Skip to main content
For regulated industries (healthcare, finance, legal, government), your eval traces can’t leave your environment. multivon-eval’s compliance tools run entirely locally: no cloud, no LLM calls for PII detection.

PII Detection

PIIEvaluator scans LLM outputs for personally identifiable information using regex patterns. Zero API calls, so it works in air-gapped environments.

Basic usage

A case fails if any PII is detected in the output. The failure reason lists each PII type and example matches.

Jurisdiction-specific patterns

HIPAA coverage note: This evaluator detects 13 of 18 HIPAA Safe Harbor PHI identifiers via regex. The remaining 5 (patient names, geographic subdivisions below state, photographs, biometric data, and arbitrary unique identifiers) cannot be reliably detected from text output and require de-identification before the text reaches the evaluator. For full HIPAA Safe Harbor compliance, combine PIIEvaluator(jurisdiction="hipaa") with an upstream de-identification step.

Custom patterns

Redacting PII from reports

By default, matched PII is shown in the reason field. To mask it in audit logs:

What’s detected


Structured Output Validation

SchemaEvaluator validates that LLM outputs conform to a defined structure. Works with Pydantic models and JSON Schema dicts, and reports per-field failures rather than a bare valid/invalid. StructEval (2025) found GPT-4 fails complex structured extraction ~12% of the time. This evaluator catches those failures in your specific pipeline.

Pydantic model

Supports Pydantic v1 and v2. Field-level error messages:

JSON Schema

Handling markdown code fences

SchemaEvaluator automatically strips markdown code fences from outputs:
This is valid — the schema evaluator strips the fence before parsing.

Compliance Audit Trail

ComplianceReporter writes a hash-chained, tamper-evident NDJSON log of every eval run, with Article-level regulatory control annotations on each evaluator result.

Basic usage

EU AI Act high-risk factory

For high-risk systems under Annex III, use the factory — it wires the standard measurable controls with calibrated thresholds:
The factory wires: NotEmpty, Faithfulness, Hallucination, Relevance, Toxicity, Bias, PIIEvaluator (plus optional SchemaEvaluator if you pass schema=). Pair with runs=5 to surface flakiness — Art. 15(2) robustness isn’t a single-run claim.

Coverage report

Before you run, check which Articles the suite actually exercises:
Process controls (Art. 11, 13, 14, 15(4-5)) require organizational measures outside of model evaluation; the reporter surfaces them so you don’t mistake “high coverage” for “fully compliant.”

Framework mappings

EU AI Act mappings (Regulation (EU) 2024/1689): NIST AI RMF subcategories: accuracy evaluators → MEASURE 2.3, robustness → MEASURE 2.5, toxicity → MEASURE 2.6, pii_detection → MEASURE 2.10, bias → MEASURE 2.11.

Verifying integrity (hash chain)

Each record stores prev_hash pointing at the previous record’s record_hash, forming a SHA-256 chain. verify() walks the chain end-to-end:
If a record is edited in place: TAMPERED. If a middle record is deleted (undetectable under per-record hashing): CHAIN BROKEN on the next record.

Audit record format

Each NDJSON line:
controls is a list because some evaluators may map to multiple controls in future framework versions. prev_hash is "0" * 64 for the first record in the log (genesis).

Full compliance pipeline


CI/CD Integration

The audit logs in ./audit-logs/ are the compliance artifacts — store them alongside your release artifacts.