[EAAPL-RAG001] Enterprise Retrieval-Augmented Generation

Category: Artificial Intelligence / Retrieval-Augmented Generation Sub-category: Foundational RAG Architecture Version: 2.1 Maturity: Mature Tags: rag retrieval embeddings vector-search llm grounding citation enterprise Regulatory Relevance: APRA CPS234, EU AI Act Article 13 (Transparency), ISO/IEC 42001, NIST AI RMF (Govern 1.1, Map 1.1)

1. Executive Summary

Retrieval-Augmented Generation (RAG) is the foundational architecture pattern that grounds Large Language Model (LLM) responses in verifiable enterprise knowledge. Rather than relying solely on parametric knowledge baked into model weights, RAG dynamically retrieves relevant documents at inference time, assembles them into a context window, and instructs the LLM to generate answers grounded exclusively in retrieved evidence.

For enterprise CIOs and CTOs, RAG directly addresses three business-critical concerns: accuracy (answers are anchored to current, authoritative sources rather than potentially stale training data), auditability (every claim can be traced to a source document for compliance and regulatory purposes), and control (the knowledge base is governed by the enterprise, not by a third-party model provider). RAG enables AI-powered enterprise search, internal knowledge assistants, customer service automation, and regulatory document Q&A without the cost and risk of fine-tuning proprietary models. When implemented correctly, RAG reduces hallucination rates by 60–80% compared to prompt-only LLM usage, and provides the citation infrastructure required to satisfy model explainability mandates in APRA, EU AI Act, and ISO 42001 frameworks.

2. Problem Statement

Business Problem

Enterprise knowledge is locked in unstructured repositories — SharePoint libraries, Confluence wikis, PDF policy archives, email threads, and ERP exports. Employees spend an average of 20% of their working week searching for information (McKinsey Global Institute). LLMs offer natural-language access to this knowledge but generate plausible-sounding but factually incorrect answers (hallucinations) at an unacceptable rate for regulated industries.

Technical Problem

Standard LLM prompting cannot access documents outside the model's training window, cannot cite sources for claims, cannot reflect updates made after the model's training cutoff, and cannot respect per-user access controls on confidential documents. Context windows are finite; naively injecting entire document corpora is computationally prohibitive and degrades generation quality.

Symptoms of the Absence of this Pattern

• Help-desk chatbots that confidently cite policy sections that do not exist or have been superseded
• Internal search returning keyword-matched results with no synthesis or relevance ranking
• Compliance teams unable to audit the provenance of AI-generated regulatory summaries
• Knowledge workers spending >30 minutes constructing answers from multiple source documents
• Model answers that vary unpredictably across repeated identical queries

Cost of Inaction

• Regulatory exposure: ungrounded AI outputs used in decision-making violate EU AI Act Article 13 and APRA CPG 234 requirements for explainability
• Operational cost: manual document synthesis at scale costs $150–$400 per knowledge-worker hour
• Risk of reputational damage from hallucinated answers in customer-facing applications
• Inability to retire legacy knowledge portal investments without a viable AI-powered replacement

3. Context

When to Apply

• Enterprise Q&A systems over internal policy, procedure, or product documentation
• Customer service automation requiring grounded, citable answers
• Regulatory and compliance document interrogation
• Code generation assistants that reference internal SDK and API documentation
• Research synthesis across large document corpora (legal discovery, clinical guidelines, engineering standards)
• Any LLM use case where answer provenance and auditability are required

When NOT to Apply

• Tasks requiring real-time external data not yet ingested (use Streaming RAG, EAAPL-RAG006)
• Multi-hop reasoning across structured relational data (use Graph RAG, EAAPL-RAG009, or SQL-generation patterns)
• Use cases where the knowledge corpus is smaller than the context window (direct context injection is simpler)
• Creative generation tasks where factual grounding is not required
• Highly latency-sensitive applications (<100ms P99) where vector search overhead is unacceptable

Prerequisites

• A defined and governed knowledge corpus (documents, wikis, structured exports)
• An embedding model appropriate to the corpus language and domain
• A vector database provisioned and accessible from the inference runtime
• An LLM with sufficient context window to accommodate retrieved passages plus the user query
• A document ingestion pipeline with scheduling and delta-update capability
• Logging infrastructure capable of recording retrieval decisions and LLM inputs/outputs

Industry Applicability

4. Architecture Overview

Enterprise RAG decomposes into two distinct temporal phases: an offline ingestion pipeline and an online retrieval-generation pipeline. Understanding the separation of these phases is critical to operating the system correctly at enterprise scale.

Offline Ingestion Pipeline

The ingestion pipeline transforms raw enterprise documents into a searchable vector index. This phase runs continuously or on a schedule and must be treated as a production data pipeline with monitoring, alerting, and schema versioning.

Document acquisition draws from multiple source connectors (SharePoint, Confluence, S3, SFTP, database exports). Each connector must capture not only document content but also metadata: document ID, version, owner, classification level, effective date, and expiry date. Metadata is as important as content for enterprise use cases — it drives filtering, citation generation, and access control enforcement.

Chunking is among the most consequential architectural decisions in any RAG system. The goal is to produce semantically coherent text units that are large enough to contain useful context but small enough to remain topically focused. Three strategies apply at enterprise scale: fixed-size chunking (split by token count, typically 256–512 tokens, with 10–20% overlap) is operationally simple and predictable; semantic chunking (split at natural paragraph or section boundaries) preserves document structure and is preferred for narrative documents such as policy manuals; hierarchical chunking (maintain parent-child relationships between summary chunks and detail chunks) enables retrieval at multiple granularities and is optimal for long technical documents. For regulated environments, hierarchical chunking with section-level metadata (clause number, effective date) is recommended because it enables citation at the regulatory clause level.

Embedding converts each chunk into a dense vector representation using an embedding model. Model selection has long-term consequences: changing the embedding model requires re-embedding the entire corpus. For English-language enterprise corpora, text-embedding-3-large (OpenAI), textembedding-gecko (Google), or bge-large-en-v1.5 (BAAI, self-hostable) are strong choices. For multilingual corpora, multilingual-e5-large or bge-m3 are preferred. The embedding model must be evaluated on a domain-representative benchmark before production selection.

Vector storage persists embeddings alongside the full chunk text and metadata in a vector database. The vector index (typically HNSW — Hierarchical Navigable Small World) enables approximate nearest-neighbour search in milliseconds across tens of millions of vectors. Index construction parameters (ef_construction, M) directly affect recall/latency trade-offs and must be tuned per corpus.

Online Retrieval-Generation Pipeline

At inference time, the user query traverses a multi-stage pipeline before the LLM generates a response.

Query processing applies transformations that materially improve retrieval quality: query expansion (generating alternative phrasings of the question), HyDE (Hypothetical Document Embedding — generating a hypothetical answer and embedding it to find similar real documents), and query decomposition (splitting compound questions into atomic sub-queries). These transformations add 50–150ms latency but improve top-5 recall by 15–30% in empirical benchmarks.

Retrieval executes the vector similarity search against the index, returning the top-K chunks (K typically 5–20) ranked by cosine similarity. Pre-retrieval metadata filtering (by document class, department, effective date) reduces the search space and enforces access control at the vector layer.

Re-ranking applies a cross-encoder model to re-score the top-K retrieved chunks against the original query with higher precision than the bi-encoder embedding model. Cross-encoders (e.g., cross-encoder/ms-marco-MiniLM-L-12-v2) do not scale to full-index search but are highly effective on the top-K set.

Context assembly constructs the final prompt by ordering retrieved chunks (relevance-first or document-structure-first depending on the task), injecting system instructions, and appending the user query. Maximum context budget (the number of retrieved tokens before the LLM's context window is exceeded) must be monitored and enforced.

Generation invokes the LLM with the assembled context. The system prompt must explicitly instruct the model to answer only from the provided context and to include citations. Post-generation, citations are extracted and validated against the retrieved chunk set to detect hallucinated references.

The full pipeline must be instrumented end-to-end. Every query, the retrieved chunk IDs, the assembled context hash, the LLM response, and latency at each stage must be logged to enable quality monitoring, debugging, and audit trail maintenance.

5. Architecture Diagram

6. Components

7. Data Flow

Primary Flow

Error Flow

8. Security Considerations

Authentication and Authorisation

• All API endpoints require OAuth 2.0 / OIDC tokens from the enterprise identity provider (Entra ID, Okta, Ping)
• User identity claims are forwarded through the entire pipeline and recorded in audit logs
• Vector search is scoped by user-identity-derived metadata filters before execution — retrieval never returns documents the user cannot access
• Service-to-service calls between pipeline components use mTLS with short-lived certificates

Secrets Management

• Embedding model API keys stored in HashiCorp Vault or cloud-native secrets manager (AWS Secrets Manager, Azure Key Vault)
• LLM API keys rotated on a 90-day schedule; rotation must not require pipeline restart
• Database credentials never hardcoded; injected at runtime via environment variable from secrets manager

Data Classification

• Source document classification labels (OFFICIAL, SENSITIVE, PROTECTED, etc.) are preserved as metadata through the chunking and embedding pipeline
• Retrieved chunks inherit the highest classification of their parent document
• The assembled context window classification is the maximum of all included chunks
• LLM response is tagged with the classification of the highest-classified source included in context

Encryption

• Vectors and chunk text at rest: AES-256 encryption in vector database and document store
• Data in transit: TLS 1.3 minimum between all components
• Highly sensitive corpora: consider field-level encryption of metadata; evaluate format-preserving encryption for PII fields

Auditability

• Immutable audit log: every query, user ID, retrieved chunk IDs, context hash (SHA-256), LLM model version, and response hash
• Audit logs shipped to tamper-evident log store (WORM S3 bucket, Splunk, Azure Sentinel)
• Audit log retention: minimum 7 years for regulated industries

OWASP LLM Top 10 Mitigations

9. Governance Considerations

Responsible AI

• RAG answers must always present source citations to enable human verification
• Confidence scoring should be implemented; low-confidence answers must be flagged
• Sensitive-topic classifiers (medical advice, legal advice, financial advice) should trigger "consult a professional" disclaimers
• Demographic bias monitoring on retrieval: ensure corpus is not systematically missing content relevant to specific user groups

Model Risk Management

• Embedding model versioning: the corpus must be re-embedded when the embedding model is upgraded; running mixed embeddings (different models for different document batches) produces retrieval quality degradation
• LLM model versioning: changes to the generation model require regression testing against a held-out QA benchmark
• Hallucination rate KPI tracked as a model risk indicator; threshold breach triggers review gate

Human Approval Gates

• Corpus ingestion of Tier 1 (Critical) documents requires human review approval before the document is made retrievable
• Significant changes to system prompt (which governs LLM behaviour) require a change approval process
• Quarterly human review of a random sample (n ≥ 100) of query/response pairs for quality and safety

Governance Artefacts

10. Operational Considerations

Monitoring

Service Level Objectives

Logging

• Structured JSON logs for every pipeline stage
• Correlation ID propagated through entire query lifecycle
• PII fields in logs must be masked (hash user IDs, redact query text for high-classification corpora)
• Log retention: 90 days hot (searchable), 7 years cold (compliance archive)

Incident Response

Disaster Recovery

11. Cost Considerations

Cost Drivers

Scaling Risks

• Context length growth: as users discover RAG and ask more complex queries, context tokens per query creep upward, driving LLM cost non-linearly
• Re-embedding cost spike: a mandatory embedding model upgrade on a 100M-token corpus costs $2,000–$13,000 and requires careful planning
• Vector index rebuild: adding new metadata fields requires a full index rebuild, causing temporary retrieval degradation

Cost Optimisations

• Use tiered embedding: cheap embedding model for initial retrieval, expensive model only for re-ranking candidates
• Implement semantic caching (cache responses for near-duplicate queries using embedding similarity)
• Batch embedding during off-peak hours to take advantage of batch API discounts (50% on OpenAI)
• Right-size the LLM: use a smaller/cheaper model for low-stakes queries, route to premium model only for complex or high-classification queries
• Compress stored vectors using scalar quantisation (INT8) to reduce storage by 4× with <2% recall degradation

Indicative Cost Range

12. Trade-Off Analysis

Chunking Strategy Comparison

Embedding Model Comparison

Architectural Tensions

13. Failure Modes

Cascading Failure Scenarios

• Embedding model API outage during peak query period: Query processor cannot embed queries → vector search cannot execute → entire RAG pipeline fails. Mitigation: implement query-embedding caching for recently seen queries; maintain a keyword search fallback with explicit quality degradation notice.
• ACL metadata missing from newly ingested documents: Documents ingest without access control metadata → ACL filter passes all requests → data leakage. Mitigation: mandatory ACL metadata validation before ingestion completion; reject documents lacking classification metadata.

14. Regulatory Considerations

15. Reference Implementations

AWS

• Source connectors: Amazon Kendra (managed) or custom Lambda + EventBridge
• Chunking & embedding: AWS Lambda (Python) + Amazon Bedrock Titan Embeddings v2
• Vector store: Amazon OpenSearch Service with k-NN plugin, or Amazon Aurora pgvector
• Document store: Amazon S3 with S3 Versioning
• LLM: Amazon Bedrock (Claude 3.5 Sonnet, Llama 3)
• Orchestration: AWS Step Functions + LangChain on Lambda
• Observability: Amazon CloudWatch + AWS X-Ray + Langfuse

Azure

• Source connectors: Azure Logic Apps + Microsoft Graph connector
• Chunking & embedding: Azure Functions + Azure OpenAI Service (text-embedding-3-large)
• Vector store: Azure AI Search (with vector search mode)
• Document store: Azure Blob Storage
• LLM: Azure OpenAI Service (GPT-4o)
• Orchestration: Azure AI Studio Prompt Flow
• Observability: Azure Monitor + Application Insights + Azure AI Content Safety

GCP

• Source connectors: Cloud Run jobs + Pub/Sub for event-driven ingestion
• Chunking & embedding: Cloud Run + Vertex AI Embeddings (textembedding-gecko)
• Vector store: Vertex AI Vector Search (formerly Matching Engine) or AlloyDB pgvector
• Document store: Google Cloud Storage
• LLM: Vertex AI (Gemini 1.5 Pro)
• Orchestration: Vertex AI Agent Builder or LangChain on Cloud Run
• Observability: Cloud Monitoring + Cloud Trace + Vertex AI Model Monitoring

On-Premises / Air-Gapped

• Source connectors: Custom Python connectors + Apache NiFi
• Chunking & embedding: GPU inference server (NVIDIA A10G) + BAAI bge-large-en-v1.5
• Vector store: Weaviate or Qdrant self-hosted on Kubernetes
• Document store: MinIO (S3-compatible object storage)
• LLM: vLLM serving Llama 3.1 70B or Mistral Large on GPU cluster
• Orchestration: LangChain / LlamaIndex on Kubernetes
• Observability: Prometheus + Grafana + Langfuse self-hosted

16. Related Patterns

17. Maturity Assessment

Overall Maturity: Mature — Enterprise RAG is widely deployed across regulated industries; tooling is production-grade; best practices are documented; failure modes are well-understood.

18. Revision History