Regulations¶
Secruna ships against five regulatory frameworks. Each is a separate product subscription (Plan 103) — buy the one your organisation is regulated under, switch on more as your scope grows.
For a side-by-side view of all five at once — region, sector, penalty bracket, status, our coverage, known gaps, RLB-relevance — start at the comparison page. The per-framework deep pages below carry full Analysis sections (scope, key obligations, our coverage approach, gaps, customer impact).
| Framework | Status | Shape | Page |
|---|---|---|---|
| All five at a glance | — | Side-by-side table | Comparison |
| EU AI Act | Live since 2026-08-02 | Rule book — 19 rules | EU AI Act |
| RICS professional guidance | Live since v0.11.26 | Rule book — 5 rules | RICS |
| UK Defence AI Playbook | In flight (Plan 99) | Rule book — 6 rules | UK Defence AI Playbook |
| Defence Standard 05-138 | In flight (Plan 100) | Profile-based control set | Defence Standard 05-138 |
| UK Government Secure by Design | Deferred (Plan 101) | Checklist + maturity assessment | Secure by Design |
What "live" means¶
A framework is live when:
- The rule book is loaded by
cp-apiat start-up. - Discovery runs evaluate artifacts against every rule in the pack.
- The dashboard surfaces verdicts, the export endpoints produce evidence packs, and the eval golden set scores F1 ≥ 0.95.
- The marketing surfaces (homepage and
/use-cases/{framework}) describe the pack to prospects.
A framework is in flight when one or more of those four points is incomplete — usually rules are loaded but the customer-facing surfaces are still under construction. Deferred means we have the research done and a plan written, but no work in progress.
Why these five?¶
The roadmap is driven by the first paying customer (RLB, Plan 102 — a UK chartered surveying and government / defence supplier). RICS is the surveyor side; the UK Defence pack and 05-138 are the defence side; Secure by Design is what HM Government's procurement teams ask for. The EU AI Act is the table-stakes framework every European counterparty asks about.
We expect the framework list to grow. The architecture (Plan 96 multi-framework loader + Plan 103 frameworks-as-products) is designed so that adding a sixth framework is a YAML drop and a subscription SKU, not a refactor.