The EU AI Act is 458 pages. The GDPR is 261 pages. The MiFID II package runs to thousands. Each is published as a PDF, interpreted by lawyers, debated in commentary, and implemented by compliance teams who read the commentary and build internal policies that approximate the original intent.
An agent tasked with “ensure this transaction complies with MiFID II” has to navigate this entire chain. It reads the PDF — poorly, because PDFs are not structured data. It reads the commentary — better, but commentary is opinion, not law. It reads the internal policy — which might diverge from the actual regulation in ways nobody noticed.
The obvious question: what if the regulation itself were a structured, signed, versioned programmatic object rather than a PDF?
Laws as types.
In programming, a type system catches errors before execution. You declare that a variable must be an integer, and the compiler rejects code that tries to assign a string. The type is a constraint that prevents a category of mistakes.
A regulation is structurally similar: it is a constraint on behavior. “Personal data may only be processed with a legal basis” is a type constraint. “Transactions above 10,000 EUR require reporting” is a boundary condition. “AI systems classified as high-risk must undergo conformity assessment” is a type check.
These constraints are currently expressed in natural language, interpreted by humans, and implemented in code by developers who may or may not understand the legal nuance. The translation from legal text to software behavior is manual, error-prone, and expensive. Every company does it independently. Every implementation diverges slightly from every other implementation. The compliance industry exists primarily to manage this translation layer.
If regulations were published as typed, structured, machine-executable objects — with the natural language text as annotation rather than source — the translation layer would collapse. An agent could check compliance directly against the regulation object. No interpretation. No divergence. No compliance team reading commentary and building approximations.
Why nobody is building this.
The technical barriers are modest. Domain-specific languages for legal rules exist — Catala, Legalese, various rule engines. The knowledge representation is tractable. The tooling for structured legal documents is building momentum.
The social barriers are enormous. Regulators write in natural language because they are lawyers trained in natural language. The ambiguity in legal text is not always a bug — sometimes it is intentional flexibility. A type system that eliminates ambiguity also eliminates the interpretive room that allows law to adapt to unforeseen circumstances.
Lawyers have no incentive to make themselves obsolete. The compliance industry has no incentive to eliminate the translation layer that justifies its existence. The regulators have no mandate to publish in structured formats.
And yet the agents cannot read PDFs well. Every agent that needs to check regulatory compliance is doing a lossy translation from natural language to behavior. The error rate of that translation is the compliance risk. The error rate increases with the complexity of the regulation and the number of agents independently translating it.
The compounding asset.
If someone built a comprehensive, structured, machine-readable version of EU financial regulation — not an interpretation, but a formal representation that preserves the legal semantics — it would be a compounding asset. Every new regulation that references existing regulation becomes easier to encode. Every agent that uses the representation adds to its validation. Every correction improves the whole corpus.
The first entrant would have a structural advantage that compounds over time. The moat is not the technology. The moat is the accumulated, validated corpus of structured regulation that took years to build and verify.
Nobody is building it because the incentives are misaligned: regulators will not, lawyers do not want to, and agents do not yet have enough autonomy to create demand. But the demand is forming. And the gap between “agents need structured regulation” and “someone builds it” seems like it is narrowing.
Still too early to say who builds it. Probably not the regulators themselves. Maybe a standards body. Maybe a startup that treats regulatory encoding as a data asset. Not sure. But the need is structural and growing.