Methodology
How Policy-as-Code structures, scores, and maintains the global AI regulation database.
Framework overview
Policy-as-Code organises platform obligations into four platform classes calibrated to user reach and systemic risk. The framework lets operators map any law in the database to a concrete set of duties for their class.
- VLOP. 100M+ users. Full DSA Art. 33 obligations, risk audits, transparency reports, crisis response.
- Large. 1M–100M users. DSA "online platforms" duties plus AI Act provider / deployer obligations.
- Medium. 10k–1M users. Labeling, takedown, basic transparency; many DSA SME exemptions apply.
- Micro. Under 10k users. Minimal obligations: disclosure and notice-and-takedown.
Regulatory stringency scoring
The choropleth map score blends four dimensions into a single 0–100 value per jurisdiction:
| Dimension | Weight | What it captures |
|---|---|---|
| Law count | 25% | Total in-scope laws per jurisdiction. |
| Status | 35% | In-force weighted highest; phased > proposed > voluntary. |
| Tier | 25% | Foundational laws score higher than sectoral or emerging. |
| Coverage | 15% | Breadth across focus areas (AIGC, DF, ELEC, etc.). |
Scores are recomputed when the database is updated; weights are tuned to reflect enforcement risk rather than legislative volume alone.
Database methodology
Laws are selected based on jurisdictional reach, enforcement posture, and direct relevance to AI-generated content, deepfakes, content authentication, electoral integrity, and platform liability. Voluntary frameworks are included where they shape industry practice.
All entries are manually verified against primary sources — official gazettes, regulator publications, and court records. Each record links back to the originating statute or guidance document. Amendments and discrepancies are tracked in the changelog.
Last updated May 2026.
Focus area taxonomy
| Code | Name |
|---|---|
| AIGC | AI-Generated Content |
| DF | Deepfakes |
| CA | Content Authenticity |
| MISINFO | Misinformation |
| NCII | Non-Consensual Intimate Images |
| ELEC | Election Integrity |
| GEN | General AI Governance |
| PRIV | Privacy |
| ID | Digital Identity |
Jurisdiction coverage
| Jurisdiction | Laws | Latest update |
|---|---|---|
| Loading… | ||
Platform classes
| Class | Scope | Key mechanism |
|---|---|---|
| VLOP | 100M+ users | Risk audits, crisis protocols, transparency reports. |
| Large | 1M–100M users | DSA platform duties + AI Act provider / deployer. |
| Medium | 10k–1M users | Labeling, takedown, baseline transparency. |
| Micro | Under 10k users | Disclosure + notice-and-takedown. |
Trust tiers
Safe Harbor protection begins at T1 and strengthens with each higher tier.
| Tier | Name | What it requires | Status |
|---|---|---|---|
| T1 | Basic Disclosure | Label AI-generated content and disclose provenance. | Active |
| T2 | Algorithmic Accountability | Transparency reporting and risk documentation. | Active |
| T3 | Judicial Evidence | Court-admissible provenance records. | Planned |
| T4 | Sovereign Integrity | State-level integrity guarantees. | Planned |