What regulations does Regulatory Signals cover?

Regulatory Signals continuously monitors GDPR, CCPA/CPRA, the EU AI Act, ePrivacy/cookies rules, and a growing catalog of global privacy and AI obligations. New regulations are added as they are enacted.

How often does Regulatory Signals re-scan my site?

Continuous monitoring runs on a configurable cadence — typically daily for Professional and Enterprise plans, and weekly for Starter. Ad-hoc re-scans can be triggered at any time from the dashboard.

Is my scan data encrypted?

Yes. Data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Scan artifacts are stored with per-tenant isolation and role-based access controls.

Does Regulatory Signals provide legal advice?

No. Regulatory Signals provides automated compliance monitoring, detection, and evidence. Output is intended to assist qualified privacy, security, and legal professionals. It is not a substitute for legal advice.

Can I export compliance evidence for auditors?

Yes. All scans generate an exportable audit trail including timestamped findings, raw evidence, and remediation status — suitable for internal audits, DPIAs, and external assessments.

How does the EU AI Act readiness check work?

The free AI Act check classifies your system into prohibited, high-risk, limited-risk, or minimal-risk categories using Article 6/Annex III criteria, then surfaces the specific obligations that apply.

Do you offer a free trial or free scan?

Yes. You can run a free compliance scan on the homepage and use the AI Act readiness tool at no cost. Paid plans add continuous monitoring, alerting, and evidence export.

EU AI Act Audit Pack

A scan-driven compliance binder generated from your GitHub repository. AI classifies your risk level under the EU AI Act and produces 6 named compliance documents — from Risk Classification (Art. 6) to Human Oversight Protocol (Art. 14) — that enterprise buyers and auditors ask for.

What's included

The Audit Pack is produced by scanning your repository and mapping findings to your AI system. Each section is evidence-sourced — not a blank template. Together they give your enterprise buyers and legal team a concrete compliance baseline.

AI System Risk Classification Report

Article 6 / Annex III

Risk classification of each AI system identified in your repository under the EU AI Act risk tiers (unacceptable, high-risk, limited, minimal). Evidence-sourced from scan findings.

Technical Documentation Summary

Article 11

Technical documentation of AI system architecture, dependencies, test coverage, and training data practices — evidence pulled directly from repository analysis.

Conformity Assessment Checklist

Annex VI

Full checklist of conformity items derived from compliance findings, sorted by severity — critical, warning, informational — with evidence and remediation actions per item.

Data Governance Statement

Article 10

Data governance documentation covering personal data processing, data minimisation, and data lineage — sourced from privacy policies and data-related compliance findings.

Transparency Disclosure Template

Article 13

Transparency obligations disclosure covering AI system identification, intended purpose, and user rights — sourced from privacy policies and terms of service.

Human Oversight Protocol

Article 14

Human oversight controls documentation covering review mechanisms, override capabilities, and accountability measures — sourced from oversight-related findings and policies.

Example: what a generated section looks like

Section 1 · Article 6 / Annex IIIHIGH RISK

System identified:src/models/underwrite.py — loan underwriting recommendation engineRisk tier:HIGH RISK — Annex III §5(b): AI used for creditworthiness assessmentEvidence:openai.ChatCompletion.create() · output routed to loan_decision_tableObligations:Art. 9 (risk mgmt) · Art. 10 (data governance) · Art. 11 (technical docs) · Art. 13 (transparency) · Art. 14 (human oversight)

All 6 sections are generated from evidence in your actual repository — not typed from a template.

How the Audit Pack is generated

Connect your GitHub account (read-only scope), enter your repository URL, and Regulatory Signals scans your code, configuration, and documentation. The AI identifies AI model usage, risk indicators, data handling patterns, and transparency signals — then maps each finding to the relevant Article or Annex. The binder is generated from that evidence, not typed by hand.

Private repositories are supported. Your source code is never stored beyond the scan session.

Who it's for

SaaS founders whose AI features are blocking enterprise deals because procurement teams require EU AI Act documentation before signing.
Compliance teams at mid-market software companies who need auditor-ready evidence without a six-figure consulting engagement.
Legal counsel who need a structured starting point — risk classification, compliance gaps, and policy drafts already drawn from your codebase — rather than a blank page.

Pricing

The Audit Pack is $39 one-time. No subscription. No recurring charge.

Alternatively, the Audit Pack is included in the Professional and Enterprise subscription plans alongside continuous monitoring, all policy document types, and daily regulatory feeds.

Compare all plans

EU AI Act enforcement is phased: prohibited practices (Article 5) since 2 February 2025; general-purpose AI obligations (Chapter V) since 2 August 2025; high-risk system obligations (Title III) begin 2 August 2026. Enterprise buyers are already issuing compliance questionnaires. The Audit Pack gives you answers.

Your AI feature just blocked a $200k enterprise deal — the deal-unblocking context for this pack.
What is the EU AI Act? — risk classifications, obligations, and enforcement timeline.
Our methodology — how the scanner maps evidence to regulatory obligations.

Audit Pack documents are compliance documentation drafts, not legal advice. All output should be reviewed by qualified legal counsel before submission to customers or regulators. See our full disclaimer.

AI-assisted verification

Each generated document is checked by an AI verifier (Claude) for obvious citation drift and hallucinated claims. The verifier does not cross-reference against authoritative regulation text bytes and does not replace legal review. Have qualified counsel review before submitting to any regulator (OCR, FCA, BaFin, SEC). Regulatory Signals is an independent technical evaluation provider, not an accredited certification body under ISO/IEC 17065 or ISO/IEC 17021.