Prebuilt Frameworks
Yggdrasil ships with production-ready rule packs for three major regulatory frameworks:AML / FinCEN
11 rules covering currency transaction reporting, structuring detection, and suspicious activity monitoring
GDPR
15 rules across consent, encryption, DPO requirements, and data subject rights
SOC2
9 rules mapped to the five SOC2 trust principles (Security, Availability, Confidentiality, Processing Integrity, Privacy)
Why Use Prebuilt Frameworks?
- Instant deployment — Rules are ready to use immediately with no extraction step
- Battle-tested logic — Each rule includes real-world historical context and average fines
- Compound conditions — Rules combine multiple signals (behavioral + temporal + relational) to minimize false positives
- Explainability — Every rule includes policy excerpts, article references, and breach examples
Custom PDF Upload
For proprietary or industry-specific regulations, upload any regulatory PDF and let Gemini 2.5 Flash extract structured, enforceable rules.Custom PDF Extraction
Upload any compliance document and extract rules with the Signal Specificity Framework
How It Works
- Upload PDF — Upload your regulatory document (AML, HIPAA, PCI-DSS, internal policy, etc.)
- AI Extraction — Gemini parses the document and identifies enforceable clauses
- Rule Generation — Each rule is converted to compound boolean logic with thresholds
- Quality Filtering — Only rules meeting minimum specificity threshold (2.0) are accepted
Key Differences
| Feature | Prebuilt Frameworks | Custom PDF |
|---|---|---|
| Setup Time | Instant | 30-60 seconds (extraction) |
| Rule Quality | Hand-curated | AI-extracted + validated |
| Customization | Fixed rules (can be toggled) | Fully custom to your document |
| Historical Context | Includes fines & breach examples | Policy text only |
| Use Case | Standard compliance (AML, GDPR, SOC2) | Industry-specific or proprietary policies |
Choosing the Right Approach
Use prebuilt frameworks when:- You need to comply with AML/FinCEN, GDPR, or SOC2
- You want production-ready rules with minimal configuration
- You need historical fine data and breach examples for risk assessment
- You have industry-specific regulations (HIPAA, PCI-DSS, GLBA, etc.)
- You’re enforcing internal company policies
- You need rules extracted from proprietary compliance documents
- You want full control over the regulatory text source
What Happens After Selection
Regardless of which approach you choose:- Review Rules — All extracted or prebuilt rules are shown for review
- Toggle Activation — Enable or disable individual rules before scanning
- Map Your Data — Connect your CSV columns to the schema fields required by rules
- Run Scan — Execute deterministic rule evaluation against your dataset
- Review Violations — Get explainable results with policy excerpts and evidence
All rule execution is deterministic — no AI models are used in the enforcement loop. Explanations are generated from templates, not LLM calls.
Next Steps
Explore AML Rules
View the 11 AML/FinCEN rules for financial transaction monitoring
Explore GDPR Rules
View the 15 GDPR rules across consent, encryption, and data subject rights
Explore SOC2 Rules
View the 9 SOC2 rules mapped to trust service criteria
Upload Custom PDF
Learn how custom PDF extraction works with the Signal Specificity Framework