← All guides
Product5 min read18 July 2026

ComplyKit Now Has 112 Free Compliance Generators: SOC 2 TSC + EU Data Governance Act

Milestone update: ComplyKit adds SOC 2 Trust Services Criteria Mapping (111th) and EU Data Governance Act Compliance Checklist (112th) to its free compliance generator library.

112 free compliance generators — and counting

ComplyKit has added two more free compliance generators: the SOC 2 Trust Services Criteria Mapping (111th) and the EU Data Governance Act Compliance Checklist (112th). Both tools are live now at /generate — no account required.

SOC 2 Trust Services Criteria Mapping (111th generator)

The SOC 2 Trust Services Criteria (TSCs) are the AICPA standards that auditors use to evaluate whether a SaaS company's controls protect customer data. The SOC 2 Trust Services Criteria Mapping tool covers all five TSC categories across 42 criteria:

  • Control Environment & Communication (CC1-CC2): Board oversight, integrity and ethics, HR policies, internal and external communication of control responsibilities
  • Risk Assessment & Control Activities (CC3-CC5): Objective-setting, risk identification, fraud risk, change risk assessment, ongoing monitoring, control deficiency evaluation
  • Logical & Physical Access (CC6): MFA and credential management, access provisioning/deprovisioning, external party access, quarterly access reviews, physical access, TLS encryption, vulnerability management
  • System Operations & Change Management (CC7-CC9): SIEM/IDS/anomaly detection, incident response plan and testing, recovery, change management with peer review and rollback, vendor SOC 2 review programme
  • Availability & Confidentiality (A1/C1): Capacity planning, DR testing, confidential data classification, handling, and disposal, processing integrity controls
  • Privacy (P1-P8): Privacy notice, consent management, data minimisation, retention/disposal, DSAR process, breach notification, privacy monitoring

Who it's for: SaaS engineering and security teams preparing for Type I or Type II SOC 2 audits; compliance teams running readiness assessments; vCISOs and consultants advising on SOC 2 scope; CPA firms preparing client readiness reviews.

EU Data Governance Act Compliance Checklist (112th generator)

The EU Data Governance Act (Regulation 2022/868) became applicable in September 2023. It creates obligations for data intermediation service providers, data altruism organisations, and public sector bodies sharing protected data. The EU Data Governance Act Compliance Checklist covers 42 obligations across six domains:

  • Public Sector Data Reuse (Art. 3-9): Protected data category identification, reuse conditions, technical access means (data rooms), fee transparency, national single information point registration, competent body designation, appeal mechanisms
  • Data Intermediation — Notification (Art. 10-11): Service type determination, pre-commencement notification to national competent authority, notification updates, EU representative designation, public register entry
  • Data Intermediation — Ongoing Obligations (Art. 12): Structural/functional neutrality, no monetisation of shared data, fair and transparent terms, portability and switching, interoperability, activity logging, security measures
  • Data Altruism Organisations (Art. 16-25): General interest purpose, non-profit structure, national register registration, EU label usage, governance/financial separation, standardised consent form, annual activity report
  • European Data Spaces (Art. 26-31): Applicable data spaces identified, interoperability standards, EDIB guidance monitoring, GDPR alignment, sectoral legislation compatibility, international transfer protections
  • Governance & Enforcement (Art. 26-34): Competent authority identification, DGA compliance function, GDPR supervisory authority coordination, complaint mechanism, penalties risk management

Who it's for: Data intermediation platforms and data marketplace operators; data altruism organisations and research data organisations; public sector legal and compliance teams; DPOs and GRC teams mapping EU data regulation obligations; legal counsel advising on DGA applicability.

Browse all 112 generators

All 112 free compliance generators are at /generate. No account required. Covers GDPR, CCPA, SOC 2, HIPAA, ISO 27001/27701, EU AI Act, NIS2, DORA, PSD2/PSD3, FCA Consumer Duty, CSRD, CRA, NIST CSF 2.0, CMMC 2.0, Digital Markets Act, EU Data Governance Act, ePrivacy, AI Fairness, SOC 2 Trust Services Criteria, and more.