Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.responsibleailabs.ai/llms.txt

Use this file to discover all available pages before exploring further.

Overview: Compliance API | Credits: 0.3 per call
Given the current state of a user journey, returns what the application must do right now. Requires an active session (create one via /session first, then emit events to build state).

Parameters

session_id
string
required
Active compliance session ID.
workflow_step
string
required
Current workflow step. Options: data_collection, data_processing, decision_making, decision_communication, data_retention, dsr_handling.
context
object
Step-specific context (e.g., decision_type, decision_outcome, retention_days).

Workflow steps

StepWhat the app is doing
data_collectionGathering personal data from the user
data_processingProcessing collected data for a purpose
decision_makingMaking an automated or semi-automated decision
decision_communicationCommunicating the decision to the user
data_retentionStoring data beyond immediate processing
dsr_handlingResponding to a Data Subject Request

Required actions by step

data_collection:
  • show_notice (S.5): if notice not yet shown
  • obtain_consent (S.6): if consent not active for purpose
  • verify_parental_consent (S.9): if child session
data_processing:
  • obtain_consent (S.6): if consent expired or withdrawn
  • disable_tracking (S.9(3)): if child session
  • disable_behavioral_monitoring (S.9(3)): if child session
  • disable_targeted_advertising (S.9(3)): if child session
  • data_minimization (S.4(2)): always recommended
decision_making:
  • ensure_accuracy (S.8(3)): data must be accurate for decisions
  • log_decision_factors (S.8): recommended for auditability
decision_communication:
  • show_explanation (S.8(3)): explain basis of decision
  • expose_appeal_link (S.13): grievance redressal mechanism
  • disclose_ai_involvement (S.5): if automated processing was used
  • show_rights_notice (S.11-14): data principal rights
data_retention:
  • define_retention_period (S.8(7)): if not yet defined
  • send_pre_erasure_notice (S.8(7)): before retention expires
  • execute_erasure (S.8(7)): when retention period lapses
dsr_handling:
  • acknowledge_dsr (S.11-13): immediate acknowledgement
  • complete_dsr_response (S.11-13): within SLA (priority escalates near deadline)

Request

curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/dpdp/require \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "session_id": "sess_abc123def456",
    "workflow_step": "decision_communication",
    "context": {
      "decision_type": "loan_eligibility",
      "decision_outcome": "approved"
    }
  }'

Response

{
  "result": {
    "required_actions": [
      {
        "type": "show_explanation",
        "priority": 1,
        "reason": "S.8(3): The Data Principal must be informed of the basis for any decision that affects them.",
        "section": "Section 8(3)",
        "details": "Provide a clear, plain-language explanation of why the decision was made, including key factors considered."
      },
      {
        "type": "expose_appeal_link",
        "priority": 1,
        "reason": "S.13: The Data Principal has the right to grievance redressal.",
        "section": "Section 13",
        "details": "Display a link or button to initiate a grievance or appeal against this decision."
      },
      {
        "type": "disclose_ai_involvement",
        "priority": 2,
        "reason": "S.5: If the decision involved automated processing, this must be disclosed.",
        "section": "Section 5",
        "details": "Clearly state whether the decision was made or assisted by an automated system."
      },
      {
        "type": "show_rights_notice",
        "priority": 2,
        "reason": "S.11-14: The Data Principal must be informed of their rights.",
        "section": "Sections 11-14",
        "details": "Present a summary of data principal rights with actionable links."
      }
    ],
    "session_state": {
      "consent_valid": true,
      "notice_shown": true,
      "child_session": false,
      "pending_obligations": [],
      "fulfilled_obligations": ["notice_shown", "consent_obtained"],
      "open_timers": []
    }
  },
  "credits_consumed": 0.3
}
result.required_actions
array
Ordered list of actions the application must take at this workflow step. Each includes type, priority (1 = must-do, 2 = should-do), reason, DPDP section, and implementation details.
result.session_state
object
Current compliance state: consent validity, notice status, child flag, pending/fulfilled obligations, and open timers.