amr/hermes-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2f1aacd39ceb382b9f27cc636b8f22807154cd39
hermes-brain/projects/passepartout/strategy/compliance/compliance-index.org
Hermes 7fa9dceb82 gbrain: sync converted org-mode brain files
2026-05-26 03:00:48 +00:00

5.0 KiB
Raw Blame History

Compliance Index

The verification monopoly and domain gate package revenue streams depend on selling into regulated industries. These industries buy compliance, not software. Each framework below maps to a gate package Passepartout can sell — ACL2-verified gate rules that produce deterministic audit trails.

See First-mover window analysis and Revenue table for the consolidated view.

US Frameworks

  • HIPAA — Health privacy ($50K/yr, 500K+ orgs)
  • SOC 2 — Service organization controls ($50K/yr, 100K+ orgs)
  • FedRAMP — Federal cloud authorization ($100K/yr, 1K providers)
  • SOX — Financial controls ($50K/yr, 10K orgs)
  • GLBA — Financial privacy ($40K/yr, 20K orgs)
  • NY DFS 500 — NY financial cybersecurity ($30K/yr, 3K orgs)
  • CCPA/CPRA — California privacy ($40K/yr, 50K+ orgs)

Canada

UK and EU

  • GDPR — EU privacy ($50K/yr, 500K+ orgs)
  • UK GDPR — UK privacy ($40K/yr, 100K+ orgs)
  • NIS2 — Network security ($50K/yr, 160K orgs)
  • EU AI Act — AI regulation ($75K/yr, 100K+ orgs)
  • DORA — Financial resilience ($50K/yr, 22K+ orgs)
  • eIDAS 2.0 — Digital identity ($30K/yr, 10K+ orgs)
  • CRA — Product cybersecurity ($40K/yr, 50K+ orgs)

Asia-Pacific

  • APPI — Japan privacy ($40K/yr, 100K+ orgs)
  • ISMAP — Japan cloud authorization ($75K/yr, 500 providers)
  • PIPA — South Korea privacy ($35K/yr, 50K+ orgs)
  • Privacy Act — Australia privacy ($35K/yr, 50K+ orgs)
  • APRA CPS 234 — Australian financial security ($40K/yr, 500 orgs)
  • IRAP — Australian cloud authorization ($75K/yr, 300 providers)
  • DPDP Act — India privacy ($30K/yr, 500K+ orgs)

Latin America

  • LGPD — Brazil privacy ($30K/yr, 200K+ orgs)
  • LFPDPPP — Mexico privacy ($25K/yr, 50K+ orgs)

International

  • ISO 27001 — ISMS ($40K/yr, 60K+ orgs)
  • ISO 27701 — Privacy management ($35K/yr, 1K+ orgs)
  • Basel III — Banking capital ($100K/yr, 500 G-SIBs)
  • FATF — AML/CFT ($50K/yr, 50K+ orgs)
  • IFRS 17 — Insurance accounting ($75K/yr, 5K+ orgs)
  • OECD Guidelines — Privacy/AI principles (indirect)
  • World Bank ESF — Development finance ($50K/yr)
  • IFC PS — Project finance ($50K/yr)
  • UN/CEFACT — Trade facilitation ($30K/yr, 50K+ orgs)

Strategic View

Region Frameworks Total TAM First-mover priority
US 7 ~$33B FedRAMP (procurement gate), NY DFS 500 (growing)
UK/EU 7 ~$24B NIS2 (2025 deadline), AI Act (Aug 2026), DORA (in effect)
Asia-Pacific 7 ~$9B DPDP (rules drafting), ISMAP/IRAP (gov cloud gates)
Latin America 2 ~$7B LGPD (largest LATAM market)
International 9 ~$4.5B ISO 27001 (universal baseline), World Bank/IFC (no market exists)

The verification monopoly is enforced through domain gate packages running on a compute marketplace, creating infrastructure lock-in that compounds with every framework added. See First-mover window analysis and Full revenue table for the consolidated view.

Reference in New Issue View Git Blame Copy Permalink