> ## Documentation Index > Fetch the complete documentation index at: https://docs.responsibleailabs.ai/llms.txt > Use this file to discover all available pages before exploring further. # DPDP: Evaluate > Real-time DPDP compliance gate. Returns allow, block, or require_action verdicts enforcing child protection (S.9), cross-border rules (S.16), and consent requirements (S.6). **Overview:** [Compliance API](/api-reference/compliance-overview) | **Credits:** 0.3 per call Called before an action to get an allow/block/require\_action verdict. Fast enough to sit in the critical path of application logic. ## Parameters The action to evaluate. Options: `process_data`, `make_decision`, `share_data`, `transfer_cross_border`, `serve_ad`, `track_user`. Links to a [compliance session](/api-reference/dpdp-session) for stateful context. Pseudonymized user identifier. Processing purpose (e.g., `"credit_scoring"`, `"marketing"`). Data types involved (e.g., `["pan", "aadhaar", "income"]`). Triggers enhanced safeguard checks when sensitive types are present. If known, triggers S.9 child protection rules for users under 18. Indian state/UT code (e.g., `"IN-KA"`). For cross-border transfer checks. Country code of the data recipient (e.g., `"us"`, `"cn"`). Links to a previously emitted consent event. ## Rule evaluation order Rules are evaluated in strict order. The first matching block rule stops evaluation. ### Block rules (hard stops) | Rule | Section | Penalty | Trigger | | ---------------------------- | ------- | --------- | -------------------------------------------------------------------- | | No tracking/ads for children | S.9(3) | 200 crore | `user_age < 18` AND action is `serve_ad` or `track_user` | | No profiling of minors | S.9(3) | 200 crore | `user_age < 18` AND action is `make_decision` with profiling purpose | | Cross-border restriction | S.16 | 250 crore | `transfer_cross_border` to restricted jurisdiction | **Restricted jurisdictions (S.16):** `cn`, `pk`, `kp`, `ir`, `iq`, `af`, `mm`, `by`, `ru`, `sy` **Profiling purposes (blocked for minors):** `credit_scoring`, `behavioral_analysis`, `profiling`, `risk_scoring`, `predictive_analytics`, `personality_assessment` ### Require-action rules (soft stops) | Rule | Section | Trigger | | ------------------------- | ------- | ---------------------------------------- | | Consent required | S.6 | No active consent for the stated purpose | | Notice required | S.5 | Notice not yet shown in session | | Parental consent required | S.9 | Child session without parental consent | ### Allow with conditions | Condition | Section | Trigger | | ------------------- | ------- | --------------------------------------- | | Accuracy check | S.8(3) | Action is `make_decision` | | Security safeguards | S.8(5) | Data categories include sensitive types | | Processor contract | S.8(2) | Action is `share_data` | **Sensitive data categories:** `aadhaar`, `pan`, `medical`, `biometric`, `genetic`, `financial`, `health`, `sexual_orientation`, `political_opinion`, `religious_belief`, `caste`, `transgender_status` ## Request ```bash theme={null} curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/dpdp/evaluate \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_RAIL_API_KEY" \ -d '{ "action": "process_data", "session_id": "sess_abc123def456", "context": { "user_id": "u_hashed_abc", "purpose": "credit_scoring", "data_categories": ["pan", "aadhaar", "income"], "user_age": 25, "jurisdiction": "IN-KA" } }' ``` ## Response: allow ```json theme={null} { "result": { "verdict": "allow", "violations": [], "conditions": [ { "type": "security_safeguards_required", "reason": "S.8(5): Sensitive data categories detected. Implement appropriate technical and organizational safeguards.", "action": "Ensure encryption, access controls, and audit logging are in place for aadhaar, pan, income data." } ], "required_actions": [], "required_before_proceed": [], "session_state": { "consent_valid": true, "notice_shown": true, "child_session": false, "open_timers": [] } }, "credits_consumed": 0.3 } ``` ## Response: block ```json theme={null} { "result": { "verdict": "block", "violations": [ { "rule": "DPDP.S9.minor_profiling", "section": "Section 9(3)", "severity": "critical", "penalty_crore": 200, "description": "Section 9(3) prohibits profiling, behavioral analysis, and automated decision-making that produces legal or similarly significant effects on children.", "remediation": "Do not use a child's personal data for profiling or automated scoring. If the purpose is legitimate, collect and process only aggregated, non-identifiable data." } ], "conditions": [], "required_actions": [], "required_before_proceed": [ { "type": "age_verification", "reason": "Confirm the Data Principal is 18+ before proceeding with this action." } ], "session_state": { "consent_valid": false, "notice_shown": false, "child_session": true, "open_timers": [] } }, "credits_consumed": 0.3 } ``` ## Response: require\_action ```json theme={null} { "result": { "verdict": "require_action", "violations": [], "conditions": [], "required_actions": [ { "type": "show_notice", "reason": "S.5: A clear and plain-language notice must be provided to the Data Principal before collecting personal data." }, { "type": "obtain_consent", "reason": "S.6: Valid consent is required before processing personal data for purpose 'credit_scoring'." } ], "required_before_proceed": [], "session_state": { "consent_valid": false, "notice_shown": false, "child_session": false, "open_timers": [] } }, "credits_consumed": 0.3 } ``` `"allow"`, `"block"`, or `"require_action"`. Block verdicts must not be overridden. Require-action verdicts indicate prerequisites that must be fulfilled before proceeding. Hard violations that triggered a block. Each entry includes `rule`, `section`, `severity`, `penalty_crore`, `description`, and `remediation`. Conditions attached to an allow verdict. These are advisory but strongly recommended. Actions that must be completed before proceeding. Each has a `type` and `reason`. Current compliance state of the session: consent validity, notice status, child flag, and open timers.