---
id: t7-accountability-layer
title: Accountability Layer
module: GROW-S6
module_slug: grow-s6-govtech-compliance
cluster: Trust
type: policy
version: v0.1.0
status: Gate-reviewed
tier: membership
contract_role: ""
canonical_url: "https://grow.goodcombinator.ai/library/registry/t7-accountability-layer"
download_url: "https://grow.goodcombinator.ai/library/registry/t7-accountability-layer.md"
license: CC-BY-4.0 (proposed — owner confirmation required)
source: GROW by Good Combinator
retrieved_at: 2026-05-29
---

# Accountability Layer Policy

The Accountability Layer Policy governs how a govtech compliance agent produces auditable decisions, how those decisions are explained to affected parties, what correction and appeal paths exist, and where human authority is irreducibly required. Public-sector AI deployments differ from commercial ones in one critical respect: an affected person — an applicant, a resident, a business — may have statutory rights to understand, challenge, and receive a human review of a determination that affects them. This policy operationalizes those rights as agent-design constraints, not as aspirational goals. It draws its traceability rules from `s3-decision-traceability` and its audit log structure from `s2-audit-trail-schema`, so that a compliance agent's audit trail is continuous with the broader GROW provenance system rather than a separate silo.

> **Legal notice.** Sections 3 and 4 of this policy contain provisions governing appeals, corrections, and human-authority limits that are legally operative in a public-sector context. All sections marked `[ATTORNEY REVIEW]` must be reviewed by qualified counsel before this policy is treated as binding for any deployment serving a Florida special district, county agency, or public body. The policy framework reflects general best practices; it does not constitute legal advice and does not substitute for jurisdiction-specific legal review.

## 1. Audit Log Requirements

Every compliance determination produced by `t7-compliance-workflow` must be logged to `s2-audit-trail-schema` in addition to the C9 provenance record. The two records serve different purposes: the audit record captures the full run (inputs, outputs, tool calls), while the provenance record captures the lineage trace. Neither substitutes for the other.

**Mandatory audit-log fields for compliance runs:**

| Field | Required value |
|---|---|
| `inputs` | Full application payload hash + field inventory; NOT the raw PII content unless the deployment's data-handling policy permits `[ATTORNEY REVIEW]` |
| `outputs` | The determination summary text and the per-rule determination table |
| `tool_calls` | All GIS lookups, rule-map lookups, parcel-data retrievals |
| `retrieval_sources` | Every `rule_id` row retrieved from `t7-jurisdiction-rule-map`, with `source_confidence` |
| `decision_trace` | One entry per per-rule determination per C2 shape; `decision_origin` using the extended value `compliance-determination` or base `escalation` |

The `decision_trace` must be complete. Per `s3-decision-traceability`, an output without a trace is not an output — it is a draft. A compliance determination with an incomplete `decision_trace` is gate-failing.

**Retention.** All compliance audit records carry `retention_class: civic-7yr` per `s3-governance-retention-policy`. `[ATTORNEY REVIEW]` — Florida public-records law (FS Chapter 119) may impose a different retention minimum for the specific record type; counsel must map each record class to the applicable state retention schedule.

## 2. Explainability Standards

A compliance agent must be able to produce a plain-language explanation of any determination on demand. Explainability is not a post-hoc reporting feature; it is a design constraint on how the compliance workflow structures its per-rule determination records.

**Per-determination explanation fields:**

Each C9 record must carry enough information to generate an explanation without additional inference. Required explanation elements:

1. **Which rule applied.** The `rule_id` and its plain-language `summary` from `t7-jurisdiction-rule-map`.
2. **What the agent evaluated.** The specific field(s) in the application that triggered or satisfied the rule's `agent_trigger` condition.
3. **What the determination was.** The `determination` enum value and a one-sentence rationale in plain language.
4. **What evidence supports it.** The `evidence_pointer` must resolve to a human-readable document or log, not only a hash.
5. **Who or what made the determination.** The `decision_origin` field, translated to lay language: "automatically determined by the screening tool" (`compliance-determination`) or "referred to a qualified reviewer" (`escalation`) or "reviewed and confirmed by [role]" (`human-override`).

**Explanation output.** The clerk-facing determination summary produced in Phase 5 of `t7-compliance-workflow` must include all five elements above for each activated rule. The applicant-facing version must include elements 1, 3, 4, and 5 in accessible language free of internal system IDs. `[ATTORNEY REVIEW]`

**Unsupported conclusion rule.** Per `s3-decision-traceability`, any claim in an explanation that lacks a resolving `evidence_pointer` must be marked `[unsupported]` and may not be presented to an applicant as a determination. An unsupported claim routes to `needs-review`; the `expert-review boundary` applies.

## 3. Appeals and Correction Paths

A public-sector compliance agent must preserve the right of an affected party to seek human review of a determination. This section defines the correction and appeal path.

**Applicant-initiated correction request.** An applicant who believes a determination is factually incorrect (wrong parcel data used, form field misread, rule applied to wrong activity description) may submit a correction request. The correction path is:

1. Correction request received by the district clerk (not routed directly to the agent).
2. Clerk creates a correction record in `s3-provenance-metadata-schema` with `decision_origin: human-override` and a `rationale` describing the claimed error.
3. The `stormwater-permit-triage` agent (or equivalent) re-evaluates the flagged per-rule determination using the corrected input, producing a new C9 record. The prior record is not overwritten — the correction is append-only per `s3-governance-retention-policy`.
4. If the re-evaluation produces a different `determination`, the new determination supersedes the prior for all operational purposes; the original record is retained in the provenance store with a `corrections[]` pointer.
5. `[ATTORNEY REVIEW]` — the specific procedural rights an applicant holds under Florida administrative law (FS Chapter 120, the Administrative Procedure Act) with respect to agency determinations may impose additional requirements beyond this workflow.

**Human-authority override.** Any determination may be reviewed, modified, or overridden by the applicable human authority (district engineer, board of supervisors, county staff, depending on the rule). A human override is logged as a C2 HITL event with `decision_origin: human-override` and a rationale. The agent's determination is never treated as a final agency action; final authority rests with the human official. `[ATTORNEY REVIEW]`

**Appeal to governing board.** For special-district determinations, a formal appeal to the board of supervisors is available per the district's operating resolution. `[ATTORNEY REVIEW]` — the agent must not constrain or characterize the appeal path; it must surface the appeal-notice language provided by counsel rather than generating its own.

## 4. Human Authority Boundaries

These boundaries are absolute. The agent may not cross them autonomously; doing so is a `critical`-severity failure mode (`unsafe-action-attempted` in `s1-failure-mode-register`).

**Hard boundaries — agent may NEVER perform these autonomously:**

1. Issue, deny, or revoke a permit, license, or approval. `[ATTORNEY REVIEW]`
2. Make a final agency determination. The agent produces a draft determination for human review.
3. Transmit a determination directly to an applicant without clerk review and approval.
4. Waive a statutory or regulatory requirement. `[ATTORNEY REVIEW]`
5. Modify a parcel record, permit record, or GIS layer.
6. Post a determination to the public agenda or meeting packet without board authorization.
7. Represent that a determination constitutes legal advice or a legal opinion. `[ATTORNEY REVIEW]`
8. Apply a rule where `blocking: true` in `t7-rule-change-tracker` (stale or changing rule).

**Soft boundaries — agent requires HITL approval before crossing:**

1. Producing a summary that could reasonably be interpreted as a legal conclusion beyond threshold-based classification.
2. Sending any communication to an external party (applicant, county agency, FDEP).
3. Citing a rule where `verify_flag: true` and `last_confirmed` is more than 12 months old.
4. Taking any action that crosses the `irreversible_impact_boundary` declared in the `s1-operating-context-canvas` for this agent.

## 5. Traceability Integration with s3-decision-traceability

This policy operationalizes `s3-decision-traceability` for the compliance context. The four-way decision classification applies as follows:

| GROW decision kind | Compliance analogue | `decision_origin` |
|---|---|---|
| Retrieved data | Rule text retrieved from jurisdiction map; application field values from portal | `compliance-determination` (with high/medium `source_confidence`) |
| Tool output | GIS parcel lookup, threshold calculation | `compliance-determination` (high confidence if tool authoritative) |
| Model inference | Any synthesized interpretation of rule language | BLOCKED from final determination; must route to `needs-review` |
| User input | Expert reviewer's resolution of a `needs-review` item | `human-override` or `escalation` |

The critical constraint: model inference may never produce a final `compliant` or `non-compliant` determination. Rule application must be reducible to retrieved-data or tool-output classification. Any determination that requires model inference — interpreting ambiguous statutory language, weighing competing policy goals — is by definition a `needs-review` that must cross the `expert-review boundary`. This is how the "not legal advice" constraint is enforced at the traceability layer rather than in a disclaimer paragraph.

## 6. Worked Example — Audit Trail, South Walton County Permit

**Scenario.** Application `app-2026-0412` is evaluated and produces two `needs-review` determinations (see `t7-compliance-workflow` worked example). The engineer resolves both. The clerk reviews and transmits the determination summary. An applicant then submits a correction request claiming the parcel area was mis-entered.

**Audit trail chain:**

1. `s2-audit-trail-schema` record `A-001` captures the initial run: inputs (application fields, parcel GIS), tool calls (GIS lookup, rule-map retrieval), decision trace (4 determination events, 2 with `escalation`).
2. `s3-provenance-metadata-schema` record `P-001` holds the C9 records (4 per-rule), linked via `audit_record_ref` to `A-001`.
3. HITL event records `H-001` and `H-002` are emitted for the two expert-review escalations. Each carries `correlation_id` linking back to `P-001`.
4. Engineer resolution produces two override events (`H-003`, `H-004`) with `decision_origin: human-override` and rationale text.
5. Clerk approval produces event `H-005` with `decision_origin: human-override`; applicant-facing summary transmitted.
6. Applicant correction request: clerk creates correction record `P-002` with `corrections[]` pointing to `P-001`. Re-evaluation run produces new audit record `A-002` and new provenance record `P-003`. Original records `A-001`, `P-001` unchanged — append-only.
7. Revised determination summary transmitted to applicant by clerk.

The full trace satisfies `s3-decision-traceability` validation rules: every claim in the output has a resolving `evidence_pointer`, no model inference appears in the final determination, and every override has a rationale.

## 7. Policy Review Cadence

- **Triggered.** Any time an applicant formally invokes an appeal or a correction request that reveals a gap in this policy, an immediate policy review is convened.
- **Annual.** Full review with counsel of all `[ATTORNEY REVIEW]` sections against current Florida statutes and district operating resolutions. `[ATTORNEY REVIEW]`
- **Version bump.** Any change to the hard or soft authority-boundary lists is a MAJOR version bump to this policy and requires s1 owner sign-off per `s1-hitl-review-policy` review authority rules.