114 free compliance generators — no account required
ComplyKit has added two more free compliance generators: the EU AI Act GPAI Conformity Assessment (113th) and the US State Privacy Laws Compliance Checker (114th). Both tools are live now at /generate.
EU AI Act GPAI Conformity Assessment (113th generator)
The EU AI Act's GPAI obligations (Art. 53/55) became applicable in August 2025 — and with full EU AI Act applicability arriving in August 2026, GPAI providers are under increasing scrutiny. The EU AI Act GPAI Conformity Assessment covers all 42 GPAI obligations across six domains:
- Technical Documentation & Transparency (Art. 53(1)(a)-(b)): Technical documentation in Annex XI format, training methodology, compute resources, model card for downstream providers, intended use and limitations, version update documentation
- Copyright Compliance & Training Data (Art. 53(1)(c)-(d)): Robots.txt and opt-out signal compliance, legally permissible training data, published training data summary, copyright programme, provenance records, content removal process
- Systemic Risk Designation & Assessment (Art. 51/55): 10^25 FLOPs threshold monitoring, systemic risk self-assessment, EU AI Office notification process, CBRN/cyber/manipulation/critical infrastructure risk assessment, third-party audit process
- Adversarial Testing & Safety Evaluation (Art. 55(1)(a)-(b)): Red-teaming programme, documented findings and remediation, safety evaluations against serious risks, CBRN misuse evaluation, cyberattack capability assessment, Code of Practice alignment
- Incident Reporting, Cybersecurity & Countermeasures (Art. 55(1)(c)-(d)): EU AI Office incident reporting process, safety incident log, model weight cybersecurity, misuse countermeasures, access controls, downstream incident reporting chain, post-market monitoring
- Governance, EU AI Office & Code of Practice (Art. 53/56): Named GPAI compliance function, Code of Practice engagement, downstream provider contract updates, internal AI Act programme, market surveillance cooperation, fundamental rights impact, regulatory timeline monitoring
Who it's for: AI startups and scale-ups building or releasing LLMs or multimodal models; large technology companies with GPAI model portfolios; open-source AI model projects released in the EU; legal and AI governance teams assessing GPAI obligations; compliance consultants advising AI model providers on EU AI Act readiness.
US State Privacy Laws Compliance Checker (114th generator)
With 20+ US states now having comprehensive privacy laws — and no federal law in sight — multi-state compliance is a real operational challenge. The US State Privacy Laws Compliance Checker covers 42 obligations across six domains applicable across CCPA/CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, Montana MCDPA, Oregon OCPA, and 10+ more state laws:
- Notice, Transparency & Privacy Policy: Multi-state privacy policy coverage, data categories and purposes disclosed, sale/sharing/targeted advertising disclosure, sensitive data disclosure, third-party disclosure, annual updates, accessibility
- Consumer Rights (Access, Delete, Correct, Portability): Access rights, deletion within 45 days, correction rights (all major states), portability in machine-readable format, rights request intake with verification, appeals process for non-California states, timeline tracking
- Opt-Out Rights & Consent (Sale/Sharing/Targeted Advertising): Opt-out of sale implementation, sharing for cross-context behavioural advertising, targeted advertising opt-out, "Do Not Sell or Share" link/mechanism, Global Privacy Control (GPC) signal compliance, no-retaliation policy, financial incentive programme consent
- Sensitive Data & Children's Privacy: Sensitive data category mapping, opt-in consent for sensitive processing, precise geolocation opt-in, COPPA compliance (under 13), 13-15/13-16 opt-in requirements, employee/B2B carve-out analysis, biometric data — Illinois BIPA/Texas CUBI/Washington
- Data Minimization, Purpose Limitation & Security: Data minimization policy, purpose limitation, retention schedules, automated deletion, reasonable security (CCPA private right of action for breaches), DPAs with service providers, data inventory
- Governance, DPAs & Enforcement: Data Protection Assessments for high-risk processing, PIAs for new products, threshold/applicability analysis, privacy compliance officer, enforcement risk mapping, cure period procedures, staff training
Who it's for: SaaS companies selling to US consumers; e-commerce and retail businesses; AdTech and MarTech platforms subject to CCPA sale/sharing obligations; any business processing data of California, Texas, Virginia, Colorado, Connecticut, or other state residents at scale; privacy attorneys and consultants building multi-state compliance programmes.
Browse all 114 generators
All 114 free compliance generators are at /generate. No account required. Covers GDPR, CCPA, SOC 2, HIPAA, ISO 27001/27701, EU AI Act (GPAI + High-Risk), NIS2, DORA, PSD2/PSD3, FCA Consumer Duty, CSRD, CRA, NIST CSF 2.0, NIST AI RMF, CMMC 2.0, Digital Markets Act, EU Data Governance Act, EU Data Act, ePrivacy, AI Fairness, SOC 2 Trust Services Criteria, US State Privacy Laws, and more.