Every Regulatory Signals product, in one place.
Scan-driven evidence — not policy templates — across GDPR, CCPA, EU AI Act, HIPAA, DORA, and OWASP LLM Top 10. 20+ products. One subscription.
What do you ship? Go straight to your product.
Scanners
Live scans that generate evidence from your code and website.
Fingerprint every cookie, tracker, and legal-page gap on your site.
EU AI Act risk classification from your repo — not from checkboxes.
Full-repo static analysis for secrets, vulnerable deps, and OWASP risks.
Free EU AI Act risk-tier checker for any AI system description.
Automated risk-tier assignment under EU AI Act Annex III rules.
Repo scan + AI patches for Lovable, v0, Bolt, and Replit apps.
Dedicated security and compliance review for Lovable no-code apps.
10 MCP-specific security rules. Signed cert. Public registry listing.
Browser extension security and privacy audit — permissions and data flows.
Independent eval of AI agents — behaviour, safety, and regulatory readiness.
Audit Packs
Regulator-ready document bundles for enterprise buyers and procurement.
Scan-driven compliance binder — unblocks enterprise deals in 48 hours.
Four HIPAA documents from your repo scan — required for hospital procurement.
ICT Risk Framework, Incident Protocol, TLPT Plan, and Third-Party Register.
Five EU AI Act policy types generated from your repo scan evidence.
Registries & Trust
Verified catalogues of audited agents, MCP servers, and extensions.
Searchable registry of MCP servers with verified security status.
Verified registry of audited browser extensions and compliance status.
Public registry of AI agents that received a signed evaluation report.
Verify any Regulatory Signals issued certificate by slug or ID.
Continuous
Ongoing monitoring so compliance evidence never goes stale.
Quarterly compliance delta across GDPR, CCPA, EU AI Act, CFPB, and SEC.
Live daily regulatory updates — CFPB, SEC, CMS, FDA, USDA. Zero-lag alerts.
Frequently asked questions
What regulations does Regulatory Signals cover?
GDPR, CCPA, ePrivacy, EU AI Act, HIPAA, DORA (FCA/BaFin/AMF), OWASP LLM Top 10, CWE, CFPB, and SEC regulations. Coverage depends on the product — each product page lists its regulation scope.
What is the difference between a scanner and an audit pack?
Scanners generate live evidence from your code, site, or repo. Audit packs take that evidence and produce regulator-ready documents (risk assessments, incident protocols, policy binders) that satisfy enterprise procurement questionnaires and regulatory inquiries.
Do I need all products, or can I buy one at a time?
You can start with any single product. Most teams start with the free Website Compliance Scan, then add the EU AI Act Audit Pack when they face a procurement questionnaire. A Professional subscription includes all scanners, audit packs, and monitoring.
What are the MCP and Extension Trust Registries?
Public, searchable registries of MCP servers and browser extensions that have passed an independent Regulatory Signals security audit. Enterprise security teams use these registries to build approved allowlists for their Claude and Anthropic deployments.
How is Regulatory Signals different from Termly or Vanta?
Termly generates policy templates. Vanta runs questionnaire-based evidence collection. Regulatory Signals runs live code and site scans and generates evidence from what your system actually does — not from what you claim it does. The difference matters when a regulator or enterprise buyer asks for technical evidence, not just a policy document.
Not sure where to start? Read how the scans work or compare plans and pricing.
Start with a free scan