POST

Compliance API

/railscore/v1/compliance/check

Assess AI-generated content against regulatory compliance frameworks.

Authentication: Required — Authorization: Bearer YOUR_RAIL_API_KEY

Content limit: 1 – 50,000 characters

Caching: Results cached 5 min per content + framework combination. Identical requests within the window return from_cache: true.

Rate limits: Plan-dependent. See Authentication for per-plan limits.

When to Use

Use a single framework for targeted checks against a specific regulation. Use frameworks (array) for cross-jurisdiction compliance when your content must meet multiple regulatory standards. Enable strict_mode to raise passing thresholds from 7.0 to 8.5 and apply stricter scoring criteria.

Compliance Check Pipeline

Content to Check

GDPRHIPAAEU AI ActCCPAIndia DPDP

Per-Requirement Analysis

30+ criteria checked per framework

Compliance Score

0.0 – 1.0

Issues

per requirement

Remediation

suggested fixes

Supported Frameworks

GDPR

gdpr

General Data Protection Regulation

European Union

CCPA

ccpa

California Consumer Privacy Act

California, USA

HIPAA

hipaa

Health Insurance Portability and Accountability Act

United States

EU AI Act

eu_ai_act

European Union Artificial Intelligence Act

European Union

India DPDP

india_dpdp

Digital Personal Data Protection Act

India

India AI Gov

india_ai_gov

India AI Governance Framework

India

Parameters

Parameter	Type	Required	Description
content	string	Yes	Text to assess (1 – 50,000 characters)
framework	string	One of*	Single framework ID. One of: `gdpr`, `ccpa`, `hipaa`, `eu_ai_act`, `india_dpdp`, `india_ai_gov`
frameworks	string[]	One of*	Multiple framework IDs (max 5)
context	object	No	Evaluation context: system_type, domain, jurisdiction, data_subjects, decision_type, processes_personal_data, high_risk_indicators
strict_mode	boolean	No	Apply stricter evaluation criteria (default: false). Normal mode passing threshold: 7.0. Strict mode threshold: 8.5.
include_explanations	boolean	No	Include detailed explanations (default: true)

* Either framework or frameworks must be provided.

Context Object

The optional context object provides evaluation context to improve compliance assessment accuracy.

Field	Type	Description
domain	string	Content domain (e.g., `healthcare`, `finance`, `legal`)
system_type	string	Type of system (e.g., `chatbot`, `recommendation_engine`, `diagnostic_tool`)
jurisdiction	string	Operating jurisdiction (e.g., `EU`, `US`, `India`)
data_subjects	string	Who the data relates to (e.g., `patients`, `employees`, `consumers`)
decision_type	string	Type of decision being made (e.g., `automated`, `human_assisted`)
data_types	string[]	Types of data processed (e.g., `personal`, `health`, `financial`, `biometric`)
processing_purpose	string	Purpose of data processing (e.g., `diagnosis`, `marketing`, `fraud_detection`)
risk_indicators	string[]	Risk indicators (e.g., `health_data`, `automated_decisions`, `vulnerable_population`)
cross_border	boolean	Whether data crosses national borders

Single Framework Check

Request — GDPR check

curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/check \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "content": "Our AI recommendation system collects user browsing history, purchase patterns, and location data to provide personalized product suggestions. We share aggregated data with our advertising partners to improve ad targeting across platforms.",
    "framework": "gdpr"
  }'

Response

{
  "result": {
    "framework": "gdpr",
    "framework_version": "2016/679",
    "framework_url": "https://gdpr-info.eu/",
    "evaluated_at": "2026-02-26T12:00:00Z",
    "compliance_score": {
      "score": 4.8,
      "confidence": 0.82,
      "label": "Poor",
      "summary": "Content describes data processing practices with multiple GDPR compliance gaps"
    },
    "dimension_scores": {
      "privacy": { "score": 3.5, "confidence": 0.85, "explanation": "Broad data collection without clear purpose limitation" },
      "transparency": { "score": 5.0, "confidence": 0.8, "explanation": "Some disclosure but lacks specificity on data sharing" },
      "accountability": { "score": 4.0, "confidence": 0.75, "explanation": "No mention of data protection measures or DPO" }
    },
    "requirements_checked": 12,
    "requirements_passed": 5,
    "requirements_failed": 5,
    "requirements_warned": 2,
    "requirements": [
      {
        "requirement_id": "GDPR-001",
        "requirement": "Lawful basis for processing",
        "article": "Article 6",
        "reference_url": "https://gdpr-info.eu/art-6-gdpr/",
        "status": "FAIL",
        "score": 3.0,
        "confidence": 0.85,
        "threshold": 5.0,
        "issue": "No explicit lawful basis stated for data collection"
      }
    ],
    "issues": [
      {
        "id": "GDPR-ISSUE-001",
        "description": "Data sharing with advertising partners lacks explicit consent mechanism",
        "dimension": "privacy",
        "severity": "high",
        "requirement": "Consent for data sharing",
        "article": "Article 7",
        "reference_url": "https://gdpr-info.eu/art-7-gdpr/",
        "remediation_effort": "medium",
        "remediation_deadline_days": 90
      }
    ],
    "improvement_suggestions": [
      "Specify the lawful basis for each data processing activity",
      "Implement explicit consent mechanisms for third-party data sharing"
    ],
    "from_cache": false
  },
  "credits_consumed": 5.0
}

Response Fields

result.compliance_score	Object with `score` (0–10), `confidence` (0–1), `label`, and `summary`
result.dimension_scores	Framework-relevant dimension scores (varies by framework — not all 8 RAIL dimensions)
result.requirements_*	Counts: `checked`, `passed`, `failed`, `warned`
result.requirements[]	Per-requirement details: `requirement_id`, `requirement`, `article`, `reference_url`, `status` (PASS/FAIL/WARN), `score`
result.issues[]	Detected issues with `severity`, `remediation_effort`, and `remediation_deadline_days`
result.improvement_suggestions	Array of actionable improvement recommendations
result.from_cache	Whether this result was served from cache (0 credits if true)
credits_consumed	Credits charged for this request

Multi-Framework Additional Fields

results.{framework}	Per-framework result object (same shape as single-framework response)
cross_framework_summary	`overall_score` (average), `common_issues`, `strictest_framework`

Multi-Framework Check

Request — Healthcare system across HIPAA + GDPR

curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/check \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "content": "Our patient diagnosis support system analyzes medical records, lab results, and genetic data to suggest treatment plans. The system uses machine learning models trained on de-identified hospital records from 12 partner institutions.",
    "frameworks": ["hipaa", "gdpr"],
    "context": {
      "domain": "healthcare",
      "processes_personal_data": true,
      "high_risk_indicators": ["health_data", "automated_decisions"]
    },
    "strict_mode": true
  }'

Response

{
  "results": {
    "hipaa": {
      "framework": "hipaa",
      "compliance_score": { "score": 6.2, "confidence": 0.78, "label": "Needs Improvement", "summary": "..." },
      "requirements_checked": 10,
      "requirements_passed": 6,
      "requirements_failed": 3,
      "requirements_warned": 1,
      "issues": [ ... ]
    },
    "gdpr": {
      "framework": "gdpr",
      "compliance_score": { "score": 5.5, "confidence": 0.80, "label": "Needs Improvement", "summary": "..." },
      "requirements_checked": 12,
      "requirements_passed": 6,
      "requirements_failed": 4,
      "requirements_warned": 2,
      "issues": [ ... ]
    }
  },
  "cross_framework_summary": {
    "overall_score": 5.85,
    "common_issues": ["Insufficient data protection measures", "Missing consent mechanisms"],
    "strictest_framework": "gdpr"
  },
  "credits_consumed": 8.0
}

Error Codes

`400`	Invalid content, missing framework(s), or invalid framework ID
`401`	Missing or invalid API key
`402`	Insufficient credits
`429`	Rate limit exceeded
`500`	Evaluation failed

Error Response Examples

400 — Validation Error

{
  "error": "Must provide either 'framework' or 'frameworks' parameter",
  "code": "VALIDATION_ERROR"
}

401 — Authentication Error

{
  "error": "Invalid or missing API key",
  "code": "AUTHENTICATION_ERROR"
}

402 — Insufficient Credits

{
  "error": "Insufficient credits: 2.0 available, 5.0 required",
  "code": "INSUFFICIENT_CREDITS",
  "balance": 2.0,
  "required": 5.0
}

429 — Rate Limit Exceeded

{
  "error": "Rate limit exceeded. Try again in 60 seconds.",
  "code": "RATE_LIMIT_EXCEEDED",
  "retry_after": 60
}