Regulatory Frameworks

Comprehensive compliance scanning across 53 regulatory clauses

5
Built-in Frameworks
53
Total Clauses
+
Custom Regulations

Custom Regulations

Need UL certifications, internal security policies, or industry-specific standards? Create your own custom regulations with any clauses you need.

UL Certifications

UL 2900-1, UL 2900-2-1 for medical devices, and other UL standards

Internal Policies

Company security policies, coding standards, or internal compliance requirements

Industry Standards

PCI DSS, NIST, CIS benchmarks, or any other compliance framework

File Locations

~/.clausi/custom_regulations/*.yml

Global - Available for all projects

.clausi/regulations/*.yml

Project-specific - Overrides global regulations

YAML Format

name: "UL 2900-1 Software Cybersecurity"
description: "General software cybersecurity requirements"
version: "2.0"

clauses:
  - id: "UL2900-4.1"
    title: "Security Risk Assessment"
    description: "Product must have documented security risk assessment"
    requirements:
      - "Document all network interfaces and attack surfaces"
      - "Identify and classify security risks by severity"
      - "Maintain threat model based on intended use"
    severity: "critical"

  - id: "UL2900-6.1"
    title: "Software Weakness Testing"
    description: "Code must be tested for known weaknesses"
    requirements:
      - "Test for CWE Top 25 vulnerabilities"
      - "Test for OWASP Top 10 vulnerabilities"
      - "Static analysis performed on source code"
    severity: "high"

Severity Levels

critical

Must fix immediately

high

Should fix soon

warning

Review recommended

info

For awareness

Usage

Scan with custom regulation (filename becomes the code):

clausi scan . -r UL-2900-1

Combine with built-in regulations:

clausi scan . -r UL-2900-1 -r HIPAA -r GDPR

Tip: The regulation code is derived from the filename.ul-2900-1.yml becomes -r UL-2900-1

How to Use Frameworks

Scan your codebase against one or multiple regulatory frameworks:

Single Framework:

clausi scan /path/to/project -r EU-AIA

Multiple Frameworks:

clausi scan /path/to/project -r EU-AIA -r GDPR -r HIPAA

All Available Frameworks:

clausi scan /path/to/project -r EU-AIA -r GDPR -r ISO-42001 -r HIPAA -r SOC2

Note: Scanning multiple frameworks increases cost and time. Use clausi estimate to preview costs before scanning.

Which Framework Do I Need?

EU-AIA (EU AI Act) - 8 Articles

Choose if: You're deploying AI systems in the EU, or your AI system is classified as "high-risk"

GDPR - 9 Articles

Choose if: You process personal data of EU citizens

ISO-42001 - 8 Clauses

Choose if: You need an AI management system certification or industry standard compliance

HIPAA - 8 Rules

Choose if: You handle protected health information (PHI) in the US healthcare industry

SOC 2 - 20 Criteria

Choose if: You're a service provider that needs to demonstrate security controls to customers

Custom Regulations - Unlimited

Choose if: You need UL certifications, internal policies, PCI DSS, NIST, or any other custom compliance framework

Ready to scan your codebase?

Start with $2.00 free credit and scan against any of these 53 clauses.

Get Started