:PROPERTIES: :ID: e4a7b3d2-1c9f-4b6e-8a2d-5f3c7e1b9a0c :CREATED: [2026-05-23 Sat] :UPDATED: [2026-05-23 Sat] :END: #+title: Compliance Framework Index — Global Regulated Industries #+filetags: :passepartout:triad:compliance:global:index:hub: The verification monopoly and domain gate package revenue streams depend on selling into regulated industries. These industries buy compliance, not software. Each framework below maps to a gate package the triad can sell — ACL2-verified gate rules that produce deterministic audit trails. See [[file:first-mover-window.org][First-mover window analysis]] and [[file:revenue-table.org][Revenue table]] for the consolidated view. * US Frameworks - [[file:hipaa.org][HIPAA]] — Health privacy ($50K/yr, 500K+ orgs) - [[file:soc2.org][SOC 2]] — Service organization controls ($50K/yr, 100K+ orgs) - [[file:fedramp.org][FedRAMP]] — Federal cloud authorization ($100K/yr, 1K providers) - [[file:sox.org][SOX]] — Financial controls ($50K/yr, 10K orgs) - [[file:glba.org][GLBA]] — Financial privacy ($40K/yr, 20K orgs) - [[file:ny-dfs-500.org][NY DFS 500]] — NY financial cybersecurity ($30K/yr, 3K orgs) - [[file:ccpa-cpra.org][CCPA/CPRA]] — California privacy ($40K/yr, 50K+ orgs) * Canada - [[file:quebec-law-25.org][Quebec Law 25]] — Provincial privacy ($25K/yr, 10K+ orgs) * UK and EU - [[file:gdpr.org][GDPR]] — EU privacy ($50K/yr, 500K+ orgs) - [[file:uk-gdpr.org][UK GDPR]] — UK privacy ($40K/yr, 100K+ orgs) - [[file:nis2.org][NIS2]] — Network security ($50K/yr, 160K orgs) - [[file:eu-ai-act.org][EU AI Act]] — AI regulation ($75K/yr, 100K+ orgs) - [[file:dora.org][DORA]] — Financial resilience ($50K/yr, 22K+ orgs) - [[file:eidas2.org][eIDAS 2.0]] — Digital identity ($30K/yr, 10K+ orgs) - [[file:cra.org][CRA]] — Product cybersecurity ($40K/yr, 50K+ orgs) * Asia-Pacific - [[file:appi.org][APPI]] — Japan privacy ($40K/yr, 100K+ orgs) - [[file:ismap.org][ISMAP]] — Japan cloud authorization ($75K/yr, 500 providers) - [[file:pipa.org][PIPA]] — South Korea privacy ($35K/yr, 50K+ orgs) - [[file:privacy-act-aus.org][Privacy Act]] — Australia privacy ($35K/yr, 50K+ orgs) - [[file:apra-cps-234.org][APRA CPS 234]] — Australian financial security ($40K/yr, 500 orgs) - [[file:irap.org][IRAP]] — Australian cloud authorization ($75K/yr, 300 providers) - [[file:dpdp-act.org][DPDP Act]] — India privacy ($30K/yr, 500K+ orgs) * Latin America - [[file:lgpd.org][LGPD]] — Brazil privacy ($30K/yr, 200K+ orgs) - [[file:lfp-dppp.org][LFPDPPP]] — Mexico privacy ($25K/yr, 50K+ orgs) * International - [[file:iso-27001.org][ISO 27001]] — ISMS ($40K/yr, 60K+ orgs) - [[file:iso-27701.org][ISO 27701]] — Privacy management ($35K/yr, 1K+ orgs) - [[file:basel-iii.org][Basel III]] — Banking capital ($100K/yr, 500 G-SIBs) - [[file:fatf.org][FATF]] — AML/CFT ($50K/yr, 50K+ orgs) - [[file:ifrs.org][IFRS 17]] — Insurance accounting ($75K/yr, 5K+ orgs) - [[file:oecd.org][OECD Guidelines]] — Privacy/AI principles (indirect) - [[file:world-bank-esf.org][World Bank ESF]] — Development finance ($50K/yr) - [[file:ifc-ps.org][IFC PS]] — Project finance ($50K/yr) - [[file:un-cefact.org][UN/CEFACT]] — Trade facilitation ($30K/yr, 50K+ orgs) * Strategic View | Region | Frameworks | Total TAM | First-mover priority | |--------|-----------|-----------|---------------------| | US | 7 | ~$33B | FedRAMP (procurement gate), NY DFS 500 (growing) | | UK/EU | 7 | ~$24B | NIS2 (2025 deadline), AI Act (Aug 2026), DORA (in effect) | | Asia-Pacific | 7 | ~$9B | DPDP (rules drafting), ISMAP/IRAP (gov cloud gates) | | Latin America | 2 | ~$7B | LGPD (largest LATAM market) | | International | 9 | ~$4.5B | ISO 27001 (universal baseline), World Bank/IFC (no market exists) | Next: [[file:first-mover-window.org][First-mover window analysis]] | [[file:revenue-table.org][Full revenue table]] See also: [[file:../../ideas/verification-monopoly.org][Verification monopoly]], [[file:../../ideas/domain-gate-packages.org][Domain gate packages]], [[file:../../ideas/compute-marketplace.org][Compute marketplace]], [[file:../../ideas/infrastructure-lock-in.org][Infrastructure lock-in]]