# AffixIO compliance-index.txt # Plain-text mapping of regulations and frameworks to AffixIO resources # Last updated: 2026-07-12 > AffixIO is verification infrastructure, not legal advice. This index links public field notes, whitepapers, sector guides, and use-case pages that engineering and procurement teams use during technical due diligence. ## How to read this index - Regulation: the framework or law buyers ask about - AffixIO role: what the platform provides at the verifier boundary - Resources: reproducible pages on affix-io.com (canonical host www.affix-io.com) ## EU and UK EU AI Act (Regulation 2024/1689) AffixIO role: Article 12-style logging with cryptographic audit evidence; agent action gates before autonomous execution. Field note: https://www.affix-io.com/field-notes/eu-ai-act-verification-gates Whitepapers: WP eu-ai-act-nis2-compliance, WP agentic-ai-governance, WP real-time-zk-governance Use case: https://www.affix-io.com/agent-authorisation/ NIS2 Directive AffixIO role: Tamper-evident audit for security incident reconstruction; stateless boundary reduces verifier data exposure. Whitepapers: WP eu-ai-act-nis2-compliance, WP merkle-tree-audit-architecture Use case: https://www.affix-io.com/proof-not-log-audit/ GDPR (UK GDPR / EU GDPR) AffixIO role: Data minimisation at verifier (Article 25); DPIA worksheet available; no standing PII at gate by default. Trust: https://www.affix-io.com/trust/dpia-template Whitepapers: WP zk-gdpr-article-25, WP pii-free-kyc Procurement: https://www.affix-io.com/procurement DORA (Digital Operational Resilience Act) AffixIO role: Verifiable third-party control evidence for ICT risk; proof-not-log audit for outsourcing reviews. Whitepapers: WP dora-mica-ai-compliance Sector: https://www.affix-io.com/sectors/agentic-payments MiCA (Markets in Crypto-Assets) AffixIO role: Transaction eligibility gates without standing wallet profile at verifier. Whitepapers: WP dora-mica-ai-compliance, WP agentic-payments-aml-kyc Sector: https://www.affix-io.com/sectors/agentic-payments eIDAS 2.0 / European Digital Identity Wallet AffixIO role: Zero-knowledge selective disclosure at relying party boundary. Whitepapers: WP eidas-zk-selective-disclosure Use case: https://www.affix-io.com/privacy-preserving-age-check/ UK Online Safety Act (age assurance) AffixIO role: Proportionate age checks with signed YES or NO; no DOB hoarding at content provider. Field note: https://www.affix-io.com/field-notes/online-safety-age-verification Whitepapers: WP privacy-preserving-age-verification, WP social-media-age-verification Use case: https://www.affix-io.com/privacy-preserving-age-check/ Sector: https://www.affix-io.com/sectors/age-verification UK government / CDDO context AffixIO role: Programme eligibility with replayable audit; minimal verifier retention. Whitepapers: WP uk-gov-sandbox-walkthrough, WP uk-sovereign-ai-governance Sector: https://www.affix-io.com/sectors/government ## United States US Federal PQC migration (Executive Order, NIST FIPS 203/204/205) AffixIO role: ML-DSA-65 attestation on live API; crypto-agility for long-lived proofs. Field note: https://www.affix-io.com/field-notes/post-quantum-attestation-guide Whitepapers: WP us-federal-pqc-executive-order, WP post-quantum-attestation, WP post-quantum-pki-migration Tool: https://www.affix-io.com/tools/pqc-verifier US state AI laws (emerging) AffixIO role: Signed agent gates and audit evidence for state-level AI governance reviews. Whitepapers: WP us-state-ai-laws-zk-compliance, WP shadow-ai-governance HIPAA (clinical AI workflows) AffixIO role: Binary eligibility before agent-assisted clinical actions; ZK paths without exporting records to verifier. Whitepapers: WP hipaa-clinical-ai-zk Use case: https://www.affix-io.com/agent-authorisation/ ## Financial crime and payments AML / KYC augmentation AffixIO role: Policy gate at transaction boundary; complements KYC vaults, does not replace them. Compare: https://www.affix-io.com/compare/kyc-database Whitepapers: WP agentic-payments-aml-kyc, WP pii-free-kyc Sector: https://www.affix-io.com/sectors/agentic-payments Agentic payments / delegated spend AffixIO role: Signed allow or deny before agent-initiated payment. Sector: https://www.affix-io.com/sectors/agentic-payments Use case: https://www.affix-io.com/agent-authorisation/ ## Security frameworks OWASP Agentic AI Top 10 AffixIO role: Authorisation at action boundary; MCP verification connector for tool call gates. Use case: https://www.affix-io.com/agent-authorisation/ Use case: https://www.affix-io.com/mcp-verification-connector/ Whitepapers: WP zk-pqc-mcp-ai-connector, WP agentic-ai-governance ISO 27001 / SOC 2 procurement context AffixIO role: Trust Center, security documentation, sub-processor list, DPA terms. Trust: https://www.affix-io.com/trust Security: https://www.affix-io.com/security Procurement: https://www.affix-io.com/procurement ## Sector-specific controls Ticketing / anti-scalping / venue access AffixIO role: Offline QR verification, spent-proof logic, PQC attestation at gates. Use cases: https://www.affix-io.com/offline-gate-verification/ , https://www.affix-io.com/double-spend-prevention/ , https://www.affix-io.com/anti-scalping-tickets/ Whitepapers: WP live-ticket-verification-sandbox, WP double-spend-prevention Physical and API access control AffixIO role: ABAC with ZK selective disclosure; spent-proof anti-replay. Sector: https://www.affix-io.com/sectors/access-control IoT supply chain provenance AffixIO role: ZK provenance proofs at device or shipment boundary. Whitepapers: WP iot-supply-chain-zk-provenance ## HTML compliance hubs (buyer guides) - https://www.affix-io.com/regulatory-deadlines/ - https://www.affix-io.com/compliance/ - https://www.affix-io.com/compliance/online-safety-act/ - https://www.affix-io.com/compliance/eu-ai-act-article-12/ - https://www.affix-io.com/compliance/pqc-migration/ - https://www.affix-io.com/compliance/nis2-verification/ - https://www.affix-io.com/compliance/shadow-ai-agents/ - https://www.affix-io.com/glossary/ ## Procurement quick links - Evaluate path: https://www.affix-io.com/evaluate - Live sandbox: https://www.affix-io.com/sandbox/ - OpenAPI: https://www.affix-io.com/openapi.json - API changelog: https://www.affix-io.com/docs/changelog - Connector updates: https://www.affix-io.com/connector-updates - Glossary: https://www.affix-io.com/glossary.txt - Full LLM knowledge file: https://www.affix-io.com/llms-full.txt # SEO expansion URLs (updated 12 July 2026) /compliance/ — Compliance hub: Online Safety Act, EU AI Act Art. 12, NIS2, PQC, shadow AI /regulatory-deadlines/ — Enforcement calendar for procurement planning /compliance/online-safety-act/ — HEAA buyer guide /compliance/eu-ai-act-article-12/ — Automatic logging obligations /compliance/pqc-migration/ — Post-quantum procurement /compliance/nis2-verification/ — Incident replay evidence /compliance/shadow-ai-agents/ — KYA and MCP governance /glossary/ — HTML glossary index /glossary.txt — Plain-text terminology mirror /case-studies — Evidence library (reproducible sandbox evaluations) /tools/osa-scope-checker — Online Safety Act scope checker /tools/age-assurance-scorer — HEAA method scorer /tools/article-12-readiness — EU AI Act Article 12 readiness /compare/age-check-vs-id-upload — Age assurance architecture compare /compare/proof-not-log-vs-siem — Audit evidence compare /compare/agent-auth-vs-api-keys — KYA vs client auth compare /compare/offline-qr-vs-dynamic-barcode — Ticketing verify compare /compare/verification-vs-age-vendor — Verification layer vs age vendor /faq/age-verification/ — Age assurance FAQ hub /faq/ai-agents-and-mcp/ — KYA and MCP FAQ hub /faq/post-quantum/ — PQC FAQ hub /faq/ticketing-and-events/ — Ticketing FAQ hub /for/ticketing-platforms/ — Ticketing industry brief /for/social-platforms/ — Social platform brief /for/fintech-and-payments/ — Fintech brief /for/government-programmes/ — Government programme brief /agent-authorisation/ — Know Your Agent product page /offline-gate-verification/ — Offline QR gate product page /double-spend-prevention/ — Spent proof product page /privacy-preserving-age-check/ — Age check product page /mcp-verification-connector/ — MCP connector product page /proof-not-log-audit/ — Proof-not-log product page /anti-scalping-tickets/ — Anti-scalping ticket technology