Regional regulatory regimes

Designed with your home regulator in mind.

Xlooop is Australian-headquartered (ADEVI PTY LTD trading as Xlooop) and available worldwide. Our legal posture is global by legal coverage · focused by GTM — the Stripe pattern. Five launch markets: AU + US + UK + DE + FR.

currently showing · 🇦🇺 Australia · switch region in the top nav to repaint this page + /trust + /legal/*.

※ IP coverage · US Patent 11,604,641 (US grant · 24 claims · 2 independent · granted 2023) · European patent pending (decision Oct 2026). Adevi IP Holding Company Pty Ltd is the patent assignee.

Country-by-country

Five regimes — one cockpit.

🇦🇺 Australia · regulator stack

Privacy regime · Privacy Act 1988 (Cth) · OAIC AI Guidance (Oct 2024).

REGULATORSCOPEWHAT XLOOOP PRODUCES
TPBTax Practitioners Board — Code of Professional Conduct + record-keeping for registered tax + BAS agentsAI-assisted client interaction evidence trail · TASA s30-10 disclosure pack · per-client AI-use disclosure
ATOLodgement audit trail + ANZSIC benchmark conformityReviewer-signed AI-assisted return record · ATO Small Business Benchmark cross-reference
AUSTRACAML / CTF transaction surveillance + suspicious-matter reportingSuspicious-matter surfacing in audit ledger · SMR pre-population
OAICPrivacy Act 1988 + APPs + Notifiable Data Breaches + AI Guidance (Oct 2024)APP-compliant data handling · NDB-compliant incident response · AI-decision transparency
NAICGuidance for AI Adoption (Oct 2025) + Responsible AI IndexAS ISO/IEC 42001:2023 alignment target · L0–L5 readiness band mapping
ASDEssential 8 cyber maturity modelDMARC · TLS · patching · MFA · backup discipline
NSW Fair TradingState-level building defect liabilityPre-purchase + pre-settlement evidence chain
APES 110Accounting Professional + Ethical Standards — independence + objectivity + integrityAI-assisted client work auditable trail · independence-threat record
NDIA + ADHANDIS + Aged Care — provider audit + clinical governanceAudit-grade service-delivery record · ADM-aligned care decision log
Privacy Amendment Act 2024Statutory tort + ADM transparency (commencing 10 Dec 2026)Forward-looking ADM disclosure (live now) · serious-invasion-of-privacy mitigation evidence
EU coverage beyond DE + FR

Legal framework remains EU-wide.

Our v2.1-FINAL privacy policy + terms + data sovereignty pages address EU GDPR + EU AI Act at the union level (with national DPAs named for DE + FR specifically). EU customers from other Member States (NL · IT · ES · BE etc.) sign under the same EU-framework terms — they’re just outside our active GTM focus.

ACTIVE GTM (2026)AU · US · UK · DE · FR
SIGN-CUSTOMERS-ON-REQUESTOther EU Member States (NL · IT · ES · BE etc.) — EU framework applies
CASE-BY-CASEOther regions (NZ · SG · CA etc.) under AU-baseline + region-specific assessment
Cross-region operating principles

Constant across all five regimes.

01

Region-bound by default

Your data lives in your home edge — AU edge for AU · US edge for US · UK edge for UK · EU edge for DE+FR. No cross-edge transfer without explicit operator action + warning + audit-trail entry.

02

Voluntary higher standard

We voluntarily comply with the Australian Privacy Principles even under small-business exemption; we extend that voluntary-compliance posture to EU GDPR + UK GDPR + CCPA/CPRA + state laws as multi-jurisdictional good-faith baseline.

03

Cross-border transfer mechanism

EU SCCs 2021 Module 2 (controller-to-processor) for EU→AU transfers; UK IDTA + EU SCCs UK addendum for UK→AU; APEC CBPRs + APP 8 reasonable steps for AU→US.

04

Practitioner-attested before publication

AU-qualified legal practitioner sign-off on Privacy + Terms + Data Sovereignty v2.1-FINAL is the non-negotiable publication gate for AU; US + UK + DE + FR practitioner sign-off required pre-respective-country GTM.

05

National-DPA-addressable

DE customers see BfDI + Länder DPAs; FR customers see CNIL; UK customers see ICO. No generic "the EU DPA" framing — every supervisory authority is named.

06

No transfer without notice

Cross-border transfers disclosed in privacy policy + data-sovereignty page; customers can request a region-pin at engagement.

Country-switcher behaviour

What changes when you switch region.

Ten things repaint when you change country in the top-nav switcher — pre-signup it’s session-scoped; post-signup it’s persisted to your workspace preferences.

  1. 01Regulator panel (this page + /trust) re-renders to your home-country regulators
  2. 02Pricing currency switches (A$ → US$ → £ → €) with exchange-rate lock-at-engagement
  3. 03Data residency language shifts to home-country edge
  4. 04Privacy notice swaps to home-country collection notice
  5. 05Supervisory-authority escalation path updates
  6. 06Stats swap to home-country sources (NAIC AU · Stanford+McKinsey US · Ofcom UK · Bitkom DE · Numeum FR)
  7. 07Cyber-cost stat swaps to home-country source
  8. 08Sweep sources swap to home-country public registers
  9. 09Accounting platforms swap to home-country dominant providers
  10. 10Sample firm "Meridian Accounting Partners" swaps entity form (Pty Ltd · LLC · Ltd · GmbH · SAS) + ID format (ABN · EIN · Companies House · HRB · SIREN)
Frequently asked questions

The five questions buyers ask in regional review.

?Need help?