Knowledge layer
74 Segments. One Governance Model.
Ontic curates regulatory Encyclopedias across 74 segment categories — federal rules, state AI acts, supervisory guidance, standards, and physics-level constraints — backed by 54 oracle sources spanning 19 frameworks and 30 industries.
Load your segment once; Oracle Foundry blends your policies with the curated spine, and Claim Ledger enforces evidence-backed answers every time your teams or agents query it.
Without this
Without curated regulatory encyclopedias, every organization builds its compliance knowledge base from scratch. Rules change, guidance conflicts, and your AI has no authoritative spine to verify against.
How it works, end‑to‑end
74 curated top-level segments (e.g., regional banking, hospital systems, defense subcontractors, energy utilities, regional law) each ship with a pre-mapped regulatory spine.
Your internal policies, playbooks, SOPs, and contracts are ingested through Oracle Foundry and versioned against that spine as additional oracle sources.
Prompt Compiler assembles the relevant oracle context for each request. Claim Ledger decomposes the response into atomic claims and scores each against the evidence.
The emission gate enforces evidence requirements: unsupported claims are blocked or flagged depending on the governance profile.
How Encyclopedias work
Curated Top-Level (74 segments)
Ontic ships 74 Regulatory Encyclopedias that pre-map the core obligations, standards, and guidance for each segment — SOX to GAAP, OCC SR 11‑7 to model-risk governance, NERC CIP‑015 to internal network security monitoring, Colorado’s SB24‑205 AI Act to state-level AI duties, and more. Each segment label is bound to the relevant supervisory letters, handbooks, and AI laws so you’re not building mappings from scratch.
banking_regional → OCC SR 11‑7 model risk guidance + FFIEC IT handbooks + applicable state AI Acts
energy_utility_transmission → NERC CIP‑015 Internal Network Security Monitoring + FERC cybersecurity directives
Oracle Foundry ingestion (your blend)
Your internal artifacts — policies, playbooks, runbooks, risk registers, and model documents — are ingested through Oracle Foundry alongside the curated spine. Each source gets SIRE identity metadata, chunk embeddings, and provenance tracking.
SIRE frontmatter— Subject, Included, Relevant, Excluded tags that control retrieval routing and authority boundaries.Tiered sourcing— Oracle sources (authoritative) vs. web sources (supplementary) with distinct trust levels in Claim Ledger scoring.Versioned provenance— Every oracle chunk carries its source document hash, ingestion timestamp, and pipeline version for audit traceability.
Prompt Compiler (context assembly)
At runtime, every prompt is assembled by Prompt Compiler using the CFPO template model. The compiler selects relevant oracle context based on SIRE routing and the governance profile.
- •Resolves which oracle sources apply based on SIRE identity metadata and the active governance profile.
- •Assembles a deterministic system prompt with Content, Format, Policy, and Output zones.
- •Injects domain-specific policy addenda and evidence-gap acknowledgement directives when coverage is incomplete.
Claim Ledger (evidence evaluation)
Claim Ledger decomposes every response into atomic claims, scores each against oracle and web evidence using embedding entailment, and evaluates the result through a deterministic emission gate.
- All claims supported — pass with per-claim citations traced to oracle sources.
- Partial support with warnings — some claims lack citations or use lower-tier web evidence.
- Unsupported claims flagged — material claims without evidence trigger advisory warnings or enforce-mode blocks.
- Boundary referral — query falls outside oracle authority; response directs to qualified professionals.
Example: regional bank Encyclopedia
For a regional bank using high-risk AI and quantitative models, Ontic binds the Encyclopedia to the core supervisory and AI-law obligations.
Knowledge Base (curated spine)
Segment: financialservices_banking_regional
- •SOX 404 internal control requirements for financial reporting.
- •FFIEC IT Handbooks for information security, development, and operations controls.
- •BSA/AML obligations around monitoring, reporting, and suspicious activity.
- •Colorado SB24‑205 “Consumer Protections for Artificial Intelligence Act” when your customers or operations fall under Colorado jurisdiction.
Illustrative Encyclopedia (YAML)
segment: financialservices_banking_regional jurisdictions: - federal - colorado knowledge_base: - sox_404 - ffiec_it_handbook - bsa_aml_program - co_sb24_205_ai_act required_state: - model_risk_assessment - fairness_evidence - bsa_aml_monitoring_evidence - audit_trail missing_action: flag_human | fail_closed
model_risk_assessmentSatisfies OCC SR 11‑7 expectations on model development, validation, and governance.fairness_evidenceTied to state AI laws like Colorado’s AI Act, which aim to prevent algorithmic discrimination in high-risk AI systems.audit_trailEnsures traceability of decisions and model changes, aligning with supervisory guidance on governance and documentation.Oracle (runtime behavior)
“Generate a customer-facing explanation of our Colorado banking credit model decision for this declined applicant.”
The Oracle:
- →Prompt Compiler resolves SIRE routing: regional banking oracles, Colorado AI Act duties, credit-decision policy context.
- →Oracle Foundry retrieves relevant chunks from federal model risk guidance (SR 11‑7), FFIEC expectations, BSA/AML context, and Colorado SB24‑205.
- →Claim Ledger extracts atomic claims from the response and scores each against the retrieved oracle evidence using embedding entailment.
- →The emission gate evaluates claim verdicts and flags unsupported claims; in enforce mode, unsupported material claims block the response.
Gate (enforcement)
- Blocks customer disclosure if BSA/AML or model-governance evidence is absent from the oracle corpus.
- Allows a response only when oracle sources evidence that Colorado AI Act transparency and discrimination-risk requirements are met.
Global to Local Regulatory Landscape
Ontic honors regulatory requirements across jurisdictions by structuring them as curated, versioned sources in Oracle Foundry. Regulations → oracle sources → Prompt Compiler → Claim Ledger.
Global Frameworks (Cross-Jurisdictional)
Baseline standards ingestible as universal Oracle Foundry sources.
EU AI Act
Europe, extraterritorialRisk assessments, conformity docs, human oversight, transparency logs
Clean Room defaults to high-risk controls; audit trails for conformity evidence
NIST AI RMF 1.0
US, voluntary globalImpact assessments, bias monitoring, lifecycle governance
Core Oracle Foundry taxonomy; Claim Ledger enforces measurement thresholds
ISO/IEC 42001
International standardPolicies, risk treatment, controls certification
Refinery/Studio certification baseline; versioned control mappings
Regional Regulations
Europe
EU AI Act dominates (27 countries + EEA); UK AI Framework (pro-innovation, sector bills 2026); Switzerland aligns.
North America
US patchwork (CO AI Act, CA SB1047, NY LL144); Canada AIDA (high-impact transparency).
Asia-Pacific
China GenAI Measures (algorithm registration); South Korea Basic AI Act; Singapore Model Framework.
Latin America
Brazil AI Bill of Rights (risk-based).
Local / Sector-Specific (US States + Agency Rules)
US states lead with binding laws; agencies fill gaps.
Colorado
SB24-205 (first comprehensive; impact assessments Feb 2026)
Deployer obligations → Claim Ledger blocks non-compliant outputs
California
SB1047 (frontier models); CCPA/CPRA AI clauses
Large model safety + consumer AI rights
NYC / Illinois
LL144 AEDT (hiring AI); BIPA AI biometrics
Employment + biometric high-risk
Federal US
OMB M-24-10 (gov AI); NIST RMF
FedRAMP-ready environments
Canada
AIDA (high-impact mitigation)
Similar to EU high-risk
Sector examples (from your matrix)
- Banking: OCC SR 11‑7 model risk → Oracle Foundry sources FFIEC AI guidance
- Healthcare: FDA AI/ML SaMD → Clean Room evidentiary chain
- Defense: DoD AI Principles + CMMC AI → Clean Room self-hosted deployment
How Ontic Ingests & Enforces
Oracle Foundry ingestion
Regulations ingested as versioned oracle sources with SIRE identity metadata, chunk embeddings, and provenance hashes.
SIRE Crosswalk routing
Crosswalk maps coverage, overlaps, and authority boundaries across the oracle library for deterministic retrieval.
Prompt Compiler assembly
System prompts built deterministically using CFPO templates with jurisdiction and sector context from oracle sources.
Claim Ledger enforcement
Every response claim is scored against oracle evidence; the emission gate blocks unsupported claims based on governance profile.
End-to-end governance: a banking output in Germany inherits EU AI Act + BaFin oracle sources; a US hospital gets FDA + HIPAA oracle context. Update once in Oracle Foundry → propagates everywhere.
Coverage: representative segments
How Encyclopedias look across high-value segments. The full 74-segment matrix is available as a CSV.
| Segment | Encyclopedia sources | Gate enforcement |
|---|---|---|
| Banking – regional | OCC SR 11‑7; FFIEC IT Handbooks; BSA/AML; Colorado SB24‑205 | Blocks credit, deposit, or marketing outputs without model risk documentation, fairness testing, and BSA/AML monitoring evidence. |
| Banking – digital / fintech | SR 11‑7; FFIEC outsourcing; CFPB rules; state AI and consumer protection laws | Enforces evidence for explainability, algorithmic discrimination controls, and consumer disclosures. |
| Hospital system | FDA SaMD; CMS prior-auth; state health privacy and AI restrictions | Blocks clinical decision-support outputs without linkage to approved indications and safety evidence. |
| Payer / health plan | CMS regulations; state insurance and utilization rules; AI prior-auth policy | Requires evidence of coverage policies and model fairness assessments for benefit decisions. |
| Defense subcontractor | CMMC 2.0; NIST SP 800‑171 and 800‑53 | Blocks AI-driven handling of controlled data unless CMMC and 800‑171 evidence is present. |
| Defense prime | DFARS; CMMC Level 2/3; NIST 800‑171 and 800‑172 | Enforces fail closed when prompts would send covered defense information without enclave evidence. |
| Energy – transmission | NERC CIP‑015 INSM; NERC CIP standards; FERC cybersecurity | Blocks changes affecting BES operations unless internal network monitoring and anomaly detection evidence exists. |
| Energy – retail | NERC CIP; state utility commission rules; privacy and AI regulations | Enforces evidence-backed controls on AI for demand response, billing, or disconnection decisions. |
| Legal – regional firm | ABA ethics opinions; FRCP e-discovery; local bar AI guidance | Blocks drafting or disclosure that would violate confidentiality or AI-related ethics duties. |
| Legal – e-discovery vendor | FRCP e-discovery framework; model ESI and privilege protocols; client SLAs | Requires evidence of defensible process before allowing AI-generated review summaries. |
| High-risk employer (multi-state) | Colorado SB24‑205; anti-discrimination laws; EEOC guidance | Enforces impact assessment, transparency, and bias controls before AI hiring or promotion decisions. |
| Consumer credit / lending | Federal fair-credit laws; SR 11‑7; state AI and consumer protection laws | Blocks adverse action notices unless model documentation, fairness evidence, and audit trails are present. |
Banking – regional
Sources
OCC SR 11‑7; FFIEC IT Handbooks; BSA/AML; Colorado SB24‑205
Gate enforcement
Blocks credit, deposit, or marketing outputs without model risk documentation, fairness testing, and BSA/AML monitoring evidence.
Banking – digital / fintech
Sources
SR 11‑7; FFIEC outsourcing; CFPB rules; state AI and consumer protection laws
Gate enforcement
Enforces evidence for explainability, algorithmic discrimination controls, and consumer disclosures.
Hospital system
Sources
FDA SaMD; CMS prior-auth; state health privacy and AI restrictions
Gate enforcement
Blocks clinical decision-support outputs without linkage to approved indications and safety evidence.
Payer / health plan
Sources
CMS regulations; state insurance and utilization rules; AI prior-auth policy
Gate enforcement
Requires evidence of coverage policies and model fairness assessments for benefit decisions.
Defense subcontractor
Sources
CMMC 2.0; NIST SP 800‑171 and 800‑53
Gate enforcement
Blocks AI-driven handling of controlled data unless CMMC and 800‑171 evidence is present.
Defense prime
Sources
DFARS; CMMC Level 2/3; NIST 800‑171 and 800‑172
Gate enforcement
Enforces fail closed when prompts would send covered defense information without enclave evidence.
Energy – transmission
Sources
NERC CIP‑015 INSM; NERC CIP standards; FERC cybersecurity
Gate enforcement
Blocks changes affecting BES operations unless internal network monitoring and anomaly detection evidence exists.
Energy – retail
Sources
NERC CIP; state utility commission rules; privacy and AI regulations
Gate enforcement
Enforces evidence-backed controls on AI for demand response, billing, or disconnection decisions.
Legal – regional firm
Sources
ABA ethics opinions; FRCP e-discovery; local bar AI guidance
Gate enforcement
Blocks drafting or disclosure that would violate confidentiality or AI-related ethics duties.
Legal – e-discovery vendor
Sources
FRCP e-discovery framework; model ESI and privilege protocols; client SLAs
Gate enforcement
Requires evidence of defensible process before allowing AI-generated review summaries.
High-risk employer (multi-state)
Sources
Colorado SB24‑205; anti-discrimination laws; EEOC guidance
Gate enforcement
Enforces impact assessment, transparency, and bias controls before AI hiring or promotion decisions.
Consumer credit / lending
Sources
Federal fair-credit laws; SR 11‑7; state AI and consumer protection laws
Gate enforcement
Blocks adverse action notices unless model documentation, fairness evidence, and audit trails are present.
Full 74-segment matrix available on request. Browse all segments →
Benefits
Pre-curated 74 segments
Launch in your segment on Day Zero with a curated regulatory spine; you’re not starting from a blank sheet or generic control library.
SIRE-routed retrieval
A prompt like "Colorado banking disclosure" automatically routes through SIRE Crosswalk to load Colorado AI Act oracle sources and banking-specific regulatory context.
Human-in-loop by design
When Claim Ledger detects an evidence gap — missing model risk documentation, no fairness testing, incomplete BSA/AML oracle coverage — the emission gate flags the response instead of letting the model improvise.
Closed-loop remediation
Forensics Lab traces unsupported claims back to root cause — oracle coverage gap, prompt misconfiguration, or calibration drift — and feeds fixes to Oracle Foundry, Prompt Compiler, and Process Control System.
Find your segment
See how Ontic maps regulatory obligations for your industry. Or check your risk profile in two minutes.
Who uses this
Operator
Ontic curation team
Maintains the 74-segment regulatory spine backed by 54 oracle sources. Customer compliance staff layer internal policies on top.
Consumer
Oracle Foundry and governance runtime
Encyclopedias become oracle source material. Auditors review evidence chains traced back to curated regulatory artifacts.