RegCore.AIRegCore.AI

The compliance intelligence layer every engagement stands on.

Six capabilities carried into client work, a Regulatory Copilot, digital compliance agents, custom playbooks, integrations that sit inside your workflow, evidence and provenance traceable to both source and decision, and a public API. Grounded in authoritative regulator data; the library moves when the regulator moves.

Speak with a partnerSee the services
Architecture

Five layers. One operating stack.

Every engagement reads up and down the stack, partner clouds at the bottom, the knowledge graph above, compliance agents and the control library on top, and the evidence pack at the surface where your regulator meets your posture.

Read path
Every artifact reads the graph first.

Agents and the control library never assert an obligation without a primary-source citation from the RegIntel knowledge graph. What we ship, your regulator can check.

Write path
One artifact set. Many supervisors.

The evidence engine renders the control library into the artifact each supervisor expects, OSFI register, EU Annex IV file, ISO Statement of Applicability, SOC 2 evidence pack.

Update path
Change flows down. Impact flows up.

Horizon-scan detects regulator change at the graph. Impact routes through the control library, through the agents, into the evidence pack, without manual rewiring.

The substrate

A living graph of the obligations your portfolio answers to.

RegIntel is the regulatory-intelligence substrate. Every regulator we track, every framework we cover, every clause our control library is mapped to, held as a graph, refreshed continuously, anchored to primary sources.

  • Regulators

    Canadian supervisors, OSFI, FINTRAC, OSC, FSRA, FCAC, Justice Canada, and Ontario sources, with guidance, consultations, and enforcement actions available to the evidence layer. Cross-border supervisors are handled through advisory and framework playbooks.

  • Frameworks & clauses

    Every framework broken to the clause. Clauses linked to controls, to agents and to evidence artifacts.

  • Guidance & bulletins

    Supervisory letters, bulletins, sandbox outcomes, speeches, captured and routed to the controls they touch.

  • Enforcement

    Public findings, penalties and consent orders, read as signal for where supervisors are focused next.

  • Update cadence

    Continuous ingestion. Material change alerts routed to your posture within the cycle, not the quarter.

  • Primary-source anchoring

    Every assertion carries a citation. Artifacts your regulator can check without a conversation with us.

Why a graph
Obligations aren’t lists. They’re networks.

The same clause can be cited by three different supervisors, mapped to six different controls, and implicated by two different enforcement outcomes. A graph is how that lands without a conversation with us.

Built by specialists
Regulatory reading, not scraping.

RegIntel is curated by practitioners who read the primary source, not an index pointed at a PDF. The signal-to-noise is the product.

Evidence layer
Authoritative source coverage.

Source-grounded retrieval, practitioner review workflows, and citation provenance support regulator-readable responses without exposing internal corpus counts.

Digital compliance agents

A catalog of deployable agents. Bounded, instrumented, auditable.

Each agent is scoped to a single job, inventory, tiering, validation, monitoring, horizon-scan. Action budgets, kill switches and audit logs are in-scope by default. Our specialists direct; the agents do the volume.

Inventory Agent

Crawls SaaS, platforms, APIs, agent orchestrators and shadow deployments to enumerate every model and AI in the estate.

Risk Tiering Agent

Classifies use cases against your tiering rubric and the regulatory cuts your portfolio answers to.

Policy Drafting Agent

Drafts AI management-system policies, role mandates, HITL gates and escalation paths to the framework at hand.

Validation Agent

Assembles validation files, challenger models, stability tests, bias and fairness measures, effective challenge.

Board-Brief Agent

Produces board-facing briefs: risk dashboard, exception register, emerging regulation, control-effectiveness rollups.

Lineage Agent

Builds end-to-end lineage for training, fine-tuning and retrieval corpora with consent and purpose basis.

Consent Ledger Agent

Maintains consent and purpose ledgers aligned to PIPEDA, Quebec Law 25 and GDPR.

RAG Manifest Agent

Produces retrieval-augmented generation manifests, corpus provenance, index governance, grounding evaluation.

Data-Quality Agent

Operates data-quality controls mapped to model risk and NIST AI RMF Measure functions.

PIA Agent

Drafts Privacy Impact Assessments against Quebec Law 25 and PIPEDA.

DPIA Agent

Drafts Data Protection Impact Assessments against GDPR Article 35 and EU AI Act Article 26.

ADM Disclosure Agent

Produces automated-decision disclosure text a privacy regulator will recognise.

Cross-Border Transfer Agent

Builds cross-border transfer files, SCCs, transfer impact assessments, data maps.

Control Mapping Agent

Maps your existing controls clause by clause against the frameworks your portfolio answers to.

Evidence Agent

A bounded, instrumented and auditable compliance agent operating inside the RegIntel stack.

Approval Routing Agent

Routes HITL decisions, tiering, validation sign-off, deployment gates, exception approval.

Intake Agent

A bounded, instrumented and auditable compliance agent operating inside the RegIntel stack.

Attestation Agent

A bounded, instrumented and auditable compliance agent operating inside the RegIntel stack.

Evidence layer

How the evidence layer supports cited work.

The substrate above is designed for practitioner review: approved source coverage, controlled artifacts, and governance receipts carried on partner API responses.

PrimarySource-grounded
AuditableEvidence trail
ContinuousSource monitoring
CitedResponse provenance
  • Retrieval

    Deterministic retrieval, evidence ranking, and source-grounded response assembly. Discovery remains bounded to the approved evidence layer before generative drafting begins.

  • Source coverage

    Primary-source regulatory materials, guidance, consultations, legislation, and related evidence artifacts maintained for practitioner review.

  • Coverage

    Source monitoring and refresh workflows keep the evidence layer current without publishing internal corpus counts or implementation metrics.

  • Artifact store

    Evidence artifacts are retained in controlled storage with portable exports for client, audit, and supervisory review.

  • Citations

    Closed-shape corpus_citations on every API response. /tools/* endpoints fail closed (HTTP 422) when a citation references a document outside the retrieval set; the chat path forces confidence=low without blocking.

  • Audit receipt

    Every response carries a governance block — hash-chained audit_id, policy_version, citation_check (passed / partial / failed / no_retrieval), schema_validated, actor, user_id.

  • Trace

    Agent-backed chat responses include an authenticated trace.trace_id pointer for GET /traces/{trace_id} and the RegObserve viewer.

  • Templates

    Schema-validated chat payloads — DocumentCatalogV1, ChangeFeedV1, RegulatoryBriefV1 — with modes fast, hybrid, comprehensive.

OSFI (16 doc types)FINTRACOSC (instruments)FSRAJustice Canada (acts, regulations)Parliament of Canada (bills)Library of Parliament (summaries)Canada GazetteOntario Legislative AssemblyOntario GazetteGovernment of Ontario
Evidence & provenance

One artifact set. Many supervisors. Yours to keep.

The evidence engine renders the control library into the documents each supervisor expects. Regulator-readable PDF. Machine-readable JSON. Worked Excel registers. Signed, dated, portable, no platform login required.

PDF

Regulator-readable

Cover page, executive summary, clause-by-clause mapping, appendices, the document your supervisor opens first.

Excel

Registers and matrices

OSFI Appendix A register, control matrices, gap logs, breach registers, worked, not just rendered.

JSON

Machine-readable

Portable schema for your GRC, audit and risk systems. Ingest without rework.

Portable

Signed, dated, yours

Tamper-evident signing and a portable pack your team can keep working with even if we walk away.

Framework mapping

Framework-mapped controls. Design and operating evidence attached.

Our control library is mapped clause by clause against ISO/IEC 42001, 27001, 27701, NIST AI RMF, EU AI Act, OSFI E-23 and more. Write the control once. Answer many supervisors. Maintained against regulatory drift so your posture stays current.

ISO/IEC 42001ISO/IEC 23894ISO/IEC 27001ISO/IEC 27701ISO/IEC 27017ISO/IEC 27018NIST AI RMF 1.0NIST CSF 2.0EU AI ActGDPRDORAPLD 2024/2853OSFI E-23OSFI B-10OSFI FIFAI IIOSFI E-21PIPEDAQuebec Law 25FINTRACCIROSOC 2PRA SS1/23Basel AI principlesSR 11-7
Browse every framework →
Integrations & signal

Drift, performance, outcome, complaint, one pipeline.

Signals flow into breach registers and remediation queues. Alerting is tuned to supervisory expectation, not to dashboards nobody reads. The monitoring catalogue is mapped to the same controls your evidence pack renders.

Drift

Input, concept, population

Statistical tests on the distributions that matter. Thresholds tuned to model materiality.

Performance

Accuracy, calibration, stability

Track the metrics each validation cycle committed to. Alert when they move.

Outcome

Fairness, disparate impact

Outcome testing against protected classes and regulatory guidance. Routed to breach register on exception.

Complaint

Customer-signal coupling

Ingest complaints, route to the model they touch, escalate when volume crosses a material threshold.

Regulator coverage

Change detection across the supervisors your portfolio answers to.

RegIntel watches each supervisor below. Material change routes into the control library, through the agents and into the evidence pack, without a manual rewiring cycle.

Canada (Federal)
  • OSFI
  • FINTRAC
  • OSC
  • FCAC
  • Justice Canada
  • Canada Gazette
  • Parliament of Canada
Canada (Ontario)
  • FSRA
  • OSC
  • OLA
  • Ontario Gazette
  • Government of Ontario
MCP for agent runtimes

RegCore.AI where your agents already work.

The hosted MCP endpoint at https://api.regcore.ai/mcp brings cited regulatory intelligence into Claude Code, Cursor/Cowork-style coding agents, Codex workflows, internal review agents and governed orchestration layers. Your team keeps its existing runtime; RegCore.AI supplies the regulatory context, source citations and control-impact framing.

Developer agents

Claude Code, Cursor/Cowork, Codex.

Ask for regulatory impact while editing code, drafting PRs, changing AI gateway policy, or updating evidence-generation jobs.

GTM signal

Compliance context becomes a workflow primitive.

Fintechs and regulated AI teams can show buyers that regulatory checks run inside the SDLC, not after the release in a separate advisory track.

Control surface

Citations, controls, reviewer actions.

MCP calls return source-grounded context that can be carried into tickets, model cards, agent cards, validation notes and board-ready evidence packs.

Request MCP integration into your workflow →
Partner clouds & model providers

We meet your estate where it lives.

Control libraries, agent deployments and evidence artifacts ship against the clouds, data platforms and model providers you already run. Sovereign and on-premise configurations supported.

Authorized CloudAmazon Web ServicesPowered-by coverage: Bedrock · SageMaker · Guardrails · KMS · CloudTrail
Authorized CloudMicrosoft AzurePowered-by coverage: Azure OpenAI · AI Content Safety · Purview · Sentinel
Authorized CloudGoogle CloudPowered-by coverage: Vertex AI · Gemini · Model Garden · Chronicle
Authorized CloudOracle CloudPowered-by coverage: OCI Generative AI · Data Safe · Audit
Authorized Data platformDatabricksPowered-by coverage: Unity Catalog · MLflow · Lakehouse Monitoring
Authorized Data platformSnowflakePowered-by coverage: Horizon Catalog · Cortex · Data Clean Rooms
Authorized Model providerAnthropicPowered-by coverage: Claude · Constitutional AI · Responsible Scaling Policy
Authorized Model providerOpenAIPowered-by coverage: GPT family · Enterprise controls · Model Spec
Authorized Model providerMetaPowered-by coverage: Llama family · Open-weight deployments · Purple Llama
Authorized Model providerMistralPowered-by coverage: Open-weight and managed · Sovereign deployments
Authorized Model providerCoherePowered-by coverage: Command R · Rerank · North · sovereign Canadian deployment
Authorized Model providerHugging FacePowered-by coverage: Open-model curation · inference endpoints
Why we move faster

Agents do the mechanical work. Specialists do the judgement.

Traditional firms run on billable hours and human assembly. We run on RegIntel and a catalog of deployable agents that inventory, tier, map, validate and monitor. The same artifact that takes a traditional firm a cycle to hand you, we ship on a schedule our clients recognise as a different order of magnitude.

Volume
Agents absorb the mechanical work.

Inventory, mapping, evidence assembly and monitoring stop being queued work for an analyst. The agents produce; the specialist reviews.

Judgement
Specialists spend time where it counts.

Tiering calls, validation sign-off, exception routing, board posture. The human judgement your regulator expects to see, and has space to be rigorous about.

Currency
The posture stays current.

Regulator change detection routes into the controls it touches. Artifacts are re-rendered. Your posture does not drift just because the regime does.

Capability catalog

Everything RegIntel does, in one list.

A single-page recap of the capabilities above, useful as a reference when scoping an engagement or briefing your team.

Regulatory Copilot

A research and drafting surface grounded in the authoritative regulator record. Practitioners query the library, read the clause, and carry cited reasoning into client work without leaving the firm's register.

NIST AI RMF Govern 1.1 — organizational context for AI.
Digital compliance agents

Named agents that handle discrete compliance tasks — intake, control mapping, attestation, regulator correspondence — inside your workflow and under human sign-off. Every action is logged, reviewable, and owned.

ISO/IEC 42001 Clause 8 — operational planning and control.
Custom compliance playbooks

Firm-specific operating procedures built on the substrate and tuned to your obligations. The library moves when the regulator moves; the playbook is versioned alongside it.

OSFI E-23 — model risk management, end to end.
Integrations

Connectors that reach into the systems where compliance already lives — GRC tools, ticketing, document stores, model registries. Evidence is captured at the point of work, not reconstructed after it.

NIST AI RMF Manage 4.1 — in-context risk treatment.
Evidence & provenance

Every artefact the firm produces is bound to its source regulator text and to the decision path that led to it. Traceable on two sides — defensible to a board above and a supervisor below.

EU AI Act Article 12 — automatic logging and record-keeping.
Public API

Programmatic access to the compliance intelligence layer. In-house teams and partner firms query the library, submit artefacts for attestation, and receive provenance-stamped responses inside their own stack.

ISO/IEC 42001 Annex A — extending the management system.

Stand your AI posture on infrastructure a regulator will accept.

Tell us which frameworks your portfolio answers to. We will light up RegIntel against your estate, deploy the compliance agents that do the mechanical work, and put our specialists beside your second line.

Speak with a partnerSee the services →