BLUE PAPER · v1.1 · MAY 2026

Regulatory positioning for Sharia-aligned financial AI.

HalalRegTech AI is engineered on a conservative high-risk-controls basis under the EU AI Act, because its outputs may be used by regulated financial institutions in investment, suitability, risk-management, and product-governance workflows. Four regulatory axes shape the design.

FULL BLUE PAPER · UNDER NDA

Request the full Blue Paper.

The complete regulatory dossier — including the AI Act Classification Matrix, Annex IV technical-documentation map, Provider vs. Deployer obligation split, GDPR roles and lawful-basis table, DORA Pack contents, and Claims Control Matrix — is shared under NDA with qualified institutional reviewers, EIC reviewers, compliance officers, and Sharia advisors.

EU AI Act (Regulation 2024/1689)

The platform is engineered to satisfy the high-risk technical and organisational requirements (Articles 9–15). Final classification under Annex III §5 is sensitive to deployer use case — §5(b) addresses creditworthiness of natural persons, which is not the platform’s primary use; §5 more broadly depends on institutional vs. retail context. The platform’s controls are engineered conservatively so that, in any plausible classification outcome — including high-risk — transparency, accuracy, human oversight, and data governance meet or exceed Annex III requirements.

  • Article 9 — Risk management system. Documented, continuous, with per-release delta-risk assessments.
  • Article 10 — Data governance. Primary data sources are public regulatory filings; LLM-extracted facts governed by constrained-schema pipeline.
  • Article 13 — Transparency. Every verdict surfaces methodology version, input citations, ratios, thresholds, and rule-level breakdown.
  • Article 14 — Human oversight. Pre-issuance review for low-confidence cases. Per-tenant override. Methodology-version kill switch.
  • Article 15 — Accuracy. Deterministic extraction wherever available; LLM benchmarked and confidence-floored.
  • Article 72 — Post-market monitoring. Confidence distributions, divergence rates, override frequency tracked continuously.

GDPR (Regulation 2016/679)

Gottesman Investments Ltd is data controller for platform PII; tenant-supplied data is governed by a data-processor agreement (Article 28). Israel benefits from the European Commission Adequacy Decision (2011, confirmed), so EU-to-Israel transfers do not require SCCs as a baseline. SCCs apply only to onward transfers to non-adequate jurisdictions. A DPIA is drafted (v0) and will be finalised at M3 of the EIC project.

DORA (Regulation 2022/2554)

When the platform serves authorised financial entities, DORA’s ICT third-party risk requirements apply through the entity’s obligations under Articles 28–30. HalalRegTech AI is positioned as a DORA-ready ICT third-party service provider, with a contracted DORA Pack covering ICT third-party register entries, incident-notification SLA, resilience and recovery targets, audit rights, and an exit and data-return plan.

AAOIFI Shari’ah Standards

The platform’s methodologies — built-in AAOIFI methodology, DJIM-aligned, S&P-aligned, House v1 — are documented with explicit references to AAOIFI Standard No. 21 (Financial Papers) and to the indices’ published methodology documents. An independent AAOIFI-aligned advisory letter is an M6 deliverable. Target advisors under outreach are Shariyah Review Bureau (Bahrain), Amanie Advisors (Malaysia), and Yasaar Ltd (United Kingdom).

This page is a summary of the HalalRegTech AI Blue Paper v1.1. The full document, including the AI Act Classification Matrix, Annex IV technical-documentation map, Provider vs. Deployer obligation split, GDPR roles and lawful-basis table, DORA Pack contents, and Claims Control Matrix, is available under NDA. Contact oren.gottesman@gmail.com.

Regulatory positioning, not legal opinion. This is a regulatory-positioning document, not a formal legal opinion. Final classifications under the EU AI Act, GDPR transfer mechanisms in specific deployments, DORA applicability, and Sharia compliance attestations are subject to deployer-specific legal review, external auditor attestation, and AAOIFI-aligned advisor engagement.

NEXT STEP

A 45-minute briefing. For decision-makers only.

With the compliance engineer and Sharia analyst who built HalalRegTech AI. For institutional banks, Sharia boards, regulators, and Sharia advisory partners.

Book a briefing Read the methodologies