← All guides
Product Updates4 min read14 July 2026

ComplyKit Now Has 104 Free Compliance Generators: EU AI Liability Directive + DORA ICT Third-Party Register

ComplyKit adds two new free generators: EU AI Liability Directive Gap Assessment (COM(2022) 496) and DORA ICT Third-Party Register (Art. 28). Now 104 generators covering the full compliance stack for SaaS founders and financial services compliance teams.

104 free generators — no account required

ComplyKit has added two new free compliance generators, bringing the total to 104 free generators covering GDPR, CCPA, SOC 2, HIPAA, ISO 27001, NIS2, DORA, EU AI Act, FCA Consumer Duty, CSRD, CRA, and more. No account, no credit card, no paywall.

103rd: EU AI Liability Directive Gap Assessment

The EU AI Liability Directive Gap Assessment is a 42-item checklist covering readiness under COM(2022) 496 — the proposed EU AI Liability Directive — across 6 categories:

  • Scope & Coverage (COM(2022) 496 / Art. 2–4): EU AI Act risk classification, territorial scope, provider/deployer/importer role determination, GPAI systemic risk threshold, revised EU PLD intersection
  • Strict Liability Readiness (High-Risk AI — Art. 4): strict liability exposure documentation, insurance coverage, mandatory disclosure obligations, harm causation chain, contractual liability allocation, max liability caps, GPAI catastrophic risk
  • Fault-Based Liability & Rebuttable Presumption (Art. 3): rebuttable presumption documentation, duty of care standard, evidence preservation, court-ordered disclosure readiness, decision chain logging, contributory negligence framework, limitation period mapping
  • Transparency & Evidence Obligations (Art. 5–6): EU AI Act Art. 13 transparency documentation, Annex IV technical docs, logging/audit trail, human oversight, Art. 73 incident reporting, post-market monitoring, claimant data access mechanism
  • AI Governance & Risk Management: ISO 42001/AI risk management system, AI risk register, FRIA (EU AI Act Art. 27), CAIO designation, ERM integration, model risk management, training
  • Claims Readiness & Remediation: AI incident response plan, legal hold procedure, supply chain indemnification, product recall procedure, jurisdiction mapping, conformity assessment records, regulatory enforcement protocol

Who it's for: CAIO/AI governance teams at AI companies deploying in or affecting the EU, legal counsel advising AI clients, risk teams at companies building on GPAI models, SaaS founders with high-risk AI features approaching August 2026 full applicability deadline.

104th: DORA ICT Third-Party Register

The DORA ICT Third-Party Register assessment tool covers the Art. 28 register obligation across 42 items in 6 categories:

  • ICT Third-Party Register Structure (DORA Art. 28 + RTS): entity-level register per Art. 28(3), full scope coverage (not just cloud), mandatory fields (LEI, data locations, sub-contractors), contractual dates, sub-contractor chain, annual update cycle, machine-readable NCA submission format
  • Criticality Assessment & CTPP Designation (Art. 28–31): criticality assessment per Art. 28(4) criteria, formal critical TPSP designation, concentration risk (Art. 29), exit strategy per Art. 28(8), NCA submission, hyperscaler concentration risk, re-assessment triggers
  • Contractual Provisions (DORA Art. 30): all 11 Art. 30(2)(a)–(k) mandatory provisions, service description/SLAs, data locations, termination rights, audit/inspection rights, BCP obligations, incident reporting, data portability/exit, sub-contractor change notification
  • Ongoing Monitoring & Due Diligence (Art. 28–29): continuous monitoring programme, annual due diligence reviews, SLA monitoring, TPSP incident notification, audit rights exercise, TLPT scope, CTPP oversight programme tracking
  • ICT Resilience Integration (Art. 5–16): TPSP dependencies in BCP/DRP, BIA coverage, RTO/RPO without primary TPSP, TLPT inclusion, DORA Art. 17–23 incident reporting procedure, multi-cloud strategy, resilience testing programme
  • Governance & NCA Reporting (Art. 5, 28, 41–44): management body approval, dedicated TPSP risk owner, annual NCA register submission, TPSP risk in annual ICT risk assessment, staff awareness, CTPP oversight coordination, legacy contract remediation plan

Who it's for: CISO, CRO, and operational resilience teams at EU financial entities (banks, payment institutions, investment firms, insurance undertakings), internal audit, procurement teams remediating legacy contracts for Art. 30 compliance, external consultants advising on DORA implementation.

Browse all 104 generators

All 104 free compliance generators are at /generate. No account required. Generate a professional, AI-powered compliance report in minutes — GDPR, CCPA, SOC 2, HIPAA, ISO 27001/27701, EU AI Act, NIS2, DORA, PSD2/PSD3, FCA Consumer Duty, CSRD, CRA, APRA CPS 234, and more.