Creating a Policy Graph with Termboard

Transform complex regulations, policies, and compliance frameworks into navigable, visual knowledge graphs. This guide shows you how to turn dense regulatory documents into interactive policy maps.

What is a Policy Graph?

A Policy Graph represents regulatory content—articles, requirements, roles, and obligations—as an interconnected network of Terms and Relations. Instead of reading 144 pages of regulation, stakeholders can visually explore compliance paths and understand how different elements relate.

Why Policy as Graph?

Traditional approaches like "Policy as Code" focus on automated enforcement. Policy as Graph focuses on understanding and communication—making complex regulations accessible to non-experts while providing a structured foundation for AI-powered Q&A.

Benefits of Policy Graphs

Challenge	Policy Graph Solution
Dense Legal Text	Visual navigation of concepts and relationships
Cross-References	Clickable links between related articles and requirements
Stakeholder Communication	Share with non-experts without requiring full document reading
AI Grounding	Export and feed to LLMs for accurate, context-aware Q&A
Compliance Path Tracing	Follow chains from requirements to roles to obligations

Building a Policy Graph

Step 1: Select and Scope Your Policy

Before starting, define the boundaries of your policy graph:

1. Choose your regulatory framework: GDPR, EU AI Act, HIPAA, SOC 2, CCPA, or internal policies
2. Define scope: Full regulation or specific sections (e.g., "EU AI Act Risk Categories")
3. Identify your audience: Compliance officers, developers, executives

Domain Profile

Use the Policy Modeling domain profile in the top bar for pre-configured term types (Law, Regulation, Article, Requirement, Role) and relation types designed for policy modeling.

Step 2: Extract Key Terms with AI

Use an LLM to identify the core concepts from your regulatory document:

1. Use below prompt to extract the key terms and their relationships from your regulatory document:
2. Open File > Import > Compact Format and paste results of the prompt

Example prompt for the EU AI Act:

Extract the key terms and their relationships from the EU AI Act,
focusing on: AI system risk levels (prohibited, high-risk, limited,
minimal), key roles (providers, deployers, importers), and main
obligations for each.

Deliver the terms and relationsoutput in the following format:

# Model: My Domain Model

## Terms

# name | description | parent | type | xfield:status
# ------
Customer | A person who purchases goods | Person | concept | Active
Order | A request for products | | concept | Pending

## Relations

# source | relationName | target | description | cardinality | cardinalitySource | xfield:priority
# ------
Customer | places | Order | Customer places an order | * | 1 | High

See for more fields you can specify here

Iterative Extraction

Don't try to extract everything at once. Start with high-level concepts (e.g., risk categories, key roles, main obligations), then drill down into specific articles.

Step 3: Organize by Risk Level or Category

For regulatory frameworks, organize Terms by their classification:

EU AI Act Example:

• 🔴 Prohibited — Social scoring, predictive policing, emotion recognition in workplaces
• 🟠 High-Risk — Biometrics, hiring AI, credit scoring, critical infrastructure
• 🟡 Limited — Chatbots, deepfakes (disclosure requirements)
• 🟢 Minimal — Spam filters, AI in games (voluntary compliance)

Color-coding in Termboard:

1. Add an Extra Field called "Risk Level" with list values
2. Configure automatic coloring based on the field value
3. View risk distribution at a glance

Step 4: Add Article Text and Details

Each Term in your policy graph should contain the relevant regulatory content:

1. Select a Term on the canvas
2. In the Term Sidebar, expand the Additional Information section
3. Paste or summarize the article text, including:
   • Direct quotes from the regulation
   • Cross-references to other articles
   • Implementation deadlines
   • Penalties for non-compliance

Rich Content

You can also use a bulk update by requesting the LLM to add the additional information in this format and update it similar to step 2

## terms
# name | additionalInformation
# ------
Customer | A person who purchases goods
Order | A request for products

Step 5: Create Compliance Relations

Connect Terms to show regulatory relationships:

Common Policy Relation Types:

• requires — Article requires certain actions
• applies to — Regulation applies to certain AI systems
• defined in — Term defined in specific article
• enforced by — Authority responsible for enforcement
• exempts — Exception or exemption relationship
• supervises — Oversight relationship

Example Relations:

• High-Risk AI Systems require Conformity Assessment
• Provider must comply with Article 16
• National Authority enforces Regulation
• GPAI Models defined in Article 3

Step 6: Add Cross-References

Regulations frequently reference other articles, directives, or frameworks:

1. Create Terms for referenced documents (e.g., "GDPR", "Product Liability Directive")
2. Add Relations showing dependencies:
   • EU AI Act references GDPR (for personal data processing)
   • Article 13 clarifies Article 9

Use the Find Path feature to trace compliance paths between any two concepts.

Example: EU AI Act Policy Graph

Explore a live example: EU AI Act Demo

Leveraging Your Policy Graph

1. Visual Compliance Navigation

• Click any Term to view the full article text
• Follow Relations to understand compliance requirements
• Use Interactive Graph for exploration mode

2. Stakeholder Communication

• Export to PDF/HTML for sharing with non-technical stakeholders
• Generate presentations via PowerPoint export
• Use the graph as a training tool for new employees

3. AI-Powered Q&A

Export your policy graph as JSON and provide it as context to an LLM:

1. Export via File > Export > Compact Format
2. Feed the File to your LLM with a prompt like:

   Based on the following policy graph, answer questions about
   compliance requirements

3. The structured graph provides grounded answers, reducing hallucinations

See Chat with Model for built-in LLM integration.

4. Compliance Path Analysis

Use Find Path to answer questions like:

• "What connects High-Risk AI to Provider obligations?"
• "How does the EU AI Act relate to GDPR requirements?"

Best Practices

1. Start with the table of contents — Use the regulation's structure as your initial hierarchy
2. Focus on actionable items — Prioritize requirements and obligations over preambles
3. Include cross-references — Regulations rarely stand alone
4. Add deadlines — Use Extra Fields to track implementation dates
5. Version your model — Save versions as regulations are updated
6. Validate with experts — Review with legal/compliance teams

Related Guides

• Knowledge Graph — General knowledge graph creation
• Semantic Model — Workshop-based modeling approach
• Domain Profiles — Pre-configured policy modeling profiles
• Extra Fields — Adding metadata like risk levels and deadlines
• Chat with Model — AI-powered policy Q&A