How to operationalise platform policy at scale
I'm Alice Hunsberger. Trust & Safety Insider is my weekly rundown on the topics, industry trends and workplace strategies that trust and safety professionals need to know about to do their job.
Today, I'm sharing my third EiM guide to — how to operationalise platform policy at scale. It was really fun to write and I hope you get something out of it.
If you value T&S Insider and Ben's Friday round-up, become a paid member today so we can continue this work without having to put up a paywall. You get access to hundreds of editions, including previous guides on how to select a T&S vendor and how to write really good user-facing policies and all of Ben's writing going back to 2018.
Get in touch if you have your own tips for operationalising platform policy; if I get enough responses, I'll share them in next week's newsletter. Here we go! — Alice
15+ years of experience in one handy guide
Writing platform policy is hard but it's maybe 20% of the work. The other 80% is making that policy enforceable, consistently, by human reviewers, machine learning models, and LLMs, across thousands or millions of decisions per day, across shifts, regions, and content types.
I wrote recently about how to write good platform policies. This guide picks up where that one left off. That piece was about what you say to your users. This one is about what comes next: the moderator-facing guidance, LLM prompt design, ML labelling standards, calibration exercises, feedback loops, and the operational layer that determines whether your policies actually work or just sound like they do.
I've been operationalising policies for about 20 years, starting with a message board I ran as a teenager where I learned the hard way what happens when you have values but no enforcement mechanisms. Since then, I've built out policy operations at OkCupid and Grindr, helped platforms operationalise human moderation at scale at PartnerHero, and now do the same for AI moderation at Musubi. This is what I do, and this guide reflects what I've learned across all of it. The advice scales to different team sizes and resource levels. What matters is that you do some version of each step, even if you're working with a small team on a tight timeline.
Why people get this wrong
Most policy failures aren't writing failures. They're operationalisation failures. The policy sounded fine in the document, but nobody thought through how a moderator at 2am would actually apply it. Or how an LLM would interpret it when you fed it the same language verbatim. The people writing policy are often disconnected from the people enforcing it: legal, comms, or senior T&S staff writing rules that frontline teams have to interpret in real time, with often serious consequences.
This gap matters more now than it ever has, because enforcement is increasingly automated. A policy that was "good enough" when 50 trained reviewers interpreted it can fail badly when an LLM applies it literally, or when an ML model tries to learn patterns from labels that were inconsistently applied in the first place. When you try to feed a policy to an AI system, all the ambiguity that humans were doing their best with becomes an immediate, concrete failure.
There are half a dozen patterns I see over and over again: