EU Regulation Decision Trees
Do I need to comply with EU compliance regulations?
Not sure which EU regulations apply to your product? Answer 6–10 plain-language questions and get a clear answer — with specific next steps. No legal jargon. Free.
GDPR
The General Data Protection Regulation governs how EU personal data is collected, processed, and stored. These trees help you determine scope, lawful basis, DPO and DPIA requirements.
GDPR
Do I need GDPR compliance as a SaaS startup?
Answer 6 quick questions to find out whether GDPR applies to your SaaS startup and what your first compliance steps should be.
GDPR
GDPR requirements for an ecommerce site
Find out which GDPR obligations apply to your ecommerce site in 7 questions covering cookies, payments, marketing, and cross-border data transfers.
GDPR
Do I need GDPR compliance if my company is not in the EU?
GDPR has extraterritorial reach. Use this 6-question tree to find out whether your non-EU company must comply and what to do next.
GDPR
Do I need a Data Protection Officer (DPO)?
Under GDPR Article 37, certain organisations must appoint a DPO. Answer 6 questions to find out if you need one and what the role involves.
GDPR
Do I need a DPIA for this processing activity?
A Data Protection Impact Assessment (DPIA) is mandatory for high-risk processing. Answer 7 questions to find out if your activity requires one.
EU AI Act
The world's first comprehensive AI law. These trees classify your AI system's risk tier and map out provider and deployer obligations by August 2026.
EU AI Act
Does the EU AI Act apply to my product?
Answer 7 questions to find out whether your product or organisation falls under the EU AI Act's scope and which obligations you face.
EU AI Act
What EU AI Act risk tier is my AI system?
8 questions to classify your AI system as prohibited, high-risk, limited-risk, or minimal-risk under the EU AI Act.
EU AI Act
Is my model a General Purpose AI Model under Article 53?
6 questions to determine whether your AI model qualifies as a GPAI under the EU AI Act and what obligations Article 53 imposes on you.
EU AI Act
What are my obligations if I deploy (not develop) AI?
If you use an AI system built by someone else, you are a 'deployer' under the EU AI Act. 7 questions to find your specific obligations.
NIS2
The Network and Information Security Directive 2 extends cybersecurity obligations across 18 critical sectors. Determine whether you are in scope and whether you are essential or important.
NIS2
Is my company in NIS2 scope?
NIS2 applies to organisations in 18 critical sectors. Answer 7 questions to find out if you are in scope and what obligations you face.
NIS2
Am I an essential or important entity under NIS2?
The NIS2 distinction between essential and important entities affects your supervision, fines, and deadlines. Answer 6 questions to find out which you are.
DORA
The Digital Operational Resilience Act has applied to EU financial entities since January 2025. Find out if DORA applies and which ICT resilience requirements you must meet.
Next step — classify
Run the full regulation checker
Not sure where to start? The regulation checker covers all 20+ EU regulations in 5 questions — no decision tree required.
Decision trees are for informational purposes only and do not constitute legal advice. Consult qualified legal counsel for your specific compliance situation.