Asia AI Governance Compliance-Gap Checker

Dhruv Rajput, Kunal Sharma, Hritick Kushwaha

A research-backed cross-jurisdictional AI governance compliance tool covering Vietnam (Law No. 134/2025/QH15), India (Seven Sutras + DPDP Act 2023), China (sector-specific CAC regulations: GenAI Measures, Deep Synthesis, Algorithmic Recommendation, GB 45438-2025), and the ASEAN Guide on AI Governance and Ethics (2024).

We built a structured JSON governance matrix (4 frameworks × 12 compliance dimensions, every field source-cited with URL, date, and confidence tag) and identified 7 genuine cross-jurisdictional conflicts — cases where satisfying one jurisdiction's requirements makes another's difficult or impossible (e.g., China's mandatory data localization vs. India's cross-border transfer model; Vietnam + China's pre-deployment conformity gates vs. India's explicit ex-post-only model).

The interactive compliance checker takes a free-text AI product description, injects the full governance matrix into a Gemini API prompt as grounding context — not model memory — and returns per-jurisdiction compliance status cards plus flagged conflicts applicable to that specific product. Tested on 4 example products: GenAI banking chatbot, hiring/recruitment AI, deepfake detection tool, and facial recognition surveillance system.

Sub-track: Governance and Geopolitics (AI compliance, cross-border governance harmonization).

Reviewer's Comments

Reviewer's Comments

Arrow
Arrow
Arrow

3/3/4

Criteria 1 - Impact Potential & Innovation: 3

Criteria 2 - Execution Quality: 3

Criteria 3 - Presentation & Clarity: 4

Well-organized and easy to follow, the thing this is missing is this looks like a project report REPORT_DRAFT.md than a regular paper. The project is executable. The "prevents hallucination" claim is asserted, not demonstrated .

Clear problem, reasonable approach.

I like that the project presents a strong research prototype and identified a genuine pain point. However, to become a viable product, the project must clearly define its primary user (compliance officers? startup founders? policymakers? researchers? etc), since their conflicting needs heavily dictate design choices. One of the core weaknesses is in validation, since it's relying on self-authored "happy path" examples and secondary sources leaves the accuracy of the underlying matrix and the reliability of the LLM's reasoning unproven. For a compliance tool, the non-deterministic nature of the LLM-as-reasoner architecture introduces an unacceptable risk of varying assessments for identical inputs, suggesting a shift toward deterministic, rule-based logic for the output layer. Additionally, the project relies heavily on a "not legal advice" disclaimer to navigate this unreliability, placing a big question mark on its utility.

For hackathon projects that's building a tool, I'd highly recommend providing a live UI or demo video to present the project in its supposed final form. Additionally, would be nice to provide a simple product roadmap to present the "next steps" for the project and showing that you have a clear vision of its theory of change.

The smart call here is grounding the model only in your injected, source-tagged matrix instead of its training memory. That is the right way to keep regulatory claims honest, and the confidence tags (nine fields flagged unconfirmed) plus the conservative bar for what counts as a real conflict both show discipline. What is missing is proof it works. The four examples are expected outputs reasoned from the matrix, not actual tool runs, so the accuracy is untested. Run it on those four, report actual against expected, even a small audit closes the gap. Then surface the confidence tags in the UI so users see where the ground is soft, nail down the nine unconfirmed fields against primary text, and lose the REPORT_DRAFT title. Useful prototype, honestly bounded. Validate the one thing you did not.

Cite this work

@misc {

title={

(HckPrj) Asia AI Governance Compliance-Gap Checker

},

author={

Dhruv Rajput, Kunal Sharma, Hritick Kushwaha

},

date={

},

organization={Apart Research},

note={Research submission to the research sprint hosted by Apart.},

howpublished={https://apartresearch.com}

}

Recent Projects

OliGraph: graph-based screening of large oligopools

Existing synthesis screening tools cannot evaluate short oligonucleotide pools, whose overlapping fragments can be reassembled into regulated sequences via polymerase cycling assembly (PCA) yet fall below gene-length detection thresholds. We present OliGraph, an open-source tool that constructs a bi-directed overlap graph from an oligonucleotide pool and extracts contigs for downstream gene-length screening. An optional PCA mode retains only cross-strand overlaps consistent with PCA chemistry. We validated OliGraph in a blinded study across ten simulated pools (70–9,184 oligonucleotides, 30–300 bp) spanning four risk categories. BLAST screening of individual oligonucleotides failed to identify sequences of concern in most pools: three returned zero hits, and vector noise obscured true positives in the remainder. After OliGraph assembly, contig-level BLAST matched the longest assembled sequences (up to 1,905 bp) to sequences of concern at 97–100% identity. In one pool, assembly collapsed 1,634 individual BLAST results into 10 hits from a single contig, all assigned to the same source organism. PCA mode correctly distinguished assemblable from non-assemblable fragments within the same pool. Two pools with no assemblable structure yielded no contigs. OliGraph processed all pools in under 0.2 seconds, fast enough for real-time order screening and consistent with proposals to bring oligonucleotide orders within the scope of synthesis screening regulation.

Read More

BioRT-Bench: A Multi-Attack Red-Teaming Benchmark for Bio-Misuse Safeguards in Frontier LLMs

Frontier AI laboratories are expected to maintain safeguards against biological misuse, but whether deployed models actually refuse bio-misuse queries under adversarial pressure is largely unmeasured in the public literature. We introduce BioRT-Bench, a benchmark that runs four attack methods (direct request, PAIR, Crescendo, and base64 encoding) against four frontier models (Claude Sonnet 4.6, GPT-5.4, DeepSeek V4-flash, Kimi K2.5) across 40 prompts spanning five biosecurity-relevant categories. Responses are scored by a calibrated judge extending StrongREJECT with two bio-specific dimensions: specificity and actionability. We measure Attack Success Rate (ASR), where 0 means the model fully refused and 1 means it provided specific, actionable bio-misuse content. Our results reveal a sharp robustness divide: Chinese frontier models (DeepSeek, Kimi) have under 5% refusal rates even under direct request (ASR 0.88 and 0.79), while Western models (Claude, GPT) maintain substantially stronger safeguards (ASR 0.15 and 0.16). Crescendo is the most effective attack across all models, both in bypassing refusal and in eliciting actionable content. Claude Sonnet 4.6 is the most robust model tested, achieving 100% refusal against base64-encoded prompts.

Read More

PROTEUS (PROTein Evaluation for Unusual Sequences): Structure-Informed Safety Screening for de novo and Evasion-Prone Protein-Coding Sequences

AI protein design tools like RFdiffusion, ProteinMPNN, and Bindcraft make it trivial to produce low-homology sequences that fold into active, potentially hazardous architectures. However, sequence homology-based biosafety screening tools cannot detect proteins that pose functional risk through structurally novel mechanisms with no sequence precedent. We present a tiered computational pipeline that addresses this gap by combining MMseqs2 sequence alignment with structure-based comparison via FoldSeek and DALI against curated toxin databases totaling ~34,000 entries. AlphaFold2-predicted structures are screened for both global fold similarity (FoldSeek) and local active/allosteric site geometry (DALI), capturing convergent functional hazards that sequence screening misses. The pipeline was validated against a panel of toxins, benign proteins, structural mimics, and de novo-designed Munc13 binders, as well as modified ricin variants with residue substitutions. We additionally tested robustness to partial-synthesis evasion, where a bad actor submits multiple shorter coding sequences intended for downstream reassembly into a full toxin-coding gene. We found that while sequence-based screening did not identify any de novo ricin analogues with high certainty, the combined pipeline with FoldSeek and DALI identified all 24 tested de novo ricins as toxic.

Read More

OliGraph: graph-based screening of large oligopools

Existing synthesis screening tools cannot evaluate short oligonucleotide pools, whose overlapping fragments can be reassembled into regulated sequences via polymerase cycling assembly (PCA) yet fall below gene-length detection thresholds. We present OliGraph, an open-source tool that constructs a bi-directed overlap graph from an oligonucleotide pool and extracts contigs for downstream gene-length screening. An optional PCA mode retains only cross-strand overlaps consistent with PCA chemistry. We validated OliGraph in a blinded study across ten simulated pools (70–9,184 oligonucleotides, 30–300 bp) spanning four risk categories. BLAST screening of individual oligonucleotides failed to identify sequences of concern in most pools: three returned zero hits, and vector noise obscured true positives in the remainder. After OliGraph assembly, contig-level BLAST matched the longest assembled sequences (up to 1,905 bp) to sequences of concern at 97–100% identity. In one pool, assembly collapsed 1,634 individual BLAST results into 10 hits from a single contig, all assigned to the same source organism. PCA mode correctly distinguished assemblable from non-assemblable fragments within the same pool. Two pools with no assemblable structure yielded no contigs. OliGraph processed all pools in under 0.2 seconds, fast enough for real-time order screening and consistent with proposals to bring oligonucleotide orders within the scope of synthesis screening regulation.

Read More

BioRT-Bench: A Multi-Attack Red-Teaming Benchmark for Bio-Misuse Safeguards in Frontier LLMs

Frontier AI laboratories are expected to maintain safeguards against biological misuse, but whether deployed models actually refuse bio-misuse queries under adversarial pressure is largely unmeasured in the public literature. We introduce BioRT-Bench, a benchmark that runs four attack methods (direct request, PAIR, Crescendo, and base64 encoding) against four frontier models (Claude Sonnet 4.6, GPT-5.4, DeepSeek V4-flash, Kimi K2.5) across 40 prompts spanning five biosecurity-relevant categories. Responses are scored by a calibrated judge extending StrongREJECT with two bio-specific dimensions: specificity and actionability. We measure Attack Success Rate (ASR), where 0 means the model fully refused and 1 means it provided specific, actionable bio-misuse content. Our results reveal a sharp robustness divide: Chinese frontier models (DeepSeek, Kimi) have under 5% refusal rates even under direct request (ASR 0.88 and 0.79), while Western models (Claude, GPT) maintain substantially stronger safeguards (ASR 0.15 and 0.16). Crescendo is the most effective attack across all models, both in bypassing refusal and in eliciting actionable content. Claude Sonnet 4.6 is the most robust model tested, achieving 100% refusal against base64-encoded prompts.

Read More

This work was done during one weekend by research workshop participants and does not represent the work of Apart Research.
This work was done during one weekend by research workshop participants and does not represent the work of Apart Research.