CognitivaAV · GCC Authority Portal

Every campaign.
Fully clear.
In seconds.

See who ran the campaign, what was approved, who got paid, and whether every disclosure rule was followed — without chasing anyone. Access is granted to authorised GCC regulatory bodies.

كل حملة. واضحة تماماً. في ثوانٍ.

للجهات الرقابية في دول مجلس التعاون الخليجي

Request Authority Access →Talk to Our GCC Team

Access granted to authorised GCC regulatory bodies · Verified credentials required · gcc@cognitiva.systems

What This Is

No more back-and-forth with agencies.

One code. One lookup. The complete execution record — approved content, licensed creators, disclosed posts, processed payments — all in one place, all independently held.

Agencies and creators keep working the way they always have — WhatsApp, Slack, their own tools. CognitivaAV reads quietly in the background, captures every approval, disclosure, and payment, and locks it into an immutable record.

When you enter a tracking code, you are not looking at a report someone prepared for you. You are looking at the raw execution record — timestamped, signed, and impossible to edit after the fact.

No PDF attachments.

No 'we'll send the documents tomorrow.'

The record is already there, waiting.

Authority Benefits

Six things you see. Instantly.

No training required. No new software to install. Enter the code, see the facts.

01

Creator Licence Status

Confirm UAECA licensing for every creator on the campaign — name, licence number, expiry date — in one view. No manual cross-referencing.

02

Disclosure Compliance

See whether sponsored content was tagged correctly — #ad, #sponsored, GCAM-compliant language — post by post, creator by creator.

03

Approval Chain

Every content approval captured: who reviewed it, who signed off, when it happened, and what was approved. Timestamped and actor-attributed.

04

Payment Verification

AED payment records linked directly to execution events via Stripe — no disconnected bank transfers, no unverified freelance payments.

05

Cross-Border Clarity

For campaigns spanning UAE, KSA, and Egypt — see every creator, every market, every regulatory requirement met, in a single lookup.

06

Immutable Record

CognitivaAV holds the record under independent custody. The agency cannot edit it. The creator cannot edit it. What you see is what happened.

How It Works

From campaign to verified record — automatically.

No one in the agency changes how they work. The record builds itself.

01

Agency runs the campaign

WhatsApp, Slack, email — their usual tools. No workflow change required.

02

CognitivaOS reads silently

AI captures approvals, disclosures, and payment events in real time as they happen.

03

Record is locked

Every event is timestamped, signed, and held in independent custody — nobody can alter it.

04

Authority looks up the code

Enter the tracking code. The full record appears in seconds. No requests, no waiting.

The Authority View

Everything on one screen. Nothing to interpret.

The lookup interface is designed for speed. You enter a code, the record loads, and the key compliance signals are immediately visible — green for clear, amber for flagged.

Creator licensing
Pulled live from UAECA registryCLEAR
Disclosure tags
Verified per post, per platformCLEAR
Approval chain
Shows who signed off and whenCLEAR
Payment records
Linked to execution events, not separateCLEAR
KSA GCAM compliance
Tracked as a first-class fieldCLEAR
UAE VAT documentation
Auto-generated per transactionCLEAR

للجهات الرقابية في دول مجلس التعاون الخليجي

مبني للخليج. بالعربية، من الأساس.

تعامل CognitivaAV اللغة العربية كلغة أصلية — لا ترجمة. يتم التقاط قواعد الإفصاح وأسماء المؤثرين وسجلات الحملات وعرضها بالعربية أصلياً.

سجل الحملة كاملاً

كل موافقة، كل إفصاح، كل دفعة — مسجّلة تلقائياً، مختومة بالوقت، ومحفوظة بشكل مستقل. لا يمكن لأحد تعديلها بعد الحدوث.

+240,000سجلاً محفوظاً

امتثال كامل للوائح الإماراتية والسعودية

نتتبع متطلبات هيئة الاتصالات والإعلام الرقمي والهيئة العامة للإعلام المرئي والمسموع تلقائياً — لكل منشئ محتوى، في كل حملة.

99.1%نسبة الامتثال

Legal Review

28 UAE rules. 34 KSA rules. Every one mapped.

Every rule from the Cognitiva UAE and KSA compliance corpora — grouped by rule set, with severity and the governing instrument for each. Click any rule set to expand.

BLOCK — non-compliant, campaign blocked
WARN — review required before publication
INFO — advisory, no action required

Status: DRAFT — these rule sets have been authored by Cognitiva as a first draft for Counsel review. No admitted Counsel has yet attested to these rules. Citation specifics are marked for Counsel confirmation. The four-eyes activation ceremony under §6.2 of the Counsel Brief has not yet taken place. Attestation letters available on request once activated.

🇦🇪 UAE — 28 Rules across 9 rule sets

🇸🇦 KSA — 34 Rules across 10 rule sets

Honest scope statement: CognitivaAV is a system of record — not a legal advisor, not a compliance officer, and not a regulatory guarantee. The agency retains full legal responsibility for its compliance obligations. CognitivaAV produces the records that regulators require. It does not replace legal counsel. Contract law, employment law, and intellectual property rights are outside the system's scope.

GCC Data Residency

Every GCC country's data stays
in that country.
No exceptions. No asterisks.

This is not a preference setting or a contractual promise that depends on configuration. It is a hard architectural constraint built into the CognitivaOS federation model. Each GCC country has its own independent deployment. Cross-border data movement between deployments is blocked at the infrastructure layer — not just the policy layer.

🇦🇪
UAEDubai deployment
IN-REGION

UAE PDPL · FDL 45/2021 · TDRA attestation pathway · In-region HSM · CBUAE-licensed AED rail

🇸🇦
KSARiyadh deployment
IN-REGION

Saudi PDPL · SDAIA/NDMO attestation pathway · KSA-resident server farm · KSA-bounded key custody

🇶🇦
QatarDoha deployment
IN-REGION

Qatar PDPPL · NDA oversight · In-region deployment · No cross-GCC replication

🇰🇼
KuwaitKuwait City deployment
IN-REGION

Kuwait data-privacy framework · In-region deployment · No cross-GCC replication

🇧🇭
BahrainManama deployment
IN-REGION

Bahrain PDPL (Law 30/2018) · PDPA oversight · In-region deployment

🇴🇲
OmanMuscat deployment
IN-REGION

Oman PDPL · TRA oversight · In-region deployment · No cross-GCC replication

0

data classes that cross any GCC country border

6

independent country deployments — UAE, KSA, Qatar, Kuwait, Bahrain, Oman

15 min

maximum lifetime of any cross-border token — public identity only, zero business data

0

data classes that cross UAE borders

1

deployment where UAE data lives — Dubai, in-region HSM, CBUAE-licensed rail

15 min

maximum lifetime of any cross-border token — public identity only, zero business data

WHAT NEVER LEAVES COUNTRY INFRASTRUCTURE

📄
Contract bodiesThe composed legal text of every campaign contract. Never replicated to another deployment.
📋
Brief contentScope, deliverables, commercial terms — written to the country deployment, read from it. Even when a cross-border counterparty reads it, the content never persists outside UAE storage.
🎨
Deliverable artefactsThe actual creative work product submitted by creators. Held in country deployment only.
🔗
Ledger eventsThe per-tenant hash chain: every approval, every payment trigger, every compliance event. Per-tenant, per-deployment. No global ledger exists.
📲
Connector-sourced dataWhatsApp, Slack, Asana, Stripe data pulled via connectors. Stays in the country deployment. Cross-region connector routing is blocked at intake.
⚖️
Counsel workRule-set authorship, attestation letters, four-eyes activation records. Authored and held in-region.
💳
Payment recordsAED payment data, VAT invoices, Stripe CBUAE settlement records. Country deployment only.

THE ONLY THING THAT EVER CROSSES A BORDER

Public identity layer only — no business data, no campaign content, no payment records.

🔑
Licence key resolutionWhich deployment hosts a counterparty. The licence key format only — no business data. Token: 15 minutes, single-use.
🏷️
Display metadataTenant name and jurisdiction. The minimum needed to render a counterparty name. Token: 15 minutes, single-use.
🔓
Public HSM verification keysSo a regulator can verify an audit export from UAE without the data leaving UAE. The private signing key stays in Dubai permanently.

IN-REGION HSM · PER COUNTRY

Every ledger event is signed by that country's deployment Hardware Security Module. UAE events: signed in Dubai. KSA events: signed in Riyadh. The HSM private key for each country never leaves that country's deployment region.

WHATSAPP IMMEDIATE-PURGE RULE · MODULE CN v1.1

WhatsApp messages are processed in memory only. The AI reads the message, extracts the execution event, writes it to the UAE ledger, then immediately purges the message body. No WhatsApp message content persists in CognitivaOS storage.

Our Commitment

Not a report. A record.

🔐

Independent Custody

Records are held by Cognitiva, not the agency. No one in the campaign chain can modify, delete, or reorder what's captured.

Real-Time, Not Retrospective

Events are captured as they happen — not compiled the night before an audit request. The timestamp is the moment it occurred.

🌍

GCC Data Residency

UAE data stays in the UAE. KSA data stays in KSA. Qatar data stays in Qatar. Kuwait, Bahrain, Oman — each country's data stays in that country. Six deployments. Six independent custody boundaries.

Start Here

Start a lookup.
See it for yourself.

Access is granted to authorised GCC regulatory bodies. Contact our GCC team to establish verified credentials and set up authority-level access to campaign compliance records.

Request Authority Access →Talk to Our GCC Team
CognitivaAV — Regulatory Compliance Portal | GCC — UAE & Saudi Arabia | Cognitiva