This guide covers advanced governance patterns for complex enterprise scenarios.
When policies span multiple bounded contexts:
context EnterpriseGovernance:
// Policy that applies across all contexts
policy UniversalAuditTrail:
it is obligatory that each SystemAction
across all_contexts
has audit_log = created
has actor_id = recorded
has timestamp = captured
// Context-specific override
policy FinanceAuditEnhanced extends UniversalAuditTrail:
it is obligatory that each FinanceAction
has dual_signature = captured
has compliance_flag = checked
context Payments:
boundary:
- internal: [OrderService, PaymentProcessor]
- external: [BankGateway, FraudDetection]
policy CrossBoundaryValidation:
it is obligatory that each ExternalCall
has authentication = verified
has encryption = enabled
has rate_limit = enforced
// Base policy
policy BaseDataProtection:
it is obligatory that each DataAccess
has authorization = verified
has logging = enabled
// Enhanced policy inherits and extends
policy SensitiveDataProtection extends BaseDataProtection:
it is obligatory that each SensitiveDataAccess
has encryption = enforced
has data_masking = applied
has access_justification = documented
// Most restrictive policy
policy PHIProtection extends SensitiveDataProtection:
it is obligatory that each PHIAccess
has hipaa_training = verified
has minimum_necessary = applied
has breach_notification = configured
precedence:
1. SDS-035 Invariants (never override)
2. Regulatory policies (GDPR, HIPAA)
3. Enterprise policies
4. Domain policies
5. Context policies
policy BusinessHoursProcessing:
it is obligatory that each HighValueTransaction
with time not_in business_hours
has deferred_processing = true
has next_business_day = scheduled
policy RetentionPolicy:
it is obligatory that each AuditRecord
is retained for 7_years
then is archived for 3_years
then is securely_deleted
context OrderLifecycle:
states: [draft, submitted, approved, processing, completed, cancelled]
policy ValidTransitions:
transitions:
- from: draft to: submitted requires: validation_passed
- from: submitted to: approved requires: manager_approval
- from: submitted to: cancelled requires: cancellation_reason
- from: approved to: processing requires: resource_available
- from: processing to: completed requires: all_steps_done
policy NoBackwardTransition:
it is prohibited that any Order
transitions from completed
to any_previous_state
except when has reversal_authorization = true
context RiskBasedGovernance:
risk_levels: [low, medium, high, critical]
policy RiskBasedControl:
when risk_level = low:
requires: standard_logging
when risk_level = medium:
requires: enhanced_logging, periodic_review
when risk_level = high:
requires: real_time_monitoring, approval_required
when risk_level = critical:
requires: human_in_loop, dual_approval, immediate_alert
policy RiskEscalation:
it is obligatory that each RiskAssessment
with score > threshold
triggers escalation_to_next_level
notifies risk_owner
policy AdaptiveRateLimit:
it is obligatory that each APIRequest
when anomaly_score < 0.3:
has rate_limit = standard (1000/minute)
when anomaly_score >= 0.3 AND < 0.7:
has rate_limit = reduced (100/minute)
when anomaly_score >= 0.7:
has rate_limit = blocked
has security_alert = triggered
context ConsentGovernance:
consent_types: [essential, functional, analytics, marketing]
policy ConsentEnforcement:
it is obligatory that each DataProcessing
for purpose = marketing
has consent = obtained
has consent_type = marketing
has consent_timestamp = recorded
policy ConsentWithdrawal:
it is obligatory that each ConsentWithdrawalRequest
is processed within 24_hours
has data_deletion = initiated
has confirmation = sent_to_user
policy RightToAccess:
it is obligatory that each AccessRequest
from data_subject
is fulfilled within 30_days
has complete_data = provided
has processing_purposes = documented
policy RightToErasure:
it is obligatory that each ErasureRequest
is processed within 30_days
unless has legal_retention_requirement = true
has confirmation = sent
has audit_log = preserved
context ModelGovernance:
policy ModelRegistration:
it is obligatory that each AIModel
has model_card = complete
has risk_assessment = approved
has testing_results = documented
before production_deployment
policy ModelDrift:
it is obligatory that each DeployedModel
with drift_score > 0.2
triggers retraining_review
has human_evaluation = required
policy BiasMonitoring:
it is obligatory that each AIDecision
has fairness_metrics = calculated
has subgroup_analysis = performed
when fairness_delta > 0.1:
has bias_mitigation = required
policy ExplainabilityRequired:
it is obligatory that each HighStakesDecision
has explanation = generated
has explanation_format = human_readable
has feature_importance = provided
has counterfactual = available
policy ContestabilityEnabled:
it is obligatory that each AutomatedDecision
has appeal_mechanism = accessible
has human_review_option = available
has decision_log = preserved
// SEA™ DSL policy
policy BlockHarmfulContent:
it is prohibited that any LLMOutput
contains harmful_content = true
// Compiles to Policy Gateway config
gateway_filter:
name: BlockHarmfulContent
type: output
action: block
conditions:
harmful_content: true
policy AuditRequirement:
it is obligatory that each GovernedAction
logs_to: evidence_service
with fields: [actor, action, timestamp, context, outcome]
retention: 7_years
immutability: hash_verified
simulation CrossDomainTest:
scenario: "High-value transaction across domains"
actors: [user, approval_system, payment_service]
steps:
1. user creates Transaction(amount: $150000)
2. expect: EnterpriseGovernance.UniversalAuditTrail triggered
3. expect: FinanceAuditEnhanced requires dual_signature
4. approval_system provides DualApproval
5. payment_service processes Transaction
6. expect: all policies satisfied
1
2
3
4
5
6
7
8
# Verify all policies compile
just sea-validate docs/specs/governance/policies.sea
# Run policy simulations
just policy-simulate --scenario all
# Generate compliance report
just compliance-report --framework NIST-AI-RMF
| Last Updated: January 2026 | Version: 1.0.0 |