TrueCase
AI-powered business case builder for AI investments — generates governance-adjusted ROI projections with a reliability score, UK regulatory citations, and a Claude-powered three-section narrative grounded entirely in a verified knowledge base.
Executive Summary
TrueCase bridges the gap between financial optimism and regulatory reality in AI investment decisions. A four-stage guided flow — contextual questionnaire, governance assessment gate, financial projections, and AI narrative export — produces a business case built on two projections: the headline ROI and the governance-adjusted ROI. The gap between them is the product. Zero user data is retained. Every governance claim traces to a primary UK regulatory source. Every Claude-generated sentence is constrained to a verified knowledge base — not Claude's training data.
Governance elements
Each KB-backed with UK regulatory citations and weighted reliability deductions
Narrative sections
Business Case Summary, Governance Assessment, Social Return Signal
Bytes retained
Stateless by design — no database, localStorage, cookies, or logging
Knowledge bases
governance-kb.json, benchmarks.json, sdg-kb.json — all verified April 2026
Problem Statement
Business cases for AI investments tend to be optimistic. Governance gaps — missing human oversight, undocumented training data, no audit trail — are treated as implementation details rather than financial risks. The result is a board deck that shows £2.4M annual gain while quietly ignoring that the system has no regulatory compliance map and may trigger a GDPR enforcement action that erases that gain entirely.
Finance teams want ROI projections. Compliance teams want governance verification. These conversations happen in separate rooms, in different languages, with different tooling. There is no shared instrument that lets both teams look at the same number and ask: 'How confident should we be in this?'
The challenge is not technical — ROI calculators exist, and compliance checklists exist. The barrier is product thinking: how do you build a tool that makes governance maturity visible as a financial variable, not a post-hoc audit finding? How do you ground AI-generated narrative in verified regulatory sources rather than confident-sounding hallucination? How do you do this without storing any of the sensitive business data the user just typed in?
"The governance gap between headline ROI and governance-adjusted ROI is not a failure state — it is the most valuable thing TrueCase shows. When a user's reliability score is 45% because three governance elements are missing, their real ROI projection is 45% of what they thought it was. That is not a discouragement. That is a roadmap."
User Personas
TrueCase is designed for three distinct user archetypes, each arriving at the tool with a different job-to-be-done. The product must serve all three without asking them to self-identify — the guided questionnaire (Q1: decision type, Q4: sector) routes each user to the right regulatory context automatically.
Internal AI PM
AI Product Manager seeking budget approval at a UK enterprise
Age 34 • Tech: High
Goals:
- •Build a board-ready business case that finance and compliance will both sign off
- •Anticipate governance objections before the presentation, not during it
- •Show that the AI investment has been assessed against UK regulatory requirements
Pain Points:
- •Finance wants a number. Compliance wants a framework. They are never in the same room.
- •ROI calculators give optimistic projections but no governance context — useless for regulated sectors
- •Writing business cases from scratch is slow; writing defensible ones is slower
"My CFO will ask what happens if this triggers a GDPR audit. My answer right now is 'we'll deal with it.' I need a better answer before next Thursday's board meeting."
Startup Founder
Founder pitching institutional investors or enterprise buyers for an AI product
Age 30 • Tech: High
Goals:
- •Show investors that governance risk has been identified and mitigated, not ignored
- •Produce a formal, credible ROI document that survives a due diligence review
- •Demonstrate regulatory awareness to enterprise buyers in financial services or healthcare
Pain Points:
- •Investor due diligence now routinely asks about AI governance — founders are unprepared
- •Enterprise buyers in regulated sectors will not sign without evidence of compliance mapping
- •No time or budget to commission a formal governance audit at seed or Series A stage
"The VC asked me about our governance maturity. I didn't have a good answer. I need to be able to show that I've thought about this seriously before the next meeting."
Enterprise Buyer
Technology Director or Procurement Lead stress-testing an AI vendor's ROI claim
Age 47 • Tech: Medium
Goals:
- •Audit a vendor's ROI projection against independent governance criteria
- •Produce a governance gap assessment as part of the procurement process
- •Justify the purchase (or rejection) to legal, compliance, and the board
Pain Points:
- •Vendor ROI claims are always optimistic and never mention governance dependencies
- •No neutral tool exists to run a vendor's numbers through an independent governance filter
- •Procurement decisions in regulated sectors carry personal liability — need defensible documentation
"Every vendor says their AI will save us £1.2M a year. None of them tell me that's only true if we have a Human Review Requirement and a Decision Audit Trail in place — which we don't."
Solution Overview
TrueCase is a four-layer product that flows top to bottom: a contextual questionnaire sets regulatory exposure; a governance assessment gate scores maturity against six KB-backed elements; financial projection cards show headline and reliability-adjusted ROI side by side; and a Claude-generated three-section business case narrative — grounded in verified knowledge base entries, not Claude's training data — is exported as PDF or HTML. Nothing is stored. Every claim is traceable.
Contextual Questionnaire (4 Questions)
Decision type, data type, scale, and sector questions route users to the right governance context — triggering sector-specific regulatory anchors, benchmark ranges from benchmarks.json, and auto-confirmation of Element 6 when no personal data is involved.
Governance Assessment Gate
Six governance elements from governance-kb.json, each with a 3-state toggle (Confirmed / Partial / Missing), regulatory citations sorted by sector priority, consequence text from the KB, and weighted deductions that compose the reliability score (0–100%).
Reliability-Adjusted Projections
Six financial output cards, always rendered with headline and reliability-adjusted gain at identical size. The governance gap — the difference between the two — is always visible. Not a warning. A number.
AI Narrative + Export
Claude Sonnet 4 generates three sections (Business Case Summary, Governance Assessment, Social Return Signal) grounded in governance-kb.json, benchmarks.json, and sdg-kb.json. Exported as a 3-page PDF or standalone HTML file. All inputs discarded immediately after generation.
Architecture Diagram
Data & Methodology
Data Dictionary
| Feature | Type | Description | Source |
|---|---|---|---|
| hard_output_cap | boolean (confirmed / partial / missing) | Hard, non-configurable maximum on AI outputs. Missing: -25 reliability points. Partial: -12. The single highest-weighted element — output without a ceiling can cause catastrophic harm at scale. | governance-kb.json (UK AI Act signals, ICO guidance) |
| human_override | boolean (confirmed / partial / missing) | Human review required before any AI decision takes effect. Missing: -20 reliability points. Partial: -10. Automation without override creates accountability gaps under GDPR Article 22. | governance-kb.json (GDPR Article 22, FCA Consumer Duty) |
| explainability | boolean (confirmed / partial / missing) | Decision audit trail with plain English explanation available within 24 hours of request. Missing: -15 reliability points. Partial: -7. Required for right-to-explanation obligations. | governance-kb.json (GDPR Article 22, Ofcom Broadcasting Code) |
| regulation_identified | boolean (confirmed / partial / missing) | All applicable UK regulations identified and formally mapped. Missing: -20 reliability points. Partial: -10. Unmapped regulation creates silent liability that compounds over time. | governance-kb.json (sector-specific: FCA, Online Safety Act, ICO) |
| training_data_documented | boolean (confirmed / partial / missing) | Training data source, known limitations, and drift detection plan documented. Missing: -10 reliability points. Partial: -5. Undocumented data provenance is a due diligence failure in any regulated sector. | governance-kb.json (ICO AI Auditing Framework) |
| personalisation_boundary | boolean (auto-confirmed if Q2 ≠ personal) | Policy defining where personalisation ends and surveillance begins. Missing: -10 reliability points. Partial: -5. Auto-confirmed if user indicated no personal data in Q2 — only applies to personal data processing. | governance-kb.json (UK GDPR, ICO guidance on profiling) |
Methodology
The reliability score is computed as a weighted deduction sum from governance-kb.json. It starts at 100% and subtracts the element's reliability_reduction_missing for each missing element, or reliability_reduction_partial for each partial. The final score ranges from 0% (all elements missing) to 100% (all confirmed). This score is then applied as a multiplier to the headline ROI projection: Reliability-Adjusted Gain = Projected Gain × (reliability_score / 100). The reliability score is not a compliance grade — it is a financial variable. A 60% score on a £2M projected gain means the governance-adjusted figure is £1.2M. The £800k gap is the governance risk made visible as money. All financial benchmark ranges in benchmarks.json are sourced from primary UK regulatory documents (legislation.gov.uk, FCA reports, Ofcom research) and marked as 'verified' or 'illustrative range' with source URLs. SDG mappings in sdg-kb.json are derived from UN SDG target documentation and cross-referenced against Q1 (decision type) and Q4 (sector) combinations.
Validation Approach
- •All regulatory anchors in governance-kb.json link to legislation.gov.uk or official regulatory body publications — no secondary sources
- •Sector-specific benchmark ranges in benchmarks.json sourced from primary FCA reports, Ofcom research, and GDPR enforcement records — all marked with source URL and verification status
- •Claude system prompt explicitly constrains output to KB entries and user inputs: banned from adding claims beyond verified sources, banned from 'leveraging', 'synergies', or other filler assertions
- •Self-assessment disclaimer always visible: 'TrueCase cannot verify these answers' — no false authority claimed for governance gate outputs
- •PDF and HTML exports include KB version, generation date, and liability disclaimer on every page
Ethics & Responsible AI
TrueCase's ethical commitments are architectural, not aspirational. Privacy by design means the system physically cannot retain data — there are no write operations to a persistence layer. Grounded generation means Claude cannot add governance claims beyond what the verified KB and user inputs supply. Self-assessment transparency means the reliability score is always accompanied by a disclaimer that TrueCase cannot verify the answers the user provided.
Privacy by Design
No database, localStorage, sessionStorage, cookies, or server-side logging. The PDF API route processes inputs, generates the file stream, and discards all data immediately. Stateless architecture is enforced at code level — not policy level.
Grounded Generation
Claude Sonnet 4's system prompt explicitly prohibits adding factual claims beyond governance-kb.json and user inputs. Regulatory citations must come from KB entries. Financial figures must come from user inputs. SDG mappings must come from sdg-kb.json. There is no fallback to training data.
Self-Assessment Transparency
The grounding disclosure is always visible above the generate button. The AI-generated label is always shown after narrative output. The self-assessment disclaimer ('TrueCase cannot verify these answers') appears at the reliability score. Three separate honesty markers, none optional.
Uniform Scoring
The reliability score formula is deterministic and public: start at 100%, subtract KB-specified deductions per element status. No demographic data used. No sector weighting in the score calculation. Identical governance configurations produce identical reliability scores regardless of who is using the tool.
Guardrails & Safeguards
| Rule | Threshold | Rationale |
|---|---|---|
| Claude Output Scope | KB + user inputs only | Prevents hallucinated governance claims. Every factual assertion in the narrative must trace to governance-kb.json, benchmarks.json, sdg-kb.json, or the user's own inputs. |
| Data Retention | 0 bytes per session | No write operations to any persistence layer. PDF and HTML generation uses inputs only within the server-side request lifecycle — all discarded on response. |
| Regulatory Citation Source | Primary sources only | All UK regulations cited to legislation.gov.uk or official regulatory body publications. Secondary sources and general assertions excluded from KB at verification stage. |
| Narrative Banned Language | Prohibited: 'leveraging', 'synergies', 'driving value', 'unlock potential' | Filler corporate language without substantive meaning is explicitly banned in the Claude system prompt — reinforcing the product's credibility commitment. |
Bias Audit & Fairness Assessment
No user demographic data is used in any calculation. The reliability score is a function of governance element statuses only — identical inputs produce identical scores for all users. Sector-specific benchmark ranges in benchmarks.json are sourced from public regulatory data (FCA, Ofcom, ICO) and apply uniformly within each sector. The SDG mapping logic in sdg-kb.json assigns impact categories based on Q1 (decision type) and Q4 (sector) — structural use-case characteristics, not user identity. The self-assessment disclaimer ensures no authority is falsely attributed to user-provided governance confirmations.
Risk Register
TrueCase's risk profile is shaped by two primary tensions: the knowledge base is static but UK AI regulation is evolving rapidly, and the governance assessment relies entirely on user self-reporting which creates honest score inflation as a vector. Both risks were identified at design stage and addressed architecturally.
UK AI Regulation Evolves Faster Than KB Versioning Cycle
Users Self-Report Governance Controls That Are Not Actually In Place
Claude Outputs Governance Claims Beyond Verified KB Sources
User Distrust of Data Handling in a Tool Handling Sensitive Business Cases
Users Treat Reliability Score as a Compliance Certificate Rather Than a Planning Tool
OKRs & Success Metrics
Objective
Build the first governance-adjusted business case tool for AI investments — making regulatory maturity visible as a financial variable, not an afterthought, with zero data retention and fully grounded AI output
Key Results
Ship a 6-element governance gate backed by a verified KB with UK regulatory citations and weighted reliability scoring
100%Target: All 6 elements live
Implement a reliability score (0–100%) that adjusts financial projections and is always shown alongside the headline figure at identical visual weight
100%Target: Always co-equal display
Ground all Claude-generated narrative in governance-kb.json, benchmarks.json, and sdg-kb.json — no training data fallback
100%Target: 100% KB-sourced claims
Deploy to production on Vercel with zero data retention architecture validated
100%Target: Live public URL
Success Metrics
| Metric | Target | Achieved | Status |
|---|---|---|---|
| Governance KB elements | 6 elements verified | 6 — all with regulatory anchors + deductions | Achieved |
| Reliability score formula | 100% traceable deductions | 100% — all deductions from KB | Achieved |
| Data retention | 0 bytes per session | 0 — stateless architecture | Achieved |
| Production deployment | Live public URL | truecase-seven.vercel.app | Achieved |
Learnings & Reflections
What Went Well
- •The reliability score as the central product metaphor was the correct decision from day one. It gives both the finance team and the compliance team a single shared number — and the gap between headline and adjusted gain is more valuable than either projection alone.
- •Grounding the Claude system prompt explicitly in the KB — rather than relying on Claude's general regulatory knowledge — was the right call for a governance tool. Verifiability is the product's core promise. A hallucinated GDPR citation undermines everything.
- •Building stateless from the start, rather than adding privacy controls later, meant every architectural decision reinforced trust. There is no database to breach because there is no database. That is a stronger guarantee than any encryption policy.
- •The rule-based summary after Q1–Q4 (identifying the two most critical governance elements for the use case without an API call) is the highest-leverage component in the product. Four dropdowns → sector-specific plain English governance readiness assessment, instantly, at zero cost.
Challenges Faced
- •The Q1–Q4 → plain English summary required mapping every combination of four inputs to meaningful, sector-specific text. The edge cases (e.g. 'automation' × 'public sector' × 'unknown scale' × 'healthcare') multiplied faster than expected and required careful KB reference to avoid vague output.
- •Enforcing the boundary between what Claude's training data knows and what the KB specifies required iterative system prompt engineering. 'Use KB entries for all factual claims' is correct but insufficient — the prompt needs explicit negative examples to prevent confident-sounding additions.
- •The @react-pdf/renderer server-side PDF route is the most brittle component. React PDF requires hex values for colours (an explicit exception to the no-hardcoded-values rule), and layout behaviour diverges from the browser in ways that require a parallel styling pass.
What I'd Do Differently
- •Build the SDG knowledge base (sdg-kb.json) before the narrative section prompt, not alongside it. The Q1 × Q4 mapping complexity adds significant scope if discovered mid-prompt-engineering and requires KB-first thinking to structure correctly.
- •Ship the HTML export before the PDF export. HTML is simpler, gets the product live-demonstrable faster, and validates the narrative structure before investing in PDF layout. PDF can follow once the content model is proven.
- •Draft the /about page as part of Phase 1, not a roadmap item. The methodology explanation is part of the product's trust architecture — enterprise buyers and founders need to understand what TrueCase does and does not claim before they input sensitive financial data.
"The governance gap between headline ROI and reliability-adjusted ROI is not a failure state. It is the product. Every design decision — the co-equal card sizes, the self-assessment disclaimer, the KB-constrained Claude prompt, the stateless architecture — exists to make that gap credible enough to act on. A business case tool that always shows optimistic numbers is worse than no tool at all."
PM Artefacts
Written before any code. Every project ships with a full PM artefact set.
Let's Connect
I am actively seeking Junior AI PM / Technical PM roles at companies building AI-powered products in media, events, e-commerce, or consumer applications. Let's connect if you're hiring or want to discuss AI product strategy.
Quick Links
© 2025 Ogbebor Osaheni. Built with Next.js, React, and Tailwind CSS.