When Rules Go Live: Policy Cards and the New Language of AI Governance
In 2019, Model Cards made AI systems more transparent by documenting what they were trained to do. Then came Data Cards and System Cards, clarifying how datasets and end-to-end systems behave. But as AI moves from prediction to action—from chatbots to trading agents, surgical robots, and autonomous research assistants—documentation is no longer enough. We need artifacts that don’t just describe a system, but govern it.
Enter Policy Cards (Mavračić, 2025): a machine-readable, runtime governance layer for autonomous AI agents. Instead of a PDF explaining a model’s ethics, a Policy Card sits beside the deployed agent, dictating—literally—what it can, cannot, and must do.
1. From Transparency to Accountability
Transparency has been AI’s favorite buzzword. Yet in practice, most transparency artifacts are backward-looking: they help humans interpret what went wrong, not prevent it. A Model Card tells you that a vision model underperforms on darker skin tones—but nothing stops that model from making harmful decisions in production.
Policy Cards flip the timeline. They define binding, executable constraints. Written in JSON Schema, a Policy Card acts as a contract: it enumerates allowed actions, forbidden actions, required escalations, evidence to log, and critical thresholds (KPIs). Each rule is machine-checkable, version-controlled, and auditable.
| Artifact Type | Scope | Normativity | Machine-Readable | Enforcement |
|---|---|---|---|---|
| Model Card | Model reporting | Descriptive | Partial | ❌ |
| Data Card | Dataset provenance | Descriptive | Partial | ❌ |
| System Card | System-level risks | Advisory | Partial | ⚠️ |
| Policy Card | Deployment-level policy | Normative | ✅ | ✅ |
The transition is subtle but profound: Policy Cards redefine AI assurance as an engineering discipline, not a compliance checklist.
2. Compliance as Code
The paper’s central design choice is to treat governance as code. Every Policy Card conforms to a formal schema enforcing ten sections—from meta and scope to controls, obligations, and assurance mapping. Validators check for missing fields, invalid timestamps, or unbound KPIs. Linting rules ensure logical coherence: retention periods must exceed review cadences; every control must map to a measurable evidence field.
This makes compliance both deterministic and automatable. The same CI/CD pipelines that test an AI agent’s performance can now test its governance. If a Policy Card fails validation, deployment halts—exactly as it would for a failing unit test.
The Declare–Do–Audit cycle formalizes this workflow:
- Declare – Validate and register the Policy Card before deployment. All critical thresholds and exceptions are version-locked.
- Do – Enforce the card at runtime. Each attempted action is checked against its allow/deny rules, with evidence logged.
- Audit – Continuously replay and verify evidence against declared KPIs and assurance mappings.
Governance thus becomes continuous, not episodic. The agent doesn’t merely claim compliance—it performs it, every second it operates.
3. Case Studies: When Policies Meet the Real World
The framework comes alive through sectoral exemplars:
- Retail Banking: a payment agent governed by AML and KYC constraints. Transfers above a certain risk threshold must trigger escalation, while KYC failures automatically deny execution. Each decision logs evidence—device trust, sanctions match, geo mismatch—creating an immutable audit trail.
- Clinical Triage: a medical assistant constrained to advisory outputs. It must escalate any red-flag symptoms and is forbidden from issuing diagnoses or prescriptions. KPIs like handover latency and escalation precision quantify clinical safety.
- Defense Mission Planning: a UAV coordination assistant whose Policy Card forbids autonomous kinetic actions. Each card instance captures domain-specific Rules of Engagement and jurisdictional overrides.
Across all cases, the same schema applies. The card is domain-agnostic yet semantically precise—a rare balance in AI governance.
4. The Road Ahead: Agent-Readable Governance
Policy Cards open a path toward agents that are aware of their own rules. An agent can parse its card, evaluate if an action is authorized, confirm if all required evidence is available, and—if uncertain—escalate. When multiple agents carry their own cards, they can form a distributed assurance mesh, exchanging cryptographic attestations of compliance.
This is more than bureaucracy. It’s a shift toward computational ethics. The paper even envisions future extensions using zero-knowledge proofs (ZKPs), allowing an agent to prove adherence (“I followed all escalation protocols”) without revealing private data. In other words, trust without disclosure.
Ethical constraints, too, become executable. Fairness thresholds, non-manipulation rules, or consent obligations can all be encoded as obligations or controls—auditable, enforceable, and measurable. The moral aspirations of AI ethics finally gain a runtime syntax.
5. A Language for Trust
Policy Cards translate legal, ethical, and operational expectations into a shared grammar understood by both humans and machines. They make compliance portable across jurisdictions—each section mapping cleanly to standards like NIST AI RMF, ISO/IEC 42001, and the EU AI Act. For the first time, an AI agent’s conformity can be programmatically verified against multiple frameworks.
The concept’s genius lies in its pragmatism. Rather than inventing new ethics engines or audit bureaucracies, it offers a machine-verifiable interface for existing norms. It connects the ideal (“responsible AI”) with the practical (“CI pipeline must pass”).
In essence: Policy Cards are not paperwork—they’re governance protocols. They let AI systems carry their laws wherever they go, turning compliance into an active, inspectable process.
If Model Cards made AI interpretable, Policy Cards make it accountable.
Cognaptus: Automate the Present, Incubate the Future.