amr/hermes-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2578bfee611a54ceec43e31a40e7b75bb7665acf
hermes-brain/ideas/compliance/compliance-index.org
Hermes 2578bfee61 Architecture reframe: rename triad/Stoa/Logos/Agora → Passepartout 
- Renamed ideas/stoa/ → ideas/passepartout/, all stage files prefixed passepartout-
- Renamed triad-index/overview/systemic-effects → passepartout-* under passepartout/
- Renamed ideas/agora/ → ideas/passepartout-social-protocol/, stripped agora- prefixes
- Merged overview and environment pages into architecture; deleted 3 redundant files
- Renamed growth-strategy → enterprise-growth-strategy
- Renamed alternative-growth-social-first → social-growth-strategy
- Removed all Greek names: Stoa, Logos, Agora as product names
- Updated 50+ files of cross-references to new naming
- Kept org-id UUIDs intact throughout
2026-05-24 18:02:36 +00:00

5.1 KiB
Raw Blame History

Compliance Framework Index — Global Regulated Industries

The verification monopoly and domain gate package revenue streams depend on selling into regulated industries. These industries buy compliance, not software. Each framework below maps to a gate package Passepartout can sell — ACL2-verified gate rules that produce deterministic audit trails.

See First-mover window analysis and Revenue table for the consolidated view.

US Frameworks

  • HIPAA — Health privacy ($50K/yr, 500K+ orgs)
  • SOC 2 — Service organization controls ($50K/yr, 100K+ orgs)
  • FedRAMP — Federal cloud authorization ($100K/yr, 1K providers)
  • SOX — Financial controls ($50K/yr, 10K orgs)
  • GLBA — Financial privacy ($40K/yr, 20K orgs)
  • NY DFS 500 — NY financial cybersecurity ($30K/yr, 3K orgs)
  • CCPA/CPRA — California privacy ($40K/yr, 50K+ orgs)

Canada

UK and EU

  • GDPR — EU privacy ($50K/yr, 500K+ orgs)
  • UK GDPR — UK privacy ($40K/yr, 100K+ orgs)
  • NIS2 — Network security ($50K/yr, 160K orgs)
  • EU AI Act — AI regulation ($75K/yr, 100K+ orgs)
  • DORA — Financial resilience ($50K/yr, 22K+ orgs)
  • eIDAS 2.0 — Digital identity ($30K/yr, 10K+ orgs)
  • CRA — Product cybersecurity ($40K/yr, 50K+ orgs)

Asia-Pacific

  • APPI — Japan privacy ($40K/yr, 100K+ orgs)
  • ISMAP — Japan cloud authorization ($75K/yr, 500 providers)
  • PIPA — South Korea privacy ($35K/yr, 50K+ orgs)
  • Privacy Act — Australia privacy ($35K/yr, 50K+ orgs)
  • APRA CPS 234 — Australian financial security ($40K/yr, 500 orgs)
  • IRAP — Australian cloud authorization ($75K/yr, 300 providers)
  • DPDP Act — India privacy ($30K/yr, 500K+ orgs)

Latin America

  • LGPD — Brazil privacy ($30K/yr, 200K+ orgs)
  • LFPDPPP — Mexico privacy ($25K/yr, 50K+ orgs)

International

  • ISO 27001 — ISMS ($40K/yr, 60K+ orgs)
  • ISO 27701 — Privacy management ($35K/yr, 1K+ orgs)
  • Basel III — Banking capital ($100K/yr, 500 G-SIBs)
  • FATF — AML/CFT ($50K/yr, 50K+ orgs)
  • IFRS 17 — Insurance accounting ($75K/yr, 5K+ orgs)
  • OECD Guidelines — Privacy/AI principles (indirect)
  • World Bank ESF — Development finance ($50K/yr)
  • IFC PS — Project finance ($50K/yr)
  • UN/CEFACT — Trade facilitation ($30K/yr, 50K+ orgs)

Strategic View

Region Frameworks Total TAM First-mover priority
US 7 ~$33B FedRAMP (procurement gate), NY DFS 500 (growing)
UK/EU 7 ~$24B NIS2 (2025 deadline), AI Act (Aug 2026), DORA (in effect)
Asia-Pacific 7 ~$9B DPDP (rules drafting), ISMAP/IRAP (gov cloud gates)
Latin America 2 ~$7B LGPD (largest LATAM market)
International 9 ~$4.5B ISO 27001 (universal baseline), World Bank/IFC (no market exists)

The verification monopoly is enforced through domain gate packages running on a compute marketplace, creating infrastructure lock-in that compounds with every framework added. See First-mover window analysis and Full revenue table for the consolidated view.

Reference in New Issue View Git Blame Copy Permalink