Compliance Roadmap
ReGenesis follows a four-stage compliance and product maturity roadmap. Each stage has specific security requirements that must be met before progressing.
- Executive Summary
- Working Knowledge
- Technical Spec
ReGenesis follows a disciplined four-stage compliance roadmap designed to match product maturity with security posture at each stage:
- MVP0 Demo (Q1 2026): Functional prototype with real encryption, basic access controls, and provable data deletion
- Pilot (Q2-Q3 2026): Enterprise-ready security with SOC 2 Type I, SSO/MFA, DPA framework, and first penetration test
- GA Launch (Q4 2026-Q1 2027): Full compliance suite — SOC 2 Type II, multi-tenant RBAC, SCIM, complete procurement packet
- Global Expansion (2027+): ISO 27001, EU AI Act compliance, multi-region deployment, HIPAA readiness
Each stage has defined "gate" requirements that must pass before engaging the next level of enterprise clients.
How to Read the Roadmap
Each stage builds on the previous one, and no rungs can be skipped:
- MVP0: Demonstrates security commitment from day one (real encryption, real deletion)
- Pilot: Passes enterprise security review (SOC 2, SSO, DPA signed)
- GA: Proves sustained security operations (SOC 2 Type II requires 6-12 months of evidence)
- Global: Meets any regulatory regime worldwide
Enterprise Evaluation Readiness
Key points ReGenesis presents during enterprise evaluation:
- MVP0 stage with SOC 2 Type I audit planned for Q2-Q3
- Architecture built to GDPR standards from day one
- SSO integration ready by pilot kickoff
- DPA template includes standard enterprise provisions
- Full detail available in the Procurement Packet and Stage Gates sections
US-First Compliance Sequence
ReGenesis follows a US-first compliance sequence, with EU-grade design built in from day one:
| Compliance Item | Approach |
|---|---|
| SOC 2 | Before ISO 27001 -- SOC 2 is the US enterprise gate |
| Data Residency | US (us-east-1) first -- EU region available on request |
| DPA Model | US commercial DPA primary (GDPR provisions included) |
| Legal Entity | Delaware C-Corp first, EU entity when needed |
| Regulatory Focus | CCPA/CPRA + 20 state laws, with GDPR as design ceiling |