Try this test in your next meeting about artificial intelligence. When someone says "the system is forbidden from doing that", ask: where is that prohibition written? Not who decided it, nor since when it applies: where it lives. If the answer is "it is in the prompt the vendor set up", "the team has it configured", or a polite silence, you have just discovered something important: that prohibition is not a rule. It is an intention.

The difference is not rhetorical. A machine does not obey intentions; it obeys what is written, with a literalness no human team has. That is a weakness when no one has written the rules — and an enormous advantage when someone has done it well: an artificial intelligence with written rules is more governable than almost any human process, because the rule applies every time, without fatigue and without Friday-afternoon exceptions.

A rule that is not written down does not exist

In most companies already using artificial intelligence, the system's behaviour lives scattered across places no one can open: a vendor's configuration, the habits of whoever uses it, settings someone made and never documented. The system works — but its limits are archaeology, not architecture.

That has two practical consequences. The first: when the business changes — a new commercial criterion, a data point that can no longer be used, a different tone — there is no place to change the rule; you have to chase the behaviour by repeating requests. The second is worse: when someone asks "what is this system forbidden from doing?", the answer depends on one person's memory. And what depends on one person's memory cannot be delegated, audited or scaled.

The three layers of a rule that holds

What a real rule looks like, we show with a case of our own. We operate Strahlkraft40+, an artificial intelligence system in production in German regulated healthcare. In that sector, what an AI may say has a legal boundary: there are health claims the law prohibits. That boundary is not in an employee handbook or in the model's goodwill. It is built in three layers, inside the system:

Layer 1 — the written instruction. The system's behaviour is governed by documents: what it does, by what criterion, what it is forbidden to say. These are not loose notes: they are the instructions the system receives in every conversation. When the rule changes, the document is changed — and the system obeys the new version from that moment on.

Layer 2 — the filter on every output. A serious system does not trust the instruction to be enough. Before a response reaches the person, a separate mechanism reviews it: it replaces the terms the law does not allow, removes the prohibited formulations, and lets through only what complies. It is deterministic: it does not have opinions, it applies. The instruction sets the intent; the filter guarantees it.

Layer 3 — the test that verifies it. Every rule in the filter has automated tests that check it keeps working: that the banned term is replaced, that the prohibited formulation is removed. When the system evolves — and a living system evolves constantly — the tests verify that no rule broke along the way.

If this sounds like how any serious risk is governed, that is because it is: no one protects a safe with an internal memo alone. You write the policy, you fit the lock, and you test the lock. With artificial intelligence, the novelty is not the logic — it is that almost no one applies it yet.

Changing the rule is changing the document

The most valuable consequence of this setup is not defensive. It is that the system becomes steerable: when you want the AI to behave differently, there is a concrete place to change it, and the change applies from then on to every case — no one has to be re-trained and no habit has to settle. The correction is written once and remains. In From using AI to directing it we described that direction as a management capability; this here is its material condition: without written rules backed by a mechanism and a test, "directing the AI" is a phrase.

European regulation points to the same place. Regulation (EU) 2024/1689 requires high-risk systems to be designed so that people can effectively oversee them, with a real capacity to intervene in their operation (Source: Regulation (EU) 2024/1689, Art. 14, EUR-Lex, 2024). Overseeing and intervening demand exactly what this article describes: that the behaviour lives in documents a person can read and change, and that mechanisms exist to apply what is written. Whoever builds the three layers to direct their system has, along the way, the effective oversight the standard asks for — without manufacturing it separately.

Where to start in your company

You do not need a regulated sector for this to apply. Every company has rules its artificial intelligence should follow: which data it may use and which it may not, what it may decide alone and what it must escalate to a person, what tone and what commitments it may take on in your name. The starting point is an honest inventory: list the five most important rules your AI must follow today, and for each one answer three questions — where is it written?, what mechanism applies it?, what test would verify it holds?

In our method, that is precisely one of the deliverables of the 90-day Start: the system's rules of the game in writing — what it may do, what it is forbidden to do, who is accountable — with the mechanism that applies them and the trail that proves it. The business ends up described in a way the system obeys and you can verify (what "operable" means, without jargon).

The question to take away

A company's maturity with artificial intelligence is not measured by how many tools it uses, but by a question that fits on one line: of the rules your AI must follow, how many have a place, a mechanism and a test? The ones that do not are not rules yet. And the good news is that turning intentions into rules is not a multi-year project: it is, precisely, engineering work that is done once and stays.