Writing
Essays and white papers on deterministic rule infrastructure for regulated work. One argument runs through all of them: a probabilistic model cannot serve a domain that runs on certainty, so the answer is a deterministic rule layer beneath the model, and the same engine serves every regulated domain.
White papers
One Engine, Every Regulated Domain
A white paper on deterministic rule infrastructure for high-stakes AI
Where the Model Belongs
A white paper on the division of labor between language models, rules, and people in high-stakes work.
Provenance: the audit trail as a feature
Being right is not enough in regulated work. You have to show why, to someone who was not there and is not inclined to believe you.
Before any rule can run
A white paper on normalization: the unglamorous step that turns the messy world into something a rule can read, and the place where a system quietly succeeds or fails.
Rules, and the data they read
A white paper on the split that keeps a rule engine maintainable: obligations as version-controlled rules, bulk facts as reference data, kept apart on purpose.
Coverage is not trust
A white paper on the field that lets a rule corpus scale without becoming a liability: separating whether a rule exists from whether it can be trusted.
Essays
Securities: the primitive that was already built
How a deadline check written for a letter of credit becomes a disclosure-filing engine — the gentlest version of the whole idea: a domain that needed nothing new.
Legal: where the model earns its keep
The one domain whose core check is genuinely semantic — and how the engine uses a language model for exactly that part and nothing more.
Data Protection: a matrix of jurisdictions
The first domain that reasons about a pair of countries rather than a single fact, and contributes a new primitive the domains after it inherit.
AI Governance: the engine calls itself
The capstone, where a rule in one field invokes the rules of another — and the engine stops being a set of parallel tools and becomes a single call graph.
Tax: a domain that falls out for free
What happens once the primitives exist: a large, complicated field that arrives at almost no marginal cost, because the mechanisms it needs were built in other domains for other reasons.
Insurance: the purest reuse
A whole regulated industry assembled almost entirely from primitives built elsewhere — where the claim at the center stops sounding ambitious and starts sounding like arithmetic.
The clock that travels
A deadline is a small, sharp piece of logic: a starting event, a count of days, a check that something landed in time. Built once for trade finance, it runs securities filings, breach notifications, and tax returns without changing a line.
A question about a pair
Some compliance questions cannot be answered by a fact about one thing. They depend on a relationship between two: a pair of jurisdictions resolved against a table. Built for data protection, the same lookup turns up in tax and again in AI governance.
The safe answer is 'I could not check'
When a compliance system cannot verify something, it has two choices: stay quiet, or say so. The quiet option demos better and is the one failure that actually matters. Failing closed is the whole discipline.
Why 95% accurate is a liability
Ninety-five percent accurate sounds like a strong system, and in most software it is. In regulated work it describes a machine that produces a liability once in every twenty answers, on exactly the cases you cannot identify in advance.
RAG can retrieve, but it cannot decide
Retrieval-augmented generation finds the relevant rule and hands it to the model. That is useful, and it is not a decision. A citation attached to a guess is still a guess, and in regulated work it is the more dangerous kind, because it looks defensible.
The bottleneck was never the model
Every wave of compliance AI bets on a better model. But the engine was never the constraint. The constraint is the rules: someone has to turn regulation into something a machine can execute, and that work does not get faster when the model does.
What 'explainable' actually requires
Explainable AI usually means a model that narrates its reasoning, or a heatmap over its inputs. A regulator does not want a narration. It wants the decision to trace to a rule, and the rule to a source. Those are not the same thing.
GDPR Article 33: the 72-hour clock and when it starts
GDPR gives a controller 72 hours to notify the regulator of a personal-data breach. The number is simple. The thing the number counts from, the moment of awareness, is where the obligation actually lives, and where a deterministic check earns its place.
The five percent line: Schedule 13D
Acquire more than 5% of a US public company's voting equity and you owe the SEC a Schedule 13D. The threshold has held for decades; the filing window was just cut from ten days to five. A well-built rule does not flinch when that happens.
Solvency II: the hundred percent line
Under Solvency II an insurer must hold eligible own funds at least equal to its Solvency Capital Requirement. The whole regime, for all its complexity, ends at a coverage ratio crossing 100%, and a coverage ratio is a numeric comparison.
EU AI Act: which list are you on
The EU AI Act does not regulate AI uniformly. It sorts systems into tiers, and Annex III is the list that decides whether a system is high-risk. The obligations are heavy, but they are downstream of a classification, and a classification is a rule.
The treaty rate, and who may claim it
When a dividend crosses a border, the source country's domestic withholding rate applies unless a tax treaty between the two countries reduces it, and unless the recipient actually qualifies. The rate is a lookup; the qualification is a condition.
The fifty percent rule: a name that is not on the list
OFAC's 50 Percent Rule blocks any entity owned, in aggregate, 50% or more by blocked persons, whether or not that entity is itself named. Catching it is not a name match. It is an ownership computation, and it fails closed when the ownership is unclear.
Sanctions: the match that must never be missed
Sanctions screening looks like a lookup and is really a matching problem over messy names. The two ways to be wrong, a false hit and a missed match, are not the same size, and the whole design follows from that.
AML: the shape of suspicion
Anti-money-laundering rules rarely flag a single act, because a single act is usually legal. They flag shapes: structuring, layering, the deposit that sits just under a reporting line. That makes the rule a combination of conditions, and it makes the human the one who decides.
How a bank reads a letter of credit
Under a letter of credit a bank pays against documents, not goods, and it pays only if the documents comply, on their face, with the credit and with each other. The examination is a web of cross-checks, and it is where this engine first learned its trade.
Where a thing is from
A good claiming a preferential tariff under a trade agreement has to prove where it is from. Origin is not the port it left; it is a qualification test over how the good was made, and that test is a different kind of rule from a threshold or a deadline.
MiFID II: does this product suit this person
Under MiFID II a firm giving investment advice must ensure the product suits the client's knowledge, situation, objectives, and risk tolerance. The product can be perfectly sound and still unsuitable, because suitability is a relationship between two things, not a property of one.
FATF Recommendation 16: the information that has to travel
FATF Recommendation 16 requires that originator and beneficiary information accompany a transfer along its whole chain. The obligation is not about the transfer's legality; it is about completeness, and a missing field is the violation.