:PROPERTIES:
:ID:       auto-first-mover-window
:CREATED:  [2026-05-23 Sat]
:END:
#+title: First-Mover Window Analysis
#+filetags: :passepartout:compliance:strategy:first-mover:

* First-Mover Window Analysis

The first-mover window is the time in which a new compliance tool can establish
dominance before incumbents respond or the market settles on a standard approach.

| Window | Frameworks | Rationale |
|--------|-----------|-----------|
| **Critical (<12 months)** | EU AI Act (Aug 2026 effective), NIS2 (Oct 2025 deadline), DORA (Jan 2025 — already in effect) | Regulation is active or imminent. Buyers are desperate. No established vendor. |
| **Wide (12-36 months)** | DPDP Act 2023 (rules drafting), India privacy; Privacy Act Review (Australia); Quebec Law 25; CRA phased enforcement | Regulation not yet fully enforced. Rules being written. Market forming. |
| **Mature (commodity)** | GDPR (2018), SOX (2002), HIPAA (1996), GLBA (1999), Basel III (2010), FATF 40 Recs | Market has established vendors. First-mover advantage requires displacing incumbents via superior architecture. |
| **Latent (undiscovered)** | OECD AI Principles, UN/CEFACT, World Bank ESF, IFC PS | Compliance exists but is document-based or consultant-delivered. No software market has formed. The first gate package creates the category. |



See also: [[file:_index.org][Compliance index]], [[file:revenue-table.org][Revenue table]],
[[file:../../ideas/verification-appliance.org][Verification appliance]], [[file:../../ideas/verification-monopoly.org][Verification monopoly]]