How Rosetta Works
From application to audit receipt — understanding the policy evaluation, risk scoring, and evidence generation pipeline.
The Rosetta Flow
Policy Evaluation
When a request reaches Rosetta, the first step is policy evaluation. Policies define the rules and constraints that govern AI-assisted decisions.
Policies can cover regulatory requirements, internal compliance rules, risk tolerance thresholds, and business-specific constraints. Each policy evaluation produces a result that feeds into the overall decision documentation.
Regulatory Policies
Fair lending, anti-discrimination, consumer protection rules
Risk Policies
Risk tolerance thresholds, exposure limits, signal-based rules
Business Policies
Product eligibility, pricing rules, operational constraints
Risk Scoring
After policy evaluation, Rosetta produces a risk score for the interaction. This score reflects the overall risk profile based on policy results, model outputs, and contextual signals.
The risk score determines whether the decision requires human review, additional verification, or can proceed automatically. All risk metadata is captured in the evidence record.
Audit Receipts
The final output of every Rosetta evaluation is a tamper-evident audit receipt. This receipt captures the complete decision context, including policy evaluation results, risk scores, model outputs, and review status.
Each receipt is designed to serve as authoritative evidence for compliance, audit, and regulatory review. Receipts are immutable records that provide a complete chain of custody for every AI-assisted decision.
Review Workflows
Not all AI decisions should be automated. Rosetta supports review workflows that route decisions to human reviewers based on risk level, policy requirements, or business rules.
Review workflows ensure that high-risk decisions receive appropriate human oversight while low-risk decisions can proceed efficiently. Every review action is also captured in the evidence record, creating a complete chain of accountability.
Auto-Approved
Low-risk decisions that pass all policy checks proceed automatically.
Flagged for Review
Medium-risk decisions are routed to a human reviewer for verification.
Requires Escalation
High-risk decisions require senior reviewer approval.