If you want this to extend to all compliance checkboxes, I think it'd be an endless can of worms.

How do you enforce (with code) that all new applications created by various teams get added to the right inventory? At some point a human has to determine if an application is in- or out-of-scope for certain restrictions.

If a compliance framework requires certain hashing algorithms for certain types of data, how does your company-as-code system enforce that?

What I see with compliance is that a lot of it is the framework saying "you must do X and Y and Z", and the solution is to write a document saying "employees must do X and Y and Z" then share it with everyone. Then you take a screenshot of that happening (if even possible - you might instead just swear that it's happening).

I guess what I'm getting at is that there's a huge human element here to begin with. If the article is proposing a structured language for declaring your company and policies, how is that different from a Word doc? That is, unless your structured language is actually interpreted by a program that is capable of enforcing what it says. And I think building that enforcement system would be quite hellish.