Regulatory Change Impact

The work risk and compliance teams do every quarter — done in seconds. Paste a regulation update on the left, your business-process inventory on the right. One structured-output call returns the cross-product impact matrix: rows are your processes, columns are the regulation's requirements, cells are color-coded by severity with the gap, the required action, and the owning role. Click any cell to jump to the full action card. The first-pass triage that takes a CRO's team a week, generated as fast as you can pick a preset.

// REGULATION UPDATE 0 chars

// BUSINESS PROCESSES · one per line 0 processes

paste regulation + 3+ processes, or pick a preset

Architecture — what just happened

Browser
  └─→ POST /api/lab/chat
        - system: regulatory-impact prompt with the schema
                  below (versioned: regulatory.v1)
        - user: { regulation_text, process_inventory }
        - temperature: 0.2 (low — reasoning must be stable)
        - max_tokens: 2800
        ← single response, parsed as JSON: {
            regulation, executive_summary,
            timeline_urgency, estimated_effort,
            requirements[], processes[], impact_cells[]
          }
        ← matrix render is a CSS grid:
          grid-template-columns: 220px repeat(N, 1fr)
        ← cells are clickable → highlight the matching
          action card via outline + scrollIntoView

One LLM call. The model reads both inputs, decomposes the regulation into discrete requirements, the inventory into discrete processes, and reasons about each (requirement, process) pair as an explicit cell. The output is a sparse matrix — many cells will be not_applicable, and that's information too. The model also returns an executive summary and a timeline urgency for the CRO read.

Why this matters for risk, compliance, and the CRO

Every regulator is shipping faster than every compliance team can absorb. The EU AI Act, DORA, the Data Act, the AI Liability Directive, NIS2, the SEC cyber rules — these landed inside an 18-month window. A first-line manager reading a 200-page regulation has one job: figure out which of my business processes this touches, and how badly. That triage is the first thing that happens, and it's the thing that gates everything downstream — gap analysis, remediation planning, audit prep.

This demo collapses the triage. Drop the regulation summary on one side, your process inventory on the other, get the impact matrix back. The matrix tells you where to look first. The action cards tell you exactly what each gap is and which role owns the fix.

For the CRO, this is the slide that goes into the next risk committee meeting — already populated, already prioritised, already costed in effort. For the compliance manager, it's the project plan they were going to spend a week building.

Honest caveat: this is an analyst's first draft, not a legal opinion. Production deployments should treat the output as a candidate matrix that a qualified compliance officer reviews, edits, and signs off. The model can mis-classify "not applicable" as "low severity" or vice versa, especially around novel articles where industry interpretation is still forming. Use this to cut the triage from days to hours, not to remove the human.

Telemetry — request, response, parsed structure

Run the demo to see telemetry.