Policy Templates

Pre-built policy rule sets for HIPAA, SOC 2, PCI-DSS, EU AI Act, and industry verticals.

Policy templates provide pre-built rule sets aligned with regulatory frameworks and industry best practices. Start with a template, then customize for your specific needs.

Available Templates

Template	Rules	Description
baseline	5	Authentication, audit logging, tool scoping, governance scoring, policy enforcement
hipaa	8	HIPAA data handling, PHI access controls, audit retention, minimum governance levels
soc2	7	SOC 2 access controls, change management, monitoring, incident response
pci-dss	6	PCI-DSS card data restrictions, network controls, access management
eu-ai-act	7	EU AI Act risk management, transparency, human oversight, record-keeping

Get Template Rules

import { getTemplateRules } from '@lua-ai-global/governance-enterprise';

const rules = getTemplateRules('hipaa');
// Returns PolicyRule[] — ready to pass to createGovernance

const gov = createGovernance({ rules });

Get Full Template Metadata

import { getTemplate } from '@lua-ai-global/governance-enterprise';

const template = getTemplate('hipaa');
// {
//   id: 'hipaa',
//   name: 'HIPAA Compliance',
//   description: 'Policy rules aligned with HIPAA Security Rule requirements',
//   version: '1.0.0',
//   framework: 'hipaa',
//   rules: [...],
//   tags: ['healthcare', 'compliance', 'hipaa'],
// }

List All Templates

import { listTemplates } from '@lua-ai-global/governance-enterprise';

const templates = listTemplates();
// [
//   { id: 'baseline', name: 'Baseline', ... },
//   { id: 'hipaa', name: 'HIPAA Compliance', ... },
//   { id: 'soc2', name: 'SOC 2 Type II', ... },
//   { id: 'pci-dss', name: 'PCI-DSS', ... },
//   { id: 'eu-ai-act', name: 'EU AI Act', ... },
// ]

Combine Templates

Merge multiple templates. Duplicate rule IDs are resolved by keeping the highest-priority version:

import { combineTemplates } from '@lua-ai-global/governance-enterprise';

const rules = combineTemplates('baseline', 'hipaa', 'soc2');
// Merged, deduplicated by ID (highest priority wins)

const gov = createGovernance({ rules });

Exclude Specific Rules

Remove rules that conflict with your environment:

import { templateWithExclusions } from '@lua-ai-global/governance-enterprise';

const rules = templateWithExclusions('hipaa', [
  'hipaa-phi-export-block',  // We have our own export controls
  'hipaa-min-level-3',       // Too strict for dev environment
]);

Industry Recommendations

Get the recommended template combination for your industry:

import { recommendedStack } from '@lua-ai-global/governance-enterprise';

const rules = recommendedStack('healthcare');
// Combines: baseline + hipaa

const fintechRules = recommendedStack('fintech');
// Combines: baseline + pci-dss + soc2

const govtechRules = recommendedStack('govtech');
// Combines: baseline + eu-ai-act + soc2

const saasRules = recommendedStack('saas');
// Combines: baseline + soc2

Raw Rule Sets

For advanced customization, import the raw rule arrays directly:

import {
  BASELINE_RULES,
  HIPAA_RULES,
  SOC2_RULES,
  PCI_DSS_RULES,
  EU_AI_ACT_RULES,
} from '@lua-ai-global/governance-enterprise';

const customRules = [
  ...BASELINE_RULES,
  ...HIPAA_RULES.filter(r => r.priority > 50),
  myCustomRule,
];