EVE Core/ Docs/ Policy Packs
Reference

CoreGuard Policy Packs

Policy packs are the enforcement modules that define what CoreGuard checks, blocks, modifies, and allows. Each pack is a versioned, auditable collection of rules targeting a specific regulatory domain. This page documents every first-party policy pack, the rules each enforces, example request/response pairs, and how to request a custom pack for your organization.

Contents

  1. Policy Pack Architecture
  2. lending_v1 — Consumer Lending (ECOA / FCRA)
  3. healthcare_v1 — Clinical AI (HIPAA-Adjacent)
  4. insurance_v1 — Automated Underwriting
  5. enterprise_v1 — General Enterprise Assistant
  6. Requesting Custom Policy Packs
  7. Versioning and Changelog

Policy Pack Architecture

Every call to POST /v1/decisions/evaluate includes a policy_set field that names the pack to invoke. CoreGuard selects the corresponding evaluator, runs the action through its rule tree, and returns a disposition of ALLOWED, BLOCKED, or MODIFIED along with a signed decision certificate.

Each policy pack is composed of three layers:

All rules within a pack are evaluated deterministically — there is no probabilistic scoring in the rule path. Each rule either fires or does not, producing a structured PolicyViolation record when triggered. The highest-severity violation across all fired rules determines the final disposition.

Disposition precedence: If any rule triggers BLOCK, the disposition is BLOCKED regardless of other rules. If one or more MODIFY rules fire and no BLOCK fires, the disposition is MODIFIED. If no rules fire, the disposition is ALLOWED.

lending_v1 — Consumer Lending (ECOA / FCRA)

lending_v1 Consumer Lending Compliance — ECOA, FCRA, Fair Lending

The lending_v1 pack enforces compliance obligations arising from the Equal Credit Opportunity Act (ECOA), the Fair Credit Reporting Act (FCRA), Regulation B, and federal fair lending guidance. It is designed for AI systems operating in consumer lending workflows, including loan origination, automated underwriting, adverse action generation, and credit risk explanation.

What It Enforces

  • Prohibition on using protected class characteristics (race, sex, national origin, religion, age, marital status, receipt of public assistance) as inputs to credit decisions, directly or as proxies.
  • Mandatory adverse action notice requirements under ECOA and Regulation B — any BLOCKED or restricted credit action must be accompanied by the specific reasons required by 12 C.F.R. § 202.9.
  • FCRA consumer report usage controls — validates that consumer report data is being used for a permissible purpose and that dispute-related notations are not suppressed.
  • Fair lending disparate impact flag — triggers when a decision pattern across a session produces statistically anomalous outcomes on protected-class proxies.
  • APR and fee disclosure requirements — blocks any output that quotes a loan rate or fee schedule without the required TILA-style disclosure elements.
  • Prohibition on AI-generated adverse action language that does not match the CFPB-approved reason code taxonomy.

Key Rules

Rule IDSeverityDescription
lending.prohibited_basisBLOCKAction payload references a prohibited characteristic under ECOA directly or via a detected proxy feature.
lending.adverse_action_noticeBLOCKCredit denial or restriction lacks required adverse action reasons per Reg B § 202.9.
lending.fcra_permissible_purposeBLOCKConsumer report data is referenced without a declared permissible purpose.
lending.tila_disclosureMODIFYLoan offer contains rate or fee information without required TILA disclosure language.
lending.reason_code_taxonomyMODIFYAdverse action reason text does not conform to CFPB-approved reason code taxonomy.
lending.dispute_suppressionBLOCKDecision suppresses or ignores a FCRA consumer dispute notation present in the context.

Sample: BLOCKED Response (Prohibited Basis)

BLOCK
POST /v1/decisions/evaluate { "policy_set": "lending_v1", "user": { "id": "u_892", "role": "loan_officer" }, "action": { "type": "generate_credit_decision", "applicant_age": 67, "stated_rationale": "Applicant is 67 years old and likely retired; income stability uncertain." }, "context": {} }
{ "decision": { "status": "BLOCKED", "risk_level": "HIGH", "violations": [ { "rule_id": "lending.prohibited_basis", "severity": "HIGH", "description": "Decision rationale explicitly references applicant age, a prohibited basis under ECOA 15 U.S.C. § 1691.", "remediation": "Remove age-based reasoning. Re-evaluate using only permissible financial factors." } ], "modifications": null }, "audit_record": { "decision_id": "dec_01hwz3mq4k9p", "timestamp": "2026-05-05T14:22:11Z", "policy_set": "lending_v1", "disposition": "BLOCKED" } }

Sample: MODIFIED Response (Missing TILA Disclosure)

MODIFY
{ "decision": { "status": "MODIFIED", "risk_level": "MEDIUM", "violations": [ { "rule_id": "lending.tila_disclosure", "severity": "MEDIUM", "description": "Loan offer includes APR (7.99%) without required TILA disclosure language.", "remediation": "Append required annual percentage rate disclosure per Reg Z." } ], "modifications": { "append_text": "Annual Percentage Rate (APR): 7.99%. APR is subject to change. Federal law requires lenders to disclose the cost of credit." } } }

healthcare_v1 — Clinical AI (HIPAA-Adjacent)

healthcare_v1 Clinical AI Safety — HIPAA, FDA SaMD, Clinical Documentation

The healthcare_v1 pack governs AI operating in clinical workflows — including clinical decision support, ambient documentation, prior authorization assistance, and patient-facing health information. It enforces a combination of HIPAA privacy and security obligations, FDA guidance on Software as a Medical Device (SaMD), and clinical safety standards derived from recognized clinical informatics frameworks.

What It Enforces

  • Prohibition on AI-generated definitive diagnoses — any output that presents a diagnosis without the required qualifying language ("consult a licensed clinician") is blocked or modified to add the required disclaimer.
  • Drug dosage safety bounds — outputs containing medication dosage recommendations are checked against a curated clinical reference; anomalous dosages trigger a BLOCK with a safety alert.
  • PHI exposure detection — action payloads and outputs are scanned for unintended Protected Health Information exposure, including name, MRN, date of birth, diagnosis codes, and prescription identifiers.
  • Clinical certainty calibration — prohibits absolute certainty claims in diagnostic contexts where clinical evidence is probabilistic.
  • Anatomical plausibility checks — detects anatomically impossible or implausible statements in clinical notes and summaries.
  • Mandatory referral triggers — specified symptom clusters (including chest pain, stroke indicators, suicidal ideation) require the output to include a mandated emergency referral directive.

Key Rules

Rule IDSeverityDescription
clinical.no_definitive_diagnosisMODIFYOutput presents a diagnosis without required "consult a clinician" qualifier.
clinical.drug_dosage_anomalyBLOCKMedication dosage recommendation falls outside safe clinical reference bounds.
clinical.phi_exposureBLOCKOutput contains detectable PHI elements not authorized by the declared context.
clinical.certainty_calibrationMODIFYDiagnostic output uses absolute certainty language in a probabilistic clinical context.
clinical.emergency_referralMODIFYSymptom cluster matches emergency criteria; output must include referral directive.
clinical.anatomical_plausibilityBLOCKClinical output contains anatomically implausible statement detected by structural validation.

Sample: MODIFIED Response (Diagnosis Without Qualifier)

MODIFY
{ "decision": { "status": "MODIFIED", "risk_level": "MEDIUM", "violations": [ { "rule_id": "clinical.no_definitive_diagnosis", "severity": "MEDIUM", "description": "Output states 'The patient has Type 2 Diabetes' without required clinical qualifier.", "remediation": "Append required disclaimer language." } ], "modifications": { "append_text": "This AI-generated assessment is not a medical diagnosis. Please consult a licensed healthcare provider for evaluation and diagnosis.", "flag_for_clinician_review": true } } }

Sample: BLOCKED Response (Drug Dosage Anomaly)

BLOCK
{ "decision": { "status": "BLOCKED", "risk_level": "HIGH", "violations": [ { "rule_id": "clinical.drug_dosage_anomaly", "severity": "HIGH", "description": "Recommended metformin dose (8,000 mg/day) exceeds maximum safe daily dose (2,550 mg/day per clinical reference).", "remediation": "Remove dosage recommendation. Refer to prescribing clinician for dose determination." } ] } }

insurance_v1 — Automated Underwriting

insurance_v1 Insurance Underwriting — State Regulatory Compliance, Adverse Action

The insurance_v1 pack targets AI used in property and casualty, life, and health insurance underwriting. It enforces state-level unfair discrimination prohibitions, adverse action notice requirements under applicable state insurance codes, and federal protections including the Genetic Information Nondiscrimination Act (GINA) for life and health products.

What It Enforces

  • Unfair discrimination prohibition — blocks use of race, color, national origin, or religion as underwriting factors; enforces state-specific lists of prohibited characteristics (which vary by jurisdiction).
  • Credit score usage controls — in states with restrictions on insurance credit scoring (California, Hawaii, Maryland, Massachusetts, Michigan), flags non-compliant use of credit-based insurance scores.
  • GINA compliance — blocks any request to use genetic test results or genetic predisposition information in life, disability, or long-term care underwriting decisions.
  • Adverse action notice requirements — any declination, non-renewal, or significant premium increase must include state-required reason statements; missing notices trigger BLOCK.
  • Actuarial justification flag — algorithm-driven rate differentials exceeding a configurable threshold without declared actuarial basis are flagged for review.
  • Territory rating controls — validates that geographic rating factors are derived from permissible actuarial data, not proxies for protected class membership.

Key Rules

Rule IDSeverityDescription
insurance.unfair_discriminationBLOCKUnderwriting decision uses a prohibited characteristic as a rating or eligibility factor.
insurance.gina_violationBLOCKGenetic information is referenced in a life or health underwriting context.
insurance.credit_score_stateBLOCKCredit-based insurance score used in a jurisdiction where such use is prohibited.
insurance.adverse_action_noticeBLOCKDeclination or adverse action lacks required state-mandated reason statement.
insurance.actuarial_justificationMODIFYRate differential exceeds threshold without declared actuarial basis; flags for actuarial review.
insurance.territory_ratingMODIFYGeographic rating factor lacks permissible actuarial data declaration.

Sample: BLOCKED Response (GINA Violation)

BLOCK
{ "decision": { "status": "BLOCKED", "risk_level": "HIGH", "violations": [ { "rule_id": "insurance.gina_violation", "severity": "HIGH", "description": "Context includes BRCA1 genetic test result referenced in a life insurance underwriting action. Use of genetic information in life underwriting is prohibited under GINA Title II.", "remediation": "Remove genetic information from underwriting context. Re-evaluate using permissible medical history factors only." } ] } }

enterprise_v1 — General Enterprise Assistant

enterprise_v1 Enterprise AI Guardrails — General Workplace Assistant

The enterprise_v1 pack provides broad AI governance coverage for general-purpose enterprise AI assistants — co-pilots, document drafters, HR tools, and internal knowledge systems. It enforces common enterprise compliance obligations including Title VII and ADA employment law constraints, confidentiality protections, PII/PIPA safeguards, and acceptable use policy enforcement.

What It Enforces

  • Employment law constraints — blocks AI-generated employment decisions (hiring recommendations, performance evaluations, termination suggestions) that reference protected class characteristics under Title VII, the ADA, or the ADEA.
  • Confidentiality classification controls — detects outputs that reference or reproduce content tagged as CONFIDENTIAL or RESTRICTED in the enterprise data classification schema.
  • PII minimization — flags outputs that include unnecessary personal identifiers; triggers MODIFY to redact or generalize identifiers not required for the stated purpose.
  • Legal advice boundary — blocks the AI from presenting output as legal advice or professional legal opinion; mandates "consult your legal counsel" qualifier for legal interpretation outputs.
  • Financial advice boundary — applies the same pattern for financial advice, mandating disclosure that the output does not constitute regulated investment advice.
  • Acceptable use enforcement — configurable blocklist for topics and output types designated off-limits under the customer's acceptable use policy, evaluated via keyword and semantic matching.

Key Rules

Rule IDSeverityDescription
enterprise.employment_protected_classBLOCKEmployment decision references a protected class characteristic under Title VII, ADA, or ADEA.
enterprise.confidentiality_leakBLOCKOutput reproduces content classified CONFIDENTIAL or RESTRICTED without authorization context.
enterprise.pii_minimizationMODIFYOutput includes personal identifiers not required for the declared purpose.
enterprise.legal_advice_boundaryMODIFYOutput presents legal interpretation without required "consult legal counsel" qualifier.
enterprise.financial_advice_boundaryMODIFYOutput presents investment or financial guidance without required disclosure language.
enterprise.acceptable_useBLOCKOutput matches topic or content type on customer-configured acceptable use blocklist.

Sample: ALLOWED Response

ALLOW
{ "decision": { "status": "ALLOWED", "risk_level": "LOW", "violations": [], "modifications": null }, "audit_record": { "decision_id": "dec_01hwz8nq2r4m", "timestamp": "2026-05-05T14:30:44Z", "policy_set": "enterprise_v1", "disposition": "ALLOWED" } }

Requesting Custom Policy Packs

Every regulated industry has compliance requirements that no standard pack fully addresses. CoreGuard supports fully custom policy packs — authored in collaboration with EVE Core's policy engineering team and your compliance counsel — that encode your organization's specific regulatory obligations, internal policies, and risk tolerance thresholds.

Custom Pack Development Process

  1. Requirements intake — Your legal and compliance team documents the regulatory obligations and internal policies the pack must enforce, including the specific actions, outputs, and data elements in scope.
  2. Rule authoring — EVE Core's policy engineering team translates regulatory text and internal policy into CoreGuard rule definitions. Each rule is mapped to a specific statutory or policy citation.
  3. Simulation testing — The draft pack is run against a corpus of synthetic test cases, including adversarial edge cases. Results are reviewed with your compliance team before deployment.
  4. Version assignment — The finalized pack is assigned a versioned identifier (e.g., regional_lending_v1) and deployed to your CoreGuard instance. All subsequent evaluations using that pack are tied to the specific rule version in the audit certificate.
  5. Ongoing maintenance — As regulations change, EVE Core provides pack update notifications and a structured amendment process so your enforcement layer stays current.

Custom pack development is available on Enterprise plans. To begin the requirements intake process, contact [email protected] or speak with your account manager.

Custom rule constraints: Custom rules can add restrictions and new enforcement obligations to a base pack. Custom rules cannot disable or weaken rules in the base pack — each versioned base pack's core protections are immutable. This design ensures that compliance obligations derived from law cannot be configured away at the application layer.

Versioning and Changelog

Policy packs follow semantic versioning. The major version number increments when a rule change would break existing integrations — for example, when a new BLOCK rule is added that would cause previously-ALLOWED requests to be BLOCKED. Minor version increments add new MODIFY rules, refine rule logic without changing disposition outcomes, or update reference data (such as drug dosage bounds).

The policy_set field in your API request should always reference an explicit version (e.g., lending_v1, not lending_latest). This ensures that your integration is pinned to a specific, auditable rule set. Automatic version upgrades are never applied without customer consent.

Current Versions

PackVersionReleasedStatus
lending_v11.4.22026-04-01Current
healthcare_v11.2.12026-03-15Current
insurance_v11.1.02026-02-28Current
enterprise_v11.3.02026-04-10Current

Full changelogs for each pack are available in the CoreGuard Changelog. Enterprise customers receive advance notice of all planned major version releases.