Retail & commercial banking
PSD3, FFIEC, RBI, MAS, CRR3 — agent and employee actions need a payment authority chain, not an OAuth token.
SOC 2 · ISO 27001 · PCI DSS 4.0 · PSD2/3 · DORA · NIS2
By sector · 18 regulated sectors
One protocol. Every regulated sector.
18 sector cards below. Each one bundles Core with the overlays the sector needs and lists the frameworks it aligns with. Adopt only what you need; Core handles the rest. Full normative detail: whitepaper §7.
18 sectors with their profile bundles.
Pick the sector you operate in. The profiles you need are listed below it. Adopt only those; Core handles the rest.
Payments & cards
Per-currency, per-rail, per-amount sPDP gating; signed proof bundles per authorise; ISO 20022 alignment in the high-assurance overlay.
PCI DSS 4.0 · PSD2/3 · DORA
Healthcare & life sciences
HIPAA wants the consent chain. The hospital wants the redaction trace. The patient wants their AI not to leak their record.
HIPAA · ISO 27001 · EU AI Act
Capital markets & treasury
An autonomous treasury bot rebalances. Auditors need authority + scope + attestation + decision — not “the bot did it.”
SOC 2 · ISO 27001 · DORA
Custody & digital-asset operators
Wallets, signers, signers’ signers. Without an authority chain, “who moved this” is forensics, not policy.
SOC 2 · ISO 27001 · MiCA
Insurance & underwriting
Underwriting agents pull data and price risk. Regulators need the data-source authority and the consent the customer gave.
SOC 2 · ISO 27001 · GDPR · EU AI Act
AI labs & autonomous agents
Your agent does something destructive. The user asks you to prove it wasn’t supposed to. Now do that for every agent on every tenant.
EU AI Act · SOC 2 · NIS2
Public sector
Cross-domain trust, attested workloads, FOIA-grade transparency log — one chain across agencies and contractors.
NIST 800-207 · FedRAMP · NIS2
Marketplaces & platforms
Sellers, agents acting for sellers, model-trained tools acting for both. Disputes need the chain, not chat logs.
SOC 2 · ISO 27001 · GDPR
Defence
Mission authority, command-chain audit for autonomous and semi-autonomous systems — rules of engagement attached to every action.
NIST 800-207 · FedRAMP · NIS2 · EU AI Act
Energy & critical infrastructure
Operator, vendor, maintenance and emergency authority on safety-critical AI/automation across grid, water, telecom, transport.
NIS2 · IEC 62443 · ISO 27001
Manufacturing
Robot, cobot, MES, SCADA, supplier tooling — prove who/what may act on which production asset, under what state and approval.
ISO 27001 · ISO 9001 · IEC 62443 · EU AI Act
Oil & gas
Field-asset authority, contractor delegation, safety-critical actions, emergency overrides, environmental incident evidence.
IOGP · ISO 14001 · IEC 62443 · NIS2
Mining
Autonomous equipment authority, site access, operator delegation, safety exclusion zones, remote-control authority.
ISO 27001 · ISO 45001 · IEC 62443
Automotive
Vehicle software authority, OTA updates, supplier components, fleet/driver/dealer delegation, model/tool version audit.
UNECE R155/R156 · ISO 21434 · IATF 16949 · EU AI Act
Maritime & shipping
Vessel, crew/officer, port agent, cargo, customs, autonomous-vessel and inspection authority — one chain across the route.
IMO MSC.428 · ISPS · ISO 27001
Logistics
Shipment authority, warehouse-robot delegation, courier auth, customs delegation, cold-chain authority, exception approvals.
ISO 27001 · GDPR · IATA
Aviation
Air operations, ground services, autonomous aviation systems — authority and audit for crew, ground, ATC, MRO.
FAA · EASA · ICAO · ISO 27001
Each sector profile composes with the EU AI Act profile (kye-euaiact-1.0) when AI systems or AI agents are involved. KYE Compliance Mapping Rail™ binds the resulting evidence to framework controls.
Ready to see your AI agents flagged?
Start in shadow mode. We’ll deliver your first Evidence Pack™ in 4–8 weeks.