Doc-PP: Document Policy Preservation Benchmark for Large Vision-Language Models

TL;DR

This paper introduces Doc-PP, a benchmark for evaluating large vision-language models on document question answering under strict non-disclosure policies, revealing safety gaps and proposing a new inference framework.

Contribution

It presents a new benchmark for policy-preserving document understanding and introduces DVA, a framework that improves safety compliance in multimodal reasoning.

Findings

Models often leak sensitive info through complex reasoning.

Extracted text can both help perception and enable leakage.

DVA outperforms standard prompting defenses in safety tasks.

Abstract

The deployment of Large Vision-Language Models (LVLMs) for real-world document question answering is often constrained by dynamic, user-defined policies that dictate information disclosure based on context. While ensuring adherence to these explicit constraints is critical, existing safety research primarily focuses on implicit social norms or text-only settings, overlooking the complexities of multimodal documents. In this paper, we introduce Doc-PP (Document Policy Preservation Benchmark), a novel benchmark constructed from real-world reports requiring reasoning across heterogeneous visual and textual elements under strict non-disclosure policies. Our evaluation highlights a systemic Reasoning-Induced Safety Gap: models frequently leak sensitive information when answers must be inferred through complex synthesis or aggregated across modalities, effectively circumventing existing safety constraints. Furthermore, we identify that providing extracted text improves perception but inadvertently facilitates leakage. To address these vulnerabilities, we propose DVA (Decompose-Verify-Aggregation), a structural inference framework that decouples reasoning from policy verification. Experimental results demonstrate that DVA significantly outperforms standard prompting defenses, offering a robust baseline for policy-compliant document understanding