Regulatory Change Management

Monitor regulatory changes, impact assessment, obligation tracking

View the interactive project page →

Regulatory Change Management

Part of the worlds-biggest-software-project initiative.

An AI-native platform that monitors regulatory changes across jurisdictions, extracts obligations automatically, and routes impact assessments through structured compliance workflows.

Regulatory Change Management (RCM) software helps compliance teams at financial institutions, healthcare providers, energy companies, and other regulated industries systematically track, assess, and act on changes to laws, regulations, and standards. This project aims to deliver an accessible, AI-powered alternative to enterprise-only incumbents, combining automated regulatory content ingestion with LLM-driven obligation extraction and configurable remediation workflows.


Why Regulatory Change Management?

  • Enterprise pricing locks out the mid-market. Leading platforms like NAVEX and MetricStream require enterprise contracts, leaving mid-sized and single-jurisdiction organisations without adequate tooling.
  • Manual tracking is error-prone. Compliance teams still rely on RSS feeds, email bulletins, and spreadsheets to monitor regulatory updates, leading to missed obligations that can result in fines, reputational damage, or enforcement action.
  • Incumbent UIs have lagged behind. MetricStream's full GRC platform carries excessive complexity for teams needing only RCM capability, and its UI modernisation has trailed cloud-native competitors.
  • Content quality is uneven. Even the broadest content feeds (NAVEX covers 8,000+ regulators across 197 countries) show variable quality for niche or non-English jurisdictions, and competitors like AuditBoard require separate third-party content subscriptions with no proprietary database at comparable scale.
  • No open, API-first RCM exists. Current solutions are closed SaaS platforms. There is no open-source, API-first RCM tool that teams can embed into their existing GRC and policy management stacks.

Key Features

Regulatory Content Ingestion

  • Automated ingestion of regulatory updates from configurable government feeds and licensed third-party APIs
  • Tagging by jurisdiction, topic, urgency, and effective date with filtered views
  • Pre-built regulation libraries for major industry verticals (financial services, healthcare, energy)
  • Multi-jurisdiction and multi-language support for global compliance programmes

Obligation Management

  • Structured obligation register linking each regulatory requirement to policies, controls, and accountable owners
  • AI-assisted obligation extraction from unstructured regulatory text, reducing manual parsing effort
  • Semantic similarity search identifying how new regulations relate to obligations already tracked
  • Bi-directional traceability from regulatory change through to updated policy documents and tested controls

Impact Assessment Workflows

  • Structured questionnaire routing regulatory changes to relevant business unit owners for evaluation
  • Automated impact scoring providing an AI-generated assessment before human review
  • Configurable multi-stage approval and review processes matching organisational governance models
  • Cross-functional workspaces engaging legal, operations, and finance teams alongside compliance

Task Assignment and Remediation

  • Automated routing of remediation actions to responsible stakeholders with deadlines and escalation rules
  • Status dashboards with completion tracking and automatic escalation reminders
  • Integration with Jira, ServiceNow, and other ticket management systems for remediation workflows

Horizon Scanning and Reporting

  • Forward-looking alerts for proposed rules, consultations, and draft legislation before binding effective dates
  • Compliance status heat map across the regulatory universe by jurisdiction and topic
  • Comprehensive audit trail of all review decisions and obligation completion status for regulatory examination
  • Board-ready compliance reporting with automated narrative generation

AI-Native Advantage

This project applies large language models directly to the regulatory compliance workflow. LLM-powered obligation extraction parses dense regulatory text to produce structured obligation records with owner, deadline, and control implications -- work that currently takes compliance analysts hours per regulatory update. Semantic similarity search automatically surfaces connections between new regulations and existing obligations in the register. A natural-language Q&A interface lets compliance team members ask questions like "What does DORA Article 17 require us to do and which of our current controls address it?" instead of manually cross-referencing documents. GenAI risk mapping links incoming regulations to affected business units and processes automatically, enabling impact assessment before human review even begins.


Tech Stack & Deployment

  • API-first architecture designed for embedding regulatory alerts and obligation data into existing GRC tools
  • REST API integration with GRC platforms (ServiceNow, SAP, Oracle, Salesforce), document management systems, and policy platforms
  • Role-based access controls aligned with compliance organisational structures
  • NLP pipeline for parsing and classifying regulatory text across multiple languages
  • Regulatory content sourced directly from government publication APIs and official registers, supplemented by licensed third-party feeds (Wolters Kluwer, Thomson Reuters)
  • Self-hosted and cloud deployment options

Market Context

The regulatory change management market shows high demand, with Gartner maintaining an active review market for RCM solutions and enterprise buyers spanning financial services, healthcare, energy, and other regulated industries. Incumbent pricing follows enterprise SaaS subscription models, typically per user or per regulatory domain, with premium tiers for broader jurisdictional coverage or AI-enhanced analysis. Implementation timelines for leading platforms like NAVEX can stretch to several months for large deployments, creating an opportunity for a faster-to-deploy, more accessible alternative.


Project Status

This project is in the research and specification phase. Contributions, feedback, and domain expertise are welcome.


Contributing

We welcome contributions from developers, domain experts, and potential users. See CONTRIBUTING.md for guidelines.

Important: All contributions must be your own original work or clearly attributed open-source material with a compatible licence. Copyright infringement and licence violations will not be tolerated and will result in immediate removal of the offending contribution. If you are unsure whether a piece of code, text, or other material is safe to contribute, open an issue and ask before submitting.


Licence

Licence to be determined. See discussion for context.