# Compliance Frameworks ZK-Provenance supports 5 major compliance frameworks. Each framework maps to a specific set of cryptographic policy constraints applied during proof generation. ## Available Frameworks ### GDPR — General Data Protection Regulation **Jurisdiction:** European Union **Applies to:** Any organization handling EU residents' personal data Key requirements proven: * Data minimization — only necessary data processed * Purpose limitation — data used only for stated purpose * Storage limitation — data not kept longer than necessary * Integrity and confidentiality — appropriate security measures ``` Policy Hash: gdpr-hipaa-2026 Framework Tag: GDPR ``` ### HIPAA — Health Insurance Portability and Accountability Act **Jurisdiction:** United States **Applies to:** Healthcare providers, insurers, and their business associates Key requirements proven: * PHI (Protected Health Information) is properly handled * Minimum necessary standard applied * Access controls in place * Audit trails maintained ``` Policy Hash: gdpr-hipaa-2026 Framework Tag: HIPAA ``` ### SOC2 — Service Organization Control 2 **Jurisdiction:** Global (AICPA standard) **Applies to:** SaaS companies, cloud service providers Key requirements proven: * Security — protection against unauthorized access * Availability — system is available for operation * Processing Integrity — processing is complete and accurate * Confidentiality — confidential information is protected ``` Policy Hash: soc2-gdpr-iso-2026 Framework Tag: SOC2 ``` ### ISO27001 — Information Security Management **Jurisdiction:** Global (ISO standard) **Applies to:** Any organization with information security requirements Key requirements proven: * Information security policies in place * Risk assessment performed * Controls implemented and monitored ``` Policy Hash: soc2-gdpr-iso-2026 Framework Tag: ISO27001 ``` ### CCPA — California Consumer Privacy Act **Jurisdiction:** California, United States **Applies to:** Businesses collecting California residents' personal information Key requirements proven: * Right to know — consumers informed about data collection * Right to delete — data deletion requests honored * Right to opt-out — sale of personal information can be stopped ``` Policy Hash: full-suite-2026 Framework Tag: CCPA ``` ## Choosing a Policy | Your Situation | Recommended Policy | | --------------------------------- | ---------------------- | | Healthcare + EU users | GDPR + HIPAA | | Tech startup + enterprise clients | SOC2 + GDPR + ISO27001 | | US company with California users | Full Suite | | Global enterprise | Full Suite | ## How Policies Work Technically Each compliance policy is represented as a **policy hash** — a Poseidon hash of the policy identifier. This hash is included as a public input in the ZK circuit, cryptographically binding the proof to a specific compliance framework. ```circom // Policy constraint in circuit policy_hash === Poseidon(policy_id); ``` This means a proof generated for GDPR cannot be presented as SOC2 compliance — the policy hash would not match. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.zkprovenance.io/reference/compliance-frameworks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.