[ where vigil works ]

13 jurisdictions.
One platform for AI agents.

VIGIL operates compliance fabric across thirteen national + regional data protection regimes — so your AI agent can act anywhere a data subject lives, with the right disclosures, the right validators, the right breach windows, and the right cross-border posture. Pick a country. We've already mapped it.

13 jurisdictions

28+ regulatory regimes

22 identifier validators

[ coverage map ]

Pick a jurisdiction.

🇮🇳

India

Digital Personal Data Protection Act 2023

regulator · Data Protection Board of India

[ capabilities ]

·Cross-border transfer registry
·Breach notification workflow
·Grievance officer config
·Sectoral applicability checks
·Hindi privacy notice generator

[ identifier validators ]

AadhaarPANUPIGSTIN+91 mobileIFSCPIN code

🇪🇺

European Union

GDPR 2016/679 + AI Act 2024/1689 + DSA

regulator · National supervisory authorities

[ capabilities ]

·ROPA register (Article 30)
·Breach classifier (Articles 33 + 34)
·EU AI Act risk classifier
·DSA obligation mapping
·SCC Annex II generator
·DPIA threshold helper

[ identifier validators ]

IBAN (ISO 7064)VAT number

🇬🇧

United Kingdom

UK GDPR + Data Protection Act 2018

regulator · Information Commissioner's Office

[ capabilities ]

·Readiness scorecard mapped to ICO framework
·EU↔UK adequacy handling
·Subject access request workflow

[ identifier validators ]

UK National Insurance Number

🇨🇦

Canada

PIPEDA + Quebec Law 25 + provincial laws

regulator · Office of the Privacy Commissioner

[ capabilities ]

·Quebec Law 25 dedicated workflow
·Provincial privacy law matrix
·Indigenous data sovereignty (OCAP / CARE / UNDRIP Art 31)
·Bilingual notice support

[ identifier validators ]

SIN (Luhn)

🇺🇸

California (USA)

CCPA + CPRA 2020

regulator · California Privacy Protection Agency

[ capabilities ]

·Consumer rights workflow
·Do Not Sell / Do Not Share support
·Global Privacy Control honoring
·Service-provider vs third-party classification

🇺🇸

United States (Federal + States)

16 state privacy laws + HIPAA + GLBA + COPPA + FERPA + FCRA + SOX

regulator · Sectoral (FTC / HHS / SEC / state AGs)

[ capabilities ]

·16 US state privacy law matrix
·State breach notification deadlines + AG recipients
·Sectoral applicability (HIPAA / GLBA / COPPA / FERPA / FCRA / SOX)
·HIPAA Business Associate readiness

🇧🇷

Brazil

Lei Geral de Proteção de Dados (Lei 13.709/2018)

regulator · Autoridade Nacional de Proteção de Dados (ANPD)

[ capabilities ]

·Article 48 breach classifier
·Readiness scorecard mapped to ANPD framework
·Portuguese privacy notice generator
·Data subject rights workflow

[ identifier validators ]

CPF (mod-11)CNPJ (mod-11)

🇸🇬

Singapore

Personal Data Protection Act 2012

regulator · Personal Data Protection Commission (PDPC)

[ capabilities ]

·Section 26B breach classifier
·Readiness scorecard mapped to PDPC framework
·Do Not Call registry alignment

[ identifier validators ]

NRIC / FINUEN

🇯🇵

Japan

Act on the Protection of Personal Information

regulator · Personal Information Protection Commission

[ capabilities ]

·Article 28 cross-border transfer registry
·Readiness scorecard
·Adequacy + opt-in + SCC equivalents

[ identifier validators ]

My Number (mod-11)

🇳🇬

Nigeria

Nigeria Data Protection Act 2023

regulator · Nigeria Data Protection Commission (NDPC)

[ capabilities ]

·Readiness scorecard mapped to NDPC framework
·Cross-border transfer workflow

[ identifier validators ]

NINBVN

🇰🇷

South Korea

Personal Information Protection Act

regulator · Personal Information Protection Commission

[ capabilities ]

·Readiness scorecard
·Resident Registration Number handling
·Cross-border consent workflow

[ identifier validators ]

RRN (mod-11 with DOB + sex digit)

🇦🇺

Australia

Privacy Act 1988 + Australian Privacy Principles

regulator · Office of the Australian Information Commissioner

[ capabilities ]

·APP-compliant readiness scorecard
·Notifiable Data Breaches scheme classifier
·Cross-border accountability workflow

[ identifier validators ]

Tax File NumberABN

🇨🇳

China

Personal Information Protection Law 2021

regulator · Cyberspace Administration of China (CAC)

[ capabilities ]

·Article 38 cross-border transfer registry
·CAC security assessment / standard contract / certification routes
·Readiness scorecard

[ identifier validators ]

China ID (ISO 7064 mod-11-2)

[ shared across all jurisdictions ]

One fabric, every regime.

EU AI Act classifier

Reg 2024/1689 — prohibited / high-risk / limited / minimal + GPAI obligations with effective dates and penalty tiers.

Per-jurisdiction breach classifiers

Reportable? To whom? By when? Each regime answers with its own deadlines, recipients, and threshold tests.

Cross-border transfer registries

DPDP §16, APPI Art 28, PIPL Art 38, GDPR Chapter V — per-country status with sectoral caveats.

Pre-flight consent enforcement

Agents check consent BEFORE acting, not after. Lawful-basis confirmed up-front, every time.

Readiness scorecards

SOC 2 · ISO 27001 · HIPAA · PCI DSS · LGPD · PDPA-SG · APPI · NDPA · UK-GDPR · PIPA-KR · APP-AU · PIPL-CN.

MCP server for agents

@costrinity/vigil-compliance-mcp — 20 tools your AI agent calls mid-task, before it acts.

13 jurisdictions.One platform for AI agents.