Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.responsibleailabs.ai/llms.txt

Use this file to discover all available pages before exploring further.

The Compliance API provides two tiers of integration:
  1. General compliance check (/compliance/check) works across all supported frameworks and returns a pass/fail verdict with flagged clauses.
  2. Framework-specific endpoints offer deep, stateful compliance automation tailored to a specific regulation’s lifecycle.
India DPDP is the first framework with dedicated endpoints. GDPR, CCPA, HIPAA, and EU AI Act dedicated endpoints are under active development.

General compliance check (all frameworks)

A single endpoint that evaluates content against one or more regulatory frameworks and returns clause-level findings.
FrameworkCodeRegionDedicated API
General Data Protection RegulationgdprEUComing soon
California Consumer Privacy ActccpaUS (California)Coming soon
Health Insurance Portability and Accountability ActhipaaUSComing soon
EU Artificial Intelligence Acteu_ai_actEUComing soon
India Digital Personal Data Protection Actindia_dpdpIndiaAvailable
India AI Governance Guidelinesindia_ai_govIndiaComing soon

POST /compliance/check

Point-in-time compliance check against any supported framework. 5.0 credits per call (single framework).

India DPDP: dedicated endpoints

The India DPDP API provides 7 endpoints that cover the full compliance lifecycle for the Digital Personal Data Protection Act, 2023. These go beyond point-in-time checks to offer stateful session tracking, event-driven evidence collection, and proactive workflow guidance. Base URL: https://api.responsibleailabs.ai/railscore/v1/compliance/dpdp
MethodEndpointPurposeCredits
POST/scanScan text for Indian PII, child signals, purpose drift0.5
POST/evaluateSynchronous allow/block gate before an action0.3
POST/emitRecord compliance events for audit evidence0.1
POST/requireGet required actions for current workflow step0.3
POST/evidenceGenerate audit-grade evidence packets (Pro+)2.0
POST/sessionCreate or retrieve a compliance session0
GET/timersList active compliance timers0

Enhanced existing endpoints

The existing /railscore/v1/eval and /railscore/v1/agent/tool-result endpoints also accept optional DPDP parameters. Pass "dpdp": { "enabled": true } in your eval request to get Indian PII scanning alongside RAIL dimension scores. The agent tool-result endpoint automatically detects Indian PII and returns dpdp_flags when found.

Typical integration flow

1. POST /session       Create a compliance session for the user journey
2. POST /emit          Record notice.shown and consent.granted events
3. POST /evaluate      Gate check before processing data
4. POST /scan          Scan every LLM output for PII (mask or block)
5. POST /require       Check what's needed before communicating a decision
6. POST /evidence      Generate audit packets on demand (Pro+)
7. GET  /timers        Monitor DSR SLAs, breach deadlines, retention windows

DPDP sections covered

SectionDescriptionEndpoints
S.4Purpose limitation/scan (purpose drift), /evaluate
S.5Notice requirements/require, /emit
S.6Consent/evaluate, /emit, /evidence
S.8Data fiduciary obligations/evaluate, /scan, /require
S.9Children’s data/scan (child detection), /evaluate (block rules)
S.11-14Data principal rights/require, /evidence, /timers
S.16Cross-border transfer/evaluate (block rules)
Rule 7Breach notification/emit (auto-timers), /evidence
Rule 13SDF annual report/evidence
Rule 14(3)DSR SLA/timers, /evidence

GDPR

Currently supported through the general compliance check endpoint with framework: "gdpr". Returns clause-level findings for Articles 5-22 covering lawful basis, data subject rights, DPO requirements, and cross-border transfer rules.
Dedicated GDPR endpoints (consent lifecycle, DPIA automation, DPO dashboard, cross-border transfer assessment) are under development.

CCPA

Currently supported through the general compliance check endpoint with framework: "ccpa". Covers consumer rights (right to know, delete, opt-out), sale of personal information, and financial incentive disclosures.
Dedicated CCPA endpoints (opt-out signal handling, CPRA amendments, privacy notice generation) are under development.

HIPAA

Currently supported through the general compliance check endpoint with framework: "hipaa". Evaluates PHI handling, minimum necessary standard, BAA requirements, and breach notification obligations.
Dedicated HIPAA endpoints (PHI detection, de-identification verification, BAA compliance tracking) are under development.

EU AI Act

Currently supported through the general compliance check endpoint with framework: "eu_ai_act". Covers risk classification, transparency obligations, high-risk system requirements, and prohibited practices.
Dedicated EU AI Act endpoints (risk classification engine, conformity assessment, post-market monitoring) are under development. Aligned with the August 2026 enforcement timeline.

India AI Governance

Currently supported through the general compliance check endpoint with framework: "india_ai_gov". Evaluates alignment with India’s AI governance guidelines covering fairness, transparency, accountability, and safety.
Dedicated endpoints for India AI governance (model card generation, fairness audit, sector-specific compliance) are under development.