Cross-Regulation Mapping
One decision record can be mapped against multiple policy bundles without redefining the evidence set.
What Changes Across Frameworks
The evidence set can stay the same while the policy bundle changes. Each framework expresses different obligations, thresholds, and reporting rules against the same recorded decision context.
| Framework family | Typical change |
|---|---|
| EU AI Act | Risk controls, human oversight, record keeping, robustness. |
| DORA / NIS2 | Operational resilience, incident handling, continuity, controls. |
| GDPR / nLPD | Decision transparency, lawful basis, privacy by design, DPIA context. |
| Sector rules | Jurisdictional controls, reporting obligations, and organization-specific policy overlays. |
Evaluation Pattern
1. Record once
Capture the decision input, evidence references, policy version, timestamps, and terminal state once.
2. Apply multiple policy bundles
Bind the recorded evidence set to the relevant regulatory mappings without duplicating the underlying record.
3. Export per-framework status
Produce framework-specific summaries, gaps, and audit outputs from the same base record.
Boundary: this page describes a mapping strategy. It is not a separate product line. Compliance owns the regulatory model.
Read the canonical compliance page
Use Compliance for the full control mapping and regulatory boundary.
Compliance