Source rules
Every regulation in the atlas links a primary source — the official text, published by the issuing body or a recognised legal database. Examples: EUR-Lex for EU regulations, NIST's own publication URL for AI RMF, ISO's standards page for ISO/IEC 42001 and 23894, SDAIA's portal for Saudi Arabia, the UAE Government Portal for federal UAE law.
Where multiple official sources exist (e.g. an EU regulation has both an EUR-Lex page and a regulator landing page), we pick the version that's most stable and most likely to outlive amendments — usually EUR-Lex for EU, the legislator portal for national laws, and the standards body for international standards.
We do not cite SEO content sites, summary blogs, or vendor marketing pages as sources, even when they're factually correct.
Classification
Status
- In Force — the regulation is currently binding (or, for non-binding standards, currently in active use).
- Proposed — published as a draft or a proposal but not yet adopted or in force.
- Voluntary — adopted but not legally binding (e.g. NIST AI RMF, OECD AI Principles).
- Consulting — currently in public consultation; the language may change before final adoption.
- Withdrawn — formally rescinded or lapsed.
- Superseded — replaced by a newer instrument while the rules transition.
Topics
Each regulation is tagged against eight topics: safety, transparency, fairness and bias, privacy and data, governance, accountability, general-purpose, sector-specific. We tag a topic when the regulation contains operational obligations (not just rhetoric) on that dimension.
Cross-references
Cross-references are bidirectional: if Regulation A explicitly relies on, conflicts with, or complements Regulation B, both pages should show the link. The graph view visualises these relationships. Cross-references are coded conservatively — we link only where the regulation text or an authoritative analysis names the relationship.
Verification
Each regulation page shows a last_verified date in the sidebar. To verify, a curator opens the primary source, walks through the structured fields (status, key dates, obligations, penalties, cross-references), and updates anything that has changed since the previous verification.
The atlas is reviewed at least quarterly. High-velocity regulations — currently the EU AI Act, the GPAI Code of Practice, and the Digital Omnibus — are verified more frequently when the underlying instrument moves.
Voyverse interpretation notes
Some regulation pages include a Voyverse interpretation note: a paragraph or two of operator perspective on what the text actually means in practice. These are written by Voyverse based on engagement experience, not derived from the source. They are flagged with a Voyverse mark on the page so readers can distinguish editorial from primary-source content.
Public reference companies
We do not currently publish lists of companies that comply with each regulation. Public attestation is unevenly distributed across regulations, and the embarrassment risk of misclassification outweighs the small navigational value of the list. We may revisit this for ISO certifications specifically, where public registries exist and the data is reliable.
Errata
If you spot an error — a mis-coded status, a stale date, a broken primary-source link, a cross-reference we missed — let us know. The atlas is maintained against feedback; corrections are merged and the affected page's last_verified date is bumped.