We value your privacy

We use necessary cookies to run the site and, with your consent, analytics and marketing cookies to improve it. You can change your choice anytime. Privacy Policy

  • Security
  • Pricing
Book a scoping call
  1. Help Center
  2. Policies & presets
  3. Enforcement modes explained
Browse categories
Getting started
Shield Control
Shield Web
Policies & presets
  • Apply policy presets and bundles
  • Create a policy
  • Data types and on-device detection
  • Enforcement modes explained
Compliance & frameworks
Admin & security
Troubleshooting
FAQ
Getting started
Shield Control
Shield Web
Policies & presets
  • Apply policy presets and bundles
  • Create a policy
  • Data types and on-device detection
  • Enforcement modes explained
Compliance & frameworks
Admin & security
Troubleshooting
FAQ

Enforcement modes explained

Updated July 5, 2026·1 min readAll plans

Every policy carries an enforcement mode — the dial between full visibility and a hard stop. Shield has five, and the right governance program usually mixes them.

The five modes

  • Observe — log only. Usage is recorded in the audit log; nobody is interrupted. The baseline for discovery phases and low-risk tools.
  • Warn — show a warning. The user sees a warning and can proceed. An awareness moment without blocking work.
  • Justify — require a reason. The user must give a reason to proceed; the reason lands in the audit log. Strong middle ground for sensitive-but-legitimate workflows.
  • Transform — redact data. Detected sensitive values are redacted locally, on the device, before anything is sent to the AI tool. The work continues; the sensitive data doesn't leave.
  • Block — fully prevent. The action never reaches the AI tool. For secrets, credentials, and tools your organization has ruled out.

How they interact

When several policies match the same action, the strictest action wins — a tool-specific Block beats a general Warn. From Discovery you can also set quick app-level calls (Allow, Warn/Review, Block) without building a full policy first.

Choosing a mode

A pragmatic ladder: start new tools on Observe, move business-relevant flows to Warn or Justify, and use Transform/Block where data must never cross — the starter policies your org began with follow exactly this pattern (transform PII and financial data, block secrets, warn on source code).

Note: mode availability depends on your plan — Starter includes Block and Warn; Business and Enterprise add Justify, Transform, and Observe.

Was this article helpful?

Related articles

Create a policy

Build a policy from the five layers — tools, data types, actions, context, enforcement — and activate it for your organization in minutes.

Read article

Data types and on-device detection

Which sensitive data Shield recognizes — PII, financial data, source code, secrets — and why the content never leaves the device to be classified.

Read article

Apply policy presets and bundles

Deploy compliance-ready policies from the preset library — EU AI Act, GDPR, DIFC, Korea AI Basic Act, US AI in Employment, and ISO 42001/NIST bundles.

Read article

Still stuck?

Send us the details — we answer within one business day.

Contact support

On this page

  • The five modes
  • How they interact
  • Choosing a mode

Subscribe to our newsletter

Product and governance updates — see our privacy policy.

AI security and control for every model your team uses.

Built in Dubai. Designed for teams operating across regions, models, and regulatory environments.

  • Product

    • Shield Web
    • Shield Control
    • Shield Desktop
    • Shield Mobile
    • Pricing
    • Download
  • Solutions

    • For CISOs
    • For Operations
    • For AI Teams
  • Use Cases

    • AI Governance
    • AI Agent Security
    • LLM Access Control
    • Secure AI Deployment
    • Enterprise Operations
    • Financial Services
  • Resources

    • Help Center
    • Blog
    • Guides
    • Glossary
    • Changelog
    • AI Risk Calculator
    • Compare
    • FAQ
  • Company

    • About
    • Careers
    • Security & Trust
    • Contact
  • Legal

    • Legal
    • Privacy
    • Terms
    • GDPR / DPA

© 2026 Qadar AI. All rights reserved. EU data residency available for Enterprise customers.