agentrust-io · imran-siddique · Jun 12, 2026 · Jun 12, 2026
diff --git a/healthcare/README.md b/healthcare/README.md
@@ -196,6 +196,26 @@ curl "http://localhost:8443/audit/export?session_id=<id>" | python3 -m json.tool
 
 ---
 
+## Regulatory Variants
+
+This demo uses EU AI Act Art. 14 and HIPAA as its primary policy example. Additional
+variants in subdirectories show how the same cMCP + TRACE architecture maps to other
+healthcare regulatory frameworks. The Cedar policy and TRACE record fields change;
+the runtime architecture does not.
+
+| Variant | Jurisdiction | Regulatory focus |
+|---------|-------------|-----------------|
+| This demo | EU + US | EU AI Act Art. 14 human oversight + HIPAA PHI |
+| [`us-fda-samd/`](us-fda-samd/README.md) | United States | FDA SaMD Action Plan -- cleared-scope enforcement, 21 CFR Part 820 |
+| [`uk-nhs/`](uk-nhs/README.md) | United Kingdom | UK GDPR Art. 22 -- DSPT token gate, MHRA AI as medical device |
+| [`sg-moh/`](sg-moh/README.md) | Singapore | IMDA AI Governance Tier 1/2 -- PDPA consent, MOH guidelines |
+
+Each variant includes a Cedar policy file showing jurisdiction-specific rules and a
+TRACE Trust Record with the `runtime.region`, `runtime.provider`, and
+`compliance_domains_touched` fields set for that jurisdiction.
+
+---
+
 ## License
 
 Apache 2.0. See [LICENSE](../LICENSE) in the repo root.
diff --git a/healthcare/sg-moh/README.md b/healthcare/sg-moh/README.md
@@ -0,0 +1,58 @@
+# Singapore MOH: Clinical AI Governance with TRACE
+
+Demonstrates TRACE Trust Records for an AI healthcare deployment in Singapore. Shows how
+the governance record maps to IMDA AI Governance Framework Tier 1/2 classification,
+Singapore MOH AI in Healthcare guidelines, PDPA consent requirements, and HSA medical
+device registration obligations.
+
+**Regulatory references:** IMDA AI Governance Framework v2 (2020), MOH Singapore AI in
+Healthcare Guidelines (2023), PDPA 2012, HSA guidance on AI/ML-based medical devices.
+
+---
+
+## What the Cedar policy enforces
+
+| Rule | Regulatory basis | What it blocks |
+|------|-----------------|---------------|
+| Default deny | -- | Anything not explicitly permitted |
+| `imda-tier1-human-review` | IMDA AI Governance Framework v2 -- Tier 1 (consequential) | Final diagnostic outputs without `human_review_token` when `imda_tier == "tier1"` |
+| `pdpa-consent-required` | PDPA 2012 -- sensitive personal data | Imaging reads when no `patient_consent_ref` is present in context |
+| `sg-data-residency` | PDPA Part 9 -- cross-border transfer obligations | Calls where `data_residency != "ap-southeast-1"` |
+
+**Key difference from EU/US demos:** IMDA's two-tier model is explicit in the policy --
+`imda_tier` is a context field on every tool call. Tier 1 (consequential decisions, e.g.
+diagnosis affecting treatment) requires human review unconditionally. Tier 2
+(non-consequential) does not. This is a different gating model than the EU risk-category
+or US acuity-level approaches. PDPA consent reference is also enforced at the call layer,
+not just at data collection time.
+
+---
+
+## TRACE Trust Record: key fields for MOH / PDPA audit
+
+```json
+{
+  "runtime": { "region": "ap-southeast-1", "provider": "aws-nitro-enclaves" },
+  "policy": { "version": "radiology-sg-v1.0", "enforcement_mode": "enforce" },
+  "call_graph_summary": {
+    "compliance_domains_touched": ["sensitive-personal-data", "imda-ai-governance-framework-v2", "pdpa-2012"],
+    "data_residency_violations": [],
+    "consent_ref_present": true,
+    "imda_tier": "tier1"
+  }
+}
+```
+
+`imda_tier: "tier1"` in the record confirms the session was treated as a consequential
+decision -- meaning the human review gate was active for the duration of the session.
+
+---
+
+## Relationship to other healthcare variants
+
+| Variant | Jurisdiction | Key differentiator |
+|---------|-------------|-------------------|
+| Base demo (`../`) | EU + US | EU AI Act Art. 14 + HIPAA |
+| `../us-fda-samd/` | US FDA | Cleared-scope enforcement, SaMD Action Plan |
+| `../uk-nhs/` | UK | UK GDPR Art. 22, DSPT token gate, MHRA oversight |
+| This demo | Singapore | IMDA Tier 1/2 consequential-decision gate, PDPA consent |
diff --git a/healthcare/sg-moh/policy/radiology-sg.cedar b/healthcare/sg-moh/policy/radiology-sg.cedar
@@ -0,0 +1,86 @@
+// Cedar policy bundle for AI in healthcare -- Singapore
+// version: radiology-sg-v1.0
+// Regulatory references:
+//   MOH Singapore: Artificial Intelligence in Healthcare Guidelines (2023)
+//   IMDA AI Governance Framework v2 (2020) -- Tier 1/2 risk classification
+//   PDPA (Personal Data Protection Act 2012) -- health data as sensitive personal data
+//   HSA (Health Sciences Authority): guidance on AI/ML-based medical devices
+//
+// Cedar default-deny. workflow_id required on every call.
+// IMDA Tier 1 = consequential, Tier 2 = non-consequential.
+// Radiology diagnosis is Tier 1 (consequential decision).
+
+// Rule 1: imaging read permitted for the sg-radiology-ai workflow.
+permit (
+  principal,
+  action == Action::"Radiology.imagingRead",
+  resource
+) when {
+  context has workflow_id &&
+  context.workflow_id == "sg-radiology-ai"
+};
+
+// Rule 2: inference permitted within HSA-registered device scope.
+permit (
+  principal,
+  action == Action::"Radiology.runDiagnosticInference",
+  resource
+) when {
+  context has workflow_id &&
+  context.workflow_id == "sg-radiology-ai"
+};
+
+// Rule 3: report write permitted, subject to human oversight rules below.
+permit (
+  principal,
+  action == Action::"Radiology.writeDiagnosticReport",
+  resource
+) when {
+  context has workflow_id &&
+  context.workflow_id == "sg-radiology-ai"
+};
+
+// Rule 4: IMDA Tier 1 (consequential decisions) -- all final diagnostic outputs
+// require human review before release. MOH guidelines: AI must augment, not replace,
+// clinical judgment for consequential decisions.
+@id("imda-tier1-human-review")
+@reason("human-review-required-for-tier1-decision")
+@regulation("imda-ai-governance-framework-v2")
+@reviewer_role("radiologist")
+forbid (
+  principal,
+  action == Action::"Radiology.writeDiagnosticReport",
+  resource
+) when {
+  context.arguments has imda_tier &&
+  context.arguments.imda_tier == "tier1" &&
+  !(context has human_review_token)
+};
+
+// Rule 5: PDPA -- health data is sensitive personal data requiring explicit consent
+// record. Deny access if no consent reference is present in context.
+@id("pdpa-consent-required")
+@reason("pdpa-sensitive-data-consent-required")
+@regulation("pdpa-2012")
+forbid (
+  principal,
+  action == Action::"Radiology.imagingRead",
+  resource
+) when {
+  context.data_class == "sensitive-personal-data" &&
+  !(context has patient_consent_ref)
+};
+
+// Rule 6: health data must remain within Singapore or countries with equivalent
+// PDPA protection. Singapore has not granted adequacy to all jurisdictions.
+@id("sg-data-residency")
+@reason("pdpa-cross-border-transfer-requires-protection")
+@regulation("pdpa-2012-part-9")
+forbid (
+  principal,
+  action,
+  resource
+) when {
+  context has data_residency &&
+  context.data_residency != "ap-southeast-1"
+};
diff --git a/healthcare/sg-moh/trace-output/example-sg-trust-record.json b/healthcare/sg-moh/trace-output/example-sg-trust-record.json
@@ -0,0 +1,60 @@
+{
+  "cmcp_version": "1.0",
+  "trace": {
+    "eat_profile": "tag:agentrust.io,2026:trace-v0.1",
+    "iat": 1781280300,
+    "subject": "spiffe://cmcp.gateway/session/sg-moh-demo-session-001",
+    "runtime": {
+      "platform": "amd-sev-snp",
+      "measurement": "sha256:d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7",
+      "firmware_version": "amd-sev-snp-milan-1.55.21",
+      "region": "ap-southeast-1",
+      "provider": "aws-nitro-enclaves"
+    },
+    "policy": {
+      "bundle_hash": "sha256:f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9",
+      "enforcement_mode": "enforce",
+      "version": "radiology-sg-v1.0"
+    },
+    "data_class": "sensitive-personal-data",
+    "tool_transcript": {
+      "hash": "sha256:b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1",
+      "call_count": 3
+    },
+    "cnf": {
+      "jwk": {
+        "kty": "OKP",
+        "crv": "Ed25519",
+        "x": "l6c3ZuLwXZ3GxUEoW9TW205GQi5mpO4GxlkSu3c3z58",
+        "kid": "cmcp-sg-moh-01"
+      }
+    }
+  },
+  "gateway": {
+    "session_id": "sg-moh-demo-session-001",
+    "gateway_version": "1.0.0",
+    "sequence_number": 3,
+    "audit_chain": {
+      "root": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5",
+      "tip": "b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1",
+      "length": 5
+    },
+    "call_summary": {
+      "tool_calls_total": 3,
+      "tool_calls_allowed": 3,
+      "tool_calls_denied": 0,
+      "tools_invoked": [
+        "radiology.imaging_read",
+        "radiology.run_diagnostic_inference",
+        "radiology.write_diagnostic_report"
+      ],
+      "session_max_sensitivity": "sensitive-personal-data",
+      "call_graph_summary": {
+        "compliance_domains_touched": ["sensitive-personal-data", "imda-ai-governance-framework-v2", "pdpa-2012"],
+        "data_residency_violations": [],
+        "consent_ref_present": true,
+        "imda_tier": "tier1"
+      }
+    }
+  }
+}
diff --git a/healthcare/uk-nhs/README.md b/healthcare/uk-nhs/README.md
@@ -0,0 +1,54 @@
+# UK NHS: Clinical AI Governance with TRACE
+
+Demonstrates TRACE Trust Records for an NHS AI deployment in radiology. Shows how the
+governance record maps to MHRA medical device guidance, UK GDPR Article 22 automated
+decision-making requirements, and NHS Data Security and Protection Toolkit (DSPT) obligations.
+
+**Regulatory references:** NHS AI Lab Principles (2023), MHRA Software and AI as a Medical
+Device (2024), UK GDPR Article 22, NHS DSPT.
+
+---
+
+## What the Cedar policy enforces
+
+| Rule | Regulatory basis | What it blocks |
+|------|-----------------|---------------|
+| Default deny | -- | Anything not explicitly permitted |
+| `ukgdpr-art22-clinician-review` | UK GDPR Art. 22 -- significant automated decisions | Reports with `clinical_significance == "significant"` without clinician review token |
+| `dspt-required` | NHS DSPT | Any access to NHS patient data without a DSPT access token in context |
+| `uk-data-residency` | UK GDPR Chapter V | Calls where `data_residency != "uk-south"` |
+
+**Key difference from EU AI Act demo:** UK focuses on the DSPT access token as a
+runtime enforcement gate (not just configuration), and UK GDPR Art. 22 requires clinician
+review for any "significant" AI output rather than EU's risk-category model. UKCA marking
+(UK conformity, post-Brexit equivalent of CE) also applies to the device scope.
+
+---
+
+## TRACE Trust Record: key fields for MHRA / NHS audit
+
+```json
+{
+  "runtime": { "region": "uk-south", "provider": "azure-confidential-compute" },
+  "policy": { "version": "radiology-nhs-v1.0", "enforcement_mode": "enforce" },
+  "call_graph_summary": {
+    "compliance_domains_touched": ["nhs-patient-data", "uk-gdpr-art-22", "nhs-dspt"],
+    "data_residency_violations": [],
+    "dspt_token_present": true
+  }
+}
+```
+
+`dspt_token_present: true` and `data_residency_violations: []` are the two key fields
+an NHS Digital or MHRA auditor checks first.
+
+---
+
+## Relationship to other healthcare variants
+
+| Variant | Jurisdiction | Key differentiator |
+|---------|-------------|-------------------|
+| Base demo (`../`) | EU + US | EU AI Act Art. 14 + HIPAA |
+| `../us-fda-samd/` | US FDA | Cleared-scope enforcement, SaMD Action Plan |
+| This demo | UK | UK GDPR Art. 22, DSPT token gate, MHRA oversight |
+| `../sg-moh/` | Singapore | IMDA Tier 1/2, PDPA consent, MOH guidelines |
diff --git a/healthcare/uk-nhs/policy/radiology-nhs.cedar b/healthcare/uk-nhs/policy/radiology-nhs.cedar
@@ -0,0 +1,86 @@
+// Cedar policy bundle for NHS AI deployment in radiology
+// version: radiology-nhs-v1.0
+// Regulatory references:
+//   NHS AI Lab: Principles for the Development, Deployment and Use of AI in Health (2023)
+//   MHRA guidance: Software and AI as a Medical Device (2024)
+//   NHS Data Security and Protection Toolkit (DSPT) -- mandatory for NHS data access
+//   UK GDPR Article 22: automated decision-making with significant effects
+//
+// Cedar default-deny. workflow_id required on every call.
+
+// Rule 1: imaging read permitted for the nhs-radiology-ai workflow
+// only when the DSPT access agreement token is present.
+permit (
+  principal,
+  action == Action::"Radiology.imagingRead",
+  resource
+) when {
+  context has workflow_id &&
+  context.workflow_id == "nhs-radiology-ai" &&
+  context has dspt_access_token &&
+  context.dspt_access_token != ""
+};
+
+// Rule 2: inference permitted within the UKCA-marked device scope.
+permit (
+  principal,
+  action == Action::"Radiology.runDiagnosticInference",
+  resource
+) when {
+  context has workflow_id &&
+  context.workflow_id == "nhs-radiology-ai"
+};
+
+// Rule 3: diagnostic report write permitted, subject to MHRA human oversight below.
+permit (
+  principal,
+  action == Action::"Radiology.writeDiagnosticReport",
+  resource
+) when {
+  context has workflow_id &&
+  context.workflow_id == "nhs-radiology-ai"
+};
+
+// Rule 4: UK GDPR Article 22 -- AI decisions with significant effects on a patient
+// require a qualified clinician to review before the report is issued.
+// MHRA: clinically significant AI outputs must remain under qualified human oversight.
+@id("ukgdpr-art22-clinician-review")
+@reason("clinician-review-required")
+@regulation("uk-gdpr-art-22")
+@reviewer_role("reporting-radiographer-or-radiologist")
+forbid (
+  principal,
+  action == Action::"Radiology.writeDiagnosticReport",
+  resource
+) when {
+  context.arguments has clinical_significance &&
+  context.arguments.clinical_significance == "significant"
+};
+
+// Rule 5: NHS data access requires a valid DSPT token; deny if absent.
+// DSPT is a mandatory NHS England framework for data security.
+@id("dspt-required")
+@reason("nhs-dspt-access-agreement-required")
+@regulation("nhs-dspt")
+forbid (
+  principal,
+  action,
+  resource
+) when {
+  context.data_class == "nhs-patient-data" &&
+  !(context has dspt_access_token)
+};
+
+// Rule 6: patient data must remain within UK geographic boundary.
+// UK GDPR Chapter V: international transfers require adequacy decision or SCCs.
+@id("uk-data-residency")
+@reason("uk-data-residency-required")
+@regulation("uk-gdpr-chapter-v")
+forbid (
+  principal,
+  action,
+  resource
+) when {
+  context has data_residency &&
+  context.data_residency != "uk-south"
+};