Regulatory Sources

All primary regulatory text used in ComplianceIQ is sourced from public domain government publications.

GDPR

EUR-Lex — Official Journal of the European Union. Regulation (EU) 2016/679 as published. Freely reproducible under EUR-Lex reuse policy.

HIPAA

U.S. Department of Health & Human Services (HHS). Privacy Rule, Security Rule, and Breach Notification Rule: 45 CFR Parts 160 and 164. U.S. Federal government work — public domain (17 USC §105).

CCPA / CPRA

California Legislative Information. Civil Code §§1798.100–1798.199. California state law — public domain.

SOX

U.S. Securities and Exchange Commission (SEC). Sarbanes-Oxley Act of 2002, Sections 302, 404, 409, 802, 906. U.S. Federal government work — public domain (17 USC §105).

FERPA

U.S. Department of Education. 20 U.S.C. §1232g; 34 CFR Part 99. U.S. Federal government work — public domain (17 USC §105).

ADA / Section 508

ADA Title III: U.S. Department of Justice, ADA.gov. Section 508: U.S. Access Board, 29 U.S.C. §794d. WCAG 2.1: W3C Web Accessibility Initiative under W3C Software License.

FedRAMP

FedRAMP Program Management Office (GSA). FedRAMP Authorization Act (FY2023 NDAA, §5921). U.S. Federal government work — public domain (17 USC §105).

PCI-DSS

PCI Security Standards Council — publicly available requirement summaries only. PCI DSS v4.0 (effective March 31, 2024). The full PCI DSS standard is copyrighted by PCI SSC; only public summaries are used here.

Guidance, Checklists & Glossary

Original content generated using the Anthropic Claude API, with primary regulatory text as source material. Each article cites specific regulation sections. Content represents analysis and explanation of public domain regulatory requirements.

For demonstration purposes only. Not legal advice. Consult qualified legal counsel for actual compliance decisions.