Compliance

The compliance guardrail evaluates outbound emails for regulatory compliance. By default it checks for CAN-SPAM requirements, but you can customize it for any regulatory framework.

Note: This guardrail is disabled by default because compliance requirements vary by organization and jurisdiction. Enable it if your agents send commercial or marketing emails subject to CAN-SPAM, GDPR, CASL, or similar regulations.

Default behavior

Out of the box, the compliance guardrail checks for CAN-SPAM requirements:

• Missing unsubscribe mechanism — Commercial emails must include a way to opt out
• Missing physical postal address — Required for commercial email senders
• Deceptive subject lines — Subject lines that mislead the recipient about the email's content

For commercial and marketing emails, all three signals should be present.

Custom compliance definitions

Replace the default definition with your own compliance requirements in Settings > Guardrails > Compliance (up to 2,000 characters).

Examples:

• "All customer communications must include our company registration number and registered address. Emails offering financial products must include the required risk disclaimer."

• "Check for GDPR compliance: emails to EU recipients must not reference personal data processing without mentioning the right to withdraw consent."

• "All marketing emails must include: (1) unsubscribe link, (2) physical mailing address, (3) clear identification of the sender. Flag any commercial email missing these elements."

Use cases

Marketing automation — Your AI agent sends promotional or follow-up emails. Enable the compliance guardrail to catch emails that are missing required CAN-SPAM elements before they go out.

Financial services — Customize the definition to include regulatory disclaimers and risk warnings required by your jurisdiction.

Multi-region compliance — Customize the definition to cover CAN-SPAM (US), CASL (Canada), GDPR (EU), or other regional requirements based on where your customers are located.