Imagine: a company of 500 people, 23 regulations, monthly updates. Employees spend 20 minutes searching for answers in PDFs, HR answers the same questions 2-3 hours a day. Every day, the HR department spends up to 10% of work time on regulation-related answers. Meanwhile, 40% of violations occur due to unawareness of the current document version. Corporate regulations—work schedule, security policy, approval procedures—hundreds of pages that almost no one reads. Result: repetitive HR questions, risk of violations, and wasted time. We build an AI assistant that makes regulations accessible through dialogue. An employee simply asks, and the assistant instantly finds the exact norm with the document and version. This is not just keyword search—it's a full RAG pipeline with version control and access control.
Specifics of the Regulation Assistant
A regulation assistant differs from a generic RAG in three key requirements: citation accuracy (norms verbatim, not paraphrased), currency (version control without errors), and role-based access control. These requirements affect the architecture: vector search, prompt system, and metadata filtering.
How the AI Assistant Ensures Citation Accuracy?
The assistant constructs answers based on extracted document fragments. It uses vector search (text-embedding-3-small, Chroma). The system prompt explicitly states: cite norms verbatim, do not paraphrase, always mention the document, version, and section. If a norm allows exceptions, the assistant must mention them. For the LLM we use Claude Sonnet: it handles contextual accuracy well. As stated in the citation guidelines, any deviation from the letter of the regulation is unacceptable.
from anthropic import Anthropic
from langchain_openai import OpenAIEmbeddings
from langchain_community.vectorstores import Chroma
from pydantic import BaseModel
from typing import Optional
import json
client = Anthropic()
class PolicyAssistant:
def __init__(self, db_path: str = "./policy_db"):
self.vectorstore = Chroma(
collection_name="policies",
embedding_function=OpenAIEmbeddings(model="text-embedding-3-small"),
persist_directory=db_path,
)
def answer(
self,
question: str,
employee_role: str, # "employee", "manager", "hr", "admin"
department: str = "",
) -> dict:
"""Answers a regulation question considering the employee's role"""
# Access filter
access_filter = self._get_access_filter(employee_role)
results = self.vectorstore.similarity_search_with_score(
question, k=5, filter=access_filter
)
if not results:
return {
"answer": "No information on your question was found in current regulations. Please contact HR.",
"sources": [],
"escalation_needed": True,
}
context = "\n\n".join([
f"[{doc.metadata.get('document_name')}, version {doc.metadata.get('version')}, "
f"effective {doc.metadata.get('effective_date')}]:\n{doc.page_content}"
for doc, _ in results[:4]
])
response = client.messages.create(
model="claude-sonnet-4-5",
max_tokens=2048,
system=f"""You are a corporate assistant for company regulations and policies.
CRITICAL RULES:
1. Cite norms VERBATIM, do not paraphrase
2. Always mention the document, version, and section
3. If a norm allows exceptions, explicitly state them
4. If the question requires manager/HR decision, redirect to them
5. Do not interpret norms broadly—stick to the letter of the regulation
Employee role: {employee_role}
Department: {department or "not specified"}""",
messages=[{
"role": "user",
"content": f"""Question: {question}
Applicable regulations:
{context}"""
}]
)
return {
"answer": response.content[0].text,
"sources": [
{
"document": doc.metadata.get("document_name"),
"version": doc.metadata.get("version"),
"section": doc.metadata.get("section"),
"effective_date": doc.metadata.get("effective_date"),
}
for doc, _ in results[:3]
],
"escalation_needed": False,
}
def _get_access_filter(self, role: str) -> Optional[dict]:
"""Determines access filter by role"""
if role == "admin":
return None # Full access
access_levels = {
"employee": ["public", "employee"],
"manager": ["public", "employee", "manager"],
"hr": ["public", "employee", "manager", "hr"],
}
allowed = access_levels.get(role, ["public"])
if len(allowed) == 1:
return {"access_level": allowed[0]}
# Chroma does not support $in natively—use OR via multiple queries
return {"access_level": {"$in": allowed}}
Indexing Regulations with Access Control
Each document is split into chunks of 800 characters with 100 overlap before loading. Metadata recorded for each chunk: document name, version, effective date, access level, and section. This enables filtering chunks by employee role during search.
class PolicyIndexer:
def index_document(self, doc_path: str, metadata: dict, vectorstore: Chroma):
"""Indexes a regulation document with metadata"""
from langchain.text_splitter import RecursiveCharacterTextSplitter
content = self._read_document(doc_path)
# Split by sections, preserving structure
splitter = RecursiveCharacterTextSplitter(
chunk_size=800,
chunk_overlap=100,
separators=["\nСтатья ", "\nПункт ", "\n\n", "\n"],
)
chunks = splitter.split_text(content)
vectorstore.add_texts(
texts=chunks,
metadatas=[{
"document_name": metadata["name"],
"version": metadata["version"],
"effective_date": metadata["effective_date"],
"access_level": metadata.get("access_level", "employee"),
"category": metadata.get("category", "general"),
"section": self._detect_section(chunk),
} for chunk in chunks]
)
def _detect_section(self, text: str) -> str:
"""Detects section from chunk text"""
import re
match = re.search(r'(?:Статья|Пункт|Раздел)\s+[\d.]+[.\s]+(.+?)(?:\n|$)', text)
return match.group(1)[:100] if match else ""
def _read_document(self, path: str) -> str:
"""Reads document (PDF, DOCX, TXT)"""
from pathlib import Path
ext = Path(path).suffix.lower()
if ext == ".pdf":
import pdfplumber
with pdfplumber.open(path) as pdf:
return "\n".join(page.extract_text() or "" for page in pdf.pages)
elif ext in (".docx", ".doc"):
import docx
doc = docx.Document(path)
return "\n".join(p.text for p in doc.paragraphs)
else:
return Path(path).read_text()
How is Access Control Configured?
Access to regulations is determined by the employee's role: employee, manager, hr, admin. Each document has an access_level tag. During search, the vector DB filters chunks by this tag. Admin sees everything, employee sees only public and employee-level documents. Managers additionally get access to managerial documents. We configure these levels according to your company hierarchy. HR time savings reach up to 30%, equivalent to 10 hours per week.
Practical Case: Manufacturing Company with 500 People
From our practice: a company with 23 regulations, constant HR questions about vacations, sick leave, business trips. HR spent 2-3 hours a day on repetitive answers.
Implementation:
- Indexed all 23 regulations
- Integrated into the corporate portal
- Configured access rights (some regulations only for HR/managers)
Results:
- 68% of repetitive HR questions resolved without contacting HR
- Response time under one second versus 20 minutes waiting
- Regulation violations "due to unawareness" dropped by 34%
Why Choose This Approach?
The AI assistant reduces HR workload 3 times more effectively than traditional search. Employees get instant answers with exact section references. Our engineers have implementation experience for companies from 100 to 5000 employees. We guarantee compliance with citation accuracy and data security requirements. Implementation pays for itself in 3 months due to time savings on information search.
What's Included in the Work
| Stage | What We Do | Result |
|---|---|---|
| Document Audit | Collect regulations, define structure and access levels | Document mapping, metadata |
| Indexing | Split into chunks, load into vector DB with metadata | Search index with versions and access |
| Assistant Development | Configure LLM, prompts, citation and escalation logic | Working bot with accurate answers |
| Access Control | Filter by role (employee/manager/HR/admin) | Access only to permitted documents |
| Integration | Embed into corporate portal, Slack, Teams | Single entry point |
| Testing | Verify on 100+ real questions, fine-tune | Citation accuracy >95% |
Estimated Timelines
- Regulation indexing + basic responder: 3 to 5 days
- Role-based access control: 2 to 3 days
- FAQ generation + updates on regulation changes: from 1 week
- Integration with corporate portal: from 1 week
Contact us to discuss your case and get a customized quote. Order the development of an AI assistant for your regulations—get a consultation and project estimate in 2 days. The experience of our engineers and certified solutions guarantee results.







