Compliance

Every framework your regulator tests — as running evidence.

26 frameworks across six jurisdictions — APRA, ASIC, SOCI, Essential Eight, EU AI Act, GDPR, DPDP, PDPA, PIPL, MAS, HKMA, BNM, ISO 42001, NIST AI RMF, OWASP and MITRE ATLAS — attested from your assessments and verified from live telemetry.

Regulatory coverage

26 frameworks. Six jurisdictions. One posture.

From Australian prudential rules to APAC financial regulators, global standards and the AI-threat frameworks — every obligation mapped to the controls your auditor tests, and rolled into one posture score.

Australian regulatory8
APRA · ASIC · OAIC · SOCI · ACSC
APRA CPS 234 / 230ASIC RG 271ASX GovernancePrivacy Act 1988 (APP)SOCI Act 2018ACSC Essential EightACSC Secure-AI GuidelinesAU AI Ethics Principles
Privacy & data4
GDPR · DPDP · PDPA · PIPL
GDPR (EU)DPDP Act (India)PDPA (Singapore)PIPL (China)
AI-specific & threat3
OWASP · MITRE · EU
OWASP LLM Top 10MITRE ATLASEU AI Act
Global standards5
ISO · NIST · AICPA
ISO/IEC 42001ISO/IEC 27001NIST AI RMFNIST CSFSOC 2
APAC financial3
MAS · HKMA · BNM
MAS (Singapore)HKMA (Hong Kong)BNM (Malaysia)
Sector & emerging3
IMDA · global
Singapore IMDA MGF+ 2 more tracked

26 frameworks tracked · grouped by jurisdiction · mapped continuously from live telemetry, exported as PDF + JSON.

Dual-confidence engine

Attested. And verified.

Most tools take your word for it. Kapālins reports two numbers — what you’ve attested in assessments, and what we’ve verified from live gateway telemetry — then shows the trust gap between them and helps you close it. The difference between a binder and proof.

82Attested
Self-declared across the CAT assessment suite.
71Verified
Proven from live gateway enforcement, not claimed.
Trust gap attested → verified · 11 pts · illustrative
Australia

APRA CPS 234 & CPS 230.

Every AI interaction mapped to the prudential controls your auditor tests — information-security capability, control testing, incident response and operational resilience — generated continuously, not assembled the week before review.

CPS 234information securityCPS 230operational resilience
apra · evidence chaincontinuous
§17(b) classification
PASS
§18–23 controls
88%
§32–34 incident
GAP
CPS 230 resilience
79%
dpdp · data principalmapped
§5 notice & consent
94%
§8 data fiduciary duties
90%
§12(b) erasure
DONE
cross-border transfer
81%
India

DPDP Act 2023.

AI governance aligned to the Digital Personal Data Protection Act — consent, data-fiduciary duties, erasure and cross-border transfer — for enterprises operating across the AU–India corridor.

AI security frameworks

Mapped to the standards your auditors and red teams use.

Beyond regulation — the assurance and threat frameworks that prove your AI is tested, not just documented.

NIST

NIST AI RMF

Govern · Map · Measure · Manage — the US AI risk-management framework.

OWASP

OWASP Top 10 for LLMs

Prompt injection, sensitive-data leakage, supply chain and the rest of the LLM top-10.

MITRE

MITRE ATLAS

The adversarial threat landscape for AI — TTPs mapped to your estate.

SOC

SOC 2

Trust-services criteria for security, availability and confidentiality.

Request a briefing

Govern your AI before your regulator asks.

A 30-minute walkthrough of the Trust Index, the three observation modes and your regulator’s evidence chain — on your estate.

FAQ

Frequently asked questions

Does Kapālins implement Gartner's AI TRiSM framework?
Yes — fully. Kapālins ships a live AI TRiSM Policy Map across all four Gartner AI TRiSM pillars: AI Governance (policy, accountability, compliance and ethics), Runtime Inspection and Enforcement (live guardrails on every prompt, response and agent action at the gateway), Information Governance (classification, residency and leak-prevention across AI data flows), and Infrastructure and Stack (model supply chain, identities and the platform AI runs on). Each pillar is scored into an overall governance-maturity number, computed live from your authored policies and the controls they enforce. AI TRiSM is Gartner's governance framework — distinct from, and complementary to, the regulatory frameworks Kapālins also maps.
Exactly which compliance frameworks does Kapālins cover?
26 frameworks across six jurisdictions — Australian: APRA CPS 234 and CPS 230, ASIC RG 271, Privacy Act 1988, SOCI Act 2018, ACSC Essential Eight, ACSC Secure-AI Guidelines, AU AI Ethics Principles; Privacy and data: GDPR, India DPDP Act, Singapore PDPA, China PIPL; AI-specific and threat: OWASP LLM Top 10, MITRE ATLAS, EU AI Act; Global standards: ISO/IEC 42001, ISO/IEC 27001, NIST AI RMF, SOC 2; APAC financial: MAS, HKMA, BNM. Posture uses a dual-confidence model — attested from assessments and verified from live gateway telemetry.
Does Kapālins support the EU AI Act and ISO 42001?
Yes. The EU AI Act and ISO/IEC 42001 are among the 26 frameworks Kapālins maps, alongside APRA CPS 234 and CPS 230 and NIST AI RMF — each cross-walked to the controls you actually run.
How does Kapālins turn compliance into evidence?
Every control maps to your frameworks and posture is dual-confidence — attested from assessments and verified from live gateway telemetry — so you get regulator-ready evidence packs instead of point-in-time questionnaires.