Rules-as-code is steadily gaining interest in government as an approach to policy development and implementation (Ackama has over the last year assisted with several rules-as-code projects at the New Zealand DIA Service Innovation lab). I believe the key value of rules-as-code is a change in the underlying approach to involve software in the development of new rules or regulations. While it bears many similarities to earlier work on rules, engines and other kinds of compliance projects, rules as code uses technology to enable collaboration in creating regulation or legislation.
The Current Model of Policy Development
At present, changing systems to reflect new rules happens well after the people writing the rules or policy have “finished”. This means that if the poor people stuck with implementing a new set of rules find conflicts with an existing rule set or ambiguity in the implementation details, it’s too late to engage with policy teams to clarify the regulations. Also, different organisations to which the same rules apply may have created different implementations or interpretations which adds costs to or completely stymies future efforts to review compliance across an industry.
The New Model
If an initial reference implementation is part of developing a policy or regulation, there are several immediate benefits compared to current practice:
- A standardised reference implementation reduces costs to interpret and understand the rules themselves.
- Lower cost of compliance, as there is less need for every affected organisation to create their own implementation.
- Having a definitive rules implementation allows for scenario modeling as different assumptions and test data sets can be run through a rule-set to produce reports about what the actual outcomes of a rule-set would be.
- Early detection of poorly written or unclear rule systems — the act of implementing a rule system into code often highlights areas where the regulations are not objective or where terms might be used inconsistently. For example, when implementing the rules of the benefit system in New Zealand, the team found around 20 different interpretations of a “relationship” across the relevant legislation and policy.
- Auditability of rules — with a consistent implementation it is easier for others to both review the rules and also gain comfort that the implementation of the rules is working how they expect.
The benefits of this new model may at first appear difficult to grasp. However, consider that in New Zealand, widespread misinterpretation of the Holidays Act led our own business ministry to incorrectly apply holidays entitlements to their staff and you can see the myriad impacts of inconsistently applied law.
What does it mean to do rules-as-code?
There isn’t necessarily a strong definition yet of what rules-as-code is, with some groups focusing more on the technical implementation details and some working more on the policy outcomes. Ackama thinks of it as a methodology with the following characteristics:
- Rules are captured in code to be reused easily wherever they may be applied (either by taking a copy of the code itself or accessing an API). For example, a rules-as-code implementation of a building standard should be something that is used both by a government system running an audit process and a private enterprise reviewing their own plans.
- Experts with software development skills and policy experts work together to create both the policy and implementation in parallel.
- Modern code management practices such as automated testing and version control are used to validate outcomes and track changes over time in the implementation.
- The implementation is flexible enough that it can be used as part of an implementation against the current standard or be changed so it can explore potential other configurations. For example, if a policy maker is considering changing a threshold, they should be able to make that change in a test environment and run a set of test data through it to see what the change in outcomes would be in a given scenario.
- The system should be extensible enough that other policies can be added to the same system and take into account how they might interact.
- All the code in the system can be audited and the assertions and results can be independently verified or challenged (not that it’s necessarily open source, but that at the very least a relevant authority could perform an independent review). This is a general theme with technology, comparable with the trend for algorithms and AI to provide auditability for assurance.
What kinds of projects are ripe for a rules-as-code approach?
- Any kind of compliance program with objective measures that will work better with a standardised approach
- Policy or projects where multiple organisations could share a rule-set.
- Rules or regulations where some of those that are about to be affected might not be able to afford to create their own implementations but would benefit from systems that allowed them to more easily meet their obligations(i.e. Current moves in the Anti money laundering space include extending standards to much smaller organisations that have difficulty affording their own compliance programs).
- Policy reviews where analysts want to test population data against a rule-set to model impacts if they changed a particular rule.
- Rule sets that require regular checking but where the majority of information that will be submitted is coming from automated systems are good candidates as well since the benefits of automating an end to end process are often higher than only automating a single part.
Rules-as-Code Selected Reading
Exploring machine consumable code with ACC(Accident Compensation Corporation) — PDF Report
Rates Rebate — Project summary and reports
Rules as Code league — Wiki created and maintained with information about rules-as-code from multiple sources
OECD paper — referenced NZ Service Innovation Lab’s machine readable code as a trend in government
Australian Prime Minister’s statements — Morrison said there was “no reason” why a cad file couldn’t be uploaded for a real-time building approval. “That’s totally possible but we’re not doing it. But I think that’s a good goal to set”
NSW basic guidance — Current thinking with Australian government on rules-as-code approaches.