Resources

EU Compliance Checklists

Step-by-step checklists for every major EU regulation — structured around the actual articles and obligations you need to address.

How the Checklists Work

Each checklist is built directly from the articles of the relevant regulation. Instead of generic compliance advice, every item maps to a specific legal obligation. Use the checklist to track your progress, and click through to Law4Devs to read the full regulatory text for each article.

  • Identify — Determine which articles apply to your organisation based on sector, size, and activities
  • Assess — Evaluate your current compliance status for each applicable article
  • Implement — Put in place the required technical, organisational, or procedural measures
  • Document — Record your compliance evidence for each obligation
  • Monitor — Track amendments and updates via Law4Devs to stay current

Checklists by Regulation

GDPR6 key items

General Data Protection Regulation

  • Article 5 — Principles
  • Article 6 — Lawfulness
  • Article 7 — Consent
  • Article 15 — Right of Access
  • Article 17 — Right to Erasure
  • Article 25 — Data Protection by Design
View compliance guide →Technical reference →
NIS26 key items

NIS2 Directive

  • Article 2 — Scope
  • Article 3 — Essential Entities
  • Article 4 — Important Entities
  • Article 20 — Security Requirements
  • Article 21 — Incident Reporting
  • Article 23 — Supply Chain Security
View compliance guide →Technical reference →
CRA6 key items

Cyber Resilience Act

  • Article 2 — Scope
  • Article 3 — Definitions
  • Article 4 — Classification
  • Article 8 — Security Requirements
  • Article 10 — Vulnerability Handling
  • Article 11 — SBOM Requirements
View compliance guide →Technical reference →
AI Act6 key items

AI Act

  • Article 3 — Definitions
  • Article 5 — Prohibited Practices
  • Article 6 — Risk Classification
  • Article 8 — High-Risk Requirements
  • Article 9 — Risk Management
  • Article 10 — Data Governance
View compliance guide →Technical reference →
DORA6 key items

Digital Operational Resilience Act

  • Article 1 — Subject Matter
  • Article 2 — Scope
  • Article 4 — ICT Risk Management
  • Article 5 — ICT Governance
  • Article 8 — Incident Reporting
  • Article 11 — Resilience Testing
View compliance guide →Technical reference →
DSA6 key items

Digital Services Act

  • Article 2 — Scope
  • Article 3 — Definitions
  • Article 12 — Mere Conduit
  • Article 16 — Notice and Action
  • Article 20 — Online Platforms
  • Article 24 — Transparency Reporting
View compliance guide →Technical reference →
eIDAS6 key items

eIDAS Regulation (EU) No 910/2014

  • Article 3 — Definitions
  • Article 6 — Mutual Recognition
  • Article 8 — Assurance Levels
  • Article 19 — Security Requirements for TSPs
  • Article 24 — Qualified Trust Service Providers
  • Article 25 — Legal Effects of Electronic Signatures
View compliance guide →Technical reference →
eIDAS 2.06 key items

European Digital Identity Regulation (EU) 2024/1183

  • Article 1 — Subject Matter and Scope (amended)
  • Article 5a — European Digital Identity Wallets
  • Article 5b — Relying Parties
  • Article 5c — Electronic Attestations of Attributes
  • Article 6a — Cross-border Identity Matching
  • Article 24 — Qualified Trust Service Providers (amended)
View compliance guide →Technical reference →
DMA6 key items

Digital Markets Act (EU) 2022/1925

  • Article 1 — Subject Matter and Scope
  • Article 2 — Definitions
  • Article 3 — Designation of Gatekeepers
  • Article 5 — Obligations for Gatekeepers
  • Article 6 — Obligations Susceptible to Further Specification
  • Article 7 — Interoperability of Messaging
View compliance guide →Technical reference →
Data Act6 key items

EU Data Act (EU) 2023/2854

  • Article 1 — Subject Matter and Scope
  • Article 3 — Obligation to Make Data Accessible
  • Article 4 — Right of Users to Access Data
  • Article 5 — Right to Share Data with Third Parties
  • Article 8 — Unfair Contractual Terms
  • Article 14 — B2B Data Sharing Obligations
View compliance guide →Technical reference →
DGA6 key items

Data Governance Act (EU) 2022/868

  • Article 1 — Subject Matter and Scope
  • Article 3 — Categories of Protected Data
  • Article 5 — Conditions for Re-use
  • Article 7 — Competent Bodies
  • Article 10 — Data Intermediation Services
  • Article 11 — Notification Requirements
View compliance guide →Technical reference →
CER6 key items

Critical Entities Resilience Directive (EU) 2022/2557

  • Article 1 — Subject Matter and Scope
  • Article 2 — Definitions
  • Article 4 — National Strategy
  • Article 5 — National Risk Assessment
  • Article 6 — Identification of Critical Entities
  • Article 8 — Critical Entities of Particular European Significance
View compliance guide →Technical reference →
PSD26 key items

Payment Services Directive 2 (EU) 2015/2366

  • Article 1 — Subject Matter
  • Article 4 — Definitions
  • Article 5 — Authorisation of Payment Institutions
  • Article 11 — Passporting
  • Article 33 — Access to Payment Account Services
  • Article 66 — Payment Initiation Services
View compliance guide →Technical reference →
MiCA6 key items

Markets in Crypto-Assets Regulation (EU) 2023/1114

  • Article 1 — Subject Matter
  • Article 3 — Definitions
  • Article 4 — Offers to the Public
  • Article 6 — White Paper Requirements
  • Article 16 — Asset-Referenced Tokens
  • Article 48 — E-Money Tokens
View compliance guide →Technical reference →
CSA6 key items

EU Cybersecurity Act (EU) 2019/881

  • Article 1 — Subject Matter and Scope
  • Article 3 — ENISA Objectives
  • Article 4 — ENISA Tasks
  • Article 46 — European Cybersecurity Certification Framework
  • Article 49 — Certification Schemes
  • Article 52 — Assurance Levels
View compliance guide →Technical reference →
ePD6 key items

ePrivacy Directive 2002/58/EC

  • Article 2 — Definitions
  • Article 4 — Security
  • Article 5 — Confidentiality of Communications
  • Article 5(3) — Cookies and Similar Technologies
  • Article 6 — Traffic Data
  • Article 9 — Location Data
View compliance guide →Technical reference →
RED6 key items

Radio Equipment Directive 2014/53/EU

  • Article 1 — Subject Matter and Scope
  • Article 2 — Definitions
  • Article 3 — Essential Requirements
  • Article 3(3)(d) — Network Protection
  • Article 3(3)(e) — Privacy Safeguards
  • Article 3(3)(f) — Fraud Prevention
View compliance guide →Technical reference →
CSRD6 key items

Corporate Sustainability Reporting Directive (EU) 2022/2464

  • Article 1 — Amendments to the Accounting Directive
  • Article 19a — Sustainability Reporting
  • Article 19b — Sustainability Reporting Standards
  • Article 19c — Consolidated Sustainability Reporting
  • Article 26a — Assurance of Sustainability Reporting
  • Article 29a — Third-Country Companies
View compliance guide →Technical reference →

Frequently Asked Questions

How do I use these compliance checklists?

Each checklist is structured around the key articles of the relevant regulation. Work through each item systematically: identify whether the article applies to your organisation, assess your current compliance status, implement any required measures, and document your compliance evidence. Law4Devs provides the full regulatory text for each article so you can read the exact legal requirements.

Are these checklists legally binding?

These checklists are guidance tools, not legal advice. They are based on the text of EU regulations sourced verbatim from EUR-Lex. For specific legal questions, consult a qualified legal professional. The checklists are designed to help you identify relevant obligations and track your compliance progress.

How often should I review my compliance?

Compliance is an ongoing process. We recommend reviewing your compliance posture at least quarterly, and whenever a regulation is amended. Law4Devs tracks EUR-Lex amendments automatically so you always have the latest regulatory text.

Automate Your Compliance Tracking

Access the full regulatory text for every checklist item — structured, queryable, and always up to date.

Get API Key →View Demo