Regulatory Agencies Inventory and Attributes

The Regulatory Agencies Inventory governs every body whose requirements create formal compliance obligations for the enterprise — regardless of whether that body is a government agency, a quasi-governmental self-regulatory organization, a supranational institution, a standards-setting body, or an industry self-regulatory organization. A Regulatory Agency qualifies for a record when its requirements create consequences for the enterprise if unmet: legal penalties, financial sanctions, license revocation, market access denial, or reputational harm from public enforcement action. Every entry is a Noun Instance of the Regulatory Agency Noun Type, with its own Semantic ID, its own type classification, its own geographic scope, and its own governed attribute set.

A Regulatory Agency Noun Instance is not a regulation, not a compliance obligation, and not a compliance control. Those are governed by the Regulations Inventory and the Regulatory Obligations Inventory — the two downstream inventories that derive from this one. The Regulatory Agencies Inventory governs the agencies themselves: who they are, what authority they exercise, where that authority applies, and how the enterprise manages its relationship with each one. The distinction matters because the same agency may publish dozens of regulations, each creating hundreds of specific obligations — but there is only one Regulatory Agency record for that body, connecting to all of its regulations and obligations through typed relationships.

The geographic scope of the Regulatory Agencies Inventory is as broad as the enterprise’s operational footprint. A global enterprise may have compliance relationships with hundreds of regulatory agencies across dozens of jurisdictions — federal financial regulators, national data protection authorities, state privacy enforcement offices, supranational bodies like the European Union, standards organizations like ISO and NIST, and industry self-regulatory bodies like the PCI Security Standards Council. All of them belong in this inventory. The geographic classification attributes — Geographic Region, Country, Locale, Jurisdiction Level, and Jurisdiction — enable the enterprise to query its regulatory exposure at any level of geographic granularity from global to municipal.