Two major frameworks just launched
ComplyKit now covers 92 regulatory frameworks with the launch of two new generators tackling two of the most demanding compliance challenges in 2026:
EU AI Act High-Risk System Conformity Assessment (91st generator)
For providers of AI systems classified as high-risk under Annex III of the EU AI Act (Regulation (EU) 2024/1689). As of February 2026, high-risk AI systems must undergo a conformity assessment before being placed on the EU market. This includes AI used in employment (CV screening, performance evaluation), credit scoring, education (admissions decisions), law enforcement, and several other high-stakes domains.
The generator covers all Art. 9–15 obligations:
- Risk Management System (Art. 9): 5 checks covering lifecycle risk management, misuse scenarios, mitigation testing, vulnerable group risks, and living RMS process
- Data Governance (Art. 10): 4 checks covering dataset documentation, representativeness, bias examination, and GDPR integration
- Technical Documentation (Art. 11 + Annex IV): 4 checks covering Annex IV-compliant documentation, training methodology, instructions for use, and substantial modification tracking
- Automatic Logging and Transparency (Art. 12–13): 3 checks covering logging design, log content, and transparency to deployers
- Human Oversight (Art. 14): 5 checks covering oversight design, the three pillars (understand/monitor/intervene), HITL/HOTL model, automation bias, and competence requirements
- Accuracy, Robustness and Cybersecurity (Art. 15): 4 checks covering accuracy specification, robustness testing, adversarial attack resilience, and probabilistic output disclosure
- QMS, Registration, and Post-Market Monitoring (Art. 17, 49, 72–73): 5 checks covering QMS establishment, EU AI database registration, PMM plan, serious incident reporting, and EU Declaration of Conformity
Output: a structured Annex VI conformity assessment report with critical non-conformity analysis, deep dives on risk management and human oversight, and a three-phase remediation roadmap.
Try the EU AI Act High-Risk Conformity Assessment →
CSRD Gap Assessment (92nd generator)
For companies in scope for the Corporate Sustainability Reporting Directive — Phase 2 reporters (FY2025) face their first CSRD report deadline in 2026. This generator covers the full ESRS framework:
- ESRS 1 and ESRS 2: Double materiality assessment, value chain mapping, governance disclosures, business model integration, MDR preparation, and basis of preparation
- ESRS E1 (Climate): GHG inventory (Scope 1/2/3), climate transition plan, physical risk assessment, policies and targets
- ESRS E2–E5 (Other Environmental): Pollution, water, biodiversity, circular economy (if material)
- ESRS S1 (Own Workforce): Workforce metrics, gender pay gap, H&S metrics, collective bargaining coverage
- ESRS S2–S4 (Other Social): Value chain workers, affected communities, consumers and end-users (if material)
- ESRS G1 (Business Conduct): Anti-corruption policies and incidents, supplier payment practices, political engagement
Output: a CSRD gap report with assurance risk assessment, critical gap analysis, deep dives on double materiality methodology and climate reporting, and a phased readiness roadmap.
Why we built these two together
EU AI Act and CSRD represent the two biggest compliance burdens landing on European companies and EU-market participants in 2026. Both require significant documentation, both have enforcement teeth, and both are deeply underserved by generic compliance tools.
The EU AI Act High-Risk conformity assessment is something that every employment AI company, credit scoring provider, and education tech company operating in Europe needs to produce before going to market. The cost of a compliance consultant to produce this from scratch is substantial — and most early-stage companies can’t afford it. ComplyKit closes that gap.
CSRD is the biggest reporting expansion European companies have faced in a generation. Phase 2 companies are actively struggling with double materiality assessments, Scope 3 data collection, and assurance readiness. A free, structured gap assessment helps companies understand where they stand and what to prioritise.
Now at 92 generators — 8 from 100
ComplyKit launched in 2026 with the goal of making compliance documentation accessible to founders and compliance teams who can’t afford full legal and consulting fees for every document they need. 92 generators later, we cover GDPR, SOC 2, ISO 27001, HIPAA, CCPA, PCI DSS, NIS2, DORA, EU AI Act, APRA CPS 234, MiFID II, CSDDD, FedRAMP, FERPA, LGPD, PIPEDA, and now CSRD.
The 100-generator milestone is 8 generators away. Next up: more sector-specific tools and deeper coverage of the frameworks our users ask about most.
Browse all 92 generators at ComplyKit Generators — no account, no paywall.