Every regulation is fully decomposed into atomic obligations, scored across four risk axes, and ready for automated gap analysis. Browse our regulatory coverage below.
320
Regulations
12,278
Rules extracted
146,445
Obligations decomposed
21
Jurisdictions
21 jurisdictions, 320 regulations
25 industries · regulations appear across multiple industries
United States
111 regs (35%)
109,211 obligations
European Union
44 regs (14%)
9,769 obligations
Australia
56 regs (18%)
13,021 obligations
United Kingdom
33 regs (10%)
4,885 obligations
Canada
10 regs (3%)
1,112 obligations
Saudi Arabia
21 regs (7%)
1,615 obligations
United Arab Emirates
3 regs (1%)
310 obligations
Singapore
3 regs (1%)
412 obligations
Japan
2 regs (1%)
368 obligations
South Korea
2 regs (1%)
338 obligations
Hong Kong SAR
2 regs (1%)
354 obligations
Brazil
2 regs (1%)
351 obligations
China
2 regs (1%)
404 obligations
India
1 regs (0%)
183 obligations
Switzerland
1 regs (0%)
150 obligations
France
1 regs (0%)
112 obligations
Mexico
1 regs (0%)
158 obligations
Thailand
1 regs (0%)
180 obligations
South Africa
1 regs (0%)
176 obligations
Oman
1 regs (0%)
32 obligations
International
22 regs (7%)
3,304 obligations
Prudential regulation, consumer banking, payments, fair lending, and financial stability requirements for banks, credit unions, and deposit-taking institutions.
APRA CPS 230 Operational Risk Management
APRA CPS 234 Information Security
APRA GPS 116 Capital Adequacy: Insurance Concentration Risk Charge
APRA LPS 110 Capital Adequacy
Australian Consumer Law (Competition and Consumer Act 2010, Schedule 2)
ASIC Regulatory Guide 271 — Internal Dispute Resolution
Australian Climate-Related Financial Disclosures (Treasury Laws Amendment)
Fair Work Act 2009 (Cth)
Modern Slavery Act 2018 (Cth)
Australian Privacy Act 1988 — Australian Privacy Principles
Security of Critical Infrastructure Act 2018
Australian Model Work Health and Safety Act
AUSTRAC 2025
AUSTRAC 2007
BSA CDD (31 CFR 1010)
Canada Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)
CCPA/CPRA
CPSC Product Safety (16 CFR 1101)
CRA (12 CFR 228)
DHS Privacy / FOIA (6 CFR 5)
DORA
ERISA Fiduciary (29 CFR 2550)
EU AI Act
EU 6th Anti-Money Laundering Directive (Directive 2024/1640)
EU Capital Requirements Regulation (CRR — Regulation 575/2013)
EU Corporate Sustainability Reporting Directive (Directive 2022/2464)
EU GDPR
EU OSH Framework Directive (Directive 89/391/EEC)
EU Payment Services Directive 2 (PSD2 — Directive 2015/2366)
EU Sustainable Finance Disclosure Regulation (Regulation 2019/2088)
EU Taxonomy Regulation
EU Whistleblower Directive (Directive 2019/1937)
FATF Recommendation 15 — Virtual Assets and VASPs
Foreign Corrupt Practices Act (FCPA)
FCRA (Reg V)
FinCEN BSA
France Sapin II — Anti-Corruption Law (Loi n° 2016-1691)
FTC Safeguards Rule (16 CFR 314)
GLBA (Reg P)
Accountability Framework initiative (AFi) — Core Principles
AICPA Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (2017, Revised 2022)
CIS Critical Security Controls v8.1
COBIT 2019 Framework — Governance and Management Objectives
COSO Internal Control — Integrated Framework (2013)
CSA Cloud Controls Matrix v4 (CCM)
ISAE 3000 (Revised) — Assurance Engagements Other than Audits or Reviews of Historical Financial Information
ISAE 3402 — Assurance Reports on Controls at a Service Organization
PCAF Global GHG Accounting and Reporting Standard for the Financial Industry
SBTi Forest, Land and Agriculture (FLAG) Guidance
TNFD Recommendations — Taskforce on Nature-related Financial Disclosures
IFRS S1 General Requirements for Disclosure of Sustainability-related Financial Information
IFRS S2 Climate-related Disclosures
NCUA Credit Unions (12 CFR 701)
NIS2 Directive
NIST SP 800-53 Rev 5
NIST Cybersecurity Framework 2.0
NY DFS Cybersecurity Requirements (23 NYCRR 500)
OFAC Sanctions Regulations (31 CFR 501)
OSHA Recordkeeping (29 CFR 1904)
OSHA General Industry (29 CFR 1910)
PCI DSS v4.0.1
Regulation B (12 CFR 1002)
Regulation CC (12 CFR 229)
Regulation DD (12 CFR 1030)
Regulation E (12 CFR 1005)
Regulation O (Insider Lending) (12 CFR 215)
Regulation W (Affiliate Transactions) (12 CFR 223)
RESPA / Regulation X (12 CFR 1024)
Regulation Y (12 CFR 225)
Regulation Z (12 CFR 1026)
Saudi CMA ESG Disclosure Requirements
Saudi CMA Corporate Governance Regulations
Saudi Arabia Labor Law
NCA Cloud Cybersecurity Controls (CCC-2:2024)
NCA Critical Systems Cybersecurity Controls (CSCC-1:2019)
NCA Data Cybersecurity Controls (DCC-1:2022)
NCA Essential Cybersecurity Controls (ECC-2:2024)
NCA Telework Cybersecurity Controls (TCC-1:2021)
SAMA AML/CTF Guide
SAMA Open Banking Policy and Framework
ZATCA FATOORA E-Invoicing Regulations
SAMA Cyber Security Framework
Saudi Personal Data Protection Law
SEC Climate Disclosure Rule
MAS Guidelines on Environmental Risk Management
SOX
UK Bribery Act 2010
FCA Consumer Duty (PS22/9)
Equality Act 2010
Employment Rights Act 1996
UK FCA Principles for Businesses (PRIN)
UK General Data Protection Regulation (UK GDPR)
UK Health and Safety at Work etc. Act 1974
Modern Slavery Act 2015
UK FCA Senior Managers and Certification Regime (SMCR)
UK TCFD-aligned Disclosure Requirements
AICPA Description Criteria for a Description of a Service Organization's System (DC Section 200, 2018/2022)
FedRAMP Rev 5 Security Controls Baselines
Fair Labor Standards Act (29 U.S.C. 201-219)
Family and Medical Leave Act (29 U.S.C. 2601-2654)
HITRUST Common Security Framework v11
NIST AI Risk Management Framework (AI RMF 1.0)
AICPA SOC for Cybersecurity — Cybersecurity Risk Management Examination
SSAE 18 — Attestation Standards: Clarification and Recodification
Title VII of the Civil Rights Act of 1964
Solvency, reserving, market conduct, reinsurance, and insurance distribution requirements across life, general, and specialty lines.
Australian Insurance Contracts Act 1984
Canada Insurance Companies Act
EU Insurance Distribution Directive (Directive 2016/97)
EU Solvency II Directive (Directive 2009/138/EC)
HIPAA
NAIC Insurance Data Security Model Law
NAIC Insurance Holding Company System Regulatory Act
NAIC Model Audit Rule (MAR)
NAIC ORSA Model Act
NAIC Credit for Reinsurance Model Law
NAIC Unfair Trade Practices Act
OSFI Guideline B-3: Sound Reinsurance Practices and Procedures
UK Solvency II (PRA Solvency UK)
Securities offering, trading, market integrity, investment adviser, and fund management regulations for broker-dealers, exchanges, and asset managers.
ASIC Market Integrity Rules (Securities Markets)
CFTC General Regulations (17 CFR 1)
EU Market Abuse Regulation (Regulation 596/2014)
EU MiFID II / MiFIR (Directive 2014/65/EU and Regulation 600/2014)
EU REMIT — Regulation on Energy Market Integrity and Transparency (1227/2011)
Investment Advisers Act (17 CFR 275)
Investment Company Act Rules (17 CFR 270)
SEC Regulation S-K (17 CFR 229)
SEC Regulation S-X (17 CFR 210)
Regulation SHO/NMS/ATS (17 CFR 242)
SEC Exchange Act (17 CFR 240)
SEC Securities Act (17 CFR 230)
UK FCA Conduct of Business Sourcebook (COBS)
UK Market Abuse Regulation (UK MAR)
UK Sustainability Disclosure Requirements (SDR) and Investment Labels
Health data privacy, clinical lab standards, fraud & abuse, and patient safety regulations for hospitals, clinics, and health systems.
ADA Title III (28 CFR 36)
Anti-Kickback (42 CFR 1001)
Aged Care Quality Standards — Aged Care Quality and Safety Commission
Aged Care Act 1997
Health Practitioner Regulation National Law
Lei Geral de Proteção de Dados Pessoais — LGPD (Law No. 13,709/2018)
CLIA Lab Standards (42 CFR 493)
China Personal Information Protection Law (PIPL)
DIFC Data Protection Law (Law No. 5 of 2020)
Hong Kong Personal Data (Privacy) Ordinance (Cap. 486)
Digital Personal Data Protection Act, 2023 (No. 22 of 2023)
Act on the Protection of Personal Information (Act No. 57 of 2003, as amended 2022)
Personal Information Protection Act (Act No. 19234, as amended 2023)
Oman Personal Data Protection Law (Royal Decree 6/2022)
Singapore Personal Data Protection Act 2012 (PDPA)
Stark Law (42 CFR 411)
Thailand Personal Data Protection Act B.E. 2562 (2019)
UAE Personal Data Protection Law (Federal Decree-Law No. 45/2021)
CQC Fundamental Standards
CIRCIA — Cyber Incident Reporting for Critical Infrastructure Act (2022)
Medicare Conditions of Participation for Hospitals (42 CFR Part 482)
42 CFR Part 483 — Nursing Facility Conditions of Participation
South Africa Protection of Personal Information Act (Act 4 of 2013)
Device safety, quality management systems, in-vitro diagnostics, and post-market surveillance requirements for medical device manufacturers.
Australian Therapeutic Goods Act 1989
EU In Vitro Diagnostic Regulation (Regulation 2017/746)
EU Medical Device Regulation (Regulation 2017/745)
EU REACH Regulation
FDA 21 CFR 11
FDA 21 CFR 820 (QSR)
UK Medicines and Medical Devices Act 2021
GMP, clinical trial, pharmacovigilance, drug approval, and life sciences quality system regulations for pharmaceutical manufacturers and biotech firms.
EPA Clean Air (40 CFR 50)
EPA Clean Water NPDES (40 CFR 122)
EU Industrial Emissions Directive
FDA 21 CFR 211 — Current Good Manufacturing Practice for Finished Pharmaceuticals
ICH Q10 — Pharmaceutical Quality System
RCRA Hazardous Waste Generators (40 CFR 262)
Cybersecurity frameworks, AI governance, digital services, data act, and information security standards for software and technology companies.
CMMC 2.0 (32 CFR Part 170)
China Cybersecurity Law (CSL)
COPPA
DFARS Cybersecurity (48 CFR 252)
EU Data Act (Regulation 2023/2854)
EU Digital Markets Act (Regulation 2022/1925)
EU Digital Services Act (Regulation 2022/2065)
EU ePrivacy Directive (Directive 2002/58/EC)
FCC CPNI Privacy Rules (47 CFR 64)
Mexico Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP)
NIST SP 800-171 Rev 2
NCA Operational Technology Cybersecurity Controls (OTCC-1:2022)
UK Online Safety Act 2023
FedRAMP — Federal Risk and Authorization Management Program
FISMA — Federal Information Security Modernization Act (44 U.S.C. §3551-3558)
Virtual asset regulation, VASP licensing, stablecoin rules, travel rule, and digital payment token frameworks.
Dubai VARA — Virtual Assets and Related Activities Regulations 2023
ASIC INFO 225 — Crypto-Assets as Financial Products
Australia Treasury Token Mapping Framework (2023)
Brazil Crypto-Asset Framework (Law 14,478/2022)
Switzerland FINMA DLT/Blockchain Framework
EU Markets in Crypto-Assets Regulation (MiCA — Regulation 2023/1114)
Hong Kong SFC VASP Licensing Regime
Japan Crypto-Asset Exchange Regulations (PSA/FIEA)
South Korea Virtual Asset Users Protection Act (VAUPA 2024)
Singapore Payment Services Act 2019 (PSA — Digital Payment Tokens)
UK FCA Cryptoasset Financial Promotions Regime
US SEC/FinCEN Digital Asset Regulatory Framework
Export controls, defense acquisition, cybersecurity maturity, controlled unclassified information, and AUKUS obligations.
Australian Defence Trade Controls Act 2012
EU Dual-Use Regulation (Regulation 2021/821)
ITAR (22 CFR 120-130)
UK Export Control Act 2002
CFIUS — Foreign Investment Screening (31 CFR 800-802)
Export Administration Regulations (15 CFR 730-774)
FAR — Federal Acquisition Regulation (48 CFR Chapter 1)
Federal acquisition, information security, records management, civil rights, and public sector governance regulations.
National Greenhouse and Energy Reporting Act 2007 (NGER)
FERPA
Title VI of the Civil Rights Act of 1964 — Prohibition of Discrimination Based on Race, Color, or National Origin (42 U.S.C. § 2000d et seq.)
Power grid reliability, energy market regulation, pipeline security, environmental compliance, and critical infrastructure protection for energy companies.
Environment Protection and Biodiversity Conservation Act 1999 (EPBC Act)
National Electricity Rules — Australian Energy Market Commission
National Gas Rules
Protection of the Environment Operations Act 1997 (NSW) — POEO Act
Environmental Protection Act 1994 (Qld)
Environment Protection Act 1993 (SA)
Australian Safeguard Mechanism (NGER Act Part 3H)
Environment Protection Act 2017 (Vic) — General Environmental Duty
Environmental Protection Act 1986 (WA)
Water Act 2007 (Cth) — Murray-Darling Basin Management
Canadian Environmental Protection Act, 1999
Greenhouse Gas Pollution Pricing Act
Canada Impact Assessment Act
Canadian Net-Zero Emissions Accountability Act
Climate Corporate Data Accountability Act
Climate-Related Financial Risk Act
EPA Lead Renovation, Repair, and Painting (40 CFR 745)
EU Carbon Border Adjustment Mechanism (Regulation 2023/956)
EU Corporate Sustainability Due Diligence Directive (Directive 2024/1760)
EU Emissions Trading System Directive
Renewable Energy Directive (EU) 2018/2001 (RED II/III)
EU Water Framework Directive
FERC Energy (18 CFR 35)
CFATS Chemical Security (6 CFR 27)
GRI Standards (Global Reporting Initiative)
PHMSA Hazardous Materials Regulations (49 CFR 171)
Saudi Carbon Market Framework (GCOM & RVCM)
Saudi Arabia Environmental Law and Regulations
Saudi Green Initiative Framework
Saudi Arabia ESG & Sustainability Reporting Standards
TSA Pipeline and Rail Security
TSCA PCB Rules (40 CFR 761)
UK Climate Change Act 2008
Environmental Permitting Regulations 2016
UK Environment Act 2021
Ofgem Standard Licence Conditions
NERC CIP — Critical Infrastructure Protection Standards
NERC Reliability Standards (Non-CIP)
Air and water quality, hazardous waste, chemical safety, biodiversity, and environmental permitting requirements across jurisdictions.
Nuclear facility licensing, radiation safety, export controls, environmental protection, and critical infrastructure cybersecurity for nuclear operators.
Australian Radiation Protection and Nuclear Safety Act 1998
EU Nuclear Safety Directive (2014/87/Euratom)
IAEA Safety Standards (SF-1, GSR, SSR)
UK ONR Nuclear Site Licence Conditions
NRC 10 CFR — Nuclear Regulatory Commission Rules (Parts 20, 50, 52, 73)
HACCP, produce safety, food manufacturing, labelling, and supply chain traceability regulations for food producers and processors.
Biosecurity Act 2015
Export Control Act 2020
Australia New Zealand Food Standards Code
FSANZ Food Safety Management Standard 3.2.2A
Livestock Production Assurance (LPA) Program
National Feedlot Accreditation Scheme (NFAS) — Rules and Standards of Accreditation
National Livestock Identification System (NLIS) Standards
EU Food Hygiene Regulation (Regulation 852/2004)
EU General Food Law (Regulation 178/2002)
FSMA Produce Safety (21 CFR 112)
FSMA Food Safety (21 CFR 117)
SFDA Food Safety and Hygiene Regulations
UK Food Safety Act 1990
USDA FSIS HACCP (9 CFR 417)
Pesticide use, water allocation, biosecurity, produce safety, and land use regulations for farms, agribusinesses, and rural enterprises.
Australian Animal Welfare Standards and Guidelines for Cattle
Agricultural and Veterinary Chemicals Code
EU Common Agricultural Policy — Cross-Compliance Conditionality Requirements
Regulation (EC) No 1107/2009 — Placing of Plant Protection Products on the Market
SFDA Halal Certification and Livestock Import Standards
Agriculture Act 2020
USDA National Organic Program (7 CFR Part 205)
Aviation safety, road carrier, rail, dangerous goods, and hours-of-service regulations for airlines, trucking, rail operators, and logistics providers.
AU CASA Civil Aviation Safety Regulations 1998
AU National Heavy Vehicle Law
Canada Transportation of Dangerous Goods Act
Canada Transportation Act
EU ADR — Inland Transport of Dangerous Goods
EASA Air Safety Regulation
EU Mobility Package
FAA Air Carrier Operations (Part 121)
FAA Commuter/On-Demand Operations (Part 135)
FMCSA Hours of Service (49 CFR 395)
FMCSA Safety Fitness Procedures
FRA Railroad Safety Standards
UK Air Navigation Order 2016
UK Drivers' Hours and Tachograph Rules
Vessel safety, pollution prevention, port state control, seafarer welfare, and cabotage regulations for ship operators, port authorities, and freight carriers.
AU AMSA Marine Safety (Navigation) Act 2012
Canada Shipping Act 2001
International Convention for the Control and Management of Ships' Ballast Water and Sediments (BWM Convention)
International Convention for the Prevention of Pollution from Ships (MARPOL)
Maritime Labour Convention 2006 (MLC)
International Convention for the Safety of Life at Sea (SOLAS)
IMO International Safety Management Code
Merchant Marine Act 1920 (Jones Act)
UK MCA Merchant Shipping Regulations
USCG Subchapter M — Towing Vessel Inspection
Telecommunications carrier obligations, universal service, spectrum regulation, subscriber data privacy, and lawful intercept requirements.
Telecommunications Act 1997 (Cth)
Telecommunications (Interception and Access) Act 1979
Directive (EU) 2018/1972 — European Electronic Communications Code
FCC Universal Service Fund (47 CFR 54)
Communications Act 2003
Research university compliance: student privacy, export controls, cybersecurity for defence-funded research, campus safety, and equal opportunity requirements.
TEQSA Higher Education Standards Framework (Threshold Standards) 2021
NCAAA Standards for Quality Assurance and Accreditation of Higher Education Institutions
Clery Act — Campus Security Policy and Crime Statistics Disclosure (20 U.S.C. § 1092(f))
Title IX — Nondiscrimination on the Basis of Sex in Education Programs or Activities (20 U.S.C. § 1681 et seq.; 34 CFR Part 106)
Building safety, contractor licensing, hazardous materials, real estate lending, and environmental impact requirements for contractors and property developers.
National Construction Code (NCC)
OSHA Construction Safety Standards (29 CFR 1926)
The Building Regulations 2010 (SI 2010/2214)
Construction (Design and Management) Regulations 2015
Regulatory Reform (Fire Safety) Order 2005 (SI 2005/1541)
International Building Code (IBC) 2024 — International Code Council
Mine safety, environmental permitting, tailings management, water use, and resource extraction regulations for mining and minerals companies.
Mining and Quarrying Safety and Health Act 1999 (QLD)
Mining Act 1992 (NSW)
Mineral Resources (Sustainable Development) Act 1990 (VIC)
Mining Act 1978 (WA)
Global Industry Standard on Tailings Management (GISTM)
EU Extractive Waste Directive (2006/21/EC)
MSHA Mining Safety (30 CFR 56)
Occupational health and safety, injury recording, hazard management, and workers compensation regulations for all employers across jurisdictions.
Upload your policy document and get a risk-scored gap analysis against any of our 320 regulations in under 5 minutes.