Regulatory Landscape Audit

How do you audit regulatory landscapes across geographies with severity and triage scoring?

Purpose

This recipe produces a comprehensive regulatory landscape map covering all applicable regulations across the client's jurisdictions, scored by severity tier, enforcement timeline, and rate of change. The output includes a severity triage matrix, chaos gradient calculations showing which regulatory domains are evolving fastest, and pre-positioning opportunity flags for regulations still in draft stage. [src1, src3]

Prerequisites

Jurisdiction inventory — complete list of countries/regions where client operates or plans to enter
Industry classification — primary and secondary industry codes (NAICS, SIC, or NACE)
Current compliance certifications — existing certifications list
Product/service description — sufficient to determine which regulations apply

Constraints

Jurisdiction inventory must be complete before starting. [src3]
Severity scores have a 6-month half-life — date-stamp all scores. [src1]
Delegated acts tracked separately from primary legislation — they change faster. [src2]
Enforcement predictions beyond 18 months are speculative — flag with uncertainty ranges.
Chaos gradient requires minimum 3 historical data points per domain per jurisdiction.

Tool Selection Decision

Which path?
├── Budget allows regulatory intelligence platform
│   └── PATH A: Platform-Assisted — Thomson Reuters/LexisNexis + manual
├── Budget is limited, few jurisdictions
│   └── PATH B: Manual Research — EUR-Lex, Federal Register, gov sites
├── Client has in-house legal team available
│   └── PATH C: Collaborative — consultant framework + client legal
└── AI-augmented approach
    └── PATH D: AI + Manual Validation — LLM research + expert validation

Path	Tools	Cost	Speed	Output Quality
A: Platform-Assisted	Thomson Reuters, LexisNexis	$3K-$5K	5-6 days	Excellent
B: Manual Research	EUR-Lex, Federal Register	$0-$500	7-10 days	Good
C: Collaborative	Framework + client legal	$1K-$2K	5-7 days	Good
D: AI + Manual	LLM research + expert validation	$500-$1K	4-6 days	Good

Execution Flow

Step 1: Jurisdiction and Domain Mapping

Duration: 1 day · Tool: Spreadsheet + client intake data

Build the regulatory audit matrix: rows = jurisdictions, columns = regulatory domains (data privacy, AI regulation, environmental, financial, industry-specific, consumer protection, employment).

Verify: Matrix covers all jurisdiction-domain combinations. · If failed: Cross-reference with client entity structure.

Step 2: Regulation Inventory

Duration: 2-3 days · Tool: Regulatory intelligence platform or manual research

For each matrix cell, identify all applicable regulations with full name, effective date, applicability criteria, enforcement status, key obligations, and penalty structure.

Verify: Each cell populated with primary regulations. No obvious gaps. · If failed: Engage local legal counsel for sparse jurisdictions.

Step 3: Severity Tier Scoring

Duration: 1-2 days · Tool: Scoring framework + spreadsheet

Score each regulation: Tier 1 — Market Exclusion (10), Tier 2 — Operational Restriction (8), Tier 3 — Financial Penalty (6), Tier 4 — Reputational (3). Apply enforcement probability multiplier. [src2, src5]

Verify: All regulations scored. No Tier 1 regulations missed. · If failed: Default to 1.0x multiplier, flag for local legal input.

Step 4: Enforcement Timeline Prediction

Duration: 1 day · Tool: Regulatory intelligence + legal analysis

Predict enforcement timeline using triage logic: legislation passed + implementing rules = 6-12 months; delegated acts in draft = 12-24 months; proposed + consensus = 24-36 months; proposed + opposition = uncertain. [src1]

Verify: All pending regulations have timeline predictions with confidence ratings. · If failed: Use peer jurisdiction timelines as proxy.

Step 5: Chaos Gradient Mapping

Duration: 1 day · Tool: Spreadsheet + trend analysis

Calculate rate of regulatory change per domain per jurisdiction over past 3 years. Identify steepest slopes as pre-positioning opportunities. [src3, src4]

Verify: Chaos gradients calculated for all domain-jurisdiction combinations with sufficient data. · If failed: Use qualitative assessment, flag as estimated.

Step 6: Pre-Positioning Opportunity Identification

Duration: 0.5-1 day · Tool: Analysis + report generation

Identify draft regulations, open comment periods, and voluntary standards likely to become mandatory. Estimate pre-positioning advantage window in months. [src2]

Verify: Pre-positioning opportunities identified with advantage windows. · If failed: Focus on voluntary standards adoption.

Output Schema

{
  "output_type": "regulatory_landscape_map",
  "format": "spreadsheet + PDF + JSON",
  "sections": [
    {"name": "jurisdiction_domain_matrix", "type": "object", "description": "Complete matrix with regulation inventory"},
    {"name": "severity_triage_matrix", "type": "array", "description": "Regulations scored by severity tier"},
    {"name": "enforcement_timeline", "type": "array", "description": "Pending regulations with predicted dates"},
    {"name": "chaos_gradients", "type": "object", "description": "Rate-of-change slopes per domain per jurisdiction"},
    {"name": "pre_positioning_opportunities", "type": "array", "description": "Draft regulations with advantage windows"}
  ]
}

Quality Benchmarks

Quality Metric	Minimum Acceptable	Good	Excellent
Jurisdiction coverage	> 80%	> 90%	100%
Regulations per jurisdiction	> 5 primary	> 10	> 15
Severity scoring completeness	> 80%	> 90%	100%
Enforcement timeline confidence	> 60% high/medium	> 75%	> 90%
Chaos gradient data points	> 3 per domain	> 5	> 8

If below minimum: Extend audit by 2-3 days, engage local legal counsel, or narrow domain scope.

Error Handling

Error	Likely Cause	Recovery Action
Database incomplete for jurisdiction	Emerging market with limited records	Engage local counsel, use treaty databases as proxy
Severity inconsistent across jurisdictions	Different legal traditions	Apply normalization framework
Enforcement data unavailable	Jurisdiction does not publish statistics	Use news reports and legal journals as proxy
Negative chaos gradient slope	Domain stabilizing or deregulating	Document as finding — lower moat potential but lower risk
Too many Tier 1 regulations	Heavily regulated industry	Prioritize by enforcement probability and market size

Cost Breakdown

Component	Budget ($3K-$5K)	Standard ($5K-$8K)	Comprehensive ($8K-$12K)
Jurisdiction mapping	$500	$500-$1K	$1K-$1.5K
Regulation inventory	$1K-$2K	$2K-$3K	$3K-$5K
Severity scoring	$500-$1K	$1K-$1.5K	$1.5K-$2K
Enforcement timeline	$500	$500-$1K	$1K-$1.5K
Chaos gradient mapping	$500	$500-$1K	$1K-$1.5K
Pre-positioning analysis	—	$500-$1K	$1K-$1.5K
Total	$3K-$5K	$5K-$8K	$8K-$12K

Anti-Patterns

Wrong: Treating all regulations as equal severity

Listing regulations without severity scoring. Result: client cannot prioritize compliance investments. [src4]

Correct: Score every regulation on the severity triage matrix

Tier 1 (market exclusion) demands immediate attention regardless of enforcement timeline.

Wrong: Static one-time audit

Delivering regulatory map as a point-in-time snapshot without chaos gradients or review dates. Result: map becomes stale within months. [src1]

Correct: Include chaos gradients and enforce review dates

Every map should include rate-of-change data and explicit expiration dates. Recommend quarterly refresh for volatile domains.

Wrong: Ignoring delegated acts

Focusing only on primary legislation. Result: formal compliance with headline law but operational failure with technical standards. [src2]

Correct: Track delegated acts with faster review cadence

Delegated acts contain specific technical requirements. Track separately and review monthly during active rulemaking.

When This Matters

Use when an agent needs to produce a comprehensive regulatory map across multiple jurisdictions with severity scoring and change-rate analysis. This is the foundation for all subsequent compliance moat calculations.