Skip to content
regSpace
Book a demo

Agentic GRC platform

Your entire GRC function, augmented by AI agents.

regSpace is your always-on GRC hero, replacing spreadsheets, manual policy reviews, and regulator-alert chaos with three specialist agents, a privacy-analysis toolkit, and one unified, auditable workspace.

Book a demoSee what regSpace does

EU / UK / US / Australia coverage  ·  per-client data residency  ·  SOC 2 control mapping

Watcher · weekly digest
This week · 6 changes that touch you
EDPB guidance 02/2025
Consent-or-pay models reassessed
Redline
FCA PS24/3 · final rules
Consumer Duty board reporting
Cited
ICO update · PECR
Cookie enforcement stance shifts
Cited

Every item links to its primary source.

Open digest

Four GRC problems no spreadsheet has solved.

Compliance teams across the UK, EU, and US tell us the same story. Every box below is one your team has either bought a tool for or is quietly losing time to. regSpace consolidates the lot.

Generic alerts aren’t intelligence

You drown in irrelevant headlines while the rule that affects your vendor contract slips past unread. Noise scales; signal doesn’t.

Risk registers stuck in Excel

Three people own three versions. Owner fields drift when staff change. The CCO can’t answer “what’s our residual exposure in the EU today?” without an email thread.

Owner accountability vacuum

Free-text “owner: head of security” on a control breaks the moment the head of security leaves. Tickets pile up in an inbox no-one watches. SLAs slip silently.

Audit-evidence scrambles

When the auditor arrives, “show me the trail for that control attestation” turns into two analysts and a week of archaeology. Without a tamper-evident audit trail, you cannot prove it happened.

What you actually get

Three agents, a privacy toolkit, and a GRC workspace.

No swarm of bots. Three agents do the work - Watcher monitors and drafts, Assessor scores your policies, Profiler builds your profile. A rule-based Privacy Inspector checks your vendors and data flows, and the GRC Workspace holds your registers, risk matrix, controls, and review workflow. Every card below says what it is.

  • This week3 material
    • FCA: operational resilience updatesource
    • ICO: age-assurance guidancesource
    • EUR-Lex: DORA secondary RTSsource
    • + 47 informational, filtered out

    Watcher

    Agent

    Regulatory monitoring + drafting

    Scans the regulators that touch you and drafts the response.

    A weekly, plain-language digest of only the changes that matter to you - each item linked to its primary source - plus track-change redlines on the policies you publish.

    In every planDetails
  • Privacy notice78/100
    • Lawful basis statedCovered
    • Retention periodsPartial
    • DUAA 2025 ADM rightsMissing

    Assessor

    Agent

    Policy gap analysis

    Scores your policies against the law and shows the gaps.

    Every policy scored out of 100 with a covered / partial / missing breakdown and suggested clause fixes - the score you see on the Gap analysis page.

    In every planDetails
  • Profile draft · v1
    • Privacy noticeFound · 0.94
    • Cookie policyFound · 0.92
    • Data processing addendumGap
    • Acceptable useFound · 0.81

    Profiler

    Agent

    Onboarding + profile research

    Builds your compliance profile from your website.

    A structured, evidence-backed compliance profile in days instead of a multi-week intake spreadsheet - you accept or edit before anything is promoted.

    In every planDetails
  • Vendor riskrule-based
    • Acme Analytics72 · missing DPA
    • DataPipe Inc48 · no SCCs

    Policy vs registers: Twilio used, not named in notice

    Privacy Inspector

    Toolkit

    Vendor, policy + data-flow analysis

    Finds the gaps across your vendors, policies, and data flows.

    Transparent per-vendor risk scores, a claimed-vs-actual reconciliation of your privacy notice against your registers, and the live data-flow map auditors ask for.

    In every planDetails
  • Residual heatmap · 5x5
    5
    10
    15
    20
    25
    4
    8
    12
    16
    20
    3
    6
    9
    12
    15
    2
    4
    6
    8
    10
    1
    2
    3
    4
    5

    L4 x I4 = 16 · High · review ticket raised

    GRC Workspace

    Workspace

    Registers, controls + review workflow

    Your registers, risk matrix, controls, and review workflow in one place.

    One place for your risk register, controls library, org directory, review cycles, and executive dashboard - with reminders that actually fire across email, Slack, Teams, and webhook.

    In every planDetails

All five capabilities are in every plan, from Foundation up. Plans differ only by how many corporate entities they cover and the level of support, not by which capabilities you get.

See what is in each tier and how we compare to OneTrust + AuditBoard

Product tour

Inside the GRC Workspace.

Every screen below mirrors the live portal: risk register, controls library, executive dashboard. Your agents and connectors feed them; your team reviews and signs off.

01GRC Workspace

An ISO 31000 risk register, with a 5x5 heatmap and full audit trail.

Every risk carries inherent and residual scoring, a treatment plan, an owner, its jurisdictions, and a target. Every change is logged automatically, so you always have the audit trail an assessor will ask for. Export to CSV anytime.

app.regspace.ai/risks/r-001
R-001CyberIn treatmentReduce

Loss of customer PII via cloud storage misconfiguration

A misconfigured cloud storage folder is publicly readable and could leak PII for ~50K customers.

Inherent
20
Residual
8target 4
Heatmap · L × I
L1
L2
L3
L4
L5
I5
5
10
15
20
25
I4
4
8
12
16
20
I3
3
6
9
12
15
I2
2
4
6
8
10
I1
1
2
3
4
5
Owner
CISO · Engineering
Jurisdictions
UK, EU
Cadence
Quarterly
Last reviewed
12 Apr 2026
Next review
12 Jul 2026
Linked controls
3 (CTRL-DPO-01 …)
02GRC Workspace

A controls library, mapped from law to policy to control.

Mark a control as failing and regSpace instantly shows every risk it was holding down and every legal requirement it was meeting, then surfaces that exposure on your dashboard straight away.

app.regspace.ai/controls

Controls library

1 failing
  • CTRL-DPO-01Block public access to cloud storageFailingtechnical
    GDPR Art. 32 · ISO 27001 A.5.2
  • CTRL-VENDOR-01Sub-processor due diligence packIn progressprocess
    GDPR Art. 28 · DPA 2018
  • CTRL-LOG-04Privileged-access audit logs retained 365dLivedetective
    ISO 27001 A.8.16 · SOC 2 CC7.2
  • CTRL-IR-02Incident response drill, quarterlyLiveprocess
    DORA Art. 17 · NIS2 Art. 21(2)(c)

Each row links to a detail page with the risks it mitigates, the policy clauses it implements, and the regulator clauses it satisfies.

03GRC Workspace

An executive dashboard you can drill into anywhere.

See your risk by jurisdiction, how many controls are failing, what is overdue, and whether reviews are happening on time, all on one screen. Click any figure to see exactly what sits behind it.

app.regspace.ai/dashboard

Compliance posture

Critical risks
3
2 high · 11 total
Failing controls
1
1 attestation overdue
Exposed by failing controls
4
3 risks · 1 policy clause
Overdue tickets
2
6 open · 12 closed (30d)
Reviews on time
12
last 30 days
Risk by jurisdiction
JurisdictionCriticalHigh
UK21
EU11
US00

Trust & security

Six controls that make this safe to rely on.

Legal-grade reliability has to be built into the system, not left to how well the AI is asked a question. We built regSpace so the guarantees that matter are enforced by the system itself.

FAQ

Questions we hear on every first call.

How is this different from OneTrust, AuditBoard, or LogicGate?

Those are forms-and-workflows tools, useful but the work still falls on your humans. regSpace gives you the same building blocks (risk register, controls library, tickets, dashboards) with specialist AI agents doing the work on top of it. Watcher monitors the regulators that touch you and drafts a source-linked digest plus Word redlines; Assessor scores your policies against the law and shows the gaps; Profiler builds your compliance profile from your website. Alongside them, the Privacy Inspector toolkit scores vendor risk and reconciles your privacy notice against your registers, and the GRC Workspace holds the registers, risk matrix, controls, and review workflow.

Is this legal advice?

No, and we say so on every deliverable. regSpace produces draft regulatory intelligence for your qualified counsel to review and rely on. We do not form a lawyer-client relationship and we do not displace your legal team's judgement. Every digest item links to the primary source we captured so your team can verify it; your legal and regulatory team makes the call.

How do I know a digest item is accurate?

Every item in the digest links straight to the primary source we captured, so your team can read the original and fact-check in one click before relying on anything. Where a change touches a policy you have published, the redline is produced and checked against the exact copy of your policy we saved. The digest is draft intelligence for your review: we don't auto-publish, and nothing is presented as legal advice.

Do you train on our policies?

No. Where our AI providers offer it, we use a mode that keeps no copy of what we send, and we do not fine-tune or train on any client data. Your policies are kept separate from every other customer's and are encrypted with a key dedicated to your organisation; revoking that key makes the data unreadable.

Can I start small and add more later?

Yes. Foundation (Watcher + Assessor + Profiler, plus the core registers) is the entry point, and most pilots start here. Moving up to Compliance Pro adds the GRC Workspace, the Privacy Inspector toolkit, connections that keep your registers up to date automatically, hosted complaints intake, and alerts delivered to Slack, Teams, or your other systems. Compliance Suite adds a contractual SLA, a named CSM, and every connector and channel we operate. Upgrades and downgrades take effect at the next billing period, with nothing to move or re-set-up.

How is this priced?

Three plans, billed annually, listed on the website. Foundation is £9,999/year (Watcher + Assessor + Profiler plus the core registers). Compliance Pro is £19,999/year (adds the GRC Workspace, the Privacy Inspector toolkit, connections that keep registers up to date automatically, hosted complaints intake, and alerts delivered to Slack, Teams, or your other systems). Compliance Suite is Talk to sales for groups that want everything uncapped, with a contractual SLA, a named CSM, and white-glove onboarding. Full breakdown on the pricing page.

How do you handle our industry vertical?

Your compliance profile captures the sectors you operate in and the sectors you serve. Trickle-down exposure (the rules that flow through your customers' sectors to you) is modelled as a first-class relationship, so a SaaS vendor to airlines automatically inherits the relevant aviation-cyber obligations.

Which jurisdictions do you cover?

EU instruments at EU level, the UK, US federal and priority states (California, Colorado, Illinois, Massachusetts, New York, Texas), and Australia. Coverage means weekly monitoring of the primary regulators and legislative trackers in each, with each flagged change linked to its source. We add jurisdictions as our client base expands; no jurisdiction is blocked on any paid plan.

What's the deployment time?

Usually a couple of weeks to first value. Profiler does most of the onboarding work itself: it reads your corporate website, sorts the policies it finds, and proposes a draft compliance profile your counsel reviews and edits before it is treated as the official record. Once your profile is set, the weekly digest starts landing.

Start with Foundation. Redlines on day one.

On day one, Profiler reads your website and the policies you bring, Assessor scores each one against the law, and your redlines are ready the same day. From there, Watcher's weekly digest keeps you current on the regulators that affect you, with a person approving every output. Pro and Suite scale the same complete platform to larger groups.

Book a 30-minute demoSee pricing