amr/hermes-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca9557a5f99b67ef583ed2e3fad2a419b4e22891
hermes-brain/ideas/compliance/revenue-table.org
Hermes 44299599f9 gbrain: sync converted org-mode brain files
2026-05-23 06:35:21 +00:00

61 lines
4.2 KiB
Org Mode
Raw Blame History

:PROPERTIES:
:ID: auto-revenue-table
:CREATED: [2026-05-23 Sat]
:END:
#+title: Compliance Framework Revenue Table
#+filetags: :passepartout:compliance:revenue:pricing:
* Expanded Revenue Table
| Framework | Region | Gate price/yr | Addressable orgs | Revenue potential | First-mover window | Gate rule type |
|-----------|--------|--------------|------------------|-------------------|---------------------|----------------|
| HIPAA | US | $50K | 500K+ | $25B | Mature (incumbent disruption) | Privacy + access control |
| SOC 2 | US/Global | $50K | 100K+ | $5B | Mature (incumbent disruption) | Access control + audit |
| GDPR | EU | $50K | 500K+ | $25B | Mature (incumbent disruption) | Privacy + consent |
| FedRAMP | US | $100K | 1K (providers) | $100M | Moderate (<300 authorized) | Continuous monitoring |
| SOX | US | $50K | 10K | $500M | Mature (manual audit disruption) | Financial controls |
| GLBA | US | $40K | 20K | $800M | Moderate | Financial privacy |
| NY DFS 500 | US (NY) | $30K | 3K | $90M | Wide | Cybersecurity controls |
| CCPA/CPRA | US (CA) | $40K | 50K+ | $2B | Moderate | Privacy opt-out flows |
| NIS2 | EU | $50K | 160K | $8B | Critical (2025) | Cybersecurity + supply chain |
| EU AI Act | EU | $75K | 100K+ | $7.5B | Critical (Aug 2026) | AI risk management |
| DORA | EU | $50K | 22K+ | $1.1B | Critical (in effect) | ICT resilience |
| eIDAS 2.0 | EU | $30K | 10K+ | $300M | Wide (wallet buildout) | Identity gates |
| CRA | EU | $40K | 50K+ | $2B | Wide (phased 2025-2027) | Product security |
| UK GDPR | UK | $40K | 100K+ | $4B | Mature (GDPR derivative) | Privacy |
| APPI | Japan | $40K | 100K+ | $4B | Moderate | Cross-border privacy |
| ISMAP | Japan | $75K | 500 (providers) | $37.5M | Wide (<100 registered) | Gov cloud assessment |
| PIPA | South Korea | $35K | 50K+ | $1.75B | Wide (2024 amendments settling) | Privacy + consent |
| Privacy Act | Australia | $35K | 50K+ | $1.75B | Wide (reforms legislating) | Privacy + AI transparency |
| APRA CPS 234 | Australia | $40K | 500 | $20M | Moderate | Info security controls |
| IRAP | Australia | $75K | 300 (providers) | $22.5M | Wide | Gov cloud assessment |
| DPDP Act | India | $30K | 500K+ | $15B | Wide (rules drafting) | Privacy + consent |
| LGPD | Brazil | $30K | 200K+ | $6B | Moderate | Privacy |
| LFPDPPP | Mexico | $25K | 50K+ | $1.25B | Wide | Privacy |
| ISO 27001 | Global | $40K | 60K+ | $2.4B | Mature (manual disruption) | ISMS controls |
| ISO 27701 | Global | $35K | 1K+ | $35M | Wide (growing) | Privacy management |
| Basel III | Global (banking) | $100K | 500 (G-SIBs) | $50M | Mature (incumbent disruption) | Capital adequacy |
| FATF AML/CFT | Global | $50K | 50K+ | $2.5B | Mature (incumbent disruption) | CDD + screening |
| IFRS 17 | Global (insurance) | $75K | 5K+ | $375M | Mature (actuarial verification) | Contract classification |
| UN/CEFACT | Global (trade) | $30K | 50K+ | $1.5B | Latent (no market exists) | Cross-border data rules |
| World Bank ESF | Global (dev finance) | $50K | 1K+ (projects) | $50M | Latent (no market exists) | ES compliance gates |
| IFC PS | Global (project finance) | $50K | 500+ (deals) | $25M | Latent (no market exists) | ES compliance gates |
A compute marketplace provider with authorization in 5+ frameworks (FedRAMP +
ISMAP + IRAP + SOC 2 + ISO 27001) becomes the default infrastructure provider
for regulated cloud globally. The gate package portfolio alone — a mid-size
enterprise running 10+ packages — generates $500K/yr+ in recurring revenue.
At 10,000 such enterprises: $5B/yr. The first-mover advantage is not about any
single framework — it is about being the first to offer a unified gate stack
that maps to all of them.
A compute marketplace provider with authorization in 5+ frameworks (FedRAMP +
ISMAP + IRAP + SOC 2 + ISO 27001) becomes the default infrastructure provider
for regulated cloud globally. The gate package portfolio alone — a mid-size
enterprise running 10+ packages — generates $500K/yr+ in recurring revenue.
At 10,000 such enterprises: $5B/yr.
See also: [[file:_index.org][Compliance index]], [[file:first-mover-window.org][First-mover window analysis]],
[[file:../../ideas/verification-monopoly.org][Verification monopoly]], [[file:../../ideas/compute-marketplace.org][Compute marketplace]]
Reference in New Issue View Git Blame Copy Permalink