{"schema_version":"vigil-global-compliance-v1","generated_at":"2026-06-21T05:39:57.439Z","counts":{"total":28,"live":25,"partial":3,"pending":0},"by_category":{"privacy_law":11,"security_framework":5,"sectoral":9,"indigenous":3},"regions_provisioned":["us-east-1"],"regimes":[{"regime":"PIPEDA (Canada Federal)","category":"privacy_law","region":"North America","status":"live","citation":"RSC 2000, c 5","endpoint":"/api/compliance/na-status"},{"regime":"Quebec Loi 25","category":"privacy_law","region":"North America","status":"live","citation":"RLRQ c P-39.1","endpoint":"/api/compliance/quebec-law25","notes":"Strictest Canadian regime; mandatory DPO + PIA."},{"regime":"Alberta + BC PIPA","category":"privacy_law","region":"North America","status":"live","citation":"SA 2003, c P-6.5 + SBC 2003, c 63","endpoint":"/api/compliance/ca-province-matrix"},{"regime":"California CPRA","category":"privacy_law","region":"North America","status":"live","citation":"Cal. Civ. Code §1798.100 et seq.","endpoint":"/api/compliance/us-state-matrix"},{"regime":"15+ US state privacy laws (VCDPA / CPA / CTDPA / UCPA / TDPSA / FDBR / OCPA / MCDPA / ICDPA / TIPA / INCDPA / DPDPA / NJDPA / MCDPA / MODPA)","category":"privacy_law","region":"North America","status":"live","citation":"See us-state-matrix","endpoint":"/api/compliance/us-state-matrix"},{"regime":"DPDP-IN (India)","category":"privacy_law","region":"India","status":"live","citation":"Digital Personal Data Protection Act, 2023","endpoint":"/api/compliance/india-status"},{"regime":"LGPD (Brazil)","category":"privacy_law","region":"Brazil","status":"live","citation":"Lei nº 13.709/2018","endpoint":"/api/compliance/lgpd-readiness"},{"regime":"GDPR (EU)","category":"privacy_law","region":"European Union","status":"live","citation":"Regulation (EU) 2016/679","endpoint":"/api/compliance/dpia","notes":"Full DPIA + ROPA + DSR surface for EU customers."},{"regime":"PDPA (Singapore)","category":"privacy_law","region":"Singapore","status":"live","citation":"PDPA 2012 (No. 26 of 2012)","endpoint":"/api/compliance/pdpa-sg-readiness"},{"regime":"APPI (Japan)","category":"privacy_law","region":"Japan","status":"live","citation":"Act No. 57 of 2003, amended 2022 (eff. April 2023)","endpoint":"/api/compliance/appi-readiness"},{"regime":"NDPA (Nigeria)","category":"privacy_law","region":"Africa","status":"live","citation":"Nigeria Data Protection Act 2023","endpoint":"/api/compliance/ndpa-readiness"},{"regime":"EU AI Act (Regulation 2024/1689)","category":"security_framework","region":"European Union","status":"live","citation":"Regulation (EU) 2024/1689","endpoint":"/api/compliance/ai-act-classify","notes":"In force from 1 Aug 2024; high-risk obligations delayed by the May 2026 Digital Omnibus to 2 Dec 2027 (Annex III stand-alone) and 2 Aug 2028 (Annex I regulated products); Art 50 transparency 2 Dec 2026."},{"regime":"EU Digital Services Act (DSA)","category":"security_framework","region":"European Union","status":"live","citation":"Regulation (EU) 2022/2065","endpoint":"/api/compliance/dsa-status","notes":"In force since 17 Feb 2024 for all platforms."},{"regime":"NIST Privacy Framework v1.0","category":"security_framework","region":"Global (US-origin)","status":"live","citation":"NIST IR 8062","endpoint":"/api/compliance/nist-pf-posture"},{"regime":"SOC 2 (AICPA Trust Service Criteria)","category":"security_framework","region":"Global (US-origin)","status":"partial","citation":"AICPA TSC 2017 + 2022 revisions","endpoint":"/api/compliance/soc2-readiness","notes":"Pre-audit readiness scorecard. Formal Type I/II attestation on the roadmap."},{"regime":"ISO/IEC 27001:2022","category":"security_framework","region":"Global","status":"partial","citation":"ISO/IEC 27001:2022","endpoint":"/api/compliance/iso27001-readiness","notes":"Pre-certification readiness against 22 evaluated Annex A controls."},{"regime":"HIPAA (US Healthcare)","category":"sectoral","region":"United States","status":"partial","citation":"45 CFR §§164.308-316","endpoint":"/api/compliance/hipaa-readiness","notes":"BA readiness; signed BAA available on request."},{"regime":"GLBA / Safeguards Rule (US Financial)","category":"sectoral","region":"United States","status":"live","citation":"15 USC §§6801-6809; 16 CFR Part 314","endpoint":"/api/compliance/sectoral-check"},{"regime":"COPPA (US Children's)","category":"sectoral","region":"United States","status":"live","citation":"15 USC §§6501-6506; 16 CFR Part 312","endpoint":"/api/compliance/sectoral-check"},{"regime":"FERPA (US Education)","category":"sectoral","region":"United States","status":"live","citation":"20 USC §1232g; 34 CFR Part 99","endpoint":"/api/compliance/sectoral-check"},{"regime":"FCRA (US Consumer Reports)","category":"sectoral","region":"United States","status":"live","citation":"15 USC §§1681-1681x","endpoint":"/api/compliance/sectoral-check"},{"regime":"RBI (India Banking + Fintech)","category":"sectoral","region":"India","status":"live","citation":"RBI Digital Lending Guidelines (Sep 2022)","endpoint":"/api/compliance/india-sectoral-check"},{"regime":"SEBI (India Securities)","category":"sectoral","region":"India","status":"live","citation":"SEBI Cybersecurity Framework (Aug 2023)","endpoint":"/api/compliance/india-sectoral-check"},{"regime":"IRDAI (India Insurance)","category":"sectoral","region":"India","status":"live","citation":"IRDAI Information + Cyber Security Guidelines 2017","endpoint":"/api/compliance/india-sectoral-check"},{"regime":"TRAI / DoT (India Telecom)","category":"sectoral","region":"India","status":"live","citation":"TCCCPR 2018; UASL conditions","endpoint":"/api/compliance/india-sectoral-check"},{"regime":"OCAP™ (First Nations Information Governance Centre)","category":"indigenous","region":"Canada","status":"live","citation":"FNIGC OCAP™ principles","endpoint":"/api/compliance/indigenous-data","notes":"COSTRINITY is Indigenous-owned. Authentic support for OCAP + CARE Principles + UNDRIP Art 31."},{"regime":"CARE Principles for Indigenous Data Governance","category":"indigenous","region":"Global","status":"live","citation":"Global Indigenous Data Alliance","endpoint":"/api/compliance/indigenous-data"},{"regime":"UNDRIP Article 31 — Data rights of Indigenous peoples","category":"indigenous","region":"Global","status":"live","citation":"UN Declaration on the Rights of Indigenous Peoples","endpoint":"/api/compliance/indigenous-data"}],"related":{"india_status":"/api/compliance/india-status","na_status":"/api/compliance/na-status","indigenous_data":"/api/compliance/indigenous-data","changelog":"/api/changelog","openapi":"/api/.well-known/openapi"},"note":"This document is the canonical answer to \"do you support X compliance regime?\" Operators see what's live, what's partial readiness, and what's pending — without spelunking the OpenAPI spec."}