pa-workflow-regulatory-cross-jurisdiction-tracker
Rating is derived from the repo's GitHub stars and shown for reference.
automation_control
name: pa-workflow-regulatory-cross-jurisdiction-tracker
description: Use when a multinational client or law firm practice group needs to monitor and compare regulatory developments across multiple jurisdictions simultaneously. Produces a weekly-updated comparative table, impact assessments per jurisdiction, and implementation timeline recommendations. Designed for MENA-headquartered clients with exposure to UAE, KSA, LB, EG, EU, UK, and US regulatory frameworks, particularly in financial services, data, and technology sectors.
license: MIT
metadata:
id: pa-workflow.regulatory.cross-jurisdiction-tracker
category: pa-workflow
practice_area: Regulatory
jurisdictions: [UAE, KSA, LB, EG, DIFC, ADGM, EU, UK, US, GCC]
priority: P1
intent: [regulatory, multi-jurisdiction, compliance-tracking, comparative, monitoring, update]
related: [pa-workflow-regulatory-daily-digest-publisher, pa-workflow-regulatory-compliance-gap-matrix, pa-workflow-regulatory-client-alert-drafter-firm-voice, pa-workflow-regulatory-enforcement-likelihood-scorer]
source: Louis — HAQQ Legal AI (github.com/sboghossian/mini-claude-for-legal)
version: "1.0"
Regulatory — Cross-Jurisdiction Tracker
Purpose
Multinational clients face a fragmented regulatory landscape: the same business activity (data processing, AML, financial services, AI deployment) is regulated differently across jurisdictions, often on different timelines. This workflow maintains a living comparative table that tracks regulatory developments across the client's relevant jurisdictions, assesses impact, and recommends implementation sequencing.
Inputs
| Input | Required | Notes |
|---|---|---|
| Client's operational jurisdictions | Yes | List of countries / free zones where the client is licensed or active |
| Regulatory domains to track | Yes | E.g., data protection, AML/CFT, financial services licensing, AI governance, ESG |
| Update frequency | Recommended | Default: weekly; daily for clients in high-flux regulatory environments |
| Client profile | Recommended | Industry sector, license types, data footprint — determines relevance scoring |
| Prior tracker version | Optional | For delta-only updates |
Tracker Structure
Comparative Regulatory Table
The core output. Rows = regulatory domains or specific requirements. Columns = jurisdictions.
| Requirement | UAE (mainland) | DIFC | KSA | LB | EG | EU (GDPR) | UK | US (sectoral) |
|---|---|---|---|---|---|---|---|---|
| Data Protection | ||||||||
| Data subject rights | Law in force (PDPL-UAE, 2022) | DIFC DP Law 2020 | PDPL KSA (2024) | Draft law (stalled) | Law 151/2020 | GDPR Art. 12–22 | UK GDPR | CCPA/CPRA (CA); sectoral |
| Cross-border transfer | Adequacy / contractual safeguards | DIFC DP adequacy decisions | Restricted; regulatory approval required | Not yet operative | CBE framework | Standard Contractual Clauses | UK IDTA | No federal standard |
| AML/CFT | ||||||||
| Beneficial ownership | UAE corporate register (AML Law) | DIFC BO register | MISA/Zakat requirements | BDL circulars | Law 80/2002 | 5AMLD / 6AMLD | POCA + MLR 2017 | FinCEN CDD Rule |
For each cell: current status (In force / Draft / Consultation / Not yet adopted) + effective date + key obligation summary.
Delta Log (weekly update)
Track changes since last report:
## Weekly Regulatory Delta — [Date Range]
### NEW DEVELOPMENTS
**UAE — VARA Virtual Asset Regulation Update**
- Summary: VARA issued updated marketing regulations for virtual asset service providers
- Effective: 30 days from publication
- Client impact: HIGH if client operates a VASP or promotes virtual asset products
- Action required: Review marketing materials for compliance before deadline
**KSA — SDAIA PDPL Implementing Regulations (Draft)**
- Summary: Draft implementing regulations for consent and data transfer published for consultation
- Comment deadline: [date]
- Client impact: MEDIUM — refines but does not fundamentally change current compliance approach
- Action required: Review draft; submit comment if client has KSA data operations
### UPCOMING DEADLINES
| Jurisdiction | Requirement | Deadline | Client impact |
|---|---|---|---|
| UAE | CBUAE Open Banking Phase 2 | 2025-09-01 | HIGH — licensed bank |
| EU | AI Act high-risk AI systems compliance | 2026-08-02 | MEDIUM — client uses AI in credit scoring |
| KSA | PDPL — data subject rights operationalization | 2025-03-17 | HIGH — large Saudi customer base |
Impact Assessment per Jurisdiction
For each active regulatory development:
| Development | Jurisdiction | Applicability | Impact level | Recommended action | Urgency |
|---|---|---|---|---|---|
| VARA Marketing Regs | UAE | VASP clients | HIGH | Legal review of all marketing materials | IMMEDIATE |
| AI Act — High-Risk AI | EU | AI product clients | MEDIUM | Risk classification of AI systems | Q3 2025 |
| PDPL Data Transfers | KSA | Any entity processing Saudi residents' data | HIGH | Review transfer mechanisms; obtain required approvals | URGENT |
Implementation Timeline Recommendations
The tracker produces a sequenced implementation schedule per client, accounting for:
- Regulatory deadlines (hard compliance dates)
- Regulator inspection schedules (if known)
- Interdependencies between jurisdictions (e.g., implementing GDPR-compatible policies first makes DIFC DP compliance easier)
- Client's resource constraints
Q1 2025 — Complete
[x] UAE CBUAE AML update — policy updated, staff trained
[x] DIFC DP Law — data mapping completed
Q2 2025 — In progress
[ ] KSA PDPL — data subject rights process (due Q2)
[ ] UAE VARA — marketing materials review (due before VARA inspection)
Q3 2025 — Planned
[ ] CBUAE Open Banking Phase 2 — API integration (due Sep 2025)
Q4 2025 — Planned
[ ] EU AI Act preparation — risk classification of AI systems
Regulatory Intelligence Sources
For each jurisdiction, the tracker pulls from:
| Jurisdiction | Source |
|---|---|
| UAE | UAE Official Gazette (Al-Jarida Al-Rasmiya); CBUAE website; SCA/ESCA; VARA; DIFC portal; ADGM portal |
| KSA | Saudi Official Gazette (Umm Al-Qura); SAMA; SDAIA; CMA; Zakat, Tax and Customs Authority (ZATCA) |
| Lebanon | BDL circulars; Lebanese Official Gazette; Ministry of Economy |
| Egypt | Official Gazette; CBE; FRA |
| EU | EUR-Lex; EDPB guidelines; EBA/ESMA/EIOPA |
| UK | UK Official Gazette; FCA; ICO |
| US | Federal Register; SEC; FinCEN; CFPB |
MENA-Specific Tracking Notes
- GCC convergence: GCC states coordinate through the GCC Secretariat on financial regulation. A development from SAMA or CBUAE often signals forthcoming similar requirements in other GCC states (3–18 months lag typical).
- Free zone vs. onshore: UAE developments often apply differently to DIFC/ADGM (which have their own regulators) vs. mainland UAE. Track separately; do not conflate.
- Arabic-language sources: Many MENA regulatory developments are published first in Arabic with later English translations. The tracker should process Arabic-language official gazettes directly to avoid delay.
- Regulatory consultation windows: GCC regulators increasingly publish consultation papers. Clients in affected industries should consider submitting comments — it signals engagement and sometimes influences final rules.
Output Formats
- Full tracker (spreadsheet): complete comparative table, all jurisdictions, all domains
- Weekly delta report (email/Slack): new developments + upcoming deadlines only
- Board compliance summary (presentation): quarterly, executive-level view
- Jurisdiction spotlight (PDF): deep dive on a single jurisdiction, triggered by a major development
Related Skills
- [[pa-workflow-regulatory-daily-digest-publisher]]
- [[pa-workflow-regulatory-compliance-gap-matrix]]
- [[pa-workflow-regulatory-client-alert-drafter-firm-voice]]
- [[pa-workflow-regulatory-enforcement-likelihood-scorer]]