110 free compliance generators — and counting
ComplyKit now has 110 free compliance generators. No account required. No paywalls. Generate a professional AI-powered compliance assessment report in minutes.
Today's additions:
CMMC 2.0 Level 2 Gap Assessment (109th generator)
Cybersecurity Maturity Model Certification (CMMC) 2.0 is the US DoD's framework for verifying that defense industrial base companies adequately protect Controlled Unclassified Information (CUI). CMMC 2.0 Level 2 aligns exactly with NIST SP 800-171 Rev 2 (110 practices). The DoD's CMMC 2.0 Final Rule (32 CFR Part 170) took effect in October 2025, making CMMC certification a contractual requirement through DFARS 252.204-7019/7020/7021.
The CMMC 2.0 Level 2 Gap Assessment covers 42 key practices across 6 domains:
- Access Control (AC): Authorized user/device access, CUI flow control, least privilege, remote access encryption, wireless access controls, mobile device management
- Identification & Authentication (IA): User/device authentication, MFA for privileged and non-privileged accounts, replay-resistant authentication, identifier management, password complexity
- Configuration Management (CM): Baseline configurations, security hardening, change control, software allowlisting, vulnerability scanning, remediation
- Incident Response & Audit (IR/AU): Incident handling capability, 72-hour DoD cyber incident reporting (DFARS 252.204-7012), audit log creation, user action traceability, log protection
- System & Communications Protection (SC/MP): Boundary protection, network segmentation, FIPS 140-2/140-3 encryption for CUI in transit and at rest, deny-all/allow-by-exception, physical media protection
- Awareness, Training & Supply Chain (AT/SR): Security awareness training, role-based training, supply chain risk management, subcontractor DFARS flow-down, SSP documentation, POAM maintenance
Who it's for: DoD prime contractors and subcontractors handling CUI, MSSPs supporting defense contractors, CMMC Registered Practitioners (CRPs) conducting gap assessments, IT teams preparing for C3PAO assessment, and compliance teams responding to DFARS 252.204-7012 contract requirements.
Digital Markets Act Compliance Checklist (110th generator)
The Digital Markets Act (EU Regulation 2022/1925) applies to gatekeepers of Core Platform Services (CPS) — companies with ≥€7.5B EU CPS revenue or ≥€75B market cap, ≥45M EU monthly active end users, and ≥10,000 EU annual business users. Six gatekeepers have been designated: Alphabet, Apple, Meta, Amazon, Microsoft, and ByteDance. Fines reach 10% of global annual turnover (Art. 26(1)), or 20% for repeated violations (Art. 26(2)).
The Digital Markets Act Compliance Checklist covers 42 DMA obligations across 6 domains:
- Gatekeeper Status & Designation (Art. 2–3): Quantitative threshold assessment, Commission notification obligation, CPS identification, designation response planning, group-level scope
- Absolute Obligations (Art. 5): Data combination prohibition (Art. 5(2)(a)), parity clause prohibition (Art. 5(3)), business user data prohibition (Art. 5(4)), pre-installed app un-installation (Art. 5(7)), communication freedom (Art. 5(5)), business user data access (Art. 5(6))
- Contestable & Fair Conduct (Art. 6): Self-preferencing prohibition (Art. 6(5)), alternative app stores/side-loading (Art. 6(4)), third-party interoperability (Art. 6(4)/(7)), advertising transparency (Art. 6(8)), data portability (Art. 6(9)/(10))
- Interoperability & Data Portability (Art. 6–7): Real-time portability APIs, business user data access, messaging interoperability (Art. 7) with phased timeline, standardised export formats, third-party request SLAs
- Transparency & Audit (Art. 9–15, 37): Annual compliance report (Art. 11), acquisition notifications (Art. 14), algorithmic ranking transparency (Art. 6(5)), independent profiling audit (Art. 37), researcher data access (Art. 40)
- Governance & Enforcement (Art. 8, 23–46): DMA compliance officer, internal compliance programme (Art. 8(1)), triennial independent programme review (Art. 8(2)), GDPR alignment, enforcement risk management
Who it's for: Legal and regulatory teams at large digital platforms, policy and government affairs teams at potential or designated gatekeepers, compliance teams mapping DMA obligations, business users of gatekeeper platforms assessing their rights, and external counsel advising on DMA compliance.
Browse all 110 generators
All 110 free compliance generators are at /generate. No account required. Covers GDPR, CCPA, SOC 2, HIPAA, ISO 27001/27701, EU AI Act, NIS2, DORA, PSD2/PSD3, FCA Consumer Duty, CSRD, CRA, NIST CSF 2.0, CMMC 2.0, Digital Markets Act, ePrivacy, AI Fairness, and more.