:PROPERTIES:
:ID:       e4a7b3d2-1c9f-4b6e-8a2d-5f3c7e1b9a0c
:CREATED:  [2026-05-23 Sat]
:UPDATED:  [2026-05-23 Sat]
:END:
#+title: Compliance Framework Index — Global Regulated Industries
#+filetags: :passepartout:triad:compliance:global:index:hub:

The [[id:827bc546-e887-5b7c-9b65-6392beaf0920][verification monopoly]] and domain gate package [[id:ed05cab4-88e9-4e25-b7c9-346fa39c69a0][revenue streams]] depend on
selling into regulated industries. These industries buy compliance, not software.
Each framework below maps to a gate package Passepartout can sell — ACL2-verified
gate rules that produce deterministic audit trails.

See [[id:558154ea-e63a-4c45-998c-26ce8588585b][First-mover window analysis]] and [[id:81a815ee-bf2b-4365-9894-b814e4196850][Revenue table]] for the consolidated view.

* US Frameworks

- [[id:84fb5f8f-0527-4df0-b6b6-dbf3bcff8a7f][HIPAA]] — Health privacy ($50K/yr, 500K+ orgs)
- [[id:ed65031c-cbd2-4ad2-bd53-a67791e183cd][SOC 2]] — Service organization controls ($50K/yr, 100K+ orgs)
- [[id:e6993701-3c67-49bf-82f3-06907572cbf3][FedRAMP]] — Federal cloud authorization ($100K/yr, 1K providers)
- [[id:c9830152-0160-4bdc-ab03-6f308ad43536][SOX]] — Financial controls ($50K/yr, 10K orgs)
- [[id:4a2bc62b-3f21-4212-9cd9-f9add8fc0be1][GLBA]] — Financial privacy ($40K/yr, 20K orgs)
- [[id:581666ba-f72c-406b-8556-93876d2b30bf][NY DFS 500]] — NY financial cybersecurity ($30K/yr, 3K orgs)
- [[id:87996d87-100c-4bf6-8546-a860b9d7c25b][CCPA/CPRA]] — California privacy ($40K/yr, 50K+ orgs)

* Canada

- [[id:f6a0c00e-e922-44af-99ce-6412c4b73745][Quebec Law 25]] — Provincial privacy ($25K/yr, 10K+ orgs)

* UK and EU

- [[id:513d5996-4ac7-4567-a992-18fc01599104][GDPR]] — EU privacy ($50K/yr, 500K+ orgs)
- [[id:9bc29937-d59a-4ae4-9623-3d17a1fe6ebb][UK GDPR]] — UK privacy ($40K/yr, 100K+ orgs)
- [[id:748db16a-1382-4e5e-8812-a5d57a8de131][NIS2]] — Network security ($50K/yr, 160K orgs)
- [[id:06fcdb02-2643-4f9d-ab41-e711a99cc390][EU AI Act]] — AI regulation ($75K/yr, 100K+ orgs)
- [[id:717ef2df-2a80-4362-b23a-5e7e12554251][DORA]] — Financial resilience ($50K/yr, 22K+ orgs)
- [[id:b8cf51e8-5f39-49ad-9547-a792a2e446aa][eIDAS 2.0]] — Digital identity ($30K/yr, 10K+ orgs)
- [[id:ce81fefc-b7a8-4be5-912f-55fd30970b6e][CRA]] — Product cybersecurity ($40K/yr, 50K+ orgs)

* Asia-Pacific

- [[id:b852ec69-0fc2-435c-ae1e-6b83e49b3ca3][APPI]] — Japan privacy ($40K/yr, 100K+ orgs)
- [[id:085b76cc-4a65-4660-9c70-85aee10ca99e][ISMAP]] — Japan cloud authorization ($75K/yr, 500 providers)
- [[id:e777064d-9950-42d5-980d-8c78cda91500][PIPA]] — South Korea privacy ($35K/yr, 50K+ orgs)
- [[id:834689e9-be0a-4822-9085-9b6b22294fd2][Privacy Act]] — Australia privacy ($35K/yr, 50K+ orgs)
- [[id:904f5f12-ec9a-4cbf-854a-0b9b1e11a521][APRA CPS 234]] — Australian financial security ($40K/yr, 500 orgs)
- [[id:7f46764b-47b8-4892-a526-2c1b9ee6e6df][IRAP]] — Australian cloud authorization ($75K/yr, 300 providers)
- [[id:fed19a24-ad81-4837-a12b-dafbd3ec110a][DPDP Act]] — India privacy ($30K/yr, 500K+ orgs)

* Latin America

- [[id:c871a9f4-dd53-4e93-aa50-6acf0c606a9b][LGPD]] — Brazil privacy ($30K/yr, 200K+ orgs)
- [[id:bafdaa23-de0b-444c-9151-c87ac65add32][LFPDPPP]] — Mexico privacy ($25K/yr, 50K+ orgs)

* International

- [[id:e2ab887d-9f28-4da6-8388-e6c035e9d9c5][ISO 27001]] — ISMS ($40K/yr, 60K+ orgs)
- [[id:748b0cc7-7f42-49fb-8ee3-1ae49048a178][ISO 27701]] — Privacy management ($35K/yr, 1K+ orgs)
- [[id:4eef0993-6671-41cf-ba20-d1443a3ec49d][Basel III]] — Banking capital ($100K/yr, 500 G-SIBs)
- [[id:03ebdb80-a9af-4e76-a443-8556424996ed][FATF]] — AML/CFT ($50K/yr, 50K+ orgs)
- [[id:fc736aec-ef53-4759-9787-62bc8deea2e7][IFRS 17]] — Insurance accounting ($75K/yr, 5K+ orgs)
- [[id:022109ad-f031-44c4-8ea0-0b3c9402ca90][OECD Guidelines]] — Privacy/AI principles (indirect)
- [[id:177aad72-5626-444d-a2e4-af8e1263b125][World Bank ESF]] — Development finance ($50K/yr)
- [[id:68c55deb-72bf-4b15-ac28-bcc792057543][IFC PS]] — Project finance ($50K/yr)
- [[id:6a5884c8-e9b5-477e-bbf6-aa9ffd967739][UN/CEFACT]] — Trade facilitation ($30K/yr, 50K+ orgs)

* Strategic View

| Region | Frameworks | Total TAM | First-mover priority |
|--------|-----------|-----------|---------------------|
| US | 7 | ~$33B | FedRAMP (procurement gate), NY DFS 500 (growing) |
| UK/EU | 7 | ~$24B | NIS2 (2025 deadline), AI Act (Aug 2026), DORA (in effect) |
| Asia-Pacific | 7 | ~$9B | DPDP (rules drafting), ISMAP/IRAP (gov cloud gates) |
| Latin America | 2 | ~$7B | LGPD (largest LATAM market) |
| International | 9 | ~$4.5B | ISO 27001 (universal baseline), World Bank/IFC (no market exists) |

The [[id:827bc546-e887-5b7c-9b65-6392beaf0920][verification monopoly]] is enforced through
[[id:c34940cc-090e-57c4-8020-e78b1d32b96c][domain gate packages]] running on a
[[id:3c6b0449-a8fb-5b89-b82a-34efb21ef5b5][compute marketplace]], creating
[[id:2f783eb4-638e-5afa-9b59-6224d086a712][infrastructure lock-in]] that compounds with every framework
added. See [[id:558154ea-e63a-4c45-998c-26ce8588585b][First-mover window analysis]] and
[[id:81a815ee-bf2b-4365-9894-b814e4196850][Full revenue table]] for the consolidated view.