AI compliance layer
An AI compliance layer is the regulated middleware that sits between an AI agent and a carrier's pricing, underwriting, and policy administration systems. It enforces the A2A Core Patterns standard in real time: validating every field against insurer product rules before a quote is returned, stripping PII before it enters model context, enforcing mandatory disclosures and acknowledgements, and writing a tamper-evident audit record of every action taken in the transaction.
What is ai compliance layer?
In the A2A protocol, the compliance layer is formally called the Rail. The agent talks to the Rail; the Rail talks to the carrier. This separation means the agent never directly accesses a carrier's systems, a data enrichment source, or a payment handler. All such interactions are mediated and governed by the Rail, which is purpose-built to enforce compliance without re-implementing it in each agent.
The Rail performs five distinct functions. First, enrichment: it calls authoritative data sources such as DVLA, MyLicence, CUE, BCIS, and Companies House to populate the risk schema, keyed from the canonical identifiers the customer provides. Second, validation: it checks every field in the assembled quote request against carrier-defined product rules before making any carrier call, blocking hallucinated, estimated, or out-of-appetite values. Third, PII protection: it strips, tokenises, and protects personal data before it enters AI model context or logs, with heightened protections for special-category data. Fourth, compliance enforcement: it enforces the disclosure-and-acknowledgement gate, the step-up confirmation requirement, and any applicable signposting duties. Fifth, audit: it writes an immutable, tamper-evident record of every enrichment call, every enriched-versus-attested fact, every disclosure, and every authority exercised.
Marrow is the AI compliance layer for UK insurance. The compliance, enrichment, and audit implementations behind the A2A open standard are Marrow's; the interface standard itself is open.
Why does ai compliance layer matter for insurance?
The compliance layer is what allows agentic insurance to be safe and regulatorily valid. Without it, an AI agent interacting directly with insurance systems would produce inaccurate quotes, miss mandatory disclosures, and have no audit trail - creating Consumer Duty, mis-selling, and GDPR exposure.
By making compliance a property of the Rail rather than of the agent, the A2A protocol removes the requirement for every agent to independently implement FCA Consumer Duty, UK GDPR, and disclosure rules. The agent handles the conversation; the Rail handles the compliance.
Related terms
The open standard the compliance layer enforces.
The validation component that prevents AI-generated values from reaching carrier systems unchecked.
The carrier-facing interface the compliance layer wraps.
The model of distribution the compliance layer makes safe.
The risk-data assembly process the compliance layer governs.
Source
Section 4 (Core Patterns) and Section 6 (Information Access Model) define the Rail's responsibilities.
Last updated 2026-06-18
All terms