← All guides
Product Updates5 min read9 July 2026

ComplyKit Now at 94 Generators: Cyber Resilience Act Compliance Checklist + EU Whistleblowing Directive Compliance Checker

ComplyKit has reached 94 free compliance generators with two major new additions: the EU Cyber Resilience Act (CRA) Compliance Checklist for manufacturers of connected products, and the EU Whistleblowing Directive Compliance Checker for organisations with 50+ employees.

94 free generators — and counting

ComplyKit now offers 94 free AI-powered compliance generators, with two significant new additions launched today: the CRA Compliance Checklist for the EU Cyber Resilience Act and the EU Whistleblowing Directive Compliance Checker.

New: CRA Compliance Checklist (Regulation EU 2024/2847)

The Cyber Resilience Act (CRA) is the EU's first mandatory cybersecurity regulation for products with digital elements. It covers manufacturers, importers, and distributors of connected hardware and software products, with full compliance required by December 2027.

Our CRA Compliance Checklist covers:

  • Annex I Part I — Product Security Requirements: 10 checks across secure-by-design, secure-by-default, authentication, encryption, integrity, minimal attack surface, security logging, DoS resilience, and secure updateability. Each check includes the specific Annex I sub-requirement, a regulatory note with ENISA guidance references, and evidence examples.
  • Annex I Part II — Vulnerability Handling: 5 checks covering the vulnerability management process, coordinated vulnerability disclosure (CVD) policy (ISO/IEC 29147 / security.txt), ENISA reporting obligations (24h/72h/14-day cascade), free security updates obligation, and no-delay-incentive requirement.
  • Annex VII Technical Documentation: 4 checks covering Annex VII compliance, cybersecurity risk assessment, SBOM (SPDX/CycloneDX), and security instructions for use.
  • Conformity Assessment and CE Marking (Art. 28-32): 5 checks covering product classification (default/Class I/Class II), Annex VIII internal control, Annex IX/X third-party assessment for important products, EU Declaration of Conformity, and CE marking.
  • Manufacturer Obligations (Art. 13, 24-25): 4 checks covering third-party component vulnerability management, support period communication, importer obligations, and MSA cooperation.

Generate a full CRA compliance assessment report including a per-section scorecard, critical non-conformities analysis (blocking CE marking), a deep dive on product security requirements and SBOM, and a 3-phase implementation roadmap (0-6 months / 6-18 months / 18-30 months).

Use the CRA Compliance Checklist free

New: EU Whistleblowing Directive Compliance Checker (Dir. 2019/1937)

The EU Whistleblowing Directive has been fully transposed across the EU — compliance deadlines have already passed for companies with 50+ employees. Many organisations, particularly SMEs that reached the 50-employee threshold after December 2023, are not yet compliant.

Our Whistleblowing Compliance Checker covers:

  • Internal Reporting Channel Setup (Art. 8-9): Channel established, written/oral/in-person modalities, confidentiality, designated person — 4 checks.
  • Acknowledgment, Follow-Up & Feedback (Art. 11): 7-day acknowledgment, 3-month diligent follow-up, reporter feedback, anonymous report handling — 4 checks.
  • Confidentiality & Data Protection (Art. 16-17 + GDPR): GDPR lawful basis, data retention, Art. 13/14 privacy notices, third-party identity protection — 4 checks.
  • Anti-Retaliation Protection (Art. 19-21): Retaliation prohibition, remedies for retaliated reporters, reversed burden of proof — 3 checks.
  • Policy Scope & Communication (Art. 7): Employee communication, Art. 2 material scope coverage, external reporting channels, manager training — 4 checks.
  • Record-Keeping & Governance (Art. 18): Report records, retention and deletion, annual programme review — 3 checks.

The generated report includes a per-section scorecard, critical gap cards, a deep dive on GDPR intersection (DPIA, Art. 13/14 notices, DSAR handling), country-specific guidance for Germany (HinSchG), France (Sapin II), and Netherlands (WBPP), and a 3-phase implementation roadmap.

Use the EU Whistleblowing Compliance Checker free

Now at 94 generators — 6 from the milestone 100

With 94 generators covering GDPR, SOC 2, ISO 27001, HIPAA, CCPA, PCI DSS, NIS2, DORA, EU AI Act, APRA CPS 234, MiFID II, CSDDD, CSRD, CRA, Whistleblowing, and more, ComplyKit is 6 generators away from the 100-generator milestone.

Browse all generators at ComplyKit Generators — no account, no paywall, no credit card.