comply

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 23, 2026 License: MIT Imports: 7 Imported by: 0

README

Go-Comply

Go CI Go Lint Go SAST Go Report Card Docs License

A Go framework for analyzing compliance regulations with machine-readable data structures. Supports regulation requirements, cloud solution mappings, jurisdiction management, and enforcement assessments.

Features

  • 📊 Executive Overview: Market segment analysis with provider readiness assessment
  • 📜 Regulation Modeling: Define regulations, sections, and requirements with structured metadata
  • 🌍 Jurisdiction Hierarchy: Support for countries, regions, and supranational bodies (EU)
  • 🗺️ Solution Mapping: Map cloud solutions to requirements with compliance levels
  • 🚦 Compliance Zones: Red/Yellow/Green zone classification for data categories
  • ⚖️ Enforcement Assessment: Track enforcement likelihood and recent actions
  • 💾 JSON I/O: Load and save compliance data in structured JSON format
  • 🌐 Web Viewer: Static HTML/JS viewer for browsing compliance data (GitHub Pages compatible)

Installation

go get github.com/grokify/go-comply

CLI Usage

Build the CLI tool:

go build -o comply ./cmd/comply
Commands

Load a framework:

./comply load ./examples/minimal

List items:

./comply list -dir ./examples/minimal -type regulations
./comply list -dir ./examples/minimal -type solutions
./comply list -dir ./examples/minimal -type zones

Query mappings:

./comply query -dir ./examples/minimal -solution cloud-provider-a
./comply query -dir ./examples/minimal -requirement EXAMPLE-REG-01
./comply query -dir ./examples/minimal -solution cloud-provider-a -jurisdiction EU

Validate files:

./comply validate ./examples/minimal

Analyze coverage:

./comply coverage -dir ./examples/minimal

Import research:

./comply import-research -input research.json -output ./my-framework

Library Usage

package main

import (
    "fmt"
    comply "github.com/grokify/go-comply"
)

func main() {
    // Load a compliance framework from a directory
    cf, err := comply.LoadFrameworkFromDir("./examples/minimal")
    if err != nil {
        panic(err)
    }

    // Query solutions for a requirement
    mappings := cf.GetMappingsForRequirement("EXAMPLE-REG-01")
    for _, m := range mappings {
        fmt.Printf("Solution %s: %s (Zone: %s)\n",
            m.SolutionID, m.ComplianceLevel, m.Zone)
    }

    // Get zone assignments for a jurisdiction
    zones := cf.GetZoneAssignmentsForJurisdiction("EU")
    for _, z := range zones {
        fmt.Printf("Solution %s in EU: Zone %s\n", z.SolutionID, z.Zone)
    }
}

Data Model

Core Types
Type Description
Jurisdiction Country, region, or supranational body (e.g., EU, FR, UK)
Regulation A compliance regulation or directive (e.g., GDPR, NIS2, SecNumCloud)
Requirement A specific compliance requirement from a regulation
Solution A cloud solution or service offering
RequirementMapping Maps a solution to a requirement with compliance level
ZoneAssignment Assigns a compliance zone (Red/Yellow/Green) to a solution in a jurisdiction
EnforcementAssessment Evaluates enforcement likelihood for a regulation
Compliance Zones
Zone Meaning Example Use Cases
Red Full sovereignty required, US hyperscalers banned French government data, Essential Data under SecNumCloud
Yellow Trustee/partner model acceptable German financial services via T-Systems, DORA compliance
Green Commercial cloud acceptable with proper controls General B2B SaaS, non-sensitive data
Compliance Levels
Level Description
compliant Fully meets the requirement
partial Partially meets the requirement
conditional Meets requirement with additional measures
non-compliant Does not meet the requirement
banned Explicitly prohibited

Examples

Minimal Example

The examples/minimal/ directory contains a basic example demonstrating the data structures:

  • Jurisdictions (EU, US)
  • Regulations (example regulation with requirements)
  • Solutions (commercial and sovereign providers)
  • Mappings (solution-to-requirement compliance levels)
  • Zone assignments (Red/Yellow/Green zones)
Research Examples

For comprehensive real-world examples including EMEA data sovereignty analysis, see go-comply-research:

  • EMEA Data Residency & Sovereignty: SecNumCloud, NIS2, DORA, EUCS, Schrems II
  • Regulations: SecNumCloud 3.2, NIS2, DORA, GDPR, C5, PDPL
  • Solutions: AWS, Azure, Google Cloud, OVHcloud, T-Systems, Bleu, S3NS

Web Viewer

The web/ directory contains a static HTML/JavaScript viewer for browsing compliance data. It can be hosted on GitHub Pages or any static file server.

Quick Start
# Start a local server
cd web
python3 -m http.server 8080

# Open in browser
open http://localhost:8080
URL Parameter (Swagger UI Style)

Load data automatically via URL parameter:

http://localhost:8080/?url=./data
http://localhost:8080/?url=https://example.com/my-compliance-data
Features
  • Load from any URL (local or remote)
  • Filter by jurisdiction, regulation, solution, and zone
  • Search across all data
  • Click items for detailed view
  • Color-coded compliance zones (Red/Yellow/Green)
GitHub Pages Deployment
  1. Copy the web/ directory to your GitHub Pages repo
  2. Add your JSON data files to a data/ subdirectory
  3. Access: https://username.github.io/repo/?url=./data

See web/README.md for full documentation.

Executive Overview

The executive overview (executive-overview.json) provides a high-level summary for decision makers:

  • Market Segments: Commercial, Regulated Industries, Government
  • Key Requirements: Priority requirements per segment with enforcement status
  • Provider Readiness: Status matrix showing which providers can serve each segment
  • Sovereignty Status: EU ownership, CLOUD Act immunity, SecNumCloud certification

See the Overview tab in the web viewer for the interactive dashboard.

Research Input Schema

For research assistants contributing compliance data, use the JSON Schema in schema/research-input.schema.json:

{
  "metadata": {
    "researcher": "Your Name",
    "date": "2025-05-15",
    "sources": ["https://..."]
  },
  "findings": [
    {
      "controlId": "CTL-LEGAL-001",
      "solutionId": "aws-commercial",
      "jurisdictionIds": ["EU", "FR"],
      "status": "non-compliant",
      "zone": "red",
      "notes": "Subject to US CLOUD Act",
      "evidenceUrls": ["https://..."]
    }
  ]
}

See schema/control-mapping.json for the control ID reference.

Directory Structure

go-comply/
├── *.go                            # Core Go types and I/O
├── cmd/comply/                     # CLI tool
├── web/                            # Static web viewer
│   ├── index.html
│   ├── app.js
│   ├── style.css
│   └── data/                       # Example data
├── schema/                         # JSON Schemas
│   ├── research-input.schema.json  # Research input format
│   └── control-mapping.json        # Control ID reference
├── docs/                           # MkDocs documentation
└── examples/
    └── minimal/                    # Minimal example framework
        ├── jurisdictions.json
        ├── regulations.json
        ├── requirements.json
        ├── solutions.json
        ├── mappings.json
        └── zone-assignments.json

Documentation

Full documentation is available at: https://grokify.github.io/go-comply/

Documentation covers:

  • Compliance Officers: Web viewer usage, zone interpretation, reading mappings
  • Research Assistants: Research workflow, input schema, evidence guidelines
  • Developers: CLI reference, Go library API, data model
  • Data Maintainers: JSON schemas, validation, pre-publish checklists
Building Docs Locally
pip install mkdocs-material
mkdocs serve

License

MIT License

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateMappingID 

func GenerateMappingID(prefix string, index int) string

GenerateMappingID generates a unique mapping ID

func ReadJSON 

func ReadJSON(path string, v any) error

ReadJSON reads a JSON file and unmarshals it into the provided interface.

func SaveFrameworkToDir 

func SaveFrameworkToDir(cf *ComplianceFramework, dir string) error

SaveFrameworkToDir saves a ComplianceFramework to a directory of JSON files.

func WriteJSON 

func WriteJSON(path string, v any, indent bool) error

WriteJSON marshals the provided interface and writes it to a JSON file.

Types

type AnalysisMetadata 

type AnalysisMetadata struct {
	Title       string        `json:"title"`
	Version     string        `json:"version"`
	LastUpdated string        `json:"lastUpdated"`
	Analyst     string        `json:"analyst,omitempty"`
	Scope       AnalysisScope `json:"scope,omitempty"`
}

AnalysisMetadata contains metadata about the analysis

type AnalysisScope 

type AnalysisScope struct {
	Jurisdictions []string `json:"jurisdictions,omitempty"`
	Regulations   []string `json:"regulations,omitempty"`
	Timeframe     string   `json:"timeframe,omitempty"`
}

AnalysisScope defines the geographic and regulatory scope

type Applicability 

type Applicability struct {
	EntityTypes []string `json:"entityTypes,omitempty"` // e.g., ["essential-entity", "important-entity"]
	Sectors     []string `json:"sectors,omitempty"`     // e.g., ["energy", "transport", "banking"]
	DataTypes   []string `json:"dataTypes,omitempty"`   // e.g., ["personal-data", "essential-data"]
	Conditions  string   `json:"conditions,omitempty"`  // free-form conditions
}

Applicability defines when a requirement applies.

type ComplianceAnalysis 

type ComplianceAnalysis struct {
	Metadata          AnalysisMetadata        `json:"metadata"`
	RegulatoryContext RegulatoryContext       `json:"regulatoryContext"`
	MarketSegments    []MarketSegmentAnalysis `json:"marketSegments"`
	SolutionLandscape *SolutionLandscape      `json:"solutionLandscape,omitempty"`
	Recommendations   []Recommendation        `json:"recommendations,omitempty"`
	Glossary          map[string]string       `json:"glossary,omitempty"`
}

ComplianceAnalysis is the top-level container for strategic compliance analysis

func LoadComplianceAnalysis 

func LoadComplianceAnalysis(path string) (*ComplianceAnalysis, error)

LoadComplianceAnalysis loads a compliance analysis from a JSON file.

type ComplianceFramework 

type ComplianceFramework struct {
	Name                   string                  `json:"name"`
	Version                string                  `json:"version"`
	Description            string                  `json:"description,omitempty"`
	LastUpdated            string                  `json:"lastUpdated,omitempty"`
	Jurisdictions          []Jurisdiction          `json:"jurisdictions,omitempty"`
	Regulations            []Regulation            `json:"regulations,omitempty"`
	Requirements           []Requirement           `json:"requirements,omitempty"`
	RegulatedEntities      []RegulatedEntity       `json:"regulatedEntities,omitempty"`
	Solutions              []Solution              `json:"solutions,omitempty"`
	ZoneAssignments        []ZoneAssignment        `json:"zoneAssignments,omitempty"`
	Mappings               []RequirementMapping    `json:"mappings,omitempty"`
	EnforcementAssessments []EnforcementAssessment `json:"enforcementAssessments,omitempty"`
}

ComplianceFramework is the top-level container for all compliance data.

func LoadFrameworkFromDir 

func LoadFrameworkFromDir(dir string) (*ComplianceFramework, error)

LoadFrameworkFromDir loads a ComplianceFramework from a directory of JSON files.

func NewComplianceFramework 

func NewComplianceFramework(name, version string) *ComplianceFramework

NewComplianceFramework creates a new empty ComplianceFramework.

func (*ComplianceFramework) GetEnforcementAssessmentsForJurisdiction 

func (cf *ComplianceFramework) GetEnforcementAssessmentsForJurisdiction(jurisdictionID string) []EnforcementAssessment

GetEnforcementAssessmentsForJurisdiction returns all enforcement assessments for a given jurisdiction.

func (*ComplianceFramework) GetJurisdiction 

func (cf *ComplianceFramework) GetJurisdiction(id string) *Jurisdiction

GetJurisdiction returns a jurisdiction by ID, or nil if not found.

func (*ComplianceFramework) GetMappingsForRequirement 

func (cf *ComplianceFramework) GetMappingsForRequirement(requirementID string) []RequirementMapping

GetMappingsForRequirement returns all mappings for a given requirement ID.

func (*ComplianceFramework) GetMappingsForSolution 

func (cf *ComplianceFramework) GetMappingsForSolution(solutionID string) []RequirementMapping

GetMappingsForSolution returns all mappings for a given solution ID.

func (*ComplianceFramework) GetRegulation 

func (cf *ComplianceFramework) GetRegulation(id string) *Regulation

GetRegulation returns a regulation by ID, or nil if not found.

func (*ComplianceFramework) GetRequirement 

func (cf *ComplianceFramework) GetRequirement(id string) *Requirement

GetRequirement returns a requirement by ID, or nil if not found.

func (*ComplianceFramework) GetRequirementsByRegulation 

func (cf *ComplianceFramework) GetRequirementsByRegulation(regulationID string) []Requirement

GetRequirementsByRegulation returns all requirements for a given regulation ID.

func (*ComplianceFramework) GetSolution 

func (cf *ComplianceFramework) GetSolution(id string) *Solution

GetSolution returns a solution by ID, or nil if not found.

func (*ComplianceFramework) GetZoneAssignmentsForJurisdiction 

func (cf *ComplianceFramework) GetZoneAssignmentsForJurisdiction(jurisdictionID string) []ZoneAssignment

GetZoneAssignmentsForJurisdiction returns all zone assignments for a given jurisdiction ID.

func (*ComplianceFramework) GetZoneAssignmentsForSolution 

func (cf *ComplianceFramework) GetZoneAssignmentsForSolution(solutionID string) []ZoneAssignment

GetZoneAssignmentsForSolution returns all zone assignments for a given solution ID.

type ComplianceLevel 

type ComplianceLevel string

ComplianceLevel defines the level of compliance for a requirement-solution mapping. 

const (
	ComplianceFull        ComplianceLevel = "compliant"
	CompliancePartial     ComplianceLevel = "partial"
	ComplianceNone        ComplianceLevel = "non-compliant"
	ComplianceConditional ComplianceLevel = "conditional"
	ComplianceBanned      ComplianceLevel = "banned" // Explicitly prohibited
)

type ComplianceRequirements 

type ComplianceRequirements struct {
	MustHave   []SegmentRequirement `json:"mustHave,omitempty"`
	ShouldHave []SegmentRequirement `json:"shouldHave,omitempty"`
	NiceToHave []SegmentRequirement `json:"niceToHave,omitempty"`
}

ComplianceRequirements groups requirements by priority

type ComplianceZone 

type ComplianceZone string

ComplianceZone represents the compliance zone classification. 

const (
	// ZoneRed - Full sovereignty required, US hyperscalers banned.
	// Examples: French government data under SecNumCloud, Essential Data.
	ZoneRed ComplianceZone = "red"

	// ZoneYellow - Trustee/partner model acceptable.
	// Examples: German energy sector via T-Systems, financial services via DORA.
	ZoneYellow ComplianceZone = "yellow"

	// ZoneGreen - Commercial cloud acceptable with proper controls.
	// Examples: General B2B SaaS, non-essential data.
	ZoneGreen ComplianceZone = "green"
)

type ConfidenceLevel 

type ConfidenceLevel string

ConfidenceLevel represents confidence in a research finding 

const (
	ConfidenceHigh   ConfidenceLevel = "high"
	ConfidenceMedium ConfidenceLevel = "medium"
	ConfidenceLow    ConfidenceLevel = "low"
)

type CurrentSolutions 

type CurrentSolutions struct {
	Viable    []SolutionAssessment `json:"viable,omitempty"`
	Partial   []SolutionAssessment `json:"partial,omitempty"`
	NotViable []SolutionAssessment `json:"notViable,omitempty"`
}

CurrentSolutions groups solutions by viability

type EnforcementAction 

type EnforcementAction struct {
	Date        string `json:"date"`
	Entity      string `json:"entity"`
	Description string `json:"description"`
	Penalty     string `json:"penalty,omitempty"`
	Source      string `json:"source,omitempty"`
}

EnforcementAction represents a specific enforcement action that has occurred.

type EnforcementAssessment 

type EnforcementAssessment struct {
	ID               string                `json:"id"`
	RequirementID    string                `json:"requirementId,omitempty"`
	RegulationID     string                `json:"regulationId,omitempty"`
	JurisdictionID   string                `json:"jurisdictionId"`
	Likelihood       EnforcementLikelihood `json:"likelihood"`
	Rationale        string                `json:"rationale"`
	RecentActions    []EnforcementAction   `json:"recentActions,omitempty"`
	RegulatoryTrends string                `json:"regulatoryTrends,omitempty"`
	AssessmentDate   string                `json:"assessmentDate"`
	Assessor         string                `json:"assessor,omitempty"`
}

EnforcementAssessment evaluates the likelihood and nature of enforcement.

func LoadEnforcementAssessments 

func LoadEnforcementAssessments(path string) ([]EnforcementAssessment, error)

LoadEnforcementAssessments loads enforcement assessments from a JSON file.

type EnforcementLikelihood 

type EnforcementLikelihood string

EnforcementLikelihood defines the likelihood of enforcement action. 

const (
	LikelihoodHigh      EnforcementLikelihood = "high"
	LikelihoodMedium    EnforcementLikelihood = "medium"
	LikelihoodLow       EnforcementLikelihood = "low"
	LikelihoodUncertain EnforcementLikelihood = "uncertain"
)

type EnforcementStatus 

type EnforcementStatus string

EnforcementStatus represents the enforcement status of a requirement 

const (
	EnforcementEnforced EnforcementStatus = "enforced"
	EnforcementUpcoming EnforcementStatus = "upcoming"
	EnforcementProposed EnforcementStatus = "proposed"
	EnforcementGuidance EnforcementStatus = "guidance"
)

type ExecutiveOverview 

type ExecutiveOverview struct {
	Metadata          ExecutiveOverviewMetadata  `json:"metadata"`
	Segments          []MarketSegment            `json:"segments"`
	ProviderReadiness []ProviderReadiness        `json:"providerReadiness,omitempty"`
	RegulatoryContext *OverviewRegulatoryContext `json:"regulatoryContext,omitempty"`
	Outlook           *OverviewOutlook           `json:"outlook,omitempty"`
	KeyTakeaways      []string                   `json:"keyTakeaways,omitempty"`
	Glossary          map[string]string          `json:"glossary,omitempty"`
}

ExecutiveOverview contains market segment analysis and provider readiness data

func LoadExecutiveOverview 

func LoadExecutiveOverview(path string) (*ExecutiveOverview, error)

LoadExecutiveOverview loads an executive overview from a JSON file.

type ExecutiveOverviewMetadata 

type ExecutiveOverviewMetadata struct {
	Title       string `json:"title"`
	Version     string `json:"version"`
	LastUpdated string `json:"lastUpdated"`
	Analyst     string `json:"analyst,omitempty"`
	Scope       string `json:"scope,omitempty"`
}

ExecutiveOverviewMetadata contains metadata about the overview

type ExternalRef 

type ExternalRef struct {
	Type  ExternalRefType `json:"type"`
	Value string          `json:"value"`
	Name  string          `json:"name,omitempty"`
	Notes string          `json:"notes,omitempty"`
}

ExternalRef represents a reference to an external resource.

type ExternalRefType 

type ExternalRefType string

ExternalRefType defines the type of external reference. 

const (
	RefTypeURL        ExternalRefType = "url"
	RefTypeCitation   ExternalRefType = "citation"
	RefTypeRegulation ExternalRefType = "regulation"
	RefTypeStandard   ExternalRefType = "standard"
)

type ExtraterritorialLaw 

type ExtraterritorialLaw struct {
	ID               string `json:"id"`
	Name             string `json:"name"`
	Jurisdiction     string `json:"jurisdiction"`
	Description      string `json:"description,omitempty"`
	Scope            string `json:"scope,omitempty"`
	DataAccessPowers string `json:"dataAccessPowers,omitempty"`
	ConflictWithEU   string `json:"conflictWithEu,omitempty"`
}

ExtraterritorialLaw represents a foreign law with extraterritorial reach

type FutureSolution 

type FutureSolution struct {
	SolutionID     string               `json:"solutionId"`
	ExpectedStatus FutureSolutionStatus `json:"expectedStatus"`
	ETA            string               `json:"eta,omitempty"`
	Dependencies   []string             `json:"dependencies,omitempty"`
	Confidence     ConfidenceLevel      `json:"confidence,omitempty"`
	Notes          string               `json:"notes,omitempty"`
}

FutureSolution represents a solution planned for the future

type FutureSolutionStatus 

type FutureSolutionStatus string

FutureSolutionStatus represents the expected future status 

const (
	FutureViable    FutureSolutionStatus = "viable"
	FuturePartial   FutureSolutionStatus = "partial"
	FutureUncertain FutureSolutionStatus = "uncertain"
)

type Jurisdiction 

type Jurisdiction struct {
	ID          string           `json:"id"`   // e.g., "EU", "UK", "KSA", "FR"
	Name        string           `json:"name"` // e.g., "European Union"
	Type        JurisdictionType `json:"type"`
	ISO3166     string           `json:"iso3166,omitempty"`   // ISO country code
	ParentID    string           `json:"parentId,omitempty"`  // e.g., "DE" -> "EU"
	MemberIDs   []string         `json:"memberIds,omitempty"` // for regions: member country IDs
	Description string           `json:"description,omitempty"`
}

Jurisdiction represents a legal jurisdiction (country, region, or supranational body).

func LoadJurisdictions 

func LoadJurisdictions(path string) ([]Jurisdiction, error)

LoadJurisdictions loads jurisdictions from a JSON file.

type JurisdictionType 

type JurisdictionType string

JurisdictionType defines the type of jurisdiction. 

const (
	JurisdictionCountry       JurisdictionType = "country"
	JurisdictionRegion        JurisdictionType = "region"
	JurisdictionSupranational JurisdictionType = "supranational"
)

type KeyRequirement 

type KeyRequirement struct {
	ID                string                       `json:"id"`
	Name              string                       `json:"name"`
	Description       string                       `json:"description,omitempty"`
	Priority          RequirementPriority          `json:"priority"`
	Status            RequirementEnforcementStatus `json:"status"`
	EffectiveDate     string                       `json:"effectiveDate,omitempty"`
	SourceRegulations []string                     `json:"sourceRegulations,omitempty"`
	ControlIds        []string                     `json:"controlIds,omitempty"`
	Impact            string                       `json:"impact,omitempty"`
}

KeyRequirement represents a key compliance requirement for a segment

type MarketSegment 

type MarketSegment struct {
	ID                    string                      `json:"id"`
	Name                  string                      `json:"name"`
	Type                  SegmentType                 `json:"type"`
	Description           string                      `json:"description,omitempty"`
	Industries            []string                    `json:"industries,omitempty"`
	Jurisdictions         []string                    `json:"jurisdictions"`
	ApplicableRegulations []string                    `json:"applicableRegulations,omitempty"`
	RiskLevel             RiskLevel                   `json:"riskLevel,omitempty"`
	Summary               string                      `json:"summary,omitempty"`
	KeyRequirements       []KeyRequirement            `json:"keyRequirements"`
	ProviderAssessments   []SegmentProviderAssessment `json:"providerAssessments,omitempty"`
}

MarketSegment represents a market segment for compliance analysis

type MarketSegmentAnalysis 

type MarketSegmentAnalysis struct {
	ID                     string                  `json:"id"`
	Name                   string                  `json:"name"`
	Type                   SegmentType             `json:"type"`
	Description            string                  `json:"description,omitempty"`
	Industries             []string                `json:"industries,omitempty"`
	Jurisdictions          []string                `json:"jurisdictions,omitempty"`
	RiskLevel              RiskLevel               `json:"riskLevel,omitempty"`
	ComplianceRequirements *ComplianceRequirements `json:"complianceRequirements,omitempty"`
	CurrentSolutions       *CurrentSolutions       `json:"currentSolutions,omitempty"`
	FutureSolutions        []FutureSolution        `json:"futureSolutions,omitempty"`
	StrategicOutlook       *StrategicOutlook       `json:"strategicOutlook,omitempty"`
	KeyInsights            []string                `json:"keyInsights,omitempty"`
}

MarketSegmentAnalysis contains analysis for a market segment

type OutlookPeriod 

type OutlookPeriod struct {
	Timeframe    string   `json:"timeframe,omitempty"`
	Developments []string `json:"developments,omitempty"`
}

OutlookPeriod represents developments expected within a time period

type OverviewOutlook 

type OverviewOutlook struct {
	Summary    string         `json:"summary,omitempty"`
	ShortTerm  *OutlookPeriod `json:"shortTerm,omitempty"`
	MediumTerm *OutlookPeriod `json:"mediumTerm,omitempty"`
	LongTerm   *OutlookPeriod `json:"longTerm,omitempty"`
}

OverviewOutlook provides future projections and expected developments

type OverviewRegulatoryContext 

type OverviewRegulatoryContext struct {
	Overview     string                     `json:"overview,omitempty"`
	KeyDrivers   []OverviewRegulatoryDriver `json:"keyDrivers,omitempty"`
	Implications []string                   `json:"implications,omitempty"`
}

OverviewRegulatoryContext provides background explaining the regulatory landscape

type OverviewRegulatoryDriver 

type OverviewRegulatoryDriver struct {
	Name          string `json:"name"`
	Description   string `json:"description"`
	Impact        string `json:"impact,omitempty"`
	EffectiveDate string `json:"effectiveDate,omitempty"`
}

OverviewRegulatoryDriver represents a key regulatory driver for the executive overview

type OwnershipStructure 

type OwnershipStructure struct {
	EUOwnershipPercent           float64 `json:"euOwnershipPercent"`
	LargestNonEUPercent          float64 `json:"largestNonEuPercent"`
	SubjectToExtraTerritorialLaw bool    `json:"subjectToExtraTerritorialLaw"` // CLOUD Act, etc.
	ControllingEntity            string  `json:"controllingEntity,omitempty"`
	Notes                        string  `json:"notes,omitempty"`
}

OwnershipStructure captures ownership details for sovereignty compliance. Supports SecNumCloud 24/39 rule: 24% max non-EU ownership, 39% max single non-EU shareholder.

type ProviderReadiness 

type ProviderReadiness struct {
	SolutionID        string                  `json:"solutionId"`
	Provider          string                  `json:"provider"`
	Type              string                  `json:"type,omitempty"`
	SegmentReadiness  *SegmentReadinessStatus `json:"segmentReadiness,omitempty"`
	Certifications    []string                `json:"certifications,omitempty"`
	SovereigntyStatus *SovereigntyStatus      `json:"sovereigntyStatus,omitempty"`
	KeyStrengths      []string                `json:"keyStrengths,omitempty"`
	KeyLimitations    []string                `json:"keyLimitations,omitempty"`
}

ProviderReadiness represents a provider's overall readiness across segments

type ProviderStatus 

type ProviderStatus string

ProviderStatus represents the overall readiness status of a provider 

const (
	ProviderStatusReady     ProviderStatus = "ready"
	ProviderStatusPartial   ProviderStatus = "partial"
	ProviderStatusPlanned   ProviderStatus = "planned"
	ProviderStatusNotViable ProviderStatus = "not-viable"
)

type Recommendation 

type Recommendation struct {
	ID             string                 `json:"id"`
	Segment        string                 `json:"segment"`
	Priority       RecommendationPriority `json:"priority,omitempty"`
	Recommendation string                 `json:"recommendation"`
	Rationale      string                 `json:"rationale,omitempty"`
	Actions        []string               `json:"actions,omitempty"`
	Timeframe      string                 `json:"timeframe,omitempty"`
}

Recommendation represents a strategic recommendation

type RecommendationPriority 

type RecommendationPriority string

RecommendationPriority represents the priority of a recommendation 

const (
	PriorityCritical RecommendationPriority = "critical"
	PriorityHigh     RecommendationPriority = "high"
	PriorityMedium   RecommendationPriority = "medium"
	PriorityLow      RecommendationPriority = "low"
)

type RegulatedEntity 

type RegulatedEntity struct {
	ID           string   `json:"id"`   // e.g., "NIS2-ESSENTIAL"
	Name         string   `json:"name"` // e.g., "Essential Entity"
	Description  string   `json:"description"`
	RegulationID string   `json:"regulationId"`
	Sectors      []string `json:"sectors,omitempty"`  // e.g., ["energy", "transport", "health"]
	Criteria     string   `json:"criteria,omitempty"` // Criteria for classification
	Examples     []string `json:"examples,omitempty"` // Example organizations
}

RegulatedEntity represents a type of organization subject to regulation.

type Regulation 

type Regulation struct {
	ID                string            `json:"id"`        // e.g., "EU-NIS2"
	Name              string            `json:"name"`      // Full name
	ShortName         string            `json:"shortName"` // e.g., "NIS2", "GDPR", "DORA"
	Description       string            `json:"description"`
	JurisdictionID    string            `json:"jurisdictionId"`
	Status            RegulationStatus  `json:"status"`
	AdoptedDate       string            `json:"adoptedDate,omitempty"`
	EffectiveDate     string            `json:"effectiveDate,omitempty"`
	EnforcementDate   string            `json:"enforcementDate,omitempty"`
	OfficialURL       string            `json:"officialUrl,omitempty"`
	Sections          []Section         `json:"sections,omitempty"`
	RegulatedEntities []RegulatedEntity `json:"regulatedEntities,omitempty"`
	ExternalRefs      []ExternalRef     `json:"externalRefs,omitempty"`
	Tags              []string          `json:"tags,omitempty"` // e.g., ["data-sovereignty", "cybersecurity"]
}

Regulation represents a compliance regulation or directive.

func LoadRegulations 

func LoadRegulations(path string) ([]Regulation, error)

LoadRegulations loads regulations from a JSON file.

type RegulationStatus 

type RegulationStatus string

RegulationStatus defines the current status of a regulation. 

const (
	RegulationDraft       RegulationStatus = "draft"
	RegulationAdopted     RegulationStatus = "adopted"
	RegulationEnforceable RegulationStatus = "enforceable"
	RegulationSuperseded  RegulationStatus = "superseded"
)

type RegulatoryContext 

type RegulatoryContext struct {
	Overview        string             `json:"overview"`
	KeyDrivers      []RegulatoryDriver `json:"keyDrivers"`
	Timeline        []TimelineEvent    `json:"timeline,omitempty"`
	ThreatLandscape *ThreatLandscape   `json:"threatLandscape,omitempty"`
}

RegulatoryContext explains WHY the compliance landscape exists

type RegulatoryDriver 

type RegulatoryDriver struct {
	ID                   string               `json:"id"`
	Name                 string               `json:"name"`
	Type                 RegulatoryDriverType `json:"type"`
	Jurisdiction         string               `json:"jurisdiction,omitempty"`
	Description          string               `json:"description,omitempty"`
	Impact               string               `json:"impact,omitempty"`
	EffectiveDate        string               `json:"effectiveDate,omitempty"`
	RelatedRegulationIDs []string             `json:"relatedRegulationIds,omitempty"`
}

RegulatoryDriver represents a key driver of the compliance landscape

type RegulatoryDriverType 

type RegulatoryDriverType string

RegulatoryDriverType represents the type of regulatory driver 

const (
	DriverLegislation  RegulatoryDriverType = "legislation"
	DriverCourtRuling  RegulatoryDriverType = "court-ruling"
	DriverPolicy       RegulatoryDriverType = "policy"
	DriverGeopolitical RegulatoryDriverType = "geopolitical"
	DriverStandard     RegulatoryDriverType = "standard"
)

type Requirement 

type Requirement struct {
	ID            string              `json:"id"` // e.g., "NIS2-ART21-SEC-01"
	Name          string              `json:"name"`
	Description   string              `json:"description"`
	RegulationID  string              `json:"regulationId"`
	SectionID     string              `json:"sectionId,omitempty"`
	Category      string              `json:"category,omitempty"` // e.g., "data-residency", "encryption"
	Subcategory   string              `json:"subcategory,omitempty"`
	Severity      RequirementSeverity `json:"severity,omitempty"`
	Keywords      []string            `json:"keywords,omitempty"`
	RelatedIDs    []string            `json:"relatedIds,omitempty"` // related requirement IDs
	ExternalRefs  []ExternalRef       `json:"externalRefs,omitempty"`
	EffectiveDate string              `json:"effectiveDate,omitempty"`
	Applicability *Applicability      `json:"applicability,omitempty"`
}

Requirement represents a specific compliance requirement from a regulation.

func LoadRequirements 

func LoadRequirements(path string) ([]Requirement, error)

LoadRequirements loads requirements from a JSON file.

type RequirementEnforcementStatus 

type RequirementEnforcementStatus string

RequirementEnforcementStatus represents the enforcement status of a requirement 

const (
	EnforcementStatusEnforced RequirementEnforcementStatus = "enforced"
	EnforcementStatusUpcoming RequirementEnforcementStatus = "upcoming"
	EnforcementStatusProposed RequirementEnforcementStatus = "proposed"
	EnforcementStatusGuidance RequirementEnforcementStatus = "guidance"
)

type RequirementMapping 

type RequirementMapping struct {
	ID              string          `json:"id"`
	RequirementID   string          `json:"requirementId"`
	SolutionID      string          `json:"solutionId"`
	JurisdictionIDs []string        `json:"jurisdictionIds,omitempty"` // Specific jurisdictions this applies to
	ComplianceLevel ComplianceLevel `json:"complianceLevel"`
	Zone            ComplianceZone  `json:"zone,omitempty"` // Red/Yellow/Green zone
	Notes           string          `json:"notes,omitempty"`
	Evidence        []string        `json:"evidence,omitempty"`
	Conditions      string          `json:"conditions,omitempty"` // What's needed for compliance
	ETA             string          `json:"eta,omitempty"`        // Expected availability date (e.g., "2026", "Q4 2026")
	AssessmentDate  string          `json:"assessmentDate,omitempty"`
}

RequirementMapping maps a solution to a requirement with compliance status.

func LoadMappings 

func LoadMappings(path string) ([]RequirementMapping, error)

LoadMappings loads requirement mappings from a JSON file.

type RequirementPriority 

type RequirementPriority string

RequirementPriority represents the priority of a requirement 

const (
	PriorityMustHave   RequirementPriority = "must-have"
	PriorityShouldHave RequirementPriority = "should-have"
	PriorityNiceToHave RequirementPriority = "nice-to-have"
)

type RequirementSeverity 

type RequirementSeverity string

RequirementSeverity defines the severity level of a requirement. 

const (
	SeverityCritical RequirementSeverity = "critical"
	SeverityHigh     RequirementSeverity = "high"
	SeverityMedium   RequirementSeverity = "medium"
	SeverityLow      RequirementSeverity = "low"
)

type ResearchAnalysis 

type ResearchAnalysis struct {
	TotalFindings       int            `json:"totalFindings"`
	UniqueControls      int            `json:"uniqueControls"`
	UniqueSolutions     int            `json:"uniqueSolutions"`
	StatusBreakdown     map[string]int `json:"statusBreakdown"`
	ZoneBreakdown       map[string]int `json:"zoneBreakdown"`
	ConfidenceBreakdown map[string]int `json:"confidenceBreakdown"`
	ControlIDs          []string       `json:"controlIds"`
	SolutionIDs         []string       `json:"solutionIds"`
	JurisdictionIDs     []string       `json:"jurisdictionIds"`
	FindingsBySolution  map[string]int `json:"findingsBySolution"`
	FindingsByControl   map[string]int `json:"findingsByControl"`
	MissingEvidence     int            `json:"missingEvidence"`
	WithEvidence        int            `json:"withEvidence"`
}

ResearchAnalysis contains analysis results of research findings

func (*ResearchAnalysis) PrintReport 

func (a *ResearchAnalysis) PrintReport() string

PrintAnalysis prints a formatted analysis report

type ResearchFinding 

type ResearchFinding struct {
	RegulationID    string          `json:"regulationId,omitempty"`
	ControlID       string          `json:"controlId"`
	ControlName     string          `json:"controlName,omitempty"`
	SolutionID      string          `json:"solutionId"`
	JurisdictionIDs []string        `json:"jurisdictionIds"`
	Status          string          `json:"status"`
	Zone            ComplianceZone  `json:"zone,omitempty"`
	Notes           string          `json:"notes"`
	Evidence        []string        `json:"evidence,omitempty"`
	ETA             string          `json:"eta,omitempty"`
	Confidence      ConfidenceLevel `json:"confidence,omitempty"`
}

ResearchFinding represents a single compliance finding from research

type ResearchInput 

type ResearchInput struct {
	Metadata ResearchMetadata  `json:"metadata"`
	Findings []ResearchFinding `json:"findings"`
}

ResearchInput represents the research input file format

func LoadResearchInput 

func LoadResearchInput(path string) (*ResearchInput, error)

LoadResearchInput loads a research input file from disk

func (*ResearchInput) Analyze 

func (ri *ResearchInput) Analyze() *ResearchAnalysis

Analyze performs analysis on research findings

func (*ResearchInput) MergeWithMappings 

func (ri *ResearchInput) MergeWithMappings(existing []RequirementMapping) (new, updated, unchanged []RequirementMapping)

MergeWithMappings merges research findings with existing mappings Returns new mappings, updated mappings, and unchanged mappings

func (*ResearchInput) ToMappings 

func (ri *ResearchInput) ToMappings() []RequirementMapping

ToMappings converts research findings to RequirementMapping format

func (*ResearchInput) Validate 

func (ri *ResearchInput) Validate(framework *ComplianceFramework) *ValidationResult

Validate validates research input against known solutions, controls, etc.

type ResearchMetadata 

type ResearchMetadata struct {
	ResearchDate string `json:"researchDate"`
	Researcher   string `json:"researcher,omitempty"`
	Version      string `json:"version,omitempty"`
}

ResearchMetadata contains metadata about the research submission

type RiskLevel 

type RiskLevel string

RiskLevel represents the risk level for a segment 

const (
	RiskCritical RiskLevel = "critical"
	RiskHigh     RiskLevel = "high"
	RiskMedium   RiskLevel = "medium"
	RiskLow      RiskLevel = "low"
)

type Section 

type Section struct {
	ID             string   `json:"id"` // e.g., "NIS2-ART21"
	RegulationID   string   `json:"regulationId"`
	Number         string   `json:"number"` // e.g., "Article 21"
	Name           string   `json:"name"`
	Description    string   `json:"description,omitempty"`
	ParentID       string   `json:"parentId,omitempty"`
	RequirementIDs []string `json:"requirementIds,omitempty"`
}

Section represents a section or article within a regulation.

type SegmentProviderAssessment 

type SegmentProviderAssessment struct {
	SolutionID    string         `json:"solutionId"`
	OverallStatus ProviderStatus `json:"overallStatus"`
	Zone          ComplianceZone `json:"zone,omitempty"`
	Gaps          []string       `json:"gaps,omitempty"`
	Strengths     []string       `json:"strengths,omitempty"`
	ETA           string         `json:"eta,omitempty"`
	Notes         string         `json:"notes,omitempty"`
}

SegmentProviderAssessment represents a provider's assessment for a specific segment

type SegmentReadinessStatus 

type SegmentReadinessStatus struct {
	Commercial ProviderStatus `json:"commercial,omitempty"`
	Regulated  ProviderStatus `json:"regulated,omitempty"`
	Government ProviderStatus `json:"government,omitempty"`
}

SegmentReadinessStatus represents readiness by segment type

type SegmentRequirement 

type SegmentRequirement struct {
	ID                string            `json:"id"`
	Name              string            `json:"name"`
	Description       string            `json:"description,omitempty"`
	ControlIDs        []string          `json:"controlIds,omitempty"`
	RegulationIDs     []string          `json:"regulationIds,omitempty"`
	EnforcementStatus EnforcementStatus `json:"enforcementStatus,omitempty"`
	EnforcementDate   string            `json:"enforcementDate,omitempty"`
	WhyItMatters      string            `json:"whyItMatters,omitempty"`
}

SegmentRequirement represents a requirement for a market segment

type SegmentType 

type SegmentType string

SegmentType represents the type of market segment 

const (
	SegmentCommercial SegmentType = "commercial"
	SegmentRegulated  SegmentType = "regulated"
	SegmentGovernment SegmentType = "government"
)

type SegmentViability 

type SegmentViability string

SegmentViability represents viability by segment type 

const (
	ViabilityViable    SegmentViability = "viable"
	ViabilityPartial   SegmentViability = "partial"
	ViabilityNotViable SegmentViability = "not-viable"
)

type Solution 

type Solution struct {
	ID                 string              `json:"id"` // e.g., "aws-commercial"
	Name               string              `json:"name"`
	Provider           string              `json:"provider"` // AWS, Azure, Google, OVHcloud, etc.
	Type               SolutionType        `json:"type"`
	Description        string              `json:"description,omitempty"`
	AvailableRegions   []string            `json:"availableRegions,omitempty"`
	Certifications     []string            `json:"certifications,omitempty"` // SecNumCloud, C5, ISO27001
	OwnershipStructure *OwnershipStructure `json:"ownershipStructure,omitempty"`
	JurisdictionIDs    []string            `json:"jurisdictionIds,omitempty"` // Where available
	ExternalRefs       []ExternalRef       `json:"externalRefs,omitempty"`
}

Solution represents a cloud solution or service offering.

func LoadSolutions 

func LoadSolutions(path string) ([]Solution, error)

LoadSolutions loads solutions from a JSON file.

type SolutionAssessment 

type SolutionAssessment struct {
	SolutionID      string          `json:"solutionId"`
	Zone            ComplianceZone  `json:"zone,omitempty"`
	ComplianceLevel ComplianceLevel `json:"complianceLevel,omitempty"`
	Strengths       []string        `json:"strengths,omitempty"`
	Gaps            []string        `json:"gaps,omitempty"`
	Notes           string          `json:"notes,omitempty"`
}

SolutionAssessment evaluates a solution for a market segment

type SolutionCategory 

type SolutionCategory struct {
	ID               string                      `json:"id"`
	Name             string                      `json:"name"`
	Description      string                      `json:"description,omitempty"`
	Characteristics  []string                    `json:"characteristics,omitempty"`
	Solutions        []string                    `json:"solutions,omitempty"`
	SegmentViability map[string]SegmentViability `json:"segmentViability,omitempty"`
}

SolutionCategory groups solutions by type

type SolutionLandscape 

type SolutionLandscape struct {
	Overview       string             `json:"overview,omitempty"`
	Categories     []SolutionCategory `json:"categories,omitempty"`
	EmergingTrends []string           `json:"emergingTrends,omitempty"`
}

SolutionLandscape describes the overall solution landscape

type SolutionType 

type SolutionType string

SolutionType defines the type of cloud solution. 

const (
	SolutionCommercial      SolutionType = "commercial"
	SolutionGovCloud        SolutionType = "govcloud"
	SolutionSovereign       SolutionType = "sovereign"
	SolutionNationalPartner SolutionType = "national-partner"
	SolutionPrivate         SolutionType = "private"
)

type SovereigntyStatus 

type SovereigntyStatus struct {
	EUOwned              bool   `json:"euOwned,omitempty"`
	CloudActImmune       bool   `json:"cloudActImmune,omitempty"`
	SecNumCloudCertified bool   `json:"secNumCloudCertified,omitempty"`
	SecNumCloudPlanned   bool   `json:"secNumCloudPlanned,omitempty"`
	SecNumCloudETA       string `json:"secNumCloudEta,omitempty"`
}

SovereigntyStatus represents sovereignty-related status of a provider

type StrategicOutlook 

type StrategicOutlook struct {
	ShortTerm  string `json:"shortTerm,omitempty"`
	MediumTerm string `json:"mediumTerm,omitempty"`
	LongTerm   string `json:"longTerm,omitempty"`
}

StrategicOutlook provides outlook by timeframe

type ThreatLandscape 

type ThreatLandscape struct {
	ExtraterritorialLaws    []ExtraterritorialLaw `json:"extraterritorialLaws,omitempty"`
	DataSovereigntyConcerns []string              `json:"dataSovereigntyConcerns,omitempty"`
	GeopoliticalRisks       []string              `json:"geopoliticalRisks,omitempty"`
}

ThreatLandscape describes the threats driving compliance requirements

type TimelineEvent 

type TimelineEvent struct {
	Date   string            `json:"date"`
	Event  string            `json:"event"`
	Impact string            `json:"impact,omitempty"`
	Type   TimelineEventType `json:"type,omitempty"`
}

TimelineEvent represents a key event in the compliance timeline

type TimelineEventType 

type TimelineEventType string

TimelineEventType represents the type of timeline event 

const (
	EventLegislation   TimelineEventType = "legislation"
	EventCourtRuling   TimelineEventType = "court-ruling"
	EventEnforcement   TimelineEventType = "enforcement"
	EventCertification TimelineEventType = "certification"
	EventMarket        TimelineEventType = "market"
)

type ValidationError 

type ValidationError struct {
	Index   int    `json:"index"`
	Field   string `json:"field"`
	Value   string `json:"value"`
	Message string `json:"message"`
}

ValidationError represents a validation error in research data

type ValidationResult 

type ValidationResult struct {
	Valid        bool              `json:"valid"`
	Errors       []ValidationError `json:"errors,omitempty"`
	Warnings     []ValidationError `json:"warnings,omitempty"`
	TotalChecked int               `json:"totalChecked"`
}

ValidationResult contains the results of validating research input

type ZoneAssignment 

type ZoneAssignment struct {
	ID             string         `json:"id"`
	SolutionID     string         `json:"solutionId"`
	JurisdictionID string         `json:"jurisdictionId"`
	Zone           ComplianceZone `json:"zone"`
	DataCategory   string         `json:"dataCategory,omitempty"` // e.g., "essential", "personal", "general"
	EntityType     string         `json:"entityType,omitempty"`   // e.g., "essential-entity", "financial-services"
	Rationale      string         `json:"rationale,omitempty"`
	RegulationIDs  []string       `json:"regulationIds,omitempty"` // Regulations driving this zone
}

ZoneAssignment assigns a compliance zone to a solution in a jurisdiction.

func LoadZoneAssignments 

func LoadZoneAssignments(path string) ([]ZoneAssignment, error)

LoadZoneAssignments loads zone assignments from a JSON file.

Source Files

View all Source files

Directories

Path Synopsis
cmd
comply command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.