Compass — Multi-Jurisdiction AI Compliance Operating System

Source: Priya research — “The Regulatory Fracture” (federal vs state, US vs EU, model access + employment + liability cross-cutting)

One-Liner

A compliance OS that maps every AI deployment decision to the regulatory rules of every jurisdiction it touches — model access, employment law, liability exposure, and export controls — then auto-recommends compliant configurations and generates audit-ready documentation for each regime simultaneously.

Target Customer

Primary: Enterprise legal/compliance officers and AI procurement teams at multinational corporations deploying AI across 5+ jurisdictions simultaneously (US federal, California, EU, UK, Japan, etc.)

Secondary: AI model providers (Mistral, Cohere, AI21) needing to certify their models as “multi-jurisdiction compliant” for enterprise sales — creating a certification badge that procurement teams can trust.

Problem

Three regulatory fractures, one impossible manual process.

1. Federal vs State (US): Trump’s DOJ is challenging state AI laws “more than minimally burdensome.” Meanwhile California is advancing the “No Robo Bosses Act” (no AI-only firings), expanding chatbot regulations, and states are moving ahead anyway. An enterprise with offices in both Texas and California can’t apply the same AI deployment rules to both.

2. US vs EU: German court just ruled Google liable for AI Overview falsehoods — stripping safe harbor for AI-generated content. This is fundamentally incompatible with the US Section 230 framework. The same AI system deployed in San Francisco and Munich faces opposite liability rules.

3. Cross-cutting axes that don’t align: Model access restrictions (Fable 5 blocked for non-US nationals). Employment restrictions (No Robo Bosses limits AI in hiring/firing). Liability exposure (German ruling makes AI outputs your legal responsibility). Export controls (US closing subsidiary loophole, China retaliating). Each has different jurisdictional boundaries. No one maps them together.

The manual reality right now: In-house legal teams maintain spreadsheets. They track each jurisdiction separately. They miss cross-interactions (e.g., a model that’s compliant in the EU but violates California employment law when used for HR screening). When something changes — German ruling drops, China adds retaliation authority — they scramble to assess impact across every jurisdiction.

Solution

Compass — three engines layered on top of ModelGap’s model registry:

Engine 1: The Deployability Graph

• Every AI deployment is a node connected to: model(s) used, use case category, jurisdictions where it operates, and regulatory regimes that apply
• Compass maintains a live graph of all regulatory rules (federal executive orders, state laws, EU rulings, export controls, employment regulations, liability precedents)
• When a new rule drops — German court ruling, California No Robo Bosses amendment, China retaliation authority — Compass evaluates the impact on every connected deployment in the graph and generates an impact report sorted by risk severity
• Example output: “Your Mythos 5 HR screening deployment in Munich is now HIGH RISK — German liability ruling makes AI outputs attributable to your company, and CA No Robo Bosses prohibits AI-only employment decisions. Recommended reconfiguration: enable human-in-the-loop review, deploy Mistral Large 3 instead of Mythos 5.”

Engine 2: The Configuration Recommender

• For each deployment, Compass recommends the minimum compliant configuration across all applicable jurisdictions
• Input: “I want to deploy [model X] for [use case Y] in [jurisdictions Z1, Z2, Z3]”
• Output:
  • Approved jurisdictions (with confidence score)
  • Blocked jurisdictions (with reason — e.g., “CA No Robo Bosses blocks AI-only firing decisions”)
  • Conditional jurisdictions (with required mitigations — e.g., “Munich: add human review loop, remove AI-generated output from direct customer display”)
  • Recommended model alternative if primary model is blocked in any jurisdiction
• Compares federal, state, and international rules simultaneously — surfaces conflicts like “Federal EO permits this, but CA law restricts it. CA law is currently the binding constraint.”

Engine 3: Audit Automation

• Auto-generates compliance documentation for every regulatory regime the deployment touches:
  • Great American AI Act (US federal — semi-annual audits)
  • EU AI Act risk classification and documentation
  • State-level compliance (CA No Robo Bosses attestation, etc.)
  • Export control compliance (BIS model access certifications)
• One deployment → one set of docs that satisfies all applicable regimes
• Change-tracking: when regulations update, Compas regenerates only the affected sections and flags delta for legal review

Why Now

1. The fracture is accelerating on all three axes this week. German ruling on AI liability (June 9). California No Robo Bosses advancing (June 14). China retaliation authority (June 11). US closing subsidiary loophole (June 1). Trump’s DOJ challenging state laws. This isn’t a future problem — compliance teams are drowning right now.

2. ModelGap covers the model-access corner. Compass extends the same intelligence into the full compliance surface area — employment, liability, and export controls — making it the default OS while ModelGap is the registry underneath. Together they’re a platform.

3. The audit clock is ticking. Great American AI Act mandates semi-annual audits. EU AI Act enforcement is ramping. Companies that don’t have automated compliance pipelines will be paying penalties within 12 months.

4. IPO prospectuses need this data. OpenAI and Anthropic both filed S-1s. Every investor prospectus needs a “regulatory risk” section. Compass provides the quantitative risk assessment that legal teams can embed in their public filings.

5. Anthropic is writing the regulatory playbook (Advanced AI Framework + Economic Policy Framework released June 10 — mandatory audits, worker protections, government authority to block deployments). Their own framework will create compliance requirements that Compass can automate before anyone builds the tooling.

Pricing

• Deployability Graph: $50K–$200K/yr per enterprise (scaled by number of monitored jurisdictions)
• Configuration Recommender API: $0.10 per compliance check query (enterprise flat: $30K/yr)
• Audit Automation: $25K/yr per regulated entity + $5K per additional regime
• Provider Certification Badge: $50K/yr for model providers to get “Compass Certified Multi-Jurisdiction Compliant” badge
• Enterprise Bundle (with ModelGap): $150K–$400K/yr — both products, integrated

Estimated TAM: $1.5B by 2028 (3,000 multinational enterprises × $100K avg + 100 model providers × $50K + regulatory velocity increasing coverage requirements)

Wedge

ModelGap tracks which models are accessible. Compass tracks which configurations are legal. They’re complementary — ModelGap catches you when a model gets restricted, Compass catches you when a regulation would make your deployment illegal even if the model is accessible. The integrated platform becomes the single pane of glass for AI compliance, and the switching costs compound: once your entire deployment graph is in Compass, leaving means manually tracking every regulation across every jurisdiction again.

Competition

Exit / Outcome

Most likely acquirer: Thomson Reuters or Wolters Kluwer — both sell legal compliance products to enterprises and need an AI-specific vertical. Compass gives them the regulatory data plus the product engine. Alternatively, ServiceNow acquires to bolt AI compliance onto their GRC platform as a premium module. Platform integration with ModelGap makes the combined entity an obvious acquisition target for any legal-tech consolidator or enterprise governance platform.

Filed by

Rohan (Idea Generator) — 2026-06-15