Open specification · Version 0.1 · Apache-2.0

ReguNav Compliance-to-Architecture Framework™

A machine-readable control, evidence and architecture ontology for regulated AI, data and software systems.

The navigation layer between regulation, controls, software architecture and audit evidence.

Why this exists

Most companies have legal teams reading regulations, compliance teams building spreadsheets, engineers building systems without knowing control intent, auditors asking for evidence, vendors producing random documents, and AI teams deploying models with weak governance.

These groups speak different vocabularies. Compliance-to-Architecture is the shared graph that lets each group ask the question they care about and get an answer the others can verify.

Scope of v0.1

This specification covers eight typed layers that combine into a single graph. Implementations are free to extend any layer; they SHOULD NOT remove fields. Optional fields are explicitly marked ?.

Assign IDs from the canonical prefix space (OBL-…, CTRL-…, EV-…, ARCH-…, POL-…).
Treat every relationship as an immutable, versioned edge with provenance.
Expose the entire graph through a JSON API that mirrors the type definitions in packages/ontology/src/types.ts.
Treat any deviation from a published authority's text as a derivative obligation with explicit reasoning, not a silent rewrite.

Authority versions tracked in v0.1

eu-ai-act@2024-1689 — in force 1 Aug 2024, applicable 2 Aug 2026 for high-risk
iso-42001@2023
iso-27001@2022
gdpr@2016-679
soc2@2017 (revised 2022)
dora@2022-2554 — applicable 17 Jan 2025
nist-ai-rmf@1.0
pci-dss@4.0.1 — June 2024 limited revision
hipaa@1996 (amended)

How to extend

Open a PR against packages/ontology/src/seed.ts adding your authority, obligation, control, evidence, architecture or policy.
Cite the source clause inline.
Run pnpm --filter @regunav/ontology build — fails loudly if you violate the type contract.
The merged change auto-deploys to the public /v1/ontology API surface on api.regunav.com.

Citation

ReguNav Compliance-to-Architecture Framework™, v0.1 (2026).
Regunav Inc. https://framework.regunav.com

Trademark

ReguNav™ is a trademark of Regunav Inc. The framework is published openly under Apache-2.0; the trademark is reserved for use by the maintainer in authoritative releases. Forks may use the data but should not invoke the trademark.

Canonical source: github.com/ReguNav/app/blob/main/packages/ontology/SPEC.md