{"name":"EU SME Compliance Checklist Dataset","description":"Machine-readable checklist, action and evidence items from EuroComply SME compliance guides.","version":"2026-05-11","license":"https://creativecommons.org/licenses/by/4.0/","generatedAt":"2026-05-12T11:11:27.892Z","lastReviewed":"2026-05-11","source":"https://eurocomply.app/datasets/eu-sme-compliance-checklist.json","pages":[{"slug":"eu-compliance-deadlines-2026","title":"EU compliance deadlines 2026 for SMEs","category":"EU deadlines","pageUrl":"https://eurocomply.app/eu-compliance-deadlines-2026","sourceName":"European Commission business in the EU guidance","sourceUrl":"https://commission.europa.eu/business-economy-euro/doing-business-eu_en","checklist":[{"label":"Create a deadline map","detail":"List each relevant EU law, due date, owner, country and proof needed.","articleRef":"Multi-regulation"},{"label":"Mark customer-facing obligations","detail":"Prioritise obligations likely to appear in procurement, vendor reviews or enterprise questionnaires."},{"label":"Add evidence checkpoints","detail":"Set monthly reminders to collect policy, register, training, supplier and technical evidence."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"EU 2026 compliance calendar"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"EU 2026 compliance calendar"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"EU 2026 compliance calendar"}],"evidence":[{"item":"Applicability decision","why":"Shows whether EU 2026 compliance deadlines applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"eu-regulation-calendar-sme","title":"EU regulation calendar for SMEs","category":"EU deadlines","pageUrl":"https://eurocomply.app/eu-regulation-calendar-sme","sourceName":"European Commission business in the EU guidance","sourceUrl":"https://commission.europa.eu/business-economy-euro/doing-business-eu_en","checklist":[{"label":"Add all applicable regulations","detail":"Start with GDPR, AI Act, NIS2, DORA, Data Act, CRA, EAA, Pay Transparency, GPSR and PPWR."},{"label":"Record the evidence owner","detail":"Every calendar entry should name the person who can produce proof."},{"label":"Flag country dependencies","detail":"Directives and e-invoicing mandates often need country-by-country tracking."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"EU regulation calendar"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"EU regulation calendar"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"EU regulation calendar"}],"evidence":[{"item":"Applicability decision","why":"Shows whether an EU regulation calendar applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"eu-regulation-checklist-sme","title":"EU regulation checklist for SMEs","category":"EU checklist","pageUrl":"https://eurocomply.app/eu-regulation-checklist-sme","sourceName":"European Commission business in the EU guidance","sourceUrl":"https://commission.europa.eu/business-economy-euro/doing-business-eu_en","checklist":[{"label":"Data","detail":"Check GDPR, Data Act, ePrivacy and cloud-switching obligations."},{"label":"Cybersecurity","detail":"Check NIS2, DORA, CRA, GPSR and product-security overlaps."},{"label":"Workforce","detail":"Check Pay Transparency, AI literacy and employee monitoring risks."},{"label":"Products and services","detail":"Check EAA, GPSR, PPWR, ESPR and EU market-entry obligations."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"EU regulation checklist"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"EU regulation checklist"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"EU regulation checklist"}],"evidence":[{"item":"Applicability decision","why":"Shows whether an EU regulation checklist applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"gdpr-compliance-sme","title":"GDPR compliance for SMEs","category":"GDPR","pageUrl":"https://eurocomply.app/gdpr-compliance-sme","sourceName":"European Commission GDPR SME guidance","sourceUrl":"https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/application-regulation/do-rules-apply-smes_en","checklist":[{"label":"Map processing","detail":"List purposes, categories of data, recipients, retention and processors.","articleRef":"Article 30"},{"label":"Confirm lawful basis","detail":"Record the lawful basis for each processing purpose and keep it reviewable.","articleRef":"Article 6"},{"label":"Test DPIA and DPO triggers","detail":"Check high-risk processing, large-scale monitoring and sensitive data use.","articleRef":"Articles 35, 37"},{"label":"Prepare DSAR and breach workflows","detail":"Document request handling, identity checks, deadlines and escalation.","articleRef":"Articles 12-23, 33"}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"GDPR"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"GDPR"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"GDPR"}],"evidence":[{"item":"Applicability decision","why":"Shows whether GDPR compliance for SMEs applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"gdpr-checklist-sme","title":"GDPR checklist for SMEs","category":"GDPR","pageUrl":"https://eurocomply.app/gdpr-checklist-sme","sourceName":"European Commission GDPR SME guidance","sourceUrl":"https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/application-regulation/do-rules-apply-smes_en","checklist":[{"label":"Processing register","detail":"Document each processing activity and whether Article 30 applies.","articleRef":"Article 30"},{"label":"Privacy notices","detail":"Keep website, customer, employee and applicant notices current.","articleRef":"Articles 13-14"},{"label":"Processor controls","detail":"Verify Article 28 contracts and subprocessors for core vendors.","articleRef":"Article 28"},{"label":"Retention and deletion","detail":"Define retention periods and deletion owners by dataset.","articleRef":"Article 5"}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"GDPR checklist"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"GDPR checklist"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"GDPR checklist"}],"evidence":[{"item":"Applicability decision","why":"Shows whether a GDPR checklist applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"nis2-compliance-sme","title":"NIS2 compliance for SMEs","category":"NIS2","pageUrl":"https://eurocomply.app/nis2-compliance-sme","sourceName":"European Commission NIS2 guidance","sourceUrl":"https://digital-strategy.ec.europa.eu/en/policies/nis2-directive","checklist":[{"label":"Confirm sector and size","detail":"Check whether the entity is essential, important, exempt or supply-chain affected.","articleRef":"Articles 2-3"},{"label":"Map Article 21 measures","detail":"Document policies for risk, incident handling, business continuity, supply chain and access control.","articleRef":"Article 21"},{"label":"Prepare incident workflow","detail":"Define detection, classification, escalation, notification and final report owners.","articleRef":"Article 23"}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"NIS2"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"NIS2"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"NIS2"}],"evidence":[{"item":"Applicability decision","why":"Shows whether NIS2 compliance for SMEs applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"nis2-checklist-sme","title":"NIS2 checklist for SMEs","category":"NIS2","pageUrl":"https://eurocomply.app/nis2-checklist-sme","sourceName":"European Commission NIS2 guidance","sourceUrl":"https://digital-strategy.ec.europa.eu/en/policies/nis2-directive","checklist":[{"label":"Risk analysis","detail":"Keep a current risk register for systems and services.","articleRef":"Article 21"},{"label":"Incident handling","detail":"Define severity triggers, roles and reporting templates.","articleRef":"Article 23"},{"label":"Supplier security","detail":"Classify critical vendors and request security evidence.","articleRef":"Article 21"},{"label":"Management approval","detail":"Record board or management review of cybersecurity measures.","articleRef":"Article 20"}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"NIS2 checklist"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"NIS2 checklist"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"NIS2 checklist"}],"evidence":[{"item":"Applicability decision","why":"Shows whether a NIS2 checklist applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"nis2-supplier-checklist","title":"NIS2 supplier checklist","category":"NIS2","pageUrl":"https://eurocomply.app/nis2-supplier-checklist","sourceName":"European Commission NIS2 guidance","sourceUrl":"https://digital-strategy.ec.europa.eu/en/policies/nis2-directive","checklist":[{"label":"Security policy pack","detail":"Prepare access, incident, continuity, backup and vulnerability policies."},{"label":"Incident contacts","detail":"Provide named contacts and escalation times for security events."},{"label":"Subprocessor list","detail":"List critical providers and where customer data or operations depend on them."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"NIS2 supplier evidence"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"NIS2 supplier evidence"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"NIS2 supplier evidence"}],"evidence":[{"item":"Applicability decision","why":"Shows whether NIS2 supplier readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"dora-compliance-checklist","title":"DORA compliance checklist","category":"DORA","pageUrl":"https://eurocomply.app/dora-compliance-checklist","sourceName":"ESMA DORA guidance","sourceUrl":"https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/digital-operational-resilience-act-dora","checklist":[{"label":"ICT risk framework","detail":"Document governance, risk appetite, controls and review cadence.","articleRef":"Articles 5-16"},{"label":"Incident reporting","detail":"Prepare classification and notification workflow for major ICT incidents.","articleRef":"Articles 17-23"},{"label":"Third-party register","detail":"Maintain ICT provider contracts, criticality, exit plans and concentration risk.","articleRef":"Articles 28-30"}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"DORA"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"DORA"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"DORA"}],"evidence":[{"item":"Applicability decision","why":"Shows whether DORA compliance applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"dora-ict-register-template","title":"DORA ICT register template","category":"DORA","pageUrl":"https://eurocomply.app/dora-ict-register-template","sourceName":"ESMA DORA guidance","sourceUrl":"https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/digital-operational-resilience-act-dora","checklist":[{"label":"Provider identity","detail":"Record legal name, service, contract owner and business process."},{"label":"Criticality","detail":"Assess service criticality, dependencies and concentration risk."},{"label":"Exit and incident data","detail":"Keep exit plan, incident contact, SLA and renewal date."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"DORA ICT register"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"DORA ICT register"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"DORA ICT register"}],"evidence":[{"item":"Applicability decision","why":"Shows whether a DORA ICT register applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"dora-for-ict-providers","title":"DORA for ICT providers","category":"DORA","pageUrl":"https://eurocomply.app/dora-for-ict-providers","sourceName":"ESMA DORA guidance","sourceUrl":"https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/digital-operational-resilience-act-dora","checklist":[{"label":"Contract readiness","detail":"Prepare standard responses for audit, incident, subcontractor and exit clauses."},{"label":"Operational resilience","detail":"Document uptime, backup, recovery, testing and monitoring controls."},{"label":"Subcontractor transparency","detail":"List critical dependencies and notification process for material changes."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"DORA ICT provider readiness"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"DORA ICT provider readiness"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"DORA ICT provider readiness"}],"evidence":[{"item":"Applicability decision","why":"Shows whether DORA readiness for ICT providers applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"eu-e-invoicing-requirements","title":"EU e-invoicing requirements for SMEs","category":"E-invoicing","pageUrl":"https://eurocomply.app/eu-e-invoicing-requirements","sourceName":"European Commission VAT in the Digital Age","sourceUrl":"https://taxation-customs.ec.europa.eu/taxation/vat/vat-digital-age-vida_en","checklist":[{"label":"Map countries","detail":"List VAT establishments and countries where domestic B2B mandates apply."},{"label":"Confirm formats","detail":"Record accepted format and platform for each country."},{"label":"Test system readiness","detail":"Validate whether accounting tools can receive, send and archive structured invoices."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"EU e-invoicing"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"EU e-invoicing"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"EU e-invoicing"}],"evidence":[{"item":"Applicability decision","why":"Shows whether EU e-invoicing readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"france-e-invoicing-sme","title":"France e-invoicing for SMEs","category":"E-invoicing","pageUrl":"https://eurocomply.app/france-e-invoicing-sme","sourceName":"European Commission VAT in the Digital Age","sourceUrl":"https://taxation-customs.ec.europa.eu/taxation/vat/vat-digital-age-vida_en","checklist":[{"label":"Confirm phase","detail":"Identify whether the SME must receive, issue or report in the current phase."},{"label":"Clean master data","detail":"Review VAT IDs, customer names, addresses and invoice categories."},{"label":"Test with provider","detail":"Run format and workflow tests before the live date."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"France e-invoicing"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"France e-invoicing"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"France e-invoicing"}],"evidence":[{"item":"Applicability decision","why":"Shows whether France e-invoicing readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"germany-e-invoicing-sme","title":"Germany e-invoicing for SMEs","category":"E-invoicing","pageUrl":"https://eurocomply.app/germany-e-invoicing-sme","sourceName":"European Commission VAT in the Digital Age","sourceUrl":"https://taxation-customs.ec.europa.eu/taxation/vat/vat-digital-age-vida_en","checklist":[{"label":"Receive readiness","detail":"Confirm the SME can receive and process structured invoices."},{"label":"Send readiness","detail":"Check whether revenue, transaction type or deadline triggers sending obligations."},{"label":"Archive and validate","detail":"Document storage, validation, exception and correction workflows."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"Germany e-invoicing"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"Germany e-invoicing"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"Germany e-invoicing"}],"evidence":[{"item":"Applicability decision","why":"Shows whether Germany e-invoicing readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"european-accessibility-act-sme","title":"European Accessibility Act for SMEs","category":"Accessibility","pageUrl":"https://eurocomply.app/european-accessibility-act-sme","sourceName":"European Commission European Accessibility Act guidance","sourceUrl":"https://commission.europa.eu/strategy-and-policy/policies/justice-and-fundamental-rights/disability/european-accessibility-act-eaa_en","checklist":[{"label":"Confirm covered service","detail":"Check whether e-commerce, banking, transport, telecoms, e-books or covered devices apply."},{"label":"Test customer journeys","detail":"Check keyboard navigation, forms, checkout, account creation and support channels."},{"label":"Retain conformance evidence","detail":"Keep audit notes, fixes, accessibility statement and review cadence."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"European Accessibility Act"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"European Accessibility Act"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"European Accessibility Act"}],"evidence":[{"item":"Applicability decision","why":"Shows whether European Accessibility Act readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"eaa-website-checklist","title":"EAA website checklist","category":"Accessibility","pageUrl":"https://eurocomply.app/eaa-website-checklist","sourceName":"European Commission European Accessibility Act guidance","sourceUrl":"https://commission.europa.eu/strategy-and-policy/policies/justice-and-fundamental-rights/disability/european-accessibility-act-eaa_en","checklist":[{"label":"Keyboard and focus","detail":"Every interactive element should be reachable and visible by keyboard."},{"label":"Form errors","detail":"Errors should be clear, associated with fields and available to assistive tech."},{"label":"Checkout path","detail":"Test cart, payment, confirmation, cancellation and support paths."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"EAA website checklist"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"EAA website checklist"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"EAA website checklist"}],"evidence":[{"item":"Applicability decision","why":"Shows whether an EAA website checklist applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"cyber-resilience-act-sme","title":"Cyber Resilience Act for SMEs","category":"CRA","pageUrl":"https://eurocomply.app/cyber-resilience-act-sme","sourceName":"European Commission Cyber Resilience Act summary","sourceUrl":"https://digital-strategy.ec.europa.eu/en/policies/cra-summary","checklist":[{"label":"Confirm product scope","detail":"Check whether software, hardware or remote data processing falls in scope."},{"label":"Build vulnerability process","detail":"Define intake, triage, patching, disclosure and reporting workflow.","articleRef":"Article 14"},{"label":"Prepare technical file","detail":"Document security requirements, testing, support period and user instructions."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"Cyber Resilience Act"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"Cyber Resilience Act"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"Cyber Resilience Act"}],"evidence":[{"item":"Applicability decision","why":"Shows whether Cyber Resilience Act readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"cra-software-checklist","title":"CRA software checklist","category":"CRA","pageUrl":"https://eurocomply.app/cra-software-checklist","sourceName":"European Commission Cyber Resilience Act summary","sourceUrl":"https://digital-strategy.ec.europa.eu/en/policies/cra-summary","checklist":[{"label":"SBOM and dependencies","detail":"Track components, versions, licences and vulnerability exposure."},{"label":"Secure release process","detail":"Document testing, code review, security checks and release approval."},{"label":"Patch support","detail":"Define support period, update mechanism and customer communication."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"CRA software checklist"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"CRA software checklist"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"CRA software checklist"}],"evidence":[{"item":"Applicability decision","why":"Shows whether CRA software readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"cra-saas-product-checklist","title":"CRA SaaS product checklist","category":"CRA","pageUrl":"https://eurocomply.app/cra-saas-product-checklist","sourceName":"European Commission Cyber Resilience Act summary","sourceUrl":"https://digital-strategy.ec.europa.eu/en/policies/cra-summary","checklist":[{"label":"Scope decision","detail":"Record why the SaaS product is in scope, out of scope or partially in scope."},{"label":"Secure SDLC","detail":"Link product releases to security tests and dependency checks."},{"label":"Customer evidence","detail":"Prepare support period, vulnerability contact and update policy."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"CRA SaaS readiness"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"CRA SaaS readiness"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"CRA SaaS readiness"}],"evidence":[{"item":"Applicability decision","why":"Shows whether CRA SaaS readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"data-act-compliance-sme","title":"EU Data Act compliance for SMEs","category":"Data Act","pageUrl":"https://eurocomply.app/data-act-compliance-sme","sourceName":"European Commission Data Act guidance","sourceUrl":"https://digital-strategy.ec.europa.eu/en/policies/data-act","checklist":[{"label":"Map generated data","detail":"List product, service, telemetry and user-generated data categories."},{"label":"Define access workflow","detail":"Document who can request data, approval, format and delivery route."},{"label":"Review contracts","detail":"Check unfair terms, data-use rights and cloud-switching provisions."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"EU Data Act"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"EU Data Act"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"EU Data Act"}],"evidence":[{"item":"Applicability decision","why":"Shows whether EU Data Act compliance applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"data-act-checklist","title":"EU Data Act checklist","category":"Data Act","pageUrl":"https://eurocomply.app/data-act-checklist","sourceName":"European Commission Data Act guidance","sourceUrl":"https://digital-strategy.ec.europa.eu/en/policies/data-act","checklist":[{"label":"Data categories","detail":"Identify raw, processed, inferred and user-generated data."},{"label":"Access rights","detail":"Define request identity, eligibility, format, limits and timeline."},{"label":"Trade secrets","detail":"Document protection measures where shared data could reveal confidential information."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"EU Data Act checklist"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"EU Data Act checklist"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"EU Data Act checklist"}],"evidence":[{"item":"Applicability decision","why":"Shows whether a Data Act checklist applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"data-act-cloud-switching","title":"Data Act cloud switching checklist","category":"Data Act","pageUrl":"https://eurocomply.app/data-act-cloud-switching","sourceName":"European Commission Data Act guidance","sourceUrl":"https://digital-strategy.ec.europa.eu/en/policies/data-act","checklist":[{"label":"Export format","detail":"Confirm which data can be exported and in what format."},{"label":"Migration support","detail":"Record provider support, timelines, cost and responsibilities."},{"label":"Deletion and continuity","detail":"Define deletion proof, parallel run, rollback and downtime tolerance."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"Data Act cloud switching"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"Data Act cloud switching"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"Data Act cloud switching"}],"evidence":[{"item":"Applicability decision","why":"Shows whether Data Act cloud switching readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"pay-transparency-directive-sme","title":"Pay Transparency Directive for SMEs","category":"Pay Transparency","pageUrl":"https://eurocomply.app/pay-transparency-directive-sme","sourceName":"European Commission equal pay and pay transparency guidance","sourceUrl":"https://commission.europa.eu/strategy-and-policy/policies/justice-and-fundamental-rights/gender-equality/equal-pay/eu-action-equal-pay_en","checklist":[{"label":"Add salary ranges","detail":"Prepare role ranges for job adverts or pre-interview disclosure.","articleRef":"Article 5"},{"label":"Remove pay history questions","detail":"Update recruiter scripts, application forms and agency instructions.","articleRef":"Article 5"},{"label":"Document pay criteria","detail":"Record objective, gender-neutral criteria for pay and progression.","articleRef":"Articles 6-7"}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"Pay Transparency Directive"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"Pay Transparency Directive"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"Pay Transparency Directive"}],"evidence":[{"item":"Applicability decision","why":"Shows whether Pay Transparency Directive readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"salary-range-job-ads-eu","title":"EU salary range job ads checklist","category":"Pay Transparency","pageUrl":"https://eurocomply.app/salary-range-job-ads-eu","sourceName":"European Commission equal pay and pay transparency guidance","sourceUrl":"https://commission.europa.eu/strategy-and-policy/policies/justice-and-fundamental-rights/gender-equality/equal-pay/eu-action-equal-pay_en","checklist":[{"label":"Role bands","detail":"Create salary ranges for each role, level and location."},{"label":"Template update","detail":"Add salary range fields to job adverts and recruitment systems."},{"label":"Recruiter training","detail":"Remove pay-history questions from scripts, forms and agency briefs."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"EU salary range job ads"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"EU salary range job ads"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"EU salary range job ads"}],"evidence":[{"item":"Applicability decision","why":"Shows whether salary range job ad readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"pay-gap-reporting-checklist","title":"Pay gap reporting checklist","category":"Pay Transparency","pageUrl":"https://eurocomply.app/pay-gap-reporting-checklist","sourceName":"European Commission equal pay and pay transparency guidance","sourceUrl":"https://commission.europa.eu/strategy-and-policy/policies/justice-and-fundamental-rights/gender-equality/equal-pay/eu-action-equal-pay_en","checklist":[{"label":"Confirm threshold","detail":"Check employee headcount and national implementation."},{"label":"Define comparator groups","detail":"Create objective categories for same work or work of equal value."},{"label":"Prepare justification file","detail":"Record objective reasons for pay differences and remediation plans."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"Pay gap reporting"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"Pay gap reporting"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"Pay gap reporting"}],"evidence":[{"item":"Applicability decision","why":"Shows whether pay gap reporting readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"eu-product-compliance-sme","title":"EU product compliance for SMEs","category":"Product compliance","pageUrl":"https://eurocomply.app/eu-product-compliance-sme","sourceName":"EUR-Lex Regulation (EU) 2023/988","sourceUrl":"https://eur-lex.europa.eu/eli/reg/2023/988/oj/eng","checklist":[{"label":"Role classification","detail":"Confirm manufacturer, importer, distributor, marketplace or authorised representative role."},{"label":"Product law map","detail":"Check GPSR, CRA, PPWR, ESPR, EAA and sector-specific rules."},{"label":"Evidence pack","detail":"Keep technical documentation, labels, instructions, safety and supplier records."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"EU product compliance"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"EU product compliance"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"EU product compliance"}],"evidence":[{"item":"Applicability decision","why":"Shows whether EU product compliance applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"gpsr-checklist","title":"GPSR checklist for SMEs","category":"Product compliance","pageUrl":"https://eurocomply.app/gpsr-checklist","sourceName":"EUR-Lex Regulation (EU) 2023/988","sourceUrl":"https://eur-lex.europa.eu/eli/reg/2023/988/oj/eng","checklist":[{"label":"Risk analysis","detail":"Assess foreseeable safety risks before placing products on the market."},{"label":"Traceability","detail":"Keep product, batch, manufacturer, importer and supplier records."},{"label":"Recall process","detail":"Prepare complaint, accident, corrective action and authority notification workflow."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"GPSR"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"GPSR"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"GPSR"}],"evidence":[{"item":"Applicability decision","why":"Shows whether GPSR readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"packaging-regulation-ppwr-sme","title":"Packaging Regulation PPWR for SMEs","category":"Product compliance","pageUrl":"https://eurocomply.app/packaging-regulation-ppwr-sme","sourceName":"European Commission packaging waste guidance","sourceUrl":"https://environment.ec.europa.eu/topics/waste-and-recycling/packaging-waste_en","checklist":[{"label":"Packaging inventory","detail":"List all packaging types, materials, suppliers and markets."},{"label":"Claims and labels","detail":"Review recyclable, compostable, recycled-content and sustainability claims."},{"label":"Supplier data","detail":"Collect material composition, recyclability and compliance evidence from suppliers."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"PPWR"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"PPWR"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"PPWR"}],"evidence":[{"item":"Applicability decision","why":"Shows whether PPWR readiness applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"eu-market-entry-compliance-saas","title":"EU market entry compliance for SaaS","category":"Market entry","pageUrl":"https://eurocomply.app/eu-market-entry-compliance-saas","sourceName":"European Commission business in the EU guidance","sourceUrl":"https://commission.europa.eu/business-economy-euro/doing-business-eu_en","checklist":[{"label":"Data protection","detail":"Map personal data, processors, transfers, cookies and privacy notices."},{"label":"AI and data","detail":"Classify AI features and Data Act cloud-switching implications."},{"label":"Enterprise evidence","detail":"Prepare NIS2 and DORA-style security evidence for regulated customers."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"EU SaaS market entry"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"EU SaaS market entry"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"EU SaaS market entry"}],"evidence":[{"item":"Applicability decision","why":"Shows whether EU SaaS market entry compliance applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"us-company-selling-to-eu-compliance","title":"US company selling to EU compliance checklist","category":"Market entry","pageUrl":"https://eurocomply.app/us-company-selling-to-eu-compliance","sourceName":"European Commission business in the EU guidance","sourceUrl":"https://commission.europa.eu/business-economy-euro/doing-business-eu_en","checklist":[{"label":"GDPR scope","detail":"Check targeting, personal data processing, representative duties and transfers."},{"label":"Product or SaaS scope","detail":"Check AI Act, CRA, GPSR, EAA and Data Act depending on product type."},{"label":"Contract readiness","detail":"Prepare DPA, SCCs where needed, subprocessors, security terms and support commitments."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"US-to-EU market entry"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"US-to-EU market entry"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"US-to-EU market entry"}],"evidence":[{"item":"Applicability decision","why":"Shows whether US company EU compliance applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"best-ai-act-compliance-software","title":"Best AI Act compliance software for SMEs","category":"Software comparison","pageUrl":"https://eurocomply.app/best-ai-act-compliance-software","sourceName":"EuroComply EU compliance software research","sourceUrl":"https://eurocomply.app/research/eu-sme-compliance-readiness-2026","checklist":[{"label":"Classification depth","detail":"Check whether the tool maps Article 5, Article 6 and Annex III rather than only asking generic AI questions."},{"label":"Evidence workflow","detail":"Look for owner, deadline, evidence and status fields, not only a static PDF output."},{"label":"Data sovereignty","detail":"Check where assessment data and AI analysis are processed before entering sensitive system information."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"AI Act software selection"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"AI Act software selection"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"AI Act software selection"}],"evidence":[{"item":"Applicability decision","why":"Shows whether AI Act software evaluation applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"best-gdpr-compliance-software-sme","title":"Best GDPR compliance software for SMEs","category":"Software comparison","pageUrl":"https://eurocomply.app/best-gdpr-compliance-software-sme","sourceName":"EuroComply EU compliance software research","sourceUrl":"https://eurocomply.app/research/eu-sme-compliance-readiness-2026","checklist":[{"label":"ROPA support","detail":"Confirm the tool can maintain processing purposes, data categories, recipients, transfers and retention."},{"label":"DPIA workflow","detail":"Check whether high-risk processing can trigger a structured DPIA with mitigation actions."},{"label":"Breach readiness","detail":"Look for incident timelines, authority notification evidence and post-incident action tracking."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"GDPR software selection"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"GDPR software selection"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"GDPR software selection"}],"evidence":[{"item":"Applicability decision","why":"Shows whether GDPR software evaluation applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"nis2-compliance-tool","title":"NIS2 compliance tool for SMEs","category":"Software comparison","pageUrl":"https://eurocomply.app/nis2-compliance-tool","sourceName":"EuroComply EU compliance software research","sourceUrl":"https://eurocomply.app/research/eu-sme-compliance-readiness-2026","checklist":[{"label":"Scope engine","detail":"Check sector, size, country and critical-service triggers before buying a workflow tool."},{"label":"Incident timeline","detail":"Look for early-warning, notification and final-report reminders with evidence retention."},{"label":"Supplier workflow","detail":"Confirm the tool tracks supplier questionnaires, security clauses and unresolved risk."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"NIS2 tool selection"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"NIS2 tool selection"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"NIS2 tool selection"}],"evidence":[{"item":"Applicability decision","why":"Shows whether NIS2 tool evaluation applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"onetrust-alternative-for-smes","title":"OneTrust alternative for SMEs","category":"Software comparison","pageUrl":"https://eurocomply.app/onetrust-alternative-for-smes","sourceName":"EuroComply EU compliance software research","sourceUrl":"https://eurocomply.app/research/eu-sme-compliance-readiness-2026","checklist":[{"label":"Implementation effort","detail":"Check whether the tool can be used by one operator rather than a dedicated privacy operations team."},{"label":"EU regulation coverage","detail":"Confirm coverage for AI Act, NIS2, DORA, Data Act and pay transparency, not only privacy workflows."},{"label":"Pricing transparency","detail":"Prefer published pricing and useful free diagnostics before entering a sales-led process."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"OneTrust alternative evaluation"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"OneTrust alternative evaluation"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"OneTrust alternative evaluation"}],"evidence":[{"item":"Applicability decision","why":"Shows whether OneTrust alternative evaluation applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]},{"slug":"dataguard-alternative","title":"DataGuard alternative for EU compliance","category":"Software comparison","pageUrl":"https://eurocomply.app/dataguard-alternative","sourceName":"EuroComply EU compliance software research","sourceUrl":"https://eurocomply.app/research/eu-sme-compliance-readiness-2026","checklist":[{"label":"Self-serve diagnostics","detail":"Check whether useful scope and action results are visible before a demo or sales call."},{"label":"AI Act and NIS2 coverage","detail":"Confirm coverage beyond GDPR if the company uses AI or sells to regulated customers."},{"label":"Evidence export","detail":"Validate whether assessments can become board, customer or audit evidence."}],"actions":[{"timeframe":"First 30 days","title":"Confirm scope and assign an owner","evidence":"Applicability note, business owner, systems or product list, and source links.","regulation":"DataGuard alternative evaluation"},{"timeframe":"Days 31-60","title":"Close the evidence gaps","evidence":"Policies, supplier records, data maps, technical notes, training records, or process owners.","regulation":"DataGuard alternative evaluation"},{"timeframe":"Days 61-90","title":"Prepare for audit or customer review","evidence":"Versioned compliance file, action log, exception register, and next review date.","regulation":"DataGuard alternative evaluation"}],"evidence":[{"item":"Applicability decision","why":"Shows whether DataGuard alternative evaluation applies and why the SME made that decision.","retain":"Scope memo, trigger criteria, country notes, owner approval, and review date."},{"item":"Action owner list","why":"Regulators and enterprise customers expect named accountability, not generic intent.","retain":"Owner, backup owner, due date, status, and unresolved blocker notes."},{"item":"Evidence folder","why":"The fastest way to answer customer due diligence is a single audit-ready evidence file.","retain":"Policies, screenshots, registers, exports, supplier responses, and training records."}]}]}