Cross-jurisdictional crosswalk
One control requirement.
27 different regulatory answers.
Pick a canonical control. See exactly which clause each of the 27 jurisdictions uses to enforce it, which treat it as advisory only, which are silent. No generic checklists. Every citation is anchored to the primary source — the same clause used in the assessment questions.
Philippine sector coverage
Philippines — sector regulator status
Philippine AI governance spans multiple sector regulators beyond the NPC. Live = clause-anchored questions wired in AIRA. In Build = framework scoped, content in production.
National Privacy Commission
Bangko Sentral ng Pilipinas
DICT
Dept. of Health
Food & Drug Administration
PhilHealth
Securities & Exchange Commission
Impact assessment for high-risk AI processing
Must your organisation run a documented risk / privacy / AI impact assessment before deploying an AI system that processes personal data at scale, or in a high-risk context (credit, hiring, healthcare, law enforcement)?
| Jurisdiction | Status | Clause citation |
|---|---|---|
| PHPhilippines | Required | NPC Advisory 2024-04 §IV · DPA IRR §34(b) |
| AUAustralia | Advisory | OAIC AI Guidance (Oct 2024) · DISR VAISS Principle 4 |
| BRBrazil | Required | LGPD Art. 38 (at ANPD request) · ANPD Res. 15/2024 |
| CACanada | Partial | Quebec Law 25 §3.3 (PIA) · OSFI E-23 (FIs) Federal PIPEDA: accountability principle only |
| EUEuropean Union | Required | GDPR Art. 35 · EU AI Act Art. 9 · Art. 27 (FRIA) |
| HKHong Kong | Advisory | PCPD Model Framework 2024 §4 (risk assessment) |
| INIndia | Partial | DPDP Act §10 (Significant Data Fiduciary — DPIA + periodic audit) · MEITY Draft Rules 2025 Rule 12 Mandatory for Significant Data Fiduciaries only; general Data Fiduciaries: no statutory DPIA |
| IDIndonesia | Required | UU PDP Pasal 28 (DPIA) |
| ISOInternational | Required | ISO/IEC 42001 §6.1 · ISO/IEC 23894 (AI risk) |
| JPJapan | Advisory | METI/MIC AI Guidelines v1.1 Risk Assessment |
| MYMalaysia | Advisory | AIGE 2024 §6 (risk assessment) · BNM RMiT (FIs) |
| MXMexico | Advisory | LFPDPPP 2025 Art. 5 (responsabilidad) |
| SGSingapore | Advisory | PDPC AI Model Governance Framework 2024 · IMDA MGF-GenAI |
| KRSouth Korea | Required | PIPA Art. 33 (PIA) · AI Basic Act Art. 32 (high-impact AI) |
| CHSwitzerland | Required | revised FADP Art. 22 (for high-risk) |
| THThailand | Required | PDPA B.E. 2562 s.32 (for sensitive / large-scale) |
| AEUAE | Advisory | UAE PDPL Art. 10 (DPO requirement) · Dubai AI Ethics Principles 2019 §3 (risk assessment) No statutory DPIA obligation; risk assessment recommended under Dubai AI framework |
| UKUnited Kingdom | Required | UK GDPR Art. 35 · ICO AI Guidance 2023/2024 |
| USUnited States | Partial | NIST AI RMF MAP · Colorado AI Act §6-1-1703 (high-risk) Federal: voluntary. State: Colorado mandates; NYC LL 144 bias audit |
When your regulator calls, you can answer — clause by clause.
Every gap on your assessment report names the exact regulatory article that creates the obligation and the specific evidence artefact the regulator expects to see. Not a consultant's opinion. Not a generic checklist. The primary source — cited.
507
questions across 27 jurisdictions
27
live regulatory frameworks — APAC, Americas, EMEA
100%
of gaps name the expected evidence artefact