How enforcement works

Understanding how IOA enforces governance policies at runtime with block/allow decisions.

Enforcement modes

IOA Cloud offers three enforcement modes, each with different levels of intervention:

Shadow Mode (Bronze/Free)

Policies observe and log activity without blocking. All requests are allowed, but policy violations are recorded in evidence bundles. Perfect for testing and evaluation.

Use case: Development, testing, policy tuning

Enforce Mode (Silver)

Policies actively block or allow requests based on governance rules. Pre-invoke checks prevent policy violations before LLM calls; post-invoke checks validate responses before returning to your application.

Use case: Production non-regulated workloads

Consensus Mode (Gold/Gold+)

Multiple LLMs vote on governance decisions using quorum logic. Reduces bias and improves decision quality through diverse model perspectives. Dissent is recorded in evidence.

Use case: Regulated industries, high-risk applications

Enforcement flow

  1. Pre-invoke check: Policies evaluate request before LLM call
  2. Decision: Allow (proceed) or Block (reject with reason)
  3. LLM invocation: If allowed, request is sent to LLM provider
  4. Post-invoke check: Policies evaluate response
  5. Evidence generation: Signed evidence bundle created
  6. Response: Result returned to application or blocked

Badges reflect runtime posture, not plan

Your governance badge (Bronze, Silver, Gold, Platinum) shows what mode you're actually running at runtime, not what plan you're paying for. A Launch plan user can display a Bronze badge if they run in Shadow mode, while a Scale plan user can earn Silver or Gold badges based on their actual governance configuration.

Learn more about badges and evidence

Policy types

  • PII detection: Block requests containing personal information
  • Bias detection: Identify and prevent biased prompts or responses
  • Content safety: Filter harmful, toxic, or inappropriate content
  • Compliance: Enforce regulatory requirements (GDPR, HIPAA, AI Act)
  • Custom policies: Define your own governance rules (Enterprise)

Handling blocked requests

When a request is blocked, IOA returns:

  • Error code: HTTP 403 with IOA-specific error code
  • Reason: Clear explanation of which policy triggered the block
  • Evidence ID: Reference to the signed evidence bundle
  • Suggestions: Guidance on how to modify the request (when applicable)

Fine-tuning enforcement

Configure enforcement behavior per policy:

  • Thresholds: Set confidence levels for policy triggers
  • Allowlists: Exempt specific patterns or users
  • Rate limits: Apply per-user or per-policy limits
  • Notification webhooks: Alert on policy violations
← Back to Pricing