€15k / regulation / yr · per org

Regulation as code. Your system, checked.

Compliance teams build spreadsheets. Engineers build systems. Nobody runs the spreadsheet against the system. Reg-as-Code closes the gap — every MiCA / DORA / AMLR / EU AI Act rule becomes a machine-checkable check your CI can run.

20 seed rules across 4 frameworks · live today

v1 ships with the most cited rules per framework. Loaded into your environment on Day 1 of onboarding. v2 (Q3) auto-syncs from our EVOLVE-GRC regulatory horizon feed — when a framework changes, your rules update.

MiCA

v1.0-Day1
5 rules · CASP authorisation · AML programme · Travel Rule · reserves · whitepaper
  • MICA-001 CASP authorisation declared
  • MICA-002 AML programme present
  • MICA-003 Travel Rule provider declared
  • MICA-004 Reserve segregation (stablecoin issuers)
  • MICA-005 Whitepaper published

DORA

v1.0-Art5
5 rules · ICT risk · TLPT · incident reporting · subcontractor map · RTO
  • DORA-001 ICT risk register present
  • DORA-002 TLPT cycle scheduled
  • DORA-003 Major-incident reporting channel configured
  • DORA-004 Subcontractor map declared
  • DORA-005 Backup + RTO documented (≤ 4h)

AMLR

v1.0-2024
5 rules · beneficial owner · CDD · sanctions refresh · SAR · AMLA single-rulebook
  • AMLR-001 Beneficial-owner register declared
  • AMLR-002 Customer due-diligence policy
  • AMLR-003 Sanctions screening daily refresh
  • AMLR-004 SAR filing channel to FIU
  • AMLR-005 AMLA single-rulebook adopted

EU AI Act

v1.0-Art50
5 rules · system inventory · high-risk flagging · transparency · GPAI · Aug-2 fines
  • AIACT-001 AI-system inventory present
  • AIACT-002 High-risk AI systems flagged
  • AIACT-003 Transparency obligations met (Art.50)
  • AIACT-004 GPAI provider duties (if applicable)
  • AIACT-005 Aug-2 2026 fines clock acknowledged

The tiny rule DSL

Every rule is JSON — readable by compliance teams, evaluable by code. No Rego learning curve.

{
  "id": "MICA-002",
  "title": "AML programme present",
  "axis": "aml",
  "check": {
    "key": "aml.programme_in_place",  // dotted path into your snapshot
    "op":  "==",                       // op: exists | == | >= | <= | in
    "value": true                      // expected value
  }
}

How a check run works for you

Three steps. Compliance team owns the rules. Engineering owns the snapshot. Lead glues them together.

1 · Snapshot

Your system declares its current state

A JSON snapshot of your environment — what AML programme is in place, where your sanctions feed comes from, how often you screen. We provide the template per framework.

2 · Run

Each rule evaluated against the snapshot

Per-rule PASS / FAIL / SKIP + overall framework score. Runs in CI before every release. Same engine your auditor reviews.

3 · Report

Regulator-ready evidence pack

Per-framework PDF with rule-by-rule outcome + supporting evidence. Hand it to your auditor or your supervisor. Hash-stamped + timestamped.

4 · Subscribe

Rule updates pushed automatically

When a framework changes (new MiCA clarification, new DORA RTS), we update the ruleset + you get notified. No manual tracking.

Compliance teams write Excel. Engineers run code. Reg-as-Code unifies them.

Pilot pricing: €15k/regulation/yr · €50k for the full 4-pack · NIS2 + GDPR + FATF Travel Rule coming Q3

Get pilot access