AI-powered compliance intelligence for founders, CEOs and company secretaries. Map your obligations across 27 frameworks — DPDP, GDPR, ISO 27001, SOC 2, PCI DSS, NIST CSF, POSH and more. Built into Lekha, additive to the 132+ documents you already use.
India's data-protection statute.
The EU's data-protection regulation.
The international standard for an Information Security Management System (ISMS).
The privacy extension to ISO 27001.
An attestation over controls relevant to security, availability, processing integrity, confidentiality and privacy.
The security standard for organisations that store, process or transmit cardholder data.
A risk-based cybersecurity framework organised around six functions: Govern, Identify, Protect, Detect, Respond and Recover.
California's consumer-privacy law.
India's workplace law against sexual harassment.
Post-Brexit UK data-protection law, largely mirrors EU GDPR but enforced by the ICO.
Mandatory cybersecurity law for EU essential and important entities (energy, transport, banking, health, digital infrastructure and more).
Risk-tiered regulation of AI systems.
Federal US law protecting Protected Health Information (PHI).
Brazil's comprehensive data-protection law, effective 2020 with administrative enforcement from 2021.
Singapore's data-protection law enforced by the PDPC.
UAE's federal data-protection law (effective 2022, executive regulations 2023).
Saudi Arabia's PDPL (enforced by SDAIA).
Qatar's data-protection law overseen by the Ministry of Communications and Information Technology (MCIT).
Bahrain's data-protection law enforced by the Personal Data Protection Authority (PDPA).
Australia's federal privacy law applying to agencies and organisations with turnover > A$3 million (and others).
Mandatory cybersecurity standard for all APRA-regulated entities (banks, insurers, super funds).
South Africa's data-protection law enforced by the Information Regulator.
Kenya's data-protection law enforced by the Office of the Data Protection Commissioner (ODPC).
Nigeria's comprehensive data-protection law (signed June 2023), replacing the NDPR 2019.
NIS2 expands EU cybersecurity obligations to 'essential' and 'important' entities across 18 sectors.
CPS 234 requires APRA-regulated entities (banks, insurers, superannuation funds) and their material ICT service providers to maintain information security capability commensurate with threats, classify information assets, test controls, and notify APRA within 72 hours of material incidents.
US federal law for financial institutions (and, via FTC, non-bank financial companies).
Each step builds on the last. Complete them in order or jump straight to the one you need.
Describe your company in plain English. Dharma's AI reads your industry, data types and jurisdictions and returns a tailored compliance landscape in seconds.
Start your brief →Answer a short form about your data, business model and geography. Dharma maps exactly which of the 9 frameworks apply to you and why.
Get your compliance map →Tick the frameworks in scope and enter your current coverage score per framework. See your overall readiness at a glance and your top priority gaps.
Score your readiness →Upload a policy or contract. Dharma flags gaps against your selected governance baselines — missing incident response, no DPO, no review cadence — with citations.
Run a governance audit →Generate a board-approved Governance & Compliance Framework Charter as a polished DOCX or PDF. Covers adopted frameworks, risk ownership, policy stack and review cadence.
Build your charter →Dharma is additive. Your existing documents, templates and the standard Lekha audit are unchanged. Dharma simply adds a governance charter and governance-specific checks on top.