Scaling Policy Compliance Assessment in Language Models with Policy Reasoning Traces
Joseph Marvin Imperial, Harish Tayyar Madabushi
2025-10-06
Summary
This paper focuses on how to make large language models (LLMs) better at understanding and following rules, specifically policies like those dealing with privacy (think HIPAA and GDPR).
What's the problem?
Checking if something follows a set of rules, like a policy, usually requires a person to carefully go through it step-by-step to find any violations. Getting experts to explain *how* they make these decisions is expensive and time-consuming, and we need a way to teach AI to do this reliably without relying on tons of human-labeled examples.
What's the solution?
The researchers created something called 'Policy Reasoning Traces' or PRT. These are essentially detailed, step-by-step explanations generated to show an LLM *how* to think through a policy and identify if it's being followed. They then used these PRTs both when the LLM is making a decision (inference) and when it's learning (training), and found it significantly improved performance.
Why it matters?
This work is important because it improves the accuracy of LLMs in areas where following rules is critical, like healthcare and data privacy. It also helps the LLM explain *why* it made a certain decision by pointing to the specific parts of the policy it used, making the AI more trustworthy and understandable.
Abstract
Policy compliance assessment is a fundamental task of evaluating whether an input case strictly complies with a set of human-defined rules, more generally known as policies. In practice, human experts follow a systematic, step-by-step process to identify violations with respect to specific stipulations outlined in the policy. However, such documentation of gold-standard, expert-level reasoning processes is costly to acquire. In this paper, we introduce Policy Reasoning Traces (PRT), a form of specialized generated reasoning chains that serve as a reasoning bridge to improve an LLM's policy compliance assessment capabilities. Our empirical evaluations demonstrate that the use of PRTs for both inference-time and training-time scenarios significantly enhances the performance of open-weight and commercial models, setting a new state-of-the-art for HIPAA and GDPR policies. Beyond accuracy gains, we also highlight how PRTs can improve an LLM's ability to accurately cite policy clauses, as well as influence compliance decisions through their high utilization from the raw chains of thought.