Free compliance tools
18 free, ungated tools that answer a specific compliance question and run entirely in your browser. Nothing is sent to a server, nothing is stored, and none of them ask you to sign up. Each returns a structured assessment to orient your work, not a binding legal determination.
- Tools
- 18
- Cost
- Free
- Sign-up
- None
- Runs in
- Browser
Applicability and scope checkers
Answer "does this regulation apply to us?" before you spend a day reading it. Each runs entirely in your browser and returns a structured verdict, not a binding determination.
- NIS 2 applicability checkerWorks out whether your organisation is an essential or important entity under the EU NIS 2 Directive (2022/2555), with a per-Member-State transposition note for the highest-traffic states.EU / EEA
- DORA applicability checkerTests whether you are a financial entity or a critical ICT third-party provider in scope of the EU Digital Operational Resilience Act (Regulation (EU) 2022/2554).EU / EEA
- Cyber Resilience Act applicability checkerChecks whether your connected product is a product with digital elements regulated by the EU Cyber Resilience Act (Regulation (EU) 2024/2847), and flags the phased obligation dates.EU / EEA
- EU AI Act risk checkerClassifies an AI system into the EU AI Act risk tiers (prohibited, high-risk, limited, minimal) under Regulation (EU) 2024/1689, and names the role obligations that follow.EU / EEA
- US CLOUD Act exposure analyzerAssesses your exposure to US government data access under the CLOUD Act and the Schrems II transfer problem, and flags when a transfer impact assessment is recommended.EU / US transfers
- HIPAA applicability checkerDetermines whether you are a HIPAA covered entity, a business associate, or outside direct scope, applying the definitions at 45 CFR 160.103 including the subcontractor chain.United States
GDPR and privacy toolkit
The recurring GDPR decisions a controller or processor has to make, each anchored to the specific Article and EDPB guidance that governs it.
- GDPR DPIA necessity checkerIndicates whether a Data Protection Impact Assessment is likely required for your processing under GDPR Article 35, using the EDPB nine-criteria method (WP248 rev.01).EU / EEA
- GDPR ROPA completeness checkerScores how completely your record of processing activities covers what GDPR Article 30 expects, and returns a prioritised gap list.EU / EEA
- GDPR EU representative checkerWorks out whether a non-EU controller or processor must appoint an EU representative under GDPR Article 27, applying the Article 3(2) targeting test and the Article 27(2) exemptions.EU / EEA
- GDPR DPA necessity checkerClassifies a data-sharing relationship (controller-processor, joint, or independent) and whether it needs an Article 28 data processing agreement or an Article 26 arrangement.EU / EEA
- GDPR cookie consent checkerChecks whether your site needs prior consent before setting cookies under Article 5(3) of the ePrivacy Directive and the GDPR consent standard, and whether your banner meets it.EU / EEA
ISO 27001 toolkit
Working aids for an ISO/IEC 27001:2022 implementation. Control numbers and original plain-English summaries only, never the official control text.
- ISO 27001 Annex A control finderHelps you find the relevant ISO/IEC 27001:2022 Annex A controls for a given risk or scenario, using control numbers and original summaries.International
- ISO 27001 gap checkerSelf-assessment of how far your ISMS is from the ISO/IEC 27001:2022 management-system requirements (clauses 4 to 10), with a prioritised focus list.International
- ISO 27001 Statement of Applicability generatorBuilds a starting Statement of Applicability scaffold across the ISO/IEC 27001:2022 Annex A controls, capturing inclusion, exclusion, and justification.International
- ISO 27001 to SOC 2 control mapperCross-references ISO/IEC 27001:2022 Annex A controls and the SOC 2 Trust Services Criteria in both directions, with a confidence rating and a caveat on every mapping.International / US
- Risk register starterGenerates a starting information-security risk register structure (assets, threats, likelihood and impact, treatment) aligned to ISO 27001 risk management.International
Readiness and maturity scorers
Self-scored maturity snapshots that show how close you are to a standard before you commit to an audit.
- ISO 42001 readiness checkerRates your AI management system against ISO/IEC 42001:2023 clauses 4 to 10 and the AI-specific areas, returning a maturity heatmap and a prioritised focus list.International
- SOC 2 red flags checkerSurfaces common SOC 2 readiness red flags before an examination, mapped to the Trust Services Criteria, with a prioritised remediation list.United States
Free regulator tools exist. Here is where these fit.
Some regulators publish their own free tooling. France's data protection authority, the CNIL, ships a free open-source PIA application for running GDPR data protection impact assessments, and the European Commission now runs an official EU AI Act Compliance Checker through its AI Act Service Desk. Both are authoritative and worth using when they fit.
Each is focused on its own mandate. The CNIL tool covers one GDPR activity, the impact assessment, with a deliberately thorough, step-by-step methodology. The Commission's checker covers one regulation. That focus is a strength when it matches your question. It is less suited to fast cross-framework triage: a company that sells a connected device into the EU, processes health data in the US, and runs an ISO 27001 programme has to reach for several different tools just to work out which regimes it falls under.
The tools on this page are built for that cross-framework reality. They span 18questions across EU, US, and international frameworks, each returns an instant structured verdict rather than a methodology to work through, and each cites the specific Article, clause, or regulation it reasons from so you can check our logic against the source. They are a fast first read, not a substitute for the regulator's own guidance or for legal advice.
Official regulator tools referenced (sources)
- CNIL, free open-source PIA software for GDPR data protection impact assessments (checked 2026-06-17)
- European Commission AI Act Service Desk, official EU AI Act Compliance Checker (Regulation (EU) 2024/1689) (checked 2026-06-17)
Tool inventory and sources last reviewed 2026-06-17. Next review 2026-12-17. Jurisdictions covered: EU / EEA, United States, and international standards.
Ready to do compliance work faster?
Built for speed, accuracy, and audit-ready output.