Your DIFC AI is in scope for Regulation 10. Prove it in an afternoon.
Classify every AI system. Generate the DPIA, the transparency notice (English and Arabic) and the WORM audit trail. Hold the evidence pack the Commissioner can ask for — pinned to UAE North.
- Data resident in UAE North
- Citation-pinned to every obligation
- No login · no email gate
- EU AI Act Article 5 screen built in
You’re the ASO, the DPO, the counsel, or the board. Pick your view →
You signed the appointment. Reg 10.3.1 makes the liability personal. Hold the proof.
How it works
From a system to a signed evidence pack — four steps.
- 01
Classify — name a system; the engine returns prohibited / high-risk / limited / minimal, with the §.
- 02
Generate — DPIA, transparency notice, register entry. Citation-pinned. Minutes, not weeks.
- 03
Hold — every artefact in a WORM audit trail with SHA-256, in one evidence pack.
- 04
Answer — when the Commissioner asks, you export the pack the same day.
Outcomes
Four outcomes that move the Commissioner conversation forward
Reg 10 readiness in days, not quarters
Onboarding wizard, risk classification, Article 5 screener, DPIA and transparency notice run from a single tenant — full evidence pack regenerable in under ten minutes.
Audit-grade evidence by default
Every artefact is citation-pinned, content-hashed (SHA-256) and written to a WORM-backed audit trail. The manifest is machine-verifiable end to end.
No ACB accreditation needed to enter
The DIFC Reg 10 Accelerator is a Participant sandbox — not an ACB scheme. Our coverage matrix maps to §1 and §2 line by line so your Accelerator submission lands ready to review.
Jurisdiction-portable
DPIA authority block names OECD, EU AI Act Article 27 and ISO/IEC 42001. The same evidence stack survives translation to your group governance frame.
Shipped today · v2.4 — 24 May 2026
Ten surfaces, one signed evidence pack
Every module below is shipped as of v2.4 (24 May 2026). The v2.4 amendment lifts Modules 2.1 (Bias / Fairness), 2.2 (Threat Model), 3.2 (Complaints SLA tracker) and 4.4 (ISO 42001 + NIST AI RMF + OECD cross-walk pack) into the live set. Module 2.3 red-team report bundles into a Reg 10 Sprint engagement; Module 3.1 drift monitoring is provisioned on first Enterprise tenant signup.
- Shipped
Module 1.1
Risk classification engine
Rules-based, citation-pinned classification against Reg 10 risk tiers. Flags High Risk Processing on system facts captured during onboarding.
Reg 10.2.2, EU AI Act Art. 6
- Shipped
Module 1.1b
Article 5 prohibition screener
Catches prohibited-use cases (subliminal manipulation, social scoring, real-time biometric ID) before a system can be onboarded into evidence-pack flows.
EU AI Act Art. 5
- Shipped
Module 1.2
DPIA generator
End-to-end Data Protection Impact Assessment in markdown plus PDF, with HITL, sensitive-data and cross-border sections pre-populated from the System Register.
DPL 2020 Art. 20; Reg 10.2.2(d)
- Shipped
Module 1.3
Transparency notice (EN + AR)
Bilingual transparency notice produced from registered system metadata and rendered as a combined PDF for publication.
DPL 2020 Art. 13–14
- Shipped
Module 2.1
Bias & Fairness
TS-only fairness audit on plain arrays (four-fifths rule + standard floors). MIT spirit: no Python, no Fairlearn install.
module-2-1-bias.ts
- Shipped
Module 2.2
Threat Model
STRIDE + OWASP LLM Top 10 + MITRE ATLAS deterministic rule-based mapping.
module-2-2-threat-model.ts
- Shipped
Module 3.2
Complaints SLA Tracker
Reg 10 §6 workflow: state machine, per-tier ack SLA, audit-row per transition.
module-3-2-complaint-sla.ts
- Shipped
Module 3.3
Audit trail (WORM-backed)
Every artefact run lands in a write-once-read-many audit row, exportable as CSV plus JSON with SHA-256 content hashes for downstream verification.
Reg 10.2.2(b); ISO 27001 A.12.4
- Shipped
Module 4.1
Evidence pack
Signed ZIP plus Manifest.json bundling DPIA, transparency notice, classification report, audit-trail extracts and ASO letter — regenerable in under ten minutes.
Reg 10.2.2(c)
- Shipped
Module 4.4
ISO 42001 + NIST AI RMF + OECD Cross-walk
Per-System pack mapping each Reg 10 paragraph to ISO 42001 + NIST AI RMF + OECD + ISO 27001.
module-4-4-crosswalk.ts
- Shipped
Module ASO
ASO appointment letter
Generates the actual signed-letter instrument appointing an AI System Officer with DPO-equivalent competencies under DPL Articles 17 and 18.
DPL 2020 Art. 17–18; Reg 10.3.3(d)
- Shipped
Module AISR
AI System Register entry
Captures the public-facing system descriptor — abstract, purpose, processing categories — and renders it on the public register page.
Reg 10.2.1; Accelerator §1 G1.2
Next step
Walk into your Accelerator Testing Team session with an evidence pack already signed.
A 30-minute readiness call maps your system facts onto the §1 / §2 coverage matrix and tells you exactly which artefacts you are short of today.