regulation10.ae
DIFC REGULATION 10 · DPL 2020 · EU AI ACT

Your DIFC AI is in scope for Regulation 10. Prove it in an afternoon.

Classify every AI system. Generate the DPIA, the transparency notice (English and Arabic) and the WORM audit trail. Hold the evidence pack the Commissioner can ask for — pinned to UAE North.

  • Data resident in UAE North
  • Citation-pinned to every obligation
  • No login · no email gate
  • EU AI Act Article 5 screen built in

You’re the ASO, the DPO, the counsel, or the board. Pick your view →

You signed the appointment. Reg 10.3.1 makes the liability personal. Hold the proof.

How it works

From a system to a signed evidence pack — four steps.

  1. 01

    Classifyname a system; the engine returns prohibited / high-risk / limited / minimal, with the §.

  2. 02

    GenerateDPIA, transparency notice, register entry. Citation-pinned. Minutes, not weeks.

  3. 03

    Holdevery artefact in a WORM audit trail with SHA-256, in one evidence pack.

  4. 04

    Answerwhen the Commissioner asks, you export the pack the same day.

Outcomes

Four outcomes that move the Commissioner conversation forward

  • Reg 10 readiness in days, not quarters

    Onboarding wizard, risk classification, Article 5 screener, DPIA and transparency notice run from a single tenant — full evidence pack regenerable in under ten minutes.

  • Audit-grade evidence by default

    Every artefact is citation-pinned, content-hashed (SHA-256) and written to a WORM-backed audit trail. The manifest is machine-verifiable end to end.

  • No ACB accreditation needed to enter

    The DIFC Reg 10 Accelerator is a Participant sandbox — not an ACB scheme. Our coverage matrix maps to §1 and §2 line by line so your Accelerator submission lands ready to review.

  • Jurisdiction-portable

    DPIA authority block names OECD, EU AI Act Article 27 and ISO/IEC 42001. The same evidence stack survives translation to your group governance frame.

Shipped today · v2.4 — 24 May 2026

Ten surfaces, one signed evidence pack

Every module below is shipped as of v2.4 (24 May 2026). The v2.4 amendment lifts Modules 2.1 (Bias / Fairness), 2.2 (Threat Model), 3.2 (Complaints SLA tracker) and 4.4 (ISO 42001 + NIST AI RMF + OECD cross-walk pack) into the live set. Module 2.3 red-team report bundles into a Reg 10 Sprint engagement; Module 3.1 drift monitoring is provisioned on first Enterprise tenant signup.

  • Shipped

    Module 1.1

    Risk classification engine

    Rules-based, citation-pinned classification against Reg 10 risk tiers. Flags High Risk Processing on system facts captured during onboarding.

    Reg 10.2.2, EU AI Act Art. 6

  • Shipped

    Module 1.1b

    Article 5 prohibition screener

    Catches prohibited-use cases (subliminal manipulation, social scoring, real-time biometric ID) before a system can be onboarded into evidence-pack flows.

    EU AI Act Art. 5

  • Shipped

    Module 1.2

    DPIA generator

    End-to-end Data Protection Impact Assessment in markdown plus PDF, with HITL, sensitive-data and cross-border sections pre-populated from the System Register.

    DPL 2020 Art. 20; Reg 10.2.2(d)

  • Shipped

    Module 1.3

    Transparency notice (EN + AR)

    Bilingual transparency notice produced from registered system metadata and rendered as a combined PDF for publication.

    DPL 2020 Art. 13–14

  • Shipped

    Module 2.1

    Bias & Fairness

    TS-only fairness audit on plain arrays (four-fifths rule + standard floors). MIT spirit: no Python, no Fairlearn install.

    module-2-1-bias.ts

  • Shipped

    Module 2.2

    Threat Model

    STRIDE + OWASP LLM Top 10 + MITRE ATLAS deterministic rule-based mapping.

    module-2-2-threat-model.ts

  • Shipped

    Module 3.2

    Complaints SLA Tracker

    Reg 10 §6 workflow: state machine, per-tier ack SLA, audit-row per transition.

    module-3-2-complaint-sla.ts

  • Shipped

    Module 3.3

    Audit trail (WORM-backed)

    Every artefact run lands in a write-once-read-many audit row, exportable as CSV plus JSON with SHA-256 content hashes for downstream verification.

    Reg 10.2.2(b); ISO 27001 A.12.4

  • Shipped

    Module 4.1

    Evidence pack

    Signed ZIP plus Manifest.json bundling DPIA, transparency notice, classification report, audit-trail extracts and ASO letter — regenerable in under ten minutes.

    Reg 10.2.2(c)

  • Shipped

    Module 4.4

    ISO 42001 + NIST AI RMF + OECD Cross-walk

    Per-System pack mapping each Reg 10 paragraph to ISO 42001 + NIST AI RMF + OECD + ISO 27001.

    module-4-4-crosswalk.ts

  • Shipped

    Module ASO

    ASO appointment letter

    Generates the actual signed-letter instrument appointing an AI System Officer with DPO-equivalent competencies under DPL Articles 17 and 18.

    DPL 2020 Art. 17–18; Reg 10.3.3(d)

  • Shipped

    Module AISR

    AI System Register entry

    Captures the public-facing system descriptor — abstract, purpose, processing categories — and renders it on the public register page.

    Reg 10.2.1; Accelerator §1 G1.2

Next step

Walk into your Accelerator Testing Team session with an evidence pack already signed.

A 30-minute readiness call maps your system facts onto the §1 / §2 coverage matrix and tells you exactly which artefacts you are short of today.