Safeguard ships pre-mapped control narratives and automated evidence pipelines for 7 regions and more than 60 frameworks — including the AI-specific regulations now landing across the EU, the US, Singapore, Korea, and India. This page is the encyclopedic map: every framework we cover, organised by region and by sector.
Each card lists the frameworks we cover in that jurisdiction, the scope of each, and a direct link to the evidence packet shape we ship for it.
Federal cloud authorisation, DoD maturity, and state-level privacy.
Privacy, operational resilience, AI obligations, and product cyber security.
Post-GDPR privacy plus national cyber assessment baselines.
DPDP, sector regulators, and sovereign deployment readiness.
GCC national cyber controls plus emerging privacy laws.
Privacy laws, banking technology risk, and AI assurance.
Privacy frameworks across Brazil, Mexico, and African data laws.
Eight AI-specific regimes that we surface as standalone control sets in addition to their parent region — because most AI-touching products are now subject to two or three of them at once.
high-risk AI obligations across the EU single market
federal AI safety, transparency, and reporting
AI governance testing toolkit and attestations
frontier model evaluation baseline
voluntary corporate AI governance baseline
AI system risk classification and obligations
model registration, content labelling, training data
data fiduciary plus AI advisory layer
Four overlays where a single product is typically subject to two or three frameworks from different regions at the same time.
Most vendors put a logo grid on a marketing page and call it "coverage." Coverage here means three concrete things. Where a control requires human judgement — policy authoring, organisational scope, attestation of governance — we surface it as an open checklist gap, not a fake green check.
Every control in the framework is read, interpreted, and given a narrative that explains what Safeguard does for it, what the customer must still attest to, and where the gaps live.
Scans, SBOMs, signed attestations, access logs, policy gate verdicts — all bound to controls and collected continuously, not in screenshot sprints before an audit.
One-click export in the format the regulator or auditor expects. Each artifact is signed; the auditor can verify without trusting Safeguard.
Any framework not on this page is a 4–8 week add given the existing evidence pipeline. Here is what those weeks look like.
A regulated buyer, a partner, or an internal review surfaces a framework that isn't yet on the map. We log the regulator, the jurisdiction, and the deadline.
Counsel and the framework authors read the source text. Where the regulator publishes a control catalogue, we map clause-by-clause. Where it doesn't, we infer from guidance and precedent and flag the inference.
Each control gets a written narrative plus an automated evidence binding to the underlying telemetry — scans, SBOMs, attestations, access logs, policy gates. Where a control needs human attestation, we ship it as a checklist gap rather than a fake check.
The framework appears in the console, the export menu, and on this page. Any framework not yet listed is a 4–8 week add given the existing evidence pipeline — most of the work is narrative authoring, not engineering.
| Region | Frameworks covered | Flagship framework | Evidence packet |
|---|---|---|---|
North America | 13 mapped | FedRAMP HIGH | Open |
European Union | 9 mapped | EU AI Act | Open |
United Kingdom | 5 mapped | NCSC CAF | Open |
India | 8 mapped | DPDP Act, 2023 | Open |
Middle East | 10 mapped | Saudi NCA ECC | Open |
APAC | 10 mapped | Singapore MAS TRM | Open |
Latin America & Africa | 6 mapped | Brazil LGPD | Open |
Totals on this table refer to frameworks explicitly mapped in the console. Sectoral overlays and AI regimes are counted within their parent region as well as listed in their own sections above.
The use-case page: how compliance actually gets done, step by step, across frameworks.
Supplier evidence packets, SBOM exchange, third-party risk attestations.
How Safeguard itself is built — controls, trust posture, sub-processors, and architecture.
Public framework crosswalks, sample evidence packets, and regulator-ready exports.
Bring the frameworks you owe. We'll walk the map with you — region by region, control by control, evidence packet by evidence packet.