cc3976fb7f
- Split competitive-analysis-2026-05.org → TOC + 9 competitor files in ideas/competitors/. Dropped date from filename. All competitor UUIDs generated, TOC keeps original UUID for backlink continuity. - Deleted passepartout-economics.org archive (replaced by 27-node KB). - Inlined 5 'See also' blocks into natural prose (compliance-index, first-mover-window, revenue-table, orders-of-magnitude-time, native-org-knowledge-base). - Linked 7 orphan compliance pages back to compliance index + finished truncated sentences. - Linked all 14 Agora requirement docs from topic-relevant pages (identity→lisp-machine-security, infrastructure→compute-marketplace, social-space→growth-strategy, exchange→agora-contracts, etc.). - Linked ai-industry-impact from investment-thesis, sufficiency-flip, verification-appliance, effects-growth-flywheel (up from 1 to 10+ pages). - Fixed CREATED timestamps to use git commit dates instead of today. - Made all links absolute from root (no port inheritance). - Removed stale agora/docs/ duplicate content.
6.0 KiB
Compliance Framework Revenue Table
Expanded Revenue Table
| Framework | Region | Gate price/yr | Addressable orgs | Revenue potential | First-mover window | Gate rule type |
|---|---|---|---|---|---|---|
| HIPAA | US | $50K | 500K+ | $25B | Mature (incumbent disruption) | Privacy + access control |
| SOC 2 | US/Global | $50K | 100K+ | $5B | Mature (incumbent disruption) | Access control + audit |
| GDPR | EU | $50K | 500K+ | $25B | Mature (incumbent disruption) | Privacy + consent |
| FedRAMP | US | $100K | 1K (providers) | $100M | Moderate (<300 authorized) | Continuous monitoring |
| SOX | US | $50K | 10K | $500M | Mature (manual audit disruption) | Financial controls |
| GLBA | US | $40K | 20K | $800M | Moderate | Financial privacy |
| NY DFS 500 | US (NY) | $30K | 3K | $90M | Wide | Cybersecurity controls |
| CCPA/CPRA | US (CA) | $40K | 50K+ | $2B | Moderate | Privacy opt-out flows |
| NIS2 | EU | $50K | 160K | $8B | Critical (2025) | Cybersecurity + supply chain |
| EU AI Act | EU | $75K | 100K+ | $7.5B | Critical (Aug 2026) | AI risk management |
| DORA | EU | $50K | 22K+ | $1.1B | Critical (in effect) | ICT resilience |
| eIDAS 2.0 | EU | $30K | 10K+ | $300M | Wide (wallet buildout) | Identity gates |
| CRA | EU | $40K | 50K+ | $2B | Wide (phased 2025-2027) | Product security |
| UK GDPR | UK | $40K | 100K+ | $4B | Mature (GDPR derivative) | Privacy |
| APPI | Japan | $40K | 100K+ | $4B | Moderate | Cross-border privacy |
| ISMAP | Japan | $75K | 500 (providers) | $37.5M | Wide (<100 registered) | Gov cloud assessment |
| PIPA | South Korea | $35K | 50K+ | $1.75B | Wide (2024 amendments settling) | Privacy + consent |
| Privacy Act | Australia | $35K | 50K+ | $1.75B | Wide (reforms legislating) | Privacy + AI transparency |
| APRA CPS 234 | Australia | $40K | 500 | $20M | Moderate | Info security controls |
| IRAP | Australia | $75K | 300 (providers) | $22.5M | Wide | Gov cloud assessment |
| DPDP Act | India | $30K | 500K+ | $15B | Wide (rules drafting) | Privacy + consent |
| LGPD | Brazil | $30K | 200K+ | $6B | Moderate | Privacy |
| LFPDPPP | Mexico | $25K | 50K+ | $1.25B | Wide | Privacy |
| ISO 27001 | Global | $40K | 60K+ | $2.4B | Mature (manual disruption) | ISMS controls |
| ISO 27701 | Global | $35K | 1K+ | $35M | Wide (growing) | Privacy management |
| Basel III | Global (banking) | $100K | 500 (G-SIBs) | $50M | Mature (incumbent disruption) | Capital adequacy |
| FATF AML/CFT | Global | $50K | 50K+ | $2.5B | Mature (incumbent disruption) | CDD + screening |
| IFRS 17 | Global (insurance) | $75K | 5K+ | $375M | Mature (actuarial verification) | Contract classification |
| UN/CEFACT | Global (trade) | $30K | 50K+ | $1.5B | Latent (no market exists) | Cross-border data rules |
| World Bank ESF | Global (dev finance) | $50K | 1K+ (projects) | $50M | Latent (no market exists) | ES compliance gates |
| IFC PS | Global (project finance) | $50K | 500+ (deals) | $25M | Latent (no market exists) | ES compliance gates |
A compute marketplace provider with authorization in 5+ frameworks (FedRAMP + ISMAP + IRAP + SOC 2 + ISO 27001) becomes the default infrastructure provider for regulated cloud globally. The gate package portfolio alone — a mid-size enterprise running 10+ packages — generates $500K/yr+ in recurring revenue. At 10,000 such enterprises: $5B/yr. The first-mover advantage is not about any single framework — it is about being the first to offer a unified gate stack that maps to all of them.
A compute marketplace provider with authorization in 5+ frameworks (FedRAMP + ISMAP + IRAP + SOC 2 + ISO 27001) becomes the default infrastructure provider for regulated cloud globally. The gate package portfolio alone — a mid-size enterprise running 10+ packages — generates $500K/yr+ in recurring revenue. At 10,000 such enterprises: $5B/yr.
A compute marketplace provider with authorization in 5+ frameworks (FedRAMP + ISMAP + IRAP + SOC 2 + ISO 27001) becomes the default infrastructure provider for regulated cloud globally. The gate package portfolio alone — a mid-size enterprise running 10+ packages — generates $500K/yr+ in recurring revenue. At 10,000 such enterprises: $5B/yr. See the compliance index for the full framework list, first-mover window analysis for timing strategy, and verification monopoly and compute marketplace for the economic dynamics behind the revenue.