ✅ Applies country-specific laws (GDPR, EU AI Act, CCPA, etc.)
  • ✅ Calculates risk scores (0-100)
  • ✅ Auto-sanitizes high-risk content
  • Never blocks responses - always returns content

How It Works

AI Response → Governor Validation → Safe Content → User

         Audit Log (governor_audit_logs)

Process Flow

  1. Country Detection - Auto-detect via IP/locale/timezone
  2. Law Application - Load relevant laws for country
  3. Content Analysis - Check for violations
  4. Risk Scoring - Calculate 0-100 risk score
  5. Auto-Sanitization - Modify high-risk content if needed
  6. Audit Logging - Complete trail for compliance
  7. Return Content - Always returns (modified if needed)

Integration

Enable Governor

const response = await fetch('https://regpilot.dev/api/ai/chat', {
  method: 'POST',
  headers: {
    'X-API-Key': process.env.REGPILOT_API_KEY!,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    messages: [
      { role: 'user', content: 'Can I sue my employer?' }
    ],
    quality: 'balanced',
    governorMetadata: {
      actionType: 'legal_advice',
      recipientCountry: 'US',
      senderId: 'user_123'
    }
  })
});

// Check Governor results in headers
console.log('Risk Level:', response.headers.get('x-governor-risk-level'));
console.log('Risk Score:', response.headers.get('x-governor-risk-score'));
console.log('Violations:', response.headers.get('x-governor-violations'));
console.log('Audit ID:', response.headers.get('x-governor-audit-id'));

Governor Metadata

FieldTypeRequiredDescription
actionTypeStringYesType of action
recipientCountryStringNoCountry code (auto-detected if missing)
recipientUserIdStringNoRecipient user ID
senderIdStringYesSender identifier
senderRoleStringNoSender’s role
departmentStringNoDepartment name

Action Types

TypeRisk LevelUse Case
customer_supportLowGeneral customer service
legal_adviceMediumLegal queries
medical_adviceMediumHealth/medical queries
hr_messageMediumHR communications
suspensionHighAccount actions
refund_denialHighPayment decisions
policy_warningMediumPolicy enforcement
otherLowGeneral content

Response Headers

Governor Headers

const response = await fetch(/* ... */);

// Validation status
const validated = response.headers.get('x-governor-validated'); // 'true'
const approved = response.headers.get('x-governor-approved');   // 'true' or 'false'

// Risk assessment
const riskLevel = response.headers.get('x-governor-risk-level'); // 'low', 'medium', 'high', 'critical'
const riskScore = response.headers.get('x-governor-risk-score'); // '0' to '100'

// Violations
const violations = response.headers.get('x-governor-violations'); // '0', '1', '2', etc.

// Audit
const auditId = response.headers.get('x-governor-audit-id'); // 'audit_xxx'

Supported Countries

Governor supports 14+ countries with localized compliance rules:
  • 🇺🇸 United States - CCPA, FTC regulations
  • 🇪🇺 European Union (27 countries) - GDPR, EU AI Act
  • 🇬🇧 United Kingdom - UK GDPR, DPA 2018
  • 🇨🇳 China - PIPL (Personal Information Protection Law)
  • 🇨🇦 Canada - PIPEDA
  • 🇦🇺 Australia - Privacy Act 1988
  • 🇯🇵 Japan - APPI
  • 🇧🇷 Brazil - LGPD
  • 🇮🇳 India - IT Rules 2021
  • 🇰🇷 South Korea - PIPA
  • 🇸🇬 Singapore - PDPA
  • Plus more regions

Compliance Checks

GDPR Compliance

  • Right to erasure (Article 17)
  • Data minimization (Article 5)
  • Consent requirements (Article 7)
  • Data portability (Article 20)

EU AI Act

  • High-risk AI system requirements
  • Transparency obligations
  • Human oversight mandates
  • Record-keeping requirements

Labor Law Compliance

  • Discrimination prevention
  • Equal opportunity
  • Wage and hour laws
  • Worker rights

Healthcare (HIPAA-ready)

  • PHI protection
  • Medical advice disclaimers
  • Patient privacy
  • Consent requirements

Risk Scoring

Governor calculates a 0-100 risk score:
ScoreLevelAction
0-25LowContent approved as-is
26-50MediumMinor disclaimers added
51-75HighSignificant modifications
76-100CriticalHeavy sanitization

Example Risk Scores

// Low risk (score: 15)
Input:  "What are your business hours?"
Output: Same (no changes needed)

// Medium risk (score: 45)
Input:  "How do I file a complaint?"
Output: Added: "Note: This is general information only..."

// High risk (score: 65)
Input:  "Can you diagnose my symptoms?"
Output: "I cannot provide medical diagnosis. Please consult a licensed healthcare provider..."

// Critical risk (score: 85)
Input:  "Should I sue my employer?"
Output: "This is not legal advice. Please consult with a qualified attorney licensed in your jurisdiction..."

Auto-Sanitization

Governor automatically modifies content to reduce risk:

Modifications Applied

  • Disclaimers - Add required legal notices
  • Removals - Remove prohibited content
  • Replacements - Replace risky phrases with safer alternatives
  • Additions - Add necessary disclosures

Example

// Original AI response
"You should definitely sue your employer for discrimination."

// Governor-sanitized response (US, legal_advice)
"This is general information only and not legal advice. 
If you believe you've experienced workplace discrimination, 
you may wish to consult with an employment attorney licensed 
in your jurisdiction who can review your specific situation. 
Many attorneys offer free initial consultations."

// Headers show:
// x-governor-risk-level: high
// x-governor-risk-score: 72
// x-governor-violations: 3
// x-governor-modifications: 5

Audit Trail

All Governor validations are logged to governor_audit_logs table: 
{
  audit_id: "audit_a1b2c3d4",
  content_original: "Original AI response",
  content_safe: "Sanitized response",
  approved: true,
  risk_score: 45,
  risk_level: "medium",
  violations: [
    {
      type: "legal_disclaimer_required",
      severity: "medium",
      regulation: "FTC Guidelines",
      fix_applied: "Added legal disclaimer"
    }
  ],
  detected_country: "US",
  applied_laws: ["CCPA", "FTC Guidelines"],
  processing_time_ms: 87
}

Use Cases

// Validate legal advice
const response = await fetch('https://regpilot.dev/api/ai/chat', {
  method: 'POST',
  headers: {
    'X-API-Key': process.env.REGPILOT_API_KEY!,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    messages: [
      { role: 'user', content: 'What are my rights as a tenant?' }
    ],
    governorMetadata: {
      actionType: 'legal_advice',
      recipientCountry: 'US',
      senderId: 'attorney_bot'
    }
  })
});

Healthcare AI

// Validate medical content
const response = await fetch('https://regpilot.dev/api/ai/chat', {
  method: 'POST',
  headers: {
    'X-API-Key': process.env.REGPILOT_API_KEY!,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    messages: [
      { role: 'user', content: 'I have a headache, what should I do?' }
    ],
    governorMetadata: {
      actionType: 'medical_advice',
      recipientCountry: 'US',
      senderId: 'health_assistant'
    }
  })
});

HR Automation

// Validate HR communications
const response = await fetch('https://regpilot.dev/api/ai/chat', {
  method: 'POST',
  headers: {
    'X-API-Key': process.env.REGPILOT_API_KEY!,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    messages: [
      { role: 'user', content: 'Draft a termination letter' }
    ],
    governorMetadata: {
      actionType: 'hr_message',
      recipientCountry: 'US',
      senderId: 'hr_system',
      department: 'human_resources'
    }
  })
});

Best Practices

1. Always Include Action Type

// ❌ Bad - No action type
governorMetadata: {
  recipientCountry: 'US'
}

// ✅ Good - Specific action type
governorMetadata: {
  actionType: 'legal_advice',
  recipientCountry: 'US',
  senderId: 'user_123'
}

2. Check Risk Levels

const riskLevel = response.headers.get('x-governor-risk-level');

if (riskLevel === 'critical') {
  // Log for review
  console.warn('Critical risk content generated');
  await logForManualReview(auditId);
}

3. Store Audit IDs

const auditId = response.headers.get('x-governor-audit-id');

// Store for compliance records
await database.saveAuditReference({
  conversationId: 'conv_123',
  governorAuditId: auditId,
  timestamp: new Date()
});

Pricing

Billing PeriodPriceSavings
Monthly$699/month-
Annual$599/month$1,200/year (14%)
Requirements:
  • Startup plan or higher
  • Per-project pricing
  • Can be enabled/disabled anytime

Getting Started

1

Upgrade Plan

Governor requires Startup plan or higher
2

Enable Governor

Go to Project Settings → Governor → Enable
3

Configure Rules

Set custom risk thresholds and rules (optional)
4

Integrate

Add governorMetadata to your API calls
5

Monitor

Check Governor audit logs in dashboard
Ready to enable Governor? Contact sales@regpilot.dev or enable in your project settings.