Sovereign AI ready for Brazil.
ReguNav supports AI vendors operating in Brazil under LGPD enforcement by the ANPD, ANS for supplementary healthcare, and BCB cybersecurity + open-banking standards. Portuguese-language consent flows + ANPD-formatted breach notice templates included.
Brazil regulator landscape
Every Brazil control on the platform is anchored to a named regulator artefact. When the regulator updates their guidance, the framework registry takes the bump and every dependent control inherits it.
Frameworks anchored in Brazil
Brazil LGPD
13.709/201818 clauses · 12 controlsBrazil's General Data Protection Law (LGPD). Applies to any processing of personal data carried out by a natural person or a legal entity, public or private, regardless of the means or country in which the data subject is located, provided that (i) processing is carried out in the national territory; (ii) the processing activity has the objective of offering or supplying goods or services to or processing data of individuals located in the national territory; or (iii) the personal data subject of the processing was collected in the national territory. Establishes 10 principles, 10 legal bases, the rights of the data subject, the obligations of controllers and processors, ANPD oversight, and administrative sanctions up to 2% of revenues (capped at BRL 50m per infraction).
Brazil SaaS, fintech, healthcare-AI, or essential-service?
We work with organisations supervised by every regulator listed above. The jurisdiction-aware engine routes incident reports, DSARs, and FRIA submissions to the correct authority + timeline automatically.
Talk to Brazil team →Jurisdiction codes + regulator data are sourced from @regunav/jurisdictions (Apache-2.0, open-source). Adding a new market is a single registry entry — no copy-paste regulator content. See /uk for the bespoke deep-dive template.