← All guides
Product4 min read11 July 2026

ComplyKit Hits 98 Free Generators: EU Data Act Compliance Checklist + NIST AI RMF Gap Assessment Now Live

ComplyKit now has 98 free compliance generators — 2 away from the milestone 100. Today: EU Data Act Compliance Checklist (Regulation (EU) 2023/2854, applicable September 2025) and NIST AI RMF Gap Assessment (GOVERN/MAP/MEASURE/MANAGE, 48 items).

98 free compliance generators — 2 from 100

ComplyKit now has 98 free AI compliance generators covering GDPR, SOC 2, ISO 27001:2022, HIPAA, CCPA, PCI DSS, NIS2, DORA, EU AI Act, APRA CPS 234, MiFID II, CSRD, CRA, EU Whistleblowing Directive, EU Data Act, NIST AI RMF, and more. Today's additions: the EU Data Act Compliance Checklist and the NIST AI RMF Gap Assessment.

New: EU Data Act Compliance Checklist (97th generator)

Regulation (EU) 2023/2854 — the EU Data Act — applies from 12 September 2025. It creates mandatory user data access rights for connected products, B2B data sharing obligations, B2G data access for public bodies in exceptional need, and cloud switching obligations including a maximum 30-day transition period and zero egress fees from September 2027.

The EU Data Act Compliance Checklist covers 40 items across six categories:

  • Scope & Applicability (6 items): confirming you're within scope, mapping connected products, identifying data holder and data recipient roles, B2G obligations
  • User Rights & Data Access — Art. 3-8 (8 items): real-time data access, no-cost provision, machine-readable format, third-party sharing capability, prohibition on contractual restrictions, data portability
  • Data Sharing Contracts — Art. 9-13 (8 items): mandatory contract terms, Art. 13 unfair clause blacklist review, purpose limitation enforcement, prohibition on commercialisation
  • Cloud Switching — Art. 23-31 (8 items): 30-day transition capability, egress fee schedule, data export in standard formats, interoperability API documentation, SLA during switching period
  • B2G Data Sharing — Art. 14-26 (6 items): process for responding to public sector data requests, exceptional necessity assessment, data minimisation, purpose restriction, post-use deletion
  • Technical & Security Safeguards (4 items): access controls, trade secret protection (Art. 4(9)), GDPR alignment

The generated report includes: compliance scorecard by category, critical gap cards with regulatory article citations, deep dives on user access rights and cloud switching obligations, and a three-phase remediation roadmap customised to your organisation type.

Use the EU Data Act Compliance Checklist free

New: NIST AI RMF Gap Assessment (98th generator)

The NIST AI Risk Management Framework 1.0 (January 2023) is the most widely referenced AI governance framework globally. While voluntary, it's increasingly referenced by the EU AI Act harmonisation standards (CEN-CENELEC JTC 21), required for FedRAMP AI systems, and used in enterprise AI procurement questionnaires.

The NIST AI RMF Gap Assessment covers 48 items across all four core functions:

  • GOVERN (14 items): AI risk management policy (board-approved, risk tolerance defined), human oversight mechanisms (meaningful not performative), AI governance committee, third-party AI vendor risk (contract clauses: explainability, incident SLAs, right to audit), AI incident response plan, diverse team involvement, legal review pre-deployment
  • MAP (12 items): AI system inventory (type, training data, affected populations, consequential decision flag), high-risk use case identification, data provenance, bias assessment, misuse scenario documentation, risk categorisation
  • MEASURE (12 items): performance metrics defined pre-deployment, fairness metrics tested across demographic groups, adversarial testing (red-teaming), bias testing toolkits, privacy testing (membership inference, model inversion), security testing of AI pipeline, post-deployment model drift monitoring, user feedback mechanism, explainability requirements
  • MANAGE (10 items): risk treatment plans (accept/mitigate/transfer/avoid), emergency shutdown and model rollback procedure, AI incident response tested, incident log, continuous improvement, decommissioning process, model versioning and audit trail, stakeholder communications plan

The generated report includes a per-function maturity score (AI RMF Leader / Progressing Well / Foundation Stage / Significant Gaps), critical gap cards with NIST reference IDs and recommended actions, deep dives on GOVERN and MEASURE best practices, and a three-phase remediation roadmap customised to your AI role (developer, deployer, or both).

Use the NIST AI RMF Gap Assessment free

98 generators — next stop: 100

ComplyKit is 2 generators from the milestone 100. The next tools will bring the total to 100 — a major milestone we'll mark with a dedicated campaign. Browse all 98 generators at ComplyKit Generators — no account, no paywall, no credit card required.