Policy Engineering isn't only theory — it's in production today. Meet Sertainly

An emerging engineering discipline

Policy Engineering

Building Trustworthy Software from Human Policy

Policy Engineering is the discipline concerned with transforming legislation, regulations, contracts, standards, and enterprise policies into trustworthy, testable, explainable, and deterministic software.

Policy Engineering — Building Trustworthy Software from Human Policy, by Dr. Mat Pollard, Ph.D.

The foundational book

Policy Engineering

The book introduces the principles, lifecycle, vocabulary, and technologies required to transform human policy into dependable software.

  • Policy as a first-class enterprise asset
  • Source-first compilation and regeneration
  • Provenance, determinism, and explainability
  • Structural analysis and policy integrity
  • Applications across regulated industries and enterprise AI

Watch

An introduction to Policy Engineering

Policy Engineering

The umbrella definition

What do we mean by policy?

A policy is an authoritative expression of intent that governs decisions, actions, obligations, permissions, classifications, or calculations within a defined context.

Policy is much broader than an internal dress code or acceptable-use document. It includes any authoritative source that determines what should happen in a particular situation.

Throughout this discipline, the term encompasses legislation, regulation, contracts, standards, clinical guidance, underwriting manuals, pricing schedules, security controls, tax codes, operating procedures, and internal business policy.

LegislationRegulationsContractsStandardsProceduresGuidelinesPricingSecurity

Why now?

Policy has become too important to manage informally.

Organizations already treat software, data, and infrastructure as engineered assets. Policy governs the behavior of all three, yet it is still commonly managed as documents, spreadsheets, hand-maintained rules, and institutional memory.

Artificial intelligence has reduced the cost of translating human policy into executable logic. That does not eliminate engineering; it changes where the discipline is needed. The central challenge is no longer merely producing an implementation, but proving that it faithfully represents authoritative intent.

Policy Engineering provides a systematic approach to ambiguity, contradiction, provenance, testing, determinism, lifecycle management, and change.

Policy Engineering asks:

  • Were all requirements captured?
  • Are important terms and edge cases defined?
  • Can every outcome be explained and reproduced?
  • Can every rule be traced to authoritative source material?
  • Can the implementation be regenerated as policy evolves?

Foundational ideas

The principles of Policy Engineering

01

The Source Principle

The authoritative source remains the source of truth throughout the lifecycle.

02

The Compilation Principle

Executable policy is compiled from authoritative sources rather than independently authored.

03

The Provenance Principle

Every outcome should be traceable to the requirements and source passages that governed it.

04

The Determinism Principle

Repeatable policy decisions should execute deterministically, even when AI assists with their creation.

05

The Verification Principle

Policy implementations should be tested against explicit requirements, boundaries, and scenarios.

06

The Regeneration Principle

When policy changes, affected implementations should be regenerated instead of manually patched.

07

The Structural Integrity Principle

Ambiguity, contradiction, incompleteness, and hidden assumptions should be exposed before deployment.

A disciplined transformation

The Policy Engineering lifecycle

Authoritative human policy becomes governed executable software through a repeatable sequence of analysis, verification, compilation, testing, and controlled release.

Source

Collect the authoritative documents governing the domain.

Analyze

Identify decisions, calculations, classifications, obligations, and permitted actions.

Requirements

Define inputs, outputs, expected behavior, and acceptance criteria.

Design

Establish boundaries, dependencies, structure, and execution semantics.

Compile

Transform approved requirements into deterministic executable policy.

Test

Verify positive, negative, boundary, conflict, and evidence scenarios.

Publish

Release a versioned, governed artifact for operational consumption.

Evaluate

Execute policy with deterministic outcomes, explanations, and traceability.

Engineering rigor

Policy should be tested like every other critical system.

Ambiguous terminology, contradictory clauses, missing edge cases, hidden precedence, and undocumented exceptions are structural defects. Policy Engineering brings those defects into view before they become operational failures.

From policy documents…

  • Duplicated across systems
  • Interpreted independently
  • Maintained through manual rules
  • Difficult to audit and evolve

…to decision infrastructure

  • Shared governed capabilities
  • Deterministic runtime behavior
  • Traceable to authoritative sources
  • Reusable by applications and AI agents

Policy Engineering, in production

The platform for Policy Engineering

The discipline is open. Making it real at enterprise scale is what Sertainly does.

Sertainly is the first — and today the only — platform built end to end on Policy Engineering. It compiles authoritative policy into deterministic, traceable decision infrastructure: analysed, verified, versioned, and explainable by construction.

Everything this discipline describes — source-first compilation, provenance, a deterministic runtime, structural analysis, and regeneration — Sertainly makes operational, so your applications, workflows, and AI agents consult one governed source of decisions.

From policy to production

  • Compile policy into executable decisions
  • Every decision traceable to its source
  • A deterministic runtime — no model in the loop
  • Structural analysis before deployment
  • Regeneration as policy changes
  • One decision layer for apps, workflows, and AI agents

An open discipline

Help define Policy Engineering.

Policy Engineering should not belong to a single company, product, or technology. It needs an open body of knowledge shaped by practitioners across policy, law, compliance, software, architecture, AI, academia, government, and standards.

Body of Knowledge

Principles, practices, roles, patterns, anti-patterns, and terminology.

Reference Lifecycle

A canonical model from authoritative source material to governed execution.

Open Specifications

Interoperable representations for executable policy, requirements, traces, and packages.

Maturity Model

A way to assess how effectively organizations govern and operationalize policy.

Education

Learning resources for practitioners at the intersection of policy, software, governance, and AI.

Research & Case Studies

Evidence showing how the discipline improves consistency, auditability, change, and trust.

The conversation starts here

Policy has always governed human institutions.

The time has come to engineer it. Join the emerging community and help shape the principles, practices, and standards of Policy Engineering.