Every regulation that applies, tracked.

Colorado SB 205 enforcement is in effect and the EU AI Act phases in across high-risk obligations. Your AI runs in every jurisdiction you sell into. KoraSafe follows the law wherever your company operates, rewrites the policy pack when the law changes, and keeps your evidence aligned.

How the corpus is builtSee the matrix
Named
Every law tracked by name
Not a vendor spreadsheet
Global
US, EU, UK, Canada, APAC
Expansion follows signed law
Live
Corpus refreshes when law does
Recent ingest: Colorado SB 205
Signed
Evidence packs by regulator
Preformatted, court-ready

Framework coverage

One AI system, every framework it has to answer to.

Your AI does not get a separate matrix per regulator. Map your system once and answer the EU AI Act, Colorado SB 205, ISO 42001, and the rest from the same record.

Framework by control point

Registry
Policy
Enforcement
Evidence
EU AI Act
Core
Partial
Runtime
Pack
GDPR
Linked
Partial
Runtime
Pack
NIST AI RMF
Mapped
Packs
Partial
Pack
ISO 42001
Mapped
Packs
Partial
Pack
SR 11-7 (model risk)
Overlay
Partial
Partial
Pack
Colorado SB 205
Linked
Pack
Runtime
Pack
Utah AI Policy Act
Linked
Pack
Runtime
Pack
HIPAA
Linked
Pack
Runtime
Pack
NAIC Model Bulletin
Linked
Pack
Runtime
Pack

Jurisdictions

Covered where your company operates.

Coverage expands as law is signed, not when it's proposed. If your company sells into a jurisdiction we do not yet track, tell us, and it enters the queue.

European Union

EU AI Act (Regulation 2024/1689) full text, Annex III high-risk categories, Articles 9-15 on risk management and transparency. GDPR Art. 22 automated decisions. Digital Services Act Art. 34-35. DORA where AI is scoped. Cross-linked to ENISA guidance.

United States (federal)

NIST AI RMF 2.0 with GOVERN, MAP, MEASURE, MANAGE function families. AI Bill of Rights. NIST SP 800-218 SSDF where AI code is scoped. EEOC technical assistance on AI in hiring. FTC Section 5 enforcement actions tracked as precedent.

US state AI laws

Colorado SB 205, Utah AI Policy Act SB 149, Illinois BIPA + HB 3773, California SB 1047 precedent, Texas TRAIGA, NYC Local Law 144 on AEDTs with bias audit requirement. Expansion follows signed law.

United Kingdom

ICO AI and data protection guidance including DPIA templates and DPIA trigger matrix. CDEI AI governance frameworks. Sector-specific statements from FCA, CMA, Ofcom. UK GDPR and DPA 2018.

Canada + APAC

AIDA (tracking Bill C-27 amendments). Singapore Model AI Governance Framework 2.0 with AI Verify toolkit. Japan AI Guidelines METI/MIC version 1.1. Australia AI Ethics Principles. China Interim Measures for Generative AI.

Financial services

SR 11-7 model risk management with SR 15-18 supplements. FRB SR 21-14 on operational resilience. OCC Bulletin 2021-39 on model risk. CFPB circulars on algorithmic underwriting.

Healthcare

HIPAA Privacy and Security Rules. FDA SaMD guidance including PCCP (Predetermined Change Control Plan) framework. EU MDR Regulation 2017/745 where AI is the medical device. ONC HTI-1 on decision support interventions.

International standards

ISO 42001 AI management system with Annex A controls. ISO 23894 AI risk management. ISO/IEC 22989 concepts and terminology. IEEE 7000 series on ethics. NIST SP 800-53 Rev 5 where applicable to AI systems.

Internal policy libraries

Enterprise tenants map their RACI ownership against the regulatory graph. Internal nodes cross-link to public obligations; tenant ingest of custom control catalogs and policy packs follows.

Shipped sector packs

Packs that install your regulatory map.

Sector packs bundle the obligations, autonomy profiles, policy templates, and guardian defaults for a specific industry or jurisdiction. Subscribe to a pack and the controls install into your policy layer and detection rule set.

US financial services

SR 11-7 model risk, NAIC Model Bulletin, ECOA adverse-action evidence, FCRA notices. Bank model risk teams use the fin-us pack to assemble regulator-readable audit packages.

US healthcare

HIPAA Privacy and Security Rules. FDA SaMD plus PCCP framework where the AI is the device. ONC HTI-1 decision-support disclosures.

US insurance

NAIC Model Bulletin alignment plus state-level adopters. Adverse-action evidence, underwriting model approvals, fairness monitoring.

SaaS and technology

EU AI Act for any AI placed on the EU market. Colorado SB 205, Utah AI Policy Act, NYC Local Law 144 where the customer's app sells into the jurisdiction. ISO 42001 alignment.

US public sector

NIST AI RMF 2.0 GOVERN-MAP-MEASURE-MANAGE alignment. NIST SP 800-53 controls where AI is in scope. State agency AI procurement standards as they publish.

UK general

ICO AI and data protection guidance, DPIA templates, CDEI frameworks. Sector statements from FCA, CMA, Ofcom where the customer sells. UK GDPR plus DPA 2018.

EU general

EU AI Act full text and Annex III. GDPR Article 22 automated decisions. Digital Services Act articles 34-35. DORA where AI is scoped. Cross-linked to ENISA guidance.

Recent corpus updates

When the law moves, your policy pack moves with it.

When a regulator publishes, KoraSafe picks it up, regenerates the policy pack, and surfaces the diff to tenants before their next board meeting.

Recent
Colorado SB 205 enforcement window confirmed
Policy pack regenerated. High-risk decision disclosures ready for Colorado tenants.
Recent
NIST AI RMF 2.0 crosswalk published
New policy pack available for NIST-aligned tenants.
Recent
ISO 42001 control mappings updated
Control set mapped to KoraSafe surfaces; evidence pack refreshed.
Recent
EU AI Act Annex III draft v1.2 ingested
High-risk system classifications updated in the registry.