Home / AI Tools / Compliance Mapper

Compliance Mapper

GDPR, NIS2, and EU AI Act in one 60-second assessment. Instant obligations, evidence pack, and action plan built for sovereign AI teams that need clarity fast.

100% client-side Live obligations Evidence pack Premium UX
Start scan How it works
More AI Tools
TCO Calculator Compare Cloud API vs GPU costs
AI Content Detector Detect AI-generated text with advanced metrics
Privacy-first compliance.

No accounts, no uploads, no server calls. This mapper runs entirely in your browser. Results are indicative and should be validated with legal counsel.

How the mapper works

Answer the three short sections below. The live snapshot updates on the right and the action plan appears after step three.

Start scan See outputs
01

Set the context

Market, sector, org size, and deployment define GDPR + NIS2 scope.

02

Describe the AI use case

Use case and data types determine AI Act risk class and data duties.

03

Flag risk signals

Behavioral and red-flag checks highlight prohibited or high-impact use.

Live snapshot

See GDPR/NIS2/AI Act status and confidence update in real time.

Action plan

Prioritized obligations and a 0-180 day roadmap for legal + security.

Evidence pack

Owner-based artifacts to hand off to compliance, IT, and privacy.

Compliance Scan

Complete the 3-step scan and get a live compliance snapshot with obligations, evidence, and action plan.

0 friction Client-side, no uploads
Live Updates while you edit
Audit-ready Evidence pack included

Quick Scan

Defaults prefilled for a mid-size EU deployment. Adjust to your context. Fill the left side, results update on the right.

Scenario presets

Choose a starting point and we will prefill the scan.

No preset selected.
How to use (60 seconds)
  1. Pick a scenario preset (optional) or keep the defaults.
  2. Answer the highlighted step and press Next to continue.
  3. Review the live snapshot, then export/share from the outputs section.
Step 1 of 3 Goal: confirm jurisdiction, sector, and operator role.
Complete the essentials to improve accuracy.
01

Context

Defines GDPR/NIS2 scope and your role in the system.

Region & Market

GDPR AI Act

Where the AI system is offered or used.

Tip: Use EU+ if you serve EU users outside the EU.

Sector

NIS2

Select the primary regulated sector (if any).

Tip: Choose Other if you are not in a NIS2 list.

Organization Size

NIS2

Used to estimate NIS2 applicability.

Tip: NIS2 thresholds start at 50+ employees.

Your Role

AI Act

Are you providing the AI system or deploying it?

Tip: Providers build models, deployers use them.

Deployment

GDPR NIS2

Where the system runs.

Tip: On-prem reduces transfer risk, not all obligations.
02

AI Use Case & Data

Maps AI Act risk class and data sensitivity.

AI System Use Case

AI Act

Choose the closest match.

Tip: High-risk use cases trigger stricter AI Act duties.

Data Types

GDPR AI Act
Tip: Leave off if unsure. Assumptions are tracked.
03

Behavior & Risk Flags

Highlights prohibited AI flags and automated decision risk.

System Behavior

GDPR AI Act
Tip: Automated decisions with legal effect raise GDPR risk.
Red flags (rare but critical)

Tip: Any red flag requires immediate redesign and legal review.

AI Act prohibited

Live Snapshot

Updates instantly as you adjust the scan.
Confidence 0%
Add key inputs for higher precision. Dataset v- | updated -
How to read this snapshot

Status shows scope, risk shows severity, and notes explain why. Use the action plan below for next steps.

Executive summary

Baseline
Verdict -

-

Top obligations
    Top risks
      Next action

      -

      GDPR

      -
      -

      -

      Why & sources

      NIS2

      -
      -

      -

      Why & sources

      EU AI Act

      -
      -

      -

      Why & sources
      Snapshot Summary

      -

      Boost confidence Answer these to improve accuracy.
      View action plan

      Actionable Outputs

      Everything you need to align legal, security, and engineering in one place.

      View

      Audit view adds triggers, sources, and confidence.

      Filters
      -

      Action Plan

      Start from 0-30 days. Click an item to open the obligation details.

      0-30 days

      31-90 days

      90-180 days

      Priority Obligations

      Sorted by timeline and priority. Expand an item for owners, evidence, and sources.

      Evidence Pack by Owner

      Template library

      Download ready-to-fill artifacts for auditors.

      DPIA (GDPR) Article 35 assessment template.
      AI Act risk assessment High-risk or GPAI compliance checklist.
      NIS2 incident response Early warning and notification plan.
      PDF opens a print-ready version. Save as PDF in your browser.

      Assumptions

      Export & Share

      Generate artifacts for stakeholders and audits.
      Scenario compare

      Save two scenarios and compare obligations, risk, and effort deltas.

      Scenario A -
      Scenario B -

      Methodology

      Risk-based mapping with explicit triggers.

      Principles

        Scoring

          Limitations

            Sources

            Primary regulations and official references.

            Changelog

            Compliance logic updates.