9. Example Tokens and Scenarios
9.1 Scenario 1 — Permitted: UK clinical data, UK processing, valid consent
This example shows a PCT that would result in an ALLOW decision for a clinical analytics AI call on UK patient data processed within the UK.
{
"pct_id": "f3a2b1c4-1234-4abc-8def-000000000001",
"issued_at": 1743000000,
"valid_from": 1743000000,
"expires_at": 1774536000,
"issuer": "https://orchestrator.dpglabs.io",
"subject_id": "dataset:patient-cohort-2026-03",
"subject_type": "ai_interaction",
"data_origin": "GB",
"data_categories": ["health", "special_category"],
"lawful_basis": {
"bases": ["consent"],
"framework": "UK_GDPR"
},
"allowed_purposes": ["clinical_analytics", "treatment_support"],
"consent_status": true,
"consent_scope": ["clinical_analytics", "treatment_support"],
"jurisdiction_rules": {
"permitted_regions": ["GB"],
"residency_required": true
},
"data_hash": "n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
"hash_algorithm": "sha-256",
"hash_scope": "full_payload",
"data_format": "application/json",
"ai_context": {
"model_id": "medai-v2-uk",
"model_region": "GB",
"risk_tier": "high",
"prohibited_use_check": true,
"human_oversight_required": true
}
}
Expected decision: ALLOW — all checks pass. Model region (GB) matches permitted_regions. Requested purpose (clinical_analytics) is in allowed_purposes. Consent is true and covers the purpose. Risk tier is high but prohibited_use_check is true and human_oversight_required is noted in the audit record.
9.2 Scenario 2 — Blocked: UK clinical data routed to US model
The same dataset is requested for processing by a US-hosted model.
{
"...": "(same PCT as Scenario 1 — jurisdiction_rules.permitted_regions: [GB], residency_required: true)",
"ai_context": {
"model_id": "us-general-llm-v3",
"model_region": "US",
"risk_tier": "high",
"prohibited_use_check": true
}
}
Expected decision: BLOCK — jurisdiction check fails. model_region (US) is not in permitted_regions ([GB]) and residency_required is true. The action is blocked before processing occurs. Audit record is generated with check_name: jurisdiction_check, result: fail.
9.3 Scenario 3 — Blocked: purpose not in claims
The dataset is requested for a commercial research purpose not covered by the consent or the allowed_purposes list.
{
"requested_action": "ai_call",
"requested_purpose": "commercial_research",
"processing_region": "GB"
}
Expected decision: BLOCK — purpose check fails. commercial_research is not present in allowed_purposes ([clinical_analytics, treatment_support]).
9.4 Scenario 4 — Clinical trial data, multiple simultaneous failures
Clinical trial data is requested for processing by an overseas AI system for a purpose outside the trial protocol, with no valid consent for the requested scope.
PCT:
{
"pct_id": "a1b2c3d4-5678-4abc-9012-000000000004",
"data_origin": "DE",
"data_categories": ["health", "genetic", "special_category"],
"lawful_basis": {
"bases": ["consent"],
"framework": "GDPR"
},
"allowed_purposes": ["clinical_trial_protocol_A"],
"consent_status": true,
"consent_scope": ["clinical_trial_protocol_A"],
"jurisdiction_rules": {
"permitted_regions": ["DE", "FR", "NL"],
"residency_required": true
},
"extensions": {
"x-hipaa:phi_flag": true,
"x-hipaa:minimum_necessary": true
}
}
Verification request:
{
"requested_purpose": "secondary_commercial_research",
"processing_region": "US"
}
Expected decision: BLOCK — multiple simultaneous failures:
- Purpose check:
secondary_commercial_researchnot inallowed_purposes - Jurisdiction check: US not in
permitted_regions - Consent scope check: consent does not cover
secondary_commercial_research
All failures are recorded in the audit record.