Built in the Philippines.
Wired for ASEAN. Ready for the World.
Enterprise-grade AI governance across 27 jurisdictions — from Philippine PDPA to EU AI Act. Every question cites the exact regulatory clause. Every gap names the evidence a regulator demands. Cryptographically timestamped audit trail. Built for the boardroom.
No credit card · 27 jurisdictions · 507 questions · Cryptographically timestamped · Free to assess
Built against 23 primary-source regulators
jurisdictions live
APAC · Americas · EMEA · International.
jurisdictions mapped
0 more in build pipeline across APAC, MENA & EMEA.
assessment questions
Every question cites a specific regulation. Every gap names the evidence artifact required.
evidence recipes
Per-question remediation path and expected artifact mapped into the gap-register PDF.
Risk taxonomy aligned with the MIT AI Risk Repository
Every gap AIRA identifies is automatically classified across 7 domains · 24 subdomains · 1,700+ documented AI risks — sourced from 74 global frameworks including NIST AI RMF, ISO 42001, and the EU AI Act. Mitigation guidance surfaces inline on every risk.
What's on the enforcement calendar
Primary-source dates only.
In force
NPC Advisory 2024-04
Philippines · Guidelines on Application of RA 10173 to AI Systems. Signed 19 Dec 2024. Enforcement active.
Run the PH assessment →
In force
India DPDP Act 2023
Digital Personal Data Protection Act. Royal Assent 11 Aug 2023. 1.4 billion data subjects. Rules notified, enforcement active.
Run the India assessment →
000 days
EU AI Act Art. 50
Reg. 2024/1689 · General-purpose AI transparency obligations take effect 2 Aug 2026 per Art. 113(c). Penalties up to €15M or 3% global revenue.
Run the EU assessment →
Why AIRA
The only platform built from regulatory text up.
Competitors give you a GRC checklist and call it AI governance. AIRA gives you the specific article you're failing, the exact document a regulator expects, and a cryptographic record that proves you acted — in 27 jurisdictions, today.
You know exactly what to fix
Not "improve data governance" — but "NPC Advisory 2024-04 §IV: no documented HITL reviewer authority. Evidence needed: SOP signed by DPO naming the reviewer role and override authority." You know what the auditor will ask for.
Evidence that holds in court
Every document upload is SHA-256 hashed on ingest and cryptographically timestamped. When a regulator asks "show me what existed and when," the answer is in the vault — tamperproof, before anyone asks.
Audit trail enforced at database level
Every assessment answer, gap closure, and evidence upload is logged to an immutable, append-only audit table enforced by a database trigger — not a screenshot. Stands up in a boardroom, a regulator review, and due diligence.
See AIRA in action
What the product delivers.
Representative preview using sample data (Acme Financial). The real product shows your actual scores, citations, SHA-256 hashes, and audit log — sign in to see your own data.
Overall compliance
67%
12 questions answered · 8 evidence items
Category breakdown
Data Governance
82%
Transparency & Disclosure
64%
Human Oversight
48%
Risk & Impact
71%
Security & Infrastructure
76%
Governance & Accountability
58%
Top critical gap
NPC Advisory 2024-04 §IV · DPA IRR §34(f)
Human-review competence & authority
Evidence expected: HITL SOP naming reviewer role, competence criteria, authority to override AI output, intervention log.
Open finding · click to remediate
Sample data for illustration · Acme Financial demo tenant · your live tenant is isolated via row-level security
Global Coverage
27 jurisdictions live. 0 more in build.
Every live jurisdiction is regulation-first and clause-anchored against primary-source regulator text. No competitor covers this breadth — APAC, Americas, EMEA, and International Standards in a single platform.
Asia Pacific
APAC · South Asia · Oceania10 live · 3 buildingVietnam
MIC
Cybersecurity Law 2018 · Decree 13/2023 · MOIT AI Strategy 2021
Taiwan
PPC-TW
PDPA (amendment bill) · NSTC AI Action Plan 2024 · FSC
New Zealand
OPC
Privacy Act 2020 · Algorithm Charter 2020 · RBNZ
Americas
North & South America4 liveEMEA
Europe · Middle East · Africa4 live · 4 buildingSaudi Arabia
SDAIA
PDPL 2021 · SDAIA AI Ethics Principles · SAMA AI Guidelines
Israel
ILITA
Privacy Protection Law (1981, amend.) · National AI Policy 2023 · National Cyber Directorate
Turkey
KVKK
KVKK (Law No. 6698) · AI Strategy 2021–2025 · BDDK
South Africa
ICRSA
POPIA (2020) · Presidential 4IR Commission · SARB
International Standards
Voluntary enterprise and policy frameworks1 livePhilippine Sector Coverage
Philippines — sector regulator coverage
AIRA maps Philippine AI governance obligations across every major sector regulator — not only the NPC. Live means clause-anchored assessment questions are wired. In Build means the regulatory framework is scoped and content is in production.
National Privacy Commission
Data privacy & AI governance
RA 10173 · NPC Advisory 2024-04 · NPC Advisory 2025-02
Bangko Sentral ng Pilipinas
AI in financial services / e-money
BSP Draft MRM Guidelines (2025) · Circular 1213 (AFASA) · Circular 982 · Circular 1160
Dept. of Information & Communications Technology
National AI policy & cybersecurity
DICT DC HRA-001 S.2026 (DTAP) · DC HRA-003 S.2025 · NCSP 2023-2028 · NAIS-PH
Dept. of Health
Healthcare AI
RA 11223 (UHC) · DOH AO 2023-0011 · DOH AO 2021-0032 · RA 9439
Food & Drug Administration
Digital health / AI medical devices
RA 9711 · FDA Circular 2020-013 (SaMD) · AO 2021-0012 · IMDRF N41
PhilHealth
Health insurance AI
RA 11223 §26 · RA 7875 · PhilHealth PC 2021-0025 · PHIC IT Security Policy 2022
Securities & Exchange Commission
AI in financial disclosures
RA 8799 (SRC) · SEC MC 6 s.2019 · SEC MC 8 s.2022 (Robo-advisory) · AMLA RA 9160
How it works
The AIRA loop —
the product's name is the process.
Every AIRA engagement runs the same four-step loop. Every step maps one-to-one to what the code does — not a marketing label.
Anchor
Every question cites a specific regulation — NPC Advisory 2024-04 §V, EU AI Act Art. 9, DPDP Act §8(6), UAE PDPL Art. 22, DPA IRR §34(f). No generic checklists. 27 jurisdictions, 507 questions.
Identify
Yes/No answers surface the gaps. Each No on a critical question auto-creates a finding linked to the primary canonical control, with the exact evidence artifact an auditor expects — already named in the gap register.
Remediate
Upload the evidence to close the gap. SHA-256 hashed on ingest, linked atomically to the control, status flips to implemented, coverage % updates on the Compliance Overview, every transition logged immutably.
Attest
Every step above lands in an immutable, append-only audit log enforced by a database trigger. SHA-256 chain of custody on evidence. Named management response on finding close. PDF export included.
Every claim above is wired into the database schema. audit_findings, control_evidence, tenant_controls, evidence_items, audit_logs — real Postgres tables, RLS-scoped per tenant, triggers enforced. Not a mock.
Enterprise Grade
Built to survive a regulator audit.
The infrastructure behind AIRA is designed for the same standard as the compliance it helps you achieve. Every technical claim below is verifiable in the product — not a marketing bullet.
SHA-256 Evidence Vault
Every document upload is cryptographically hashed on ingest. Tamperproof chain of custody. Regulators can verify what existed and when — independently.
Verifiable
Immutable Audit Log
Enforced by a database trigger — not application logic. Append-only. Every action timestamped. No row is ever modified or deleted once written.
DB-trigger enforced
Row-Level Security
Multi-tenant isolation enforced at the Postgres row level. Your data is invisible to other tenants — enforced at the database, not in application code.
RLS enforced
Board-Ready PDF
Server-side PDF generation via a dedicated API route. Clause citations, gap register, evidence links — formatted for a board packet, not a developer tool.
Server-side generated
From the AIRA team
What makes AIRA different?
Traditional compliance platforms were built for static frameworks. AI governance needs something built for a moving target — live regulations, autonomous systems, and board-level accountability.
of organisations with AI deployments have documented governance frameworks — McKinsey, 2024
national AI policies tracked across 71 jurisdictions by the OECD AI Policy Observatory
non-compliance costs more than maintaining a compliance program — Ponemon Institute, 2023
Clause-level AI compliance.
Any regulator. Any jurisdiction.
27 jurisdictions live across APAC, Americas, EMEA, and International Standards. First assessment free, unmetered. Gap register to your board in minutes.
No credit card · No lawyer required · Research-grade clause-anchored assessments · Named-counsel review available on engagement