> ## Documentation Index > Fetch the complete documentation index at: https://docs.regpilot.dev/llms.txt > Use this file to discover all available pages before exploring further. # Governor > Real-time compliance validation for AI-generated content # Governor - AI Compliance Layer Real-time compliance validation for AI-generated content before delivery. **Pricing:** $599-$699/month per project (annual/monthly) ## Overview Governor is RegPilot's compliance validation layer that: * ✅ Validates AI responses against legal requirements * ✅ Auto-detects recipient country * ✅ Applies country-specific laws (GDPR, EU AI Act, CCPA, etc.) * ✅ Calculates risk scores (0-100) * ✅ Auto-sanitizes high-risk content * ✅ **Never blocks responses** - always returns content ## How It Works ``` AI Response → Governor Validation → Safe Content → User ↓ Audit Log (governor_audit_logs) ``` ### Process Flow 1. **Country Detection** - Auto-detect via IP/locale/timezone 2. **Law Application** - Load relevant laws for country 3. **Content Analysis** - Check for violations 4. **Risk Scoring** - Calculate 0-100 risk score 5. **Auto-Sanitization** - Modify high-risk content if needed 6. **Audit Logging** - Complete trail for compliance 7. **Return Content** - Always returns (modified if needed) ## Integration ### Enable Governor ```typescript theme={null} const response = await fetch('https://regpilot.dev/api/ai/chat', { method: 'POST', headers: { 'X-API-Key': process.env.REGPILOT_API_KEY!, 'Content-Type': 'application/json' }, body: JSON.stringify({ messages: [ { role: 'user', content: 'Can I sue my employer?' } ], quality: 'balanced', governorMetadata: { actionType: 'legal_advice', recipientCountry: 'US', senderId: 'user_123' } }) }); // Check Governor results in headers console.log('Risk Level:', response.headers.get('x-governor-risk-level')); console.log('Risk Score:', response.headers.get('x-governor-risk-score')); console.log('Violations:', response.headers.get('x-governor-violations')); console.log('Audit ID:', response.headers.get('x-governor-audit-id')); ``` ### Governor Metadata | Field | Type | Required | Description | | ------------------ | ------ | -------- | --------------------------------------- | | `actionType` | String | Yes | Type of action | | `recipientCountry` | String | No | Country code (auto-detected if missing) | | `recipientUserId` | String | No | Recipient user ID | | `senderId` | String | Yes | Sender identifier | | `senderRole` | String | No | Sender's role | | `department` | String | No | Department name | ### Action Types | Type | Risk Level | Use Case | | ------------------ | ---------- | ------------------------ | | `customer_support` | Low | General customer service | | `legal_advice` | Medium | Legal queries | | `medical_advice` | Medium | Health/medical queries | | `hr_message` | Medium | HR communications | | `suspension` | High | Account actions | | `refund_denial` | High | Payment decisions | | `policy_warning` | Medium | Policy enforcement | | `other` | Low | General content | ## Response Headers ### Governor Headers ```typescript theme={null} const response = await fetch(/* ... */); // Validation status const validated = response.headers.get('x-governor-validated'); // 'true' const approved = response.headers.get('x-governor-approved'); // 'true' or 'false' // Risk assessment const riskLevel = response.headers.get('x-governor-risk-level'); // 'low', 'medium', 'high', 'critical' const riskScore = response.headers.get('x-governor-risk-score'); // '0' to '100' // Violations const violations = response.headers.get('x-governor-violations'); // '0', '1', '2', etc. // Audit const auditId = response.headers.get('x-governor-audit-id'); // 'audit_xxx' ``` ## Supported Countries Governor supports **14+ countries** with localized compliance rules: * 🇺🇸 **United States** - CCPA, FTC regulations * 🇪🇺 **European Union** (27 countries) - GDPR, EU AI Act * 🇬🇧 **United Kingdom** - UK GDPR, DPA 2018 * 🇨🇳 **China** - PIPL (Personal Information Protection Law) * 🇨🇦 **Canada** - PIPEDA * 🇦🇺 **Australia** - Privacy Act 1988 * 🇯🇵 **Japan** - APPI * 🇧🇷 **Brazil** - LGPD * 🇮🇳 **India** - IT Rules 2021 * 🇰🇷 **South Korea** - PIPA * 🇸🇬 **Singapore** - PDPA * Plus more regions ## Compliance Checks ### GDPR Compliance * Right to erasure (Article 17) * Data minimization (Article 5) * Consent requirements (Article 7) * Data portability (Article 20) ### EU AI Act * High-risk AI system requirements * Transparency obligations * Human oversight mandates * Record-keeping requirements ### Labor Law Compliance * Discrimination prevention * Equal opportunity * Wage and hour laws * Worker rights ### Healthcare (HIPAA-ready) * PHI protection * Medical advice disclaimers * Patient privacy * Consent requirements ## Risk Scoring Governor calculates a **0-100 risk score**: | Score | Level | Action | | ------ | ------------ | ------------------------- | | 0-25 | **Low** | Content approved as-is | | 26-50 | **Medium** | Minor disclaimers added | | 51-75 | **High** | Significant modifications | | 76-100 | **Critical** | Heavy sanitization | ### Example Risk Scores ```typescript theme={null} // Low risk (score: 15) Input: "What are your business hours?" Output: Same (no changes needed) // Medium risk (score: 45) Input: "How do I file a complaint?" Output: Added: "Note: This is general information only..." // High risk (score: 65) Input: "Can you diagnose my symptoms?" Output: "I cannot provide medical diagnosis. Please consult a licensed healthcare provider..." // Critical risk (score: 85) Input: "Should I sue my employer?" Output: "This is not legal advice. Please consult with a qualified attorney licensed in your jurisdiction..." ``` ## Auto-Sanitization Governor automatically modifies content to reduce risk: ### Modifications Applied * **Disclaimers** - Add required legal notices * **Removals** - Remove prohibited content * **Replacements** - Replace risky phrases with safer alternatives * **Additions** - Add necessary disclosures ### Example ```typescript theme={null} // Original AI response "You should definitely sue your employer for discrimination." // Governor-sanitized response (US, legal_advice) "This is general information only and not legal advice. If you believe you've experienced workplace discrimination, you may wish to consult with an employment attorney licensed in your jurisdiction who can review your specific situation. Many attorneys offer free initial consultations." // Headers show: // x-governor-risk-level: high // x-governor-risk-score: 72 // x-governor-violations: 3 // x-governor-modifications: 5 ``` ## Audit Trail All Governor validations are logged to `governor_audit_logs` table: ```typescript theme={null} { audit_id: "audit_a1b2c3d4", content_original: "Original AI response", content_safe: "Sanitized response", approved: true, risk_score: 45, risk_level: "medium", violations: [ { type: "legal_disclaimer_required", severity: "medium", regulation: "FTC Guidelines", fix_applied: "Added legal disclaimer" } ], detected_country: "US", applied_laws: ["CCPA", "FTC Guidelines"], processing_time_ms: 87 } ``` ## Use Cases ### Legal Tech ```typescript theme={null} // Validate legal advice const response = await fetch('https://regpilot.dev/api/ai/chat', { method: 'POST', headers: { 'X-API-Key': process.env.REGPILOT_API_KEY!, 'Content-Type': 'application/json' }, body: JSON.stringify({ messages: [ { role: 'user', content: 'What are my rights as a tenant?' } ], governorMetadata: { actionType: 'legal_advice', recipientCountry: 'US', senderId: 'attorney_bot' } }) }); ``` ### Healthcare AI ```typescript theme={null} // Validate medical content const response = await fetch('https://regpilot.dev/api/ai/chat', { method: 'POST', headers: { 'X-API-Key': process.env.REGPILOT_API_KEY!, 'Content-Type': 'application/json' }, body: JSON.stringify({ messages: [ { role: 'user', content: 'I have a headache, what should I do?' } ], governorMetadata: { actionType: 'medical_advice', recipientCountry: 'US', senderId: 'health_assistant' } }) }); ``` ### HR Automation ```typescript theme={null} // Validate HR communications const response = await fetch('https://regpilot.dev/api/ai/chat', { method: 'POST', headers: { 'X-API-Key': process.env.REGPILOT_API_KEY!, 'Content-Type': 'application/json' }, body: JSON.stringify({ messages: [ { role: 'user', content: 'Draft a termination letter' } ], governorMetadata: { actionType: 'hr_message', recipientCountry: 'US', senderId: 'hr_system', department: 'human_resources' } }) }); ``` ## Best Practices ### 1. Always Include Action Type ```typescript theme={null} // ❌ Bad - No action type governorMetadata: { recipientCountry: 'US' } // ✅ Good - Specific action type governorMetadata: { actionType: 'legal_advice', recipientCountry: 'US', senderId: 'user_123' } ``` ### 2. Check Risk Levels ```typescript theme={null} const riskLevel = response.headers.get('x-governor-risk-level'); if (riskLevel === 'critical') { // Log for review console.warn('Critical risk content generated'); await logForManualReview(auditId); } ``` ### 3. Store Audit IDs ```typescript theme={null} const auditId = response.headers.get('x-governor-audit-id'); // Store for compliance records await database.saveAuditReference({ conversationId: 'conv_123', governorAuditId: auditId, timestamp: new Date() }); ``` ## Pricing | Billing Period | Price | Savings | | -------------- | ----------- | ------------------ | | Monthly | \$699/month | - | | Annual | \$599/month | \$1,200/year (14%) | **Requirements:** * Startup plan or higher * Per-project pricing * Can be enabled/disabled anytime ## Getting Started Governor requires Startup plan or higher Go to Project Settings → Governor → Enable Set custom risk thresholds and rules (optional) Add `governorMetadata` to your API calls Check Governor audit logs in dashboard *** **Ready to enable Governor?** Contact [sales@regpilot.dev](mailto:sales@regpilot.dev) or enable in your [project settings](https://regpilot.dev/settings).