Seven verticals, one gate
Same gate. Different rules.
Pick an industry. The page reframes the demo against that vertical’s published rule set, with a permit scenario and a refuse scenario. Gambling uses real captured testnet artefacts; the other six are illustrative scenarios derived from the rule set’s policy text and scenario rows, clearly labelled on every check card.
Real vs illustrative, in one line
Only the gambling tab carries real captured proofs (descriptor fingerprints,
log roots, role typed digital signatures, per validator counters). The other tabs show
faithful descriptor structures derived from each rule set’s policy text,
with a live cryptographic descriptor fingerprint computed in your browser;
they do not claim a testnet capture happened for that vertical.
Per vertical depth
The rules each pack models, in plain English.
Each rule set ships a regulator aligned baseline plus a tenant overlay,
a set of named refusal codes, and a scenario book. Every row below is
derived directly from the policy text and the scenario JSONL shipped
with the engine at kronaxis-compliance/policy/rulepacks/<pack>/.
| Rule set | What it models | Named refusal codes (selection) | Source authority |
|---|---|---|---|
| Gambling marketing real captured |
UKGC LCCP marketing controls: self exclusion, vulnerability, age, hours of operation, content class, low value bonus framing, jurisdiction. | SELF_EXCLUDED, VULNERABLE, AGE_UNVERIFIED, OUTSIDE_OPERATING_HOURS, CONTENT_CLASS_REFUSED, JURISDICTION_MISMATCH |
UK Gambling Commission Licence Conditions and Codes of Practice (LCCP), October 2025 framework |
| FCA debt collection | CONC handbook controls on outbound contact: channel restrictions for vulnerable customers, dispute or query freezes, operating hours, mental capacity flag, manual review. | VULNERABLE, MENTAL_CAPACITY_NON_STATUTORY_REFUSED, DISPUTE_ACTIVE, OUTSIDE_OPERATING_HOURS, OUTSIDE_OPERATING_HOURS_ANY_CHANNEL, CLIENT_OVERLAY_STRICT |
FCA Consumer Credit sourcebook (CONC); Consumer Duty PRIN 2A |
| Financial promotions (FSMA s.21) | Approval workflow for financial promotion content: s.21 approver attestation, target investor class, mandatory risk warnings, banned phrases for high risk investments. | S21_APPROVAL_MISSING, BANNED_PHRASE, MANDATORY_ELEMENT_MISSING, HIGH_RISK_TARGETING_MISMATCH, STATUTORY_REVIEW_WITHOUT_FLAG |
Financial Services and Markets Act 2000 s.21 and FCA financial promotions rules |
| UK GDPR direct marketing | Lawful basis presence per processing activity, processor location, SCC presence, consent state, special category data, retention windows, individual rights. | NO_LAWFUL_BASIS, PROCESSOR_OUTSIDE_EEA_NO_SCC, OBJECTION_HONOURED, CLIENT_OVERLAY_STRICT, SPECIAL_CATEGORY_NO_CONDITION |
UK GDPR; Data Protection Act 2018; ICO direct marketing guidance |
| Consumer Duty (PRIN 2A) | Outcomes for retail customers across automated decision making, foreseeable harm, communications, products and services, price and value, consumer support. | VULNERABLE_AUTO_DECISION, OUTCOME_HARM_RISK, VULNERABLE_CONSUMER_PROTECTION, OUTSIDE_BUSINESS_HOURS, FORESEEABLE_HARM |
FCA Principle 12 (PRIN 2A) Consumer Duty; FG22/5 finalised guidance |
| Community pharmacy | Schedule 2 and schedule 3 controlled drugs: prescriber identity, patient identity, dispensing pharmacist record, witnessed override path, expiry, refusal on safeguarding flag. | PRESCRIBER_NOT_REGISTERED, SCHEDULE_2_NO_WITNESS, EXPIRY_BREACH, SAFEGUARDING_FLAG, STOCK_DISCREPANCY |
General Pharmaceutical Council (GPhC) standards; Misuse of Drugs Regulations 2001 |
| EYFS childcare | Authorised collector matching, photo and video consent state per child, ratio breach detection, safeguarding flag escalation, key person continuity. | COLLECTOR_NOT_AUTHORISED, PHOTO_CONSENT_MISSING, RATIO_BREACH, SAFEGUARDING_ESCALATION, KEY_PERSON_MISMATCH |
Statutory framework for the Early Years Foundation Stage (EYFS) 2021; Working Together to Safeguard Children |
| Ofgem energy retail | SLC sourcing rules on debt and disconnection, vulnerable customer flag, communications channel restrictions, priority service register, prepayment switch. | VULNERABLE, PSR_REGISTERED_NO_VOICE, DISCONNECTION_NOT_LAST_RESORT, CLIENT_OVERLAY_STRICT, SLC_27A_BREACH |
Office of Gas and Electricity Markets (Ofgem) Standard Licence Conditions |
| SRA legal services | Outbound communications, fee transparency, conflicts disclosure, LASPO s.56 to s.60 cold contact restrictions, regulated activity boundary. | COLD_CONTACT_RESTRICTED, FEE_NOT_DISCLOSED, CONFLICT_NOT_DISCLOSED, UNAUTHORISED_REGULATED_ACTIVITY, SRA_PRINCIPLE_VIOLATION |
Solicitors Regulation Authority Principles and Code of Conduct; LASPO 2012 ss.56 to 60 |
| ASA CAP code | Advertising standards: gambling restrictions, alcohol restrictions, misleading content, prohibited targeting, mandatory disclosures. | AD_CODE_VIOLATION, PROHIBITED_TARGETING, MANDATORY_DISCLOSURE_MISSING, MISLEADING_CLAIM, CHILDREN_TARGETED |
Advertising Standards Authority Committee of Advertising Practice (ASA CAP) Code |
| PECR direct marketing | Privacy and Electronic Communications Regulations: prior consent for marketing emails and SMS, fax to corporate exemptions, TPS or CTPS screening, voice call rules. | NO_PRIOR_CONSENT, TPS_REGISTERED, OUT_OF_HOURS_VOICE, NO_OPT_OUT_FACILITY, SOFT_OPT_IN_VIOLATION |
Privacy and Electronic Communications Regulations 2003 (PECR) |
How to read this table honestly
Eleven rule sets are listed; seven have demo tabs above the table.
Every row was derived from the actual policy text and the scenario
JSONL shipped with the engine, not invented for the microsite.
Gambling uses real captured testnet artefacts. The other ten
are illustrative scenarios from the rule set’s policy text and
scenario rows; a deployment against real traffic would emit the
same proof shape but with the buyer’s own descriptors,
signatures, and audit paths.
The full refusal code taxonomy lives in
refusal/codes.go with stability guarantees (renames are
a breaking change). A buyer’s General Counsel can write a
control statement that references any of these codes by name and
have the engine produce a contractable verdict against it.
2. Pick a scenario
3. Re check the proof
The checks below run live in your browser against the descriptor for the scenario you picked. Gambling cards show real captured testnet output; other industries show illustrative from rules output. Every card states which is which.