GOPAL is a collection of Open Policy Agent (OPA) policies designed for evaluating AI systems against regulatory requirements, compliance standards, and operational criteria. It serves as the policy engine for AICertify but can also be used independently with other OPA-based systems.
gopal/
├── global/ # Global policies applicable across all domains
│ ├── v1/ # Version 1 of global policies
│ └── library/ # Reusable policy components
├── international/ # International regulatory frameworks
│ ├── eu_ai_act/ # European Union AI Act
│ ├── india/ # Indian AI regulatory frameworks
│ └── nist/ # NIST AI standards
├── industry_specific/ # Industry-specific requirements
│ ├── bfs/ # Banking & Financial Services
│ ├── healthcare/ # Healthcare industry
│ └── automotive/ # Automotive industry
├── operational/ # Operational policies
│ ├── aiops/ # AI Operations policies
│ ├── cost/ # Cost management policies
│ └── corporate/ # Corporate internal policies
├── custom/ # Custom policy categories (local only, excluded from PRs)
└── helper_functions/ # Shared utility functions for policies
Policies are organized in a modular structure to allow for clear separation of concerns and flexible composition:
- Global Policies: Baseline requirements applicable to all AI systems
- International Policies: Requirements from specific regulatory frameworks
- Industry-Specific Policies: Requirements specific to industry verticals
- Operational Policies: Requirements related to operational aspects
- Custom Policies: User-defined policy categories (local development only)
Each policy category uses versioned directories (e.g., v1/) to support evolution while maintaining backward compatibility. When referencing policies:
- Use specific versions when policy stability is required
- Use the latest version when up-to-date compliance is more important
Gopal is designed to work seamlessly with AICertify, a framework for systematically evaluating AI systems against regulatory requirements. When used with AICertify, Gopal provides the policy rules that determine compliance status.
Gopal can also be used independently with any OPA-compatible system. The policies follow standard OPA patterns and can be evaluated using the OPA CLI or API.
The custom/ directory is provided for local development of organization-specific policies. This directory is:
- Excluded from git tracking - Custom policies are not included in commits or PRs to the origin repository
- Ignored by CI/CD - Custom policies do not affect the build or linting processes
- Local development only - Allows organizations to develop proprietary policies alongside the standard GOPAL policies
To create custom policies:
- Create your policy structure under
custom/your_category/v1/ - Follow the same naming conventions as standard policies
- Use the package name
custom.your_category.v1.policy_name - Include comprehensive tests and documentation
Example structure:
custom/
├── my_org/
│ ├── v1/
│ │ ├── compliance/
│ │ │ ├── policy.rego
│ │ │ └── policy_test.rego
│ │ └── security/
│ │ ├── policy.rego
│ │ └── policy_test.rego
Note: Custom policies remain local to your development environment and are not shared with the broader GOPAL community.
This repository includes pre-commit hooks to ensure code quality. The hooks run:
- Basic file checks (trailing whitespace, end-of-file, etc.)
- OPA check (
opa check .) - Regal lint (
regal lint .)
To use the pre-commit hooks locally, install pre-commit, OPA, and Regal, then run:
# Install pre-commit
pip install pre-commit
# Install OPA
curl -L -o opa https://openpolicyagent.org/downloads/latest/opa_linux_amd64
chmod 755 opa
sudo mv opa /usr/local/bin/
# Install Regal
curl -L -o regal https://github.com/StyraInc/regal/releases/latest/download/regal_Linux_x86_64
chmod +x regal
sudo mv regal /usr/local/bin/
# Install the pre-commit hooks
pre-commit install- Open Policy Agent (OPA) - The policy engine that powers GOPAL
- Regal - A linter for Rego, the policy language used by OPA
- AICertify - A framework for systematically evaluating AI systems against regulatory requirements
This project is licensed under the Apache 2.0 License.