Framework
// methodology + api reference

Methodology

How Policy-as-Code structures, scores, and maintains the global AI regulation database.

01

Framework overview

Policy-as-Code organises platform obligations into four platform classes calibrated to user reach and systemic risk. The framework lets operators map any law in the database to a concrete set of duties for their class.

  • VLOP. 100M+ users. Full DSA Art. 33 obligations, risk audits, transparency reports, crisis response.
  • Large. 1M–100M users. DSA "online platforms" duties plus AI Act provider / deployer obligations.
  • Medium. 10k–1M users. Labeling, takedown, basic transparency; many DSA SME exemptions apply.
  • Micro. Under 10k users. Minimal obligations: disclosure and notice-and-takedown.
02

Regulatory stringency scoring

The choropleth map score blends four dimensions into a single 0–100 value per jurisdiction:

DimensionWeightWhat it captures
Law count25%Total in-scope laws per jurisdiction.
Status35%In-force weighted highest; phased > proposed > voluntary.
Tier25%Foundational laws score higher than sectoral or emerging.
Coverage15%Breadth across focus areas (AIGC, DF, ELEC, etc.).

Scores are recomputed when the database is updated; weights are tuned to reflect enforcement risk rather than legislative volume alone.

03

Database methodology

Laws are selected based on jurisdictional reach, enforcement posture, and direct relevance to AI-generated content, deepfakes, content authentication, electoral integrity, and platform liability. Voluntary frameworks are included where they shape industry practice.

All entries are manually verified against primary sources — official gazettes, regulator publications, and court records. Each record links back to the originating statute or guidance document. Amendments and discrepancies are tracked in the changelog.

Last updated May 2026.

04

Focus area taxonomy

CodeName
AIGCAI-Generated Content
DFDeepfakes
CAContent Authenticity
MISINFOMisinformation
NCIINon-Consensual Intimate Images
ELECElection Integrity
GENGeneral AI Governance
PRIVPrivacy
IDDigital Identity
05

Jurisdiction coverage

JurisdictionLawsLatest update
Loading…
06

Platform classes

ClassScopeKey mechanism
VLOP100M+ usersRisk audits, crisis protocols, transparency reports.
Large1M–100M usersDSA platform duties + AI Act provider / deployer.
Medium10k–1M usersLabeling, takedown, baseline transparency.
MicroUnder 10k usersDisclosure + notice-and-takedown.
07

Trust tiers

Safe Harbor protection begins at T1 and strengthens with each higher tier.

TierNameWhat it requiresStatus
T1Basic DisclosureLabel AI-generated content and disclose provenance.Active
T2Algorithmic AccountabilityTransparency reporting and risk documentation.Active
T3Judicial EvidenceCourt-admissible provenance records.Planned
T4Sovereign IntegrityState-level integrity guarantees.Planned