Skip to content

Comparison: all five frameworks at a glance

This page sits alongside the per-framework deep pages and gives a single side-by-side view of the regulations Secruna supports. It exists for two readers: the prospect deciding which framework subscription to start with, and the practitioner who needs a quick sanity check on regional reach, penalty bracket, or known gaps before drafting an internal brief. For each framework, click through to the deep page for scope, key obligations, our coverage approach, gaps, and customer impact.

Side-by-side

Framework Region Sector Penalty bracket Status Our coverage Known gaps RLB-relevance
EU AI Act EU (extraterritorial) Cross-sector, high-risk Annex III focus Up to EUR 35m or 7% turnover (Article 99) Live (since 2026-08-02) 19 rules; Annex IV export; HITL queue; audit log EU database registration form; conformity assessment; GPAI rules pending counsel; post-market monitoring telemetry Medium
RICS professional guidance UK + 140-plus countries Chartered surveying (RICS members) Reputational / chartered status withdrawal; commercial gates from lenders + clients Live (since v0.11.26, Plan 96) 5 rules; AI Use Disclosure Statement; Firm AI Register; F1 = 1.000 Quantity-surveying matchers v1.1; cross-jurisdiction chapter branching; counsel review of disclosure template High
UK Defence AI Playbook UK MoD operational reach (extraterritorial via supply chain) UK defence + supply chain Contractual: bid disqualification, contract termination, parliamentary scrutiny In flight (Plan 99; rules + foundation shipped, marketing pending) 6 rules; 5-tier category taxonomy; HITL routing; supplier-chain propagation rule Defence AI Statement export; counsel-reviewed templates; marketing landing; TEVV evidence templates High
Defence Standard 05-138 UK MoD reach (extraterritorial via supply chain) UK defence supply chain (cyber overlay) Contractual: bid disqualification, contract breach remedies, supply-chain reach-back In flight (Plan 100, foundation work) Profile model on ai_systems; control taxonomy; cross-framework verdict view planned Per-profile control YAML pack; physical-security controls (out of reach); HSM/KMS integration; profile-recalculation UX High
Secure by Design UK central government Cross-sector government digital services Procurement disqualification; funding hold-back; no direct fine schedule Deferred (Plan 101) None shipped — design only Everything (entity, dashboard, principle YAMLs, evidence workflow, marketing landing, counsel review) Low

Reading the table

  • Region is the primary jurisdictional reach. Extraterritorial means the framework binds organisations outside the home jurisdiction when their output lands inside it.
  • Sector is the in-scope organisation type. Multi-sector frameworks (EU AI Act, Secure by Design) reach further than vertical ones (RICS).
  • Penalty bracket is the worst-case stated consequence. Statutory frameworks have fine schedules; professional and operational frameworks have contractual and procurement consequences.
  • Status mirrors the Regulations index: live means rules fire on customer artifacts and the customer-facing surfaces are live; in flight means partial; deferred means designed but not started.
  • Our coverage is what ships today against the framework, in shorthand.
  • Known gaps is the explicit list of things we do not yet cover — counsel-pending items, deferred work-items, and out-of-reach controls.
  • RLB-relevance flags how relevant each framework is to the first paying customer (Plan 102, RLB pilot). RLB is a UK chartered surveying firm and a UK government / defence supplier — RICS, the Defence AI Playbook, and 05-138 are all directly in scope; the EU AI Act is medium because RLB has European counterparties; Secure by Design is low until RLB enters a UK central government bid.

Where to go next