:PROPERTIES: :ID: auto-revenue-table :CREATED: [2026-05-23 Sat] :END: #+title: Compliance Framework Revenue Table #+filetags: :passepartout:compliance:revenue:pricing: * Expanded Revenue Table | Framework | Region | Gate price/yr | Addressable orgs | Revenue potential | First-mover window | Gate rule type | |-----------|--------|--------------|------------------|-------------------|---------------------|----------------| | HIPAA | US | $50K | 500K+ | $25B | Mature (incumbent disruption) | Privacy + access control | | SOC 2 | US/Global | $50K | 100K+ | $5B | Mature (incumbent disruption) | Access control + audit | | GDPR | EU | $50K | 500K+ | $25B | Mature (incumbent disruption) | Privacy + consent | | FedRAMP | US | $100K | 1K (providers) | $100M | Moderate (<300 authorized) | Continuous monitoring | | SOX | US | $50K | 10K | $500M | Mature (manual audit disruption) | Financial controls | | GLBA | US | $40K | 20K | $800M | Moderate | Financial privacy | | NY DFS 500 | US (NY) | $30K | 3K | $90M | Wide | Cybersecurity controls | | CCPA/CPRA | US (CA) | $40K | 50K+ | $2B | Moderate | Privacy opt-out flows | | NIS2 | EU | $50K | 160K | $8B | Critical (2025) | Cybersecurity + supply chain | | EU AI Act | EU | $75K | 100K+ | $7.5B | Critical (Aug 2026) | AI risk management | | DORA | EU | $50K | 22K+ | $1.1B | Critical (in effect) | ICT resilience | | eIDAS 2.0 | EU | $30K | 10K+ | $300M | Wide (wallet buildout) | Identity gates | | CRA | EU | $40K | 50K+ | $2B | Wide (phased 2025-2027) | Product security | | UK GDPR | UK | $40K | 100K+ | $4B | Mature (GDPR derivative) | Privacy | | APPI | Japan | $40K | 100K+ | $4B | Moderate | Cross-border privacy | | ISMAP | Japan | $75K | 500 (providers) | $37.5M | Wide (<100 registered) | Gov cloud assessment | | PIPA | South Korea | $35K | 50K+ | $1.75B | Wide (2024 amendments settling) | Privacy + consent | | Privacy Act | Australia | $35K | 50K+ | $1.75B | Wide (reforms legislating) | Privacy + AI transparency | | APRA CPS 234 | Australia | $40K | 500 | $20M | Moderate | Info security controls | | IRAP | Australia | $75K | 300 (providers) | $22.5M | Wide | Gov cloud assessment | | DPDP Act | India | $30K | 500K+ | $15B | Wide (rules drafting) | Privacy + consent | | LGPD | Brazil | $30K | 200K+ | $6B | Moderate | Privacy | | LFPDPPP | Mexico | $25K | 50K+ | $1.25B | Wide | Privacy | | ISO 27001 | Global | $40K | 60K+ | $2.4B | Mature (manual disruption) | ISMS controls | | ISO 27701 | Global | $35K | 1K+ | $35M | Wide (growing) | Privacy management | | Basel III | Global (banking) | $100K | 500 (G-SIBs) | $50M | Mature (incumbent disruption) | Capital adequacy | | FATF AML/CFT | Global | $50K | 50K+ | $2.5B | Mature (incumbent disruption) | CDD + screening | | IFRS 17 | Global (insurance) | $75K | 5K+ | $375M | Mature (actuarial verification) | Contract classification | | UN/CEFACT | Global (trade) | $30K | 50K+ | $1.5B | Latent (no market exists) | Cross-border data rules | | World Bank ESF | Global (dev finance) | $50K | 1K+ (projects) | $50M | Latent (no market exists) | ES compliance gates | | IFC PS | Global (project finance) | $50K | 500+ (deals) | $25M | Latent (no market exists) | ES compliance gates | A compute marketplace provider with authorization in 5+ frameworks (FedRAMP + ISMAP + IRAP + SOC 2 + ISO 27001) becomes the default infrastructure provider for regulated cloud globally. The gate package portfolio alone — a mid-size enterprise running 10+ packages — generates $500K/yr+ in recurring revenue. At 10,000 such enterprises: $5B/yr. The first-mover advantage is not about any single framework — it is about being the first to offer a unified gate stack that maps to all of them. A compute marketplace provider with authorization in 5+ frameworks (FedRAMP + ISMAP + IRAP + SOC 2 + ISO 27001) becomes the default infrastructure provider for regulated cloud globally. The gate package portfolio alone — a mid-size enterprise running 10+ packages — generates $500K/yr+ in recurring revenue. At 10,000 such enterprises: $5B/yr. See also: [[file:_index.org][Compliance index]], [[file:first-mover-window.org][First-mover window analysis]], [[file:../../ideas/verification-monopoly.org][Verification monopoly]], [[file:../../ideas/compute-marketplace.org][Compute marketplace]]