Compliance API
TheWARDN ships pre-built compliance packs that automatically create CHAM policies aligned with major regulatory frameworks. Apply a pack to instantly enforce governance rules matching your industry requirements.
Endpoints
GET /compliance/packs
List all available compliance packs.
Headers
| Header | Value |
|---|---|
Authorization | Bearer <api_key> |
Response
{
"packs": [
{
"id": "hipaa",
"name": "HIPAA",
"description": "Health Insurance Portability and Accountability Act",
"policy_count": 8,
"applied": false,
"tier_required": "business"
},
{
"id": "soc2",
"name": "SOC 2",
"description": "Service Organization Control Type 2",
"policy_count": 10,
"applied": true,
"tier_required": "business"
}
]
}GET /compliance/packs/:id
Get detailed information about a specific compliance pack, including the policies it creates.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | Pack identifier (e.g., hipaa, soc2, gdpr) |
Response
{
"id": "hipaa",
"name": "HIPAA",
"description": "Health Insurance Portability and Accountability Act",
"policy_count": 8,
"applied": false,
"tier_required": "business",
"policies": [
{
"name": "hipaa_phi_block",
"description": "Block AI actions containing Protected Health Information",
"layer": "L2",
"action": "BLOCK",
"pattern": "PHI detection pattern"
},
{
"name": "hipaa_audit_trail",
"description": "Require audit logging for all health-data AI interactions",
"layer": "L3",
"action": "LOG",
"pattern": "Health data access pattern"
}
]
}POST /compliance/packs/:id/apply
Apply a compliance pack to your tenant. This creates all CHAM policies defined in the pack.
Tier Requirement
Applying compliance packs requires Business tier or above. Free, Personal Pro, and Startup tiers will receive a 403 Forbidden response.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | Pack identifier |
Request Body
{
"override_existing": false
}| Field | Type | Default | Description |
|---|---|---|---|
override_existing | boolean | false | If true, replace existing policies with the same name. If false, skip duplicates. |
Response
{
"success": true,
"pack_id": "hipaa",
"policies_created": 8,
"policies_skipped": 0,
"message": "HIPAA compliance pack applied successfully"
}TIP
Applying a pack is idempotent when override_existing is false. Running it multiple times will not create duplicate policies.
DELETE /compliance/packs/:id/unapply
Remove all policies created by a compliance pack.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | Pack identifier |
Response
{
"success": true,
"pack_id": "hipaa",
"policies_removed": 8,
"message": "HIPAA compliance pack removed"
}WARNING
Removing a compliance pack deletes the associated CHAM policies immediately. Any AI actions governed by those policies will no longer be evaluated against them.
Available Compliance Packs
| Pack ID | Name | Policies | Description |
|---|---|---|---|
hipaa | HIPAA | 8 | Health Insurance Portability and Accountability Act. PHI protection, audit trails, access controls, minimum necessary rule. |
soc2 | SOC 2 | 10 | Service Organization Control Type 2. Logical access, change management, system monitoring, encryption, incident response. |
gdpr | GDPR | 9 | General Data Protection Regulation. Data minimization, right to erasure, consent tracking, cross-border transfer blocks. |
finra_sox | FINRA / SOX | 8 | Financial Industry Regulatory Authority and Sarbanes-Oxley. Trade surveillance, communication monitoring, record retention. |
eu_ai_act | EU AI Act | 9 | EU Artificial Intelligence Act. Risk classification, transparency requirements, human oversight, conformity assessment. |
nist_ai_rmf | NIST AI RMF | 7 | NIST AI Risk Management Framework. Govern, Map, Measure, Manage functions with continuous monitoring. |
Error Responses
| Status | Code | Description |
|---|---|---|
400 | PACK_ALREADY_APPLIED | The pack is already applied and override_existing is false |
403 | TIER_INSUFFICIENT | Your subscription tier does not support compliance packs |
404 | PACK_NOT_FOUND | The specified pack ID does not exist |
{
"error": "TIER_INSUFFICIENT",
"message": "Compliance packs require Business tier or above. Current tier: startup",
"upgrade_url": "https://console.thewardn.ai/settings/billing"
}