Six capabilities · Canadian regulator record

The compliance intelligence layer every engagement stands on.

Six capabilities carried into client work — a Regulatory Copilot, digital compliance agents, custom playbooks, integrations that sit inside your workflow, evidence and provenance traceable to both source and decision, and a public API. Grounded in authoritative regulator data; the library moves when the regulator moves.

Speak with a partner See the services

Architecture

Five layers. One operating stack.

Every engagement reads up and down the stack — partner clouds at the bottom, the knowledge graph above, compliance agents and the control library on top, and the evidence pack at the surface where your regulator meets your posture.

Evidence PackPDF · Excel · JSON · signed · portable

The artifact your board, auditor and regulator read. Tamper-evident. Portable without platform login. Yours to keep.

Framework MappingISO 42001 · 27001 · 27701 · NIST · EU AI Act · OSFI · DORA

Framework-mapped controls with design and operating-effectiveness evidence attached. Maintained against regulatory drift.

Digital Compliance Agentsinventory · tiering · validation · attestation · change detection

Bounded, instrumented, auditable. Agents do the mechanical work; specialists direct, review and sign off.

RegIntel Knowledge Graphregulators · clauses · guidance · enforcement · citations

A living graph of the obligations your portfolio answers to. Refreshed continuously. Every artifact anchored to a primary source.

Partner Clouds & Model ProvidersAWS · Azure · GCP · OCI · Databricks · Snowflake · Anthropic · OpenAI · Cohere · Mistral · Meta · Hugging Face

We meet your estate where it lives. Sovereign and on-premise configurations supported.

Read path

Every artifact reads the graph first.

Agents and the control library never assert an obligation without a primary-source citation from the RegIntel knowledge graph. What we ship, your regulator can check.

Write path

One artifact set. Many supervisors.

The evidence engine renders the control library into the artifact each supervisor expects — OSFI register, EU Annex IV file, ISO Statement of Applicability, SOC 2 evidence pack.

Update path

Change flows down. Impact flows up.

Horizon-scan detects regulator change at the graph. Impact routes through the control library, through the agents, into the evidence pack — without manual rewiring.

The substrate

A living graph of the obligations your portfolio answers to.

RegIntel is the regulatory-intelligence substrate. Every regulator we track, every framework we cover, every clause our control library is mapped to — held as a graph, refreshed continuously, anchored to primary sources.

Regulators
Canadian supervisors — OSFI, FINTRAC, OSC, FSRA, FCAC, Justice Canada, and Ontario sources — with their guidance, consultations, and enforcement actions indexed in the retrieval catalog. Cross-border supervisors (US, EU, UK) are handled through advisory, not the deterministic catalog.
Frameworks & clauses
Every framework broken to the clause. Clauses linked to controls, to agents and to evidence artifacts.
Guidance & bulletins
Supervisory letters, bulletins, sandbox outcomes, speeches — captured and routed to the controls they touch.
Enforcement
Public findings, penalties and consent orders — read as signal for where supervisors are focused next.
Update cadence
Continuous ingestion. Material change alerts routed to your posture within the cycle, not the quarter.
Primary-source anchoring
Every assertion carries a citation. Artifacts your regulator can check without a conversation with us.

Why a graph

Obligations aren’t lists. They’re networks.

The same clause can be cited by three different supervisors, mapped to six different controls, and implicated by two different enforcement outcomes. A graph is how that lands without a conversation with us.

Built by specialists

Regulatory reading, not scraping.

RegIntel is curated by practitioners who read the primary source — not an index pointed at a PDF. The signal-to-noise is the product.

Catalog spec

15,515 Canadian legal documents.

Indexed across OSFI, FINTRAC, OSC, FSRA, Justice Canada, Parliament of Canada, and Ontario sources. Cohere embed-v4 dense retrieval over 238,628 chunks, with Cohere rerank-v3.5 and closed-shape citation provenance on every response.

Digital compliance agents

A catalog of deployable agents. Bounded, instrumented, auditable.

Each agent is scoped to a single job — inventory, tiering, validation, monitoring, horizon-scan. Action budgets, kill switches and audit logs are in-scope by default. Our specialists direct; the agents do the volume.

Inventory Agent

Crawls SaaS, platforms, APIs, agent orchestrators and shadow deployments to enumerate every model and AI in the estate.

Risk Tiering Agent

Classifies use cases against your tiering rubric and the regulatory cuts your portfolio answers to.

Policy Drafting Agent

Drafts AI management-system policies, role mandates, HITL gates and escalation paths to the framework at hand.

Validation Agent

Assembles validation files — challenger models, stability tests, bias and fairness measures, effective challenge.

Board-Brief Agent

Produces board-facing briefs: risk dashboard, exception register, emerging regulation, control-effectiveness rollups.

Lineage Agent

Builds end-to-end lineage for training, fine-tuning and retrieval corpora with consent and purpose basis.

Consent Ledger Agent

Maintains consent and purpose ledgers aligned to PIPEDA, Quebec Law 25 and GDPR.

RAG Manifest Agent

Produces retrieval-augmented generation manifests — corpus provenance, index governance, grounding evaluation.

Data-Quality Agent

Operates data-quality controls mapped to model risk and NIST AI RMF Measure functions.

PIA Agent

Drafts Privacy Impact Assessments against Quebec Law 25 and PIPEDA.

DPIA Agent

Drafts Data Protection Impact Assessments against GDPR Article 35 and EU AI Act Article 26.

ADM Disclosure Agent

Produces automated-decision disclosure text a privacy regulator will recognise.

Cross-Border Transfer Agent

Builds cross-border transfer files — SCCs, transfer impact assessments, data maps.

Control Mapping Agent

Maps your existing controls clause by clause against the frameworks your portfolio answers to.

Evidence Agent

A bounded, instrumented and auditable compliance agent operating inside the RegIntel stack.

Approval Routing Agent

Routes HITL decisions — tiering, validation sign-off, deployment gates, exception approval.

Intake Agent

A bounded, instrumented and auditable compliance agent operating inside the RegIntel stack.

Attestation Agent

A bounded, instrumented and auditable compliance agent operating inside the RegIntel stack.

Under the hood

What the catalog actually indexes.

The substrate above is not aspirational. These are the specifications of the live retrieval catalog, the artifact store, and the governance block carried on every response from the partner API.

15,515Canadian legal documents

238,628Embedding chunks

33Active source pipelines

23Canadian regulators

10Source tables

1,536-dCohere embed-v4 · HNSW

Retrieval
Deterministic hybrid pool — BM25 + dense ANN over a 1,536-dim HNSW index — reranked by Cohere rerank-v3.5. No LLM in the /tools/discover path.
Source tables
Ten legal-document tables: acts & regulations (5,782), Ontario instruments (4,205), Ontario acts (3,043), gazette (582), bills (567), news (381), others (715), legislative summaries (10), Ontario bills (157), Ontario gazette (73).
Coverage
100% embedding coverage on most tables; 99.74% on news, 99.52% on OSC instruments. Thirty-three active pipelines continuously re-crawl upstream sources.
Artifact store
S3 bucket regcoreai in ca-central-1. Immutable per-document artifact under three prefixes: raw_data/discover/, raw_data/scraped/, legal_documents/.
Citations
Closed-shape corpus_citations on every API response. /tools/* endpoints fail closed (HTTP 422) when a citation references a document outside the retrieval set; the chat path forces confidence=low without blocking.
Audit receipt
Every response carries a governance block — hash-chained audit_id, policy_version, citation_check (passed / partial / failed / no_retrieval), schema_validated, actor, user_id.
Trace
Agent-backed chat responses include a trace.url LangSmith deep link — optionally public-shareable via public_trace: true.
Templates
Schema-validated chat payloads — DocumentCatalogV1, ChangeFeedV1, RegulatoryBriefV1 — with modes fast, hybrid, comprehensive.

OSFI (16 doc types)FINTRACOSC (instruments)FSRAJustice Canada (acts, regulations)Parliament of Canada (bills)Library of Parliament (summaries)Canada GazetteOntario Legislative AssemblyOntario GazetteGovernment of Ontario

Evidence & provenance

One artifact set. Many supervisors. Yours to keep.

The evidence engine renders the control library into the documents each supervisor expects. Regulator-readable PDF. Machine-readable JSON. Worked Excel registers. Signed, dated, portable — no platform login required.

PDF

Regulator-readable

Cover page, executive summary, clause-by-clause mapping, appendices — the document your supervisor opens first.

Excel

Registers and matrices

OSFI Appendix A register, control matrices, gap logs, breach registers — worked, not just rendered.

JSON

Machine-readable

Portable schema for your GRC, audit and risk systems. Ingest without rework.

Portable

Signed, dated, yours

Tamper-evident signing and a portable pack your team can keep working with even if we walk away.

Framework mapping

Framework-mapped controls. Design and operating evidence attached.

Our control library is mapped clause by clause against ISO/IEC 42001, 27001, 27701, NIST AI RMF, EU AI Act, OSFI E-23 and more. Write the control once. Answer many supervisors. Maintained against regulatory drift so your posture stays current.

ISO/IEC 42001ISO/IEC 23894ISO/IEC 27001ISO/IEC 27701ISO/IEC 27017ISO/IEC 27018NIST AI RMF 1.0NIST CSF 2.0EU AI ActGDPRDORAPLD 2024/2853OSFI E-23OSFI B-10OSFI FIFAI IIOSFI E-21PIPEDAQuebec Law 25FINTRACCIROSOC 2PRA SS1/23Basel AI principlesSR 11-7

Browse every framework →

Integrations & signal

Drift, performance, outcome, complaint — one pipeline.

Signals flow into breach registers and remediation queues. Alerting is tuned to supervisory expectation — not to dashboards nobody reads. The monitoring catalogue is mapped to the same controls your evidence pack renders.

Drift

Input, concept, population

Statistical tests on the distributions that matter. Thresholds tuned to model materiality.

Performance

Accuracy, calibration, stability

Track the metrics each validation cycle committed to. Alert when they move.

Outcome

Fairness, disparate impact

Outcome testing against protected classes and regulatory guidance. Routed to breach register on exception.

Complaint

Customer-signal coupling

Ingest complaints, route to the model they touch, escalate when volume crosses a material threshold.

Regulator coverage

Change detection across the supervisors your portfolio answers to.

RegIntel watches each supervisor below. Material change routes into the control library, through the agents and into the evidence pack — without a manual rewiring cycle.

Canada (Federal)

OSFI
FINTRAC
OSC
FCAC
Justice Canada
Canada Gazette
Parliament of Canada

Canada (Ontario)

FSRA
OSC
OLA
Ontario Gazette
Government of Ontario

Partner clouds & model providers

We meet your estate where it lives.

Control libraries, agent deployments and evidence artifacts ship against the clouds, data platforms and model providers you already run. Sovereign and on-premise configurations supported.

CloudAmazon Web ServicesBedrock · SageMaker · Guardrails · KMS · CloudTrail

CloudMicrosoft AzureAzure OpenAI · AI Content Safety · Purview · Sentinel

CloudGoogle CloudVertex AI · Gemini · Model Garden · Chronicle

CloudOracle CloudOCI Generative AI · Data Safe · Audit

Data platformDatabricksUnity Catalog · MLflow · Lakehouse Monitoring

Data platformSnowflakeHorizon Catalog · Cortex · Data Clean Rooms

Model providerAnthropicClaude · Constitutional AI · Responsible Scaling Policy

Model providerOpenAIGPT family · Enterprise controls · Model Spec

Model providerMetaLlama family · Open-weight deployments · Purple Llama

Model providerMistralOpen-weight and managed · Sovereign deployments

Model providerCohereCommand R · Rerank · North · sovereign Canadian deployment

Model providerHugging FaceOpen-model curation · inference endpoints

Why we move faster

Agents do the mechanical work. Specialists do the judgement.

Traditional firms run on billable hours and human assembly. We run on RegIntel and a catalog of deployable agents that inventory, tier, map, validate and monitor. The same artifact that takes a traditional firm a cycle to hand you, we ship on a schedule our clients recognise as a different order of magnitude.

Volume

Agents absorb the mechanical work.

Inventory, mapping, evidence assembly and monitoring stop being queued work for an analyst. The agents produce; the specialist reviews.

Judgement

Specialists spend time where it counts.

Tiering calls, validation sign-off, exception routing, board posture. The human judgement your regulator expects to see — and has space to be rigorous about.

Currency

The posture stays current.

Regulator change detection routes into the controls it touches. Artifacts are re-rendered. Your posture does not drift just because the regime does.

Capability catalog

Everything RegIntel does, in one list.

A single-page recap of the capabilities above — useful as a reference when scoping an engagement or briefing your team.

Regulatory Copilot

A research and drafting surface grounded in the authoritative regulator record. Practitioners query the library, read the clause, and carry cited reasoning into client work without leaving the firm's register.

NIST AI RMF Govern 1.1 — organizational context for AI.

Digital compliance agents

Named agents that handle discrete compliance tasks — intake, control mapping, attestation, regulator correspondence — inside your workflow and under human sign-off. Every action is logged, reviewable, and owned.

ISO/IEC 42001 Clause 8 — operational planning and control.

Custom compliance playbooks

Firm-specific operating procedures built on the substrate and tuned to your obligations. The library moves when the regulator moves; the playbook is versioned alongside it.

OSFI E-23 — model risk management, end to end.

Integrations

Connectors that reach into the systems where compliance already lives — GRC tools, ticketing, document stores, model registries. Evidence is captured at the point of work, not reconstructed after it.

NIST AI RMF Manage 4.1 — in-context risk treatment.

Evidence & provenance

Every artefact the firm produces is bound to its source regulator text and to the decision path that led to it. Traceable on two sides — defensible to a board above and a supervisor below.

EU AI Act Article 12 — automatic logging and record-keeping.

Public API

Programmatic access to the compliance intelligence layer. In-house teams and partner firms query the library, submit artefacts for attestation, and receive provenance-stamped responses inside their own stack.

ISO/IEC 42001 Annex A — extending the management system.

Stand your AI posture on infrastructure a regulator will accept.

Tell us which frameworks your portfolio answers to. We will light up RegIntel against your estate, deploy the compliance agents that do the mechanical work, and put our specialists beside your second line.

Speak with a partner See the services →