LET'S TALK
← All work
Regulatory AffairsPolicy ManagementCompliance OperationsDeep Prototype

CodexFlow — Regulatory Change Intelligence

Tracks 26 seeded regulatory updates from CFR, EU Official Journal, SEC, FDA, HHS, FCA, OCC, CFPB, PCI SSC, and IRS. Each mapped to the internal policies that need review, assigned to an owner, and tracked through to closure. The shape behind regulatory-change-management.

CodexFlow — Regulatory Change Intelligence preview
Open live →

What it is

The single board where every regulatory change that affects your company gets logged, mapped to the internal policies it impacts, assigned to an owner, and tracked from “published” to “implementation complete.”

What it tracks

  • 26 seeded regulatory updates spanning the major US, EU, and UK regulators:
    • CFR / Federal Register: BSA/AML BOI reporting (CTA 31 CFR §1010.380), CIRCIA incident reporting, OFAC sanctions listings.
    • EU Official Journal: DORA RTS, AI Act GPAI Code, NIS2 Directive, CSRD, eIDAS 2.0, EDPB cookie guidelines, DSA VLOP updates.
    • SEC: Cyber incident disclosure (Item 1.05), climate-related disclosures, IA Marketing Rule.
    • FDA: SaMD PCCPs for AI/ML, 21 CFR Part 11 guidance update.
    • HHS OCR: HIPAA reproductive-health protection, proposed HIPAA Security NPRM.
    • FCA: Consumer Duty, Operational Resilience SYSC 15A.
    • PCI SSC: PCI DSS v4.0 / v4.0.1 changes.
    • OCC, CFPB, IRS: climate risk principles, 1033 financial data rights, Form 1099-DA.
  • Per-change record: source, citation, published date, effective date, summary, owner, status (todo/in-progress/done/monitoring), affected internal policies with last-updated date.
  • Status logictodo (no work started), in-progress (assigned, mid-implementation), done (policy updated, evidence saved), monitoring (watch list, no work needed yet).
  • Deadline urgency — under 30 days = critical, 30-90 days = watch, 90+ days = on track.
  • Filterable by source regulator, status, owner, free-text.

Why this shape

Regulatory-change-management is one of the most consistently under-built compliance functions. The pattern at every audit: “you missed this rule because you didn’t see it” — and the rule was published 18 months earlier in a 240-page Federal Register notice.

CodexFlow is the inbox that catches them. Each rule maps to the small number of internal policies it touches. Owners get assigned. The audit trail is the same shape an examiner will ask for.

How it ships

Single HTML file, ~34KB. Zero dependencies. The 26-change catalog, source-registry, policy-mapping, status state machine, and deadline computation are 320 lines of vanilla JavaScript.

Open the tool →