Topics in AI
    8 min read

    Compliance-as-Code Is Quietly Becoming a Thing

    Engineering encoded its style guides into linters years ago. Compliance teams are doing the same with policy-as-code, and the 2026 wave of generative AI tools is reading those policies at generation time.

    ByJames R. GosnellEducational content. Not legal advice.
    AICompliancePolicy-as-CodeRegulated IndustriesWorkflow

    Compliance-as-Code Is Quietly Becoming a Thing

    A wealth firm's compliance officer and a senior backend engineer do similar jobs. Both keep humans from shipping things that violate a rulebook. The engineer's rulebook is the security and style policy; the officer's is the marketing review manual. The engineer's has been machine-readable for fifteen years. The officer's is still a 60-page PDF. That is changing, quietly, in 2026.

    What Engineers Figured Out Fifteen Years Ago

    In the late 2000s, engineering teams stopped trusting code review as the primary defense against bad code. They encoded style guides and security guidelines into linters and CI checks. ESLint, Rubocop, SonarQube, Snyk. The rulebook moved from a wiki page nobody read to a tool that ran on every commit. Reviewers stopped catching trailing commas and started catching architectural mistakes.

    Once the rules were code, they were testable, versioned, diffable, and enforceable at the point of authoring. Compliance teams in regulated industries have watched this with envy, and without the tools to replicate it. Until recently.

    The Policy Engines That Grew Up While Nobody Looked

    Policy-as-code engines have been graduating into mainstream adoption while compliance teams were not looking. Open Policy Agent, donated to the CNCF in 2018, was graduated in January 2021 and now reports 91 percent of surveyed organizations using it, with production users including Goldman Sachs, Netflix, Pinterest, and T-Mobile. OPA policies are written in a declarative language called Rego.

    Kyverno graduated from the CNCF at KubeCon Europe in March 2026, with production deployments at Bloomberg, Coinbase, LinkedIn, Spotify, and Wayfair. HashiCorp Sentinel sits inside Terraform Cloud and blocks infrastructure changes before any cloud resource is created. None were built for compliance officers. All are being repurposed for compliance work, because the pattern they enforce, declarative rule plus deterministic check, is what a compliance manual is once you let go of the PDF.

    The 2026 Unlock: Policy at Generation Time

    Through 2024 and 2025, the policy-as-code conversation lived almost entirely on the infrastructure side. Block a Terraform plan that opens a public S3 bucket. Reject a Kubernetes deployment without resource limits. Important, but invisible to compliance.

    The 2026 unlock is wiring the same engines into the generation step of AI tools. An AI gateway sits between the application and the model. Every prompt and every output passes through the gateway, which consults a policy library written in Rego or YAML and either rewrites, blocks, or annotates the call. Microsoft's Agent Governance Toolkit, released in April 2026, supports YAML, OPA Rego, and Cedar for agent runtime governance. Pulumi shipped first-class Rego support in March 2026.

    If every team builds its own runtime check in application code, the rules drift. If they live in one library and run at every model call, they cannot. The policy engine is to AI generation what ESLint was to JavaScript: a deterministic check that turns a written rulebook into a property of the system. Without it, every generated artifact still ends up in a human review queue, and the AI saves nothing.

    What This Looks Like in Regulated Marketing

    We ran into this directly with LeadLord. A wealth manager has rules about which performance numbers can appear in which audience targeting on which platform. Rules about when a disclaimer is required and what it has to say. Rules about which testimonials are allowed, and how risk language has to be phrased for a Quebec audience versus an Ontario one. Hand-checking each generated variant against those rules is exactly the bottleneck we were trying to remove. So we encoded the rules once into a machine-readable policy file, ran the policy at generation, ran it again at post-check, and refused to ship any variant that did not pass both. The compliance team writes the policy. The marketer ships campaigns. Nobody hand-reviews each variant. That is what compliance-as-code looks like at the application layer. Product details at /projects/leadlord.

    The same shape works for medical claims in pharma copy, disclosure language in investment letters, HIPAA-safe phrasing in patient communications, and ad copy in cannabis and alcohol. Every regulated vertical has the same structure: a finite rulebook and an infinite stream of artifacts. A policy-engine-shaped problem.

    The Three-Layer Pattern

    Across the implementations now shipping, the same three layers keep appearing.

    Layer one is the machine-readable policy library, curated and versioned by compliance. The unit of work is the policy file, not the meeting. Officers write rules in a structured format, run them against historical artifacts to test backward compatibility, and diff a rule change against last quarter's policy.

    Layer two is the generation tool that consults the library at every step. The AI gateway, the LLM agent runtime, the in-product copilot, all read from the same file. A draft that fails policy never reaches a reviewer; the model revises, asks for clarification, or refuses.

    Layer three is the deterministic post-check that gates output. After the model finishes, a second pass runs the policy against the final artifact. Audit becomes a side effect of the workflow. Every artifact carries a trail of which policy version it was evaluated against and which rules it passed. Quarterly review becomes a database query, not a random sample.

    What to Watch as the Stack Settles

    Two things are still in flux. First, the policy languages. Rego, Cedar, YAML, and a handful of domain-specific frameworks are all in the running. The pattern of one engine winning per domain (Terraform got Sentinel and OPA, Kubernetes got Kyverno) suggests the same will happen for AI generation, but it has not yet. Second, the regulator's stance. Will FINRA, the Autorité des marchés financiers, the FDA, and IIROC accept policy-as-code as adequate first-pass diligence, or insist that a licensed human read every artifact regardless. The pattern only fully unlocks if the regulator lets it.

    The encouraging signal is that engineers and compliance officers are working from the same primitive. The rules are code. What gets built on top is the interesting part.