Rule Templates
Rule Templates are pre-built policy rules provided by VeriProof for common regulatory requirements and industry best practices. Use them to get started quickly without building every rule from scratch.
Available template categories:
- EU AI Act — risk management, transparency, human oversight
- ISO 42001 — lifecycle monitoring, continual improvement
- GDPR — consent disclosure, data subject rights notices
- Data security — PII detection, secret leakage prevention
- Content safety — toxicity, hate speech, self-harm
- Custom industry — financial advice disclaimers, medical triage escalation, legal advice detection
Using a template:
- Open Rules Builder and click Browse templates.
- Filter by category or search by name.
- Click Preview to review the rule before you apply it.
- Click Use template to create a copy of the rule in draft mode in your organisation.
- Adjust the conditions, scope, and notification channels, then activate it when you are ready.
Policy Rule Templates
The Rule Template Gallery provides a curated library of pre-built policy rules for common AI risk scenarios. Each template includes the conditions, thresholds, and notification actions teams commonly need so you can reach a strong baseline quickly.
Available to: Administrator, Developer. Navigate to Rules in the portal sidebar, then select Template Gallery.
Using the Template Gallery
- Navigate to Rules → Template Gallery.
- Browse or search templates by category, risk level, or framework (e.g., EU AI Act, NIST AI RMF).
- Click a template card to preview its conditions and recommended configuration.
- Click Apply Template to add it to your rules list as a draft.
- Adjust any thresholds or notification targets to match your environment.
- Click Activate to put the rule into effect.
You can apply the same template multiple times with different scope settings — for example, applying a high-risk alert template separately to your production application and your staging application with different notification targets.
Template Categories
High-Risk Decision Alerting
Templates that fire when individual sessions meet criteria indicating elevated risk.
| Template | Trigger condition | Default action |
|---|---|---|
| Blocked guardrail | Any session where guardrail action = blocked | Immediate email to compliance alias |
| Critical risk session | Risk level = CRITICAL | Immediate email + webhook |
| Low-confidence production decision | Confidence < 0.6 AND application tier = Production | Email notification |
| Denied decision in regulated context | Outcome = DENIED AND intent matches configured regulated-use labels | Email + in-portal alert |
| Human oversight absent | Session lacks human oversight annotation AND risk level ≥ HIGH | Email notification, 15-min delay |
Policy Score Monitoring
Templates that track aggregate policy posture rather than individual sessions.
| Template | Trigger condition | Default action |
|---|---|---|
| Score below target | Application rolling 7-day score drops below configured target | Email notification, daily digest |
| Score regression | Application 7-day score drops ≥ 10 points in 48 hours | Immediate email + webhook |
| Anchor coverage drop | Blockchain anchor success rate < 98% | Immediate webhook to ops channel |
| Grounding coverage decline | Percentage of sessions with grounding annotation drops ≥ 20% in 7 days | Weekly digest |
Regulatory Framework Templates
Templates pre-configured to support evidence collection for specific regulatory frameworks.
| Template | Framework | Purpose |
|---|---|---|
| EU AI Act — Article 9 monitoring | EU AI Act | Fires on any session that meets the high-risk decision profile defined in the operator’s Article 9 risk management plan |
| NIST AI RMF — Measure function | NIST AI RMF | Monitors governance score against NIST Measure function benchmarks |
| ISO 42001 — Oversight coverage | ISO/IEC 42001 | Alerts when human oversight annotation coverage falls below the Annex A.10.3 threshold |
| SOC 2 — Minimum logging | SOC 2 Type II | Verifies that anchor coverage and audit log completeness remain ≥ 99.5% |
| HIPAA — PHI redaction monitoring | HIPAA | Alerts if sessions flagged as potentially containing PHI are not redacted within the configured policy window |
Operational Health Templates
Templates that monitor SDK and pipeline health rather than session-level governance.
| Template | Trigger condition | Default action |
|---|---|---|
| SDK export failures | SDK export error rate > 1% in 1-hour window | Immediate pagerduty / webhook |
| Circuit breaker opened | SDK circuit breaker state changes to OPEN | Immediate webhook to ops |
| Session volume anomaly | Session ingestion rate drops > 50% below 7-day baseline | Email to engineering alias |
| New model detected | A model identifier not previously seen appears in session data | Email to compliance alias |
Customizing a Template
Every field in a template is editable after you apply it. Common adjustments include:
- Threshold tuning — change numeric thresholds (risk levels, confidence scores, percentages) to match your risk appetite
- Scope narrowing — restrict the rule to a specific application rather than “All Applications”
- Notification routing — replace the default email alias with your incident management webhook URL
- Schedule — change real-time firing to a daily or weekly digest for lower-urgency rules
Changes to an active rule take effect on the next session evaluated — there is no propagation delay.
Versioning and Rule History
All rule changes are recorded in the governance audit log with the identity of the user who made the change and the timestamp. You can view the full change history for any rule from the rule detail page.
Deactivating a rule does not delete it or its history. Deleted rules are soft-deleted and remain in the audit log. Permanent deletion requires the Administrator role and cannot be undone.