Creating Custom Policies

Custom policies allow you to define organization-specific rules that go beyond standard GDPR and EU AI Act compliance. These policies can address industry regulations, company standards, or unique risk scenarios.

Policy Components

Policy Prompt

The AI instruction that defines what to look for and how to evaluate requests

Category & Tags

Classification system for routing and analytics using hashtag notation

Version Control

Track policy changes over time with version numbers and rollback capability

Activation Rules

When the policy should be active and applied to requests

Custom Policy Examples

Financial Services Policy

# Financial Transaction Approval Policy

Evaluate requests for financial operations compliance:

- Look for transactions over $10,000 (#HighValue)
- Detect international transfers (#InternationalTransfer) 
- Flag cryptocurrency operations (#CryptoTransaction)
- Identify AML/KYC implications (#Compliance)

Risk Levels:
- High: Transactions over $50,000 or to sanctioned countries
- Medium: Cross-border transfers or new customer transactions
- Low: Domestic transfers under $10,000 with established customers

Healthcare Policy

# Healthcare Data Protection Policy

Ensure HIPAA compliance for medical AI applications:

- Detect protected health information (#PHI)
- Flag medical diagnosis assistance (#MedicalDiagnosis)
- Monitor prescription recommendations (#Prescription)
- Check research data usage (#MedicalResearch)

Critical Risk: Any diagnosis or treatment recommendations
High Risk: PHI processing without explicit consent
Medium Risk: De-identified medical data analysis

Understanding Policies

Learn policy fundamentals

Bias & Fairness Policy

Prevent discriminatory AI decisions