> ## Documentation Index
> Fetch the complete documentation index at: https://docs.regpilot.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance Management

> Manage AI compliance across EU AI Act, GDPR, and ISO 27001

## Compliance Management

RegPilot's compliance management system helps you track, manage, and maintain compliance across multiple regulatory frameworks including EU AI Act, GDPR, ISO 27001, and SOC 2.

## Supported Frameworks

<Tabs>
  <Tab title="EU AI Act">
    * Risk classification and assessment
    * High-risk system requirements
    * Prohibited practices monitoring
    * Transparency obligations
    * Technical documentation
  </Tab>

  <Tab title="GDPR">
    * Personal data protection
    * Data subject rights
    * Consent management
    * Data breach notifications
    * Privacy impact assessments
  </Tab>

  <Tab title="ISO 27001">
    * Information security controls
    * Risk management
    * Access controls
    * Incident response
  </Tab>

  <Tab title="Custom Frameworks">
    * Define your own compliance rules
    * Custom validation logic
    * Industry-specific requirements
  </Tab>
</Tabs>

## Compliance Score

Your compliance score is calculated based on:

* **Active Violations**: Number and severity of current violations
* **Model Compliance**: Risk classification alignment
* **Documentation**: Completeness of technical documentation
* **Monitoring**: Active monitoring and logging
* **Policies**: Defined and enforced policies

Score ranges:

* 90-100: Excellent compliance
* 70-89: Good compliance
* 50-69: Needs improvement
* Below 50: Critical issues

## Managing Compliance

### View Compliance Status

```bash theme={null}
GET /api/compliance/projects/:projectId/status
```

Response:

```json theme={null}
{
  "overall_score": 87,
  "frameworks": {
    "eu_ai_act": {
      "score": 92,
      "status": "compliant",
      "violations": 2
    },
    "gdpr": {
      "score": 85,
      "status": "compliant",
      "violations": 5
    }
  }
}
```

### Create Compliance Policy

Define custom compliance rules:

```typescript theme={null}
const policy = await regpilot.compliance.policies.create({
  name: "Customer Data Protection",
  framework: "GDPR",
  rules: [
    {
      type: "data_retention",
      max_days: 90,
      severity: "high"
    },
    {
      type: "consent_required",
      data_types: ["personal_info", "financial"],
      severity: "critical"
    }
  ]
});
```

## Compliance Reports

Generate compliance reports for audits:

<Steps>
  <Step title="Select Framework">
    Choose which frameworks to include (EU AI Act, GDPR, etc.)
  </Step>

  <Step title="Set Date Range">
    Select reporting period
  </Step>

  <Step title="Include Sections">
    * Executive summary
    * Violations log
    * Model registry
    * Technical documentation
  </Step>

  <Step title="Export">
    Download as PDF or send via email
  </Step>
</Steps>

## Next Steps

<CardGroup cols={2}>
  <Card title="Violations" icon="exclamation-triangle" href="/features/violations-tracking">
    Track and resolve violations
  </Card>

  <Card title="Policies" icon="shield" href="/features/policies">
    Create compliance policies
  </Card>
</CardGroup>