> ## Documentation Index > Fetch the complete documentation index at: https://docs.regpilot.dev/llms.txt > Use this file to discover all available pages before exploring further. # Compliance Workflows > Set up automated compliance workflows for EU AI Act and GDPR # Compliance Workflows Automate your compliance processes with RegPilot's workflow system. ## Overview RegPilot provides automated workflows to help you maintain continuous compliance with: * **EU AI Act** - Risk assessment, documentation, monitoring * **GDPR** - Data protection, privacy controls * **Custom Regulations** - Organization-specific requirements ## Quick Start Workflow ### 1. Enable Compliance Monitoring ```typescript theme={null} // Enable monitoring on your project const response = await fetch('https://regpilot.dev/api/projects/settings', { method: 'PATCH', headers: { 'X-API-Key': process.env.REGPILOT_API_KEY }, body: JSON.stringify({ complianceMonitoring: true, frameworks: ['EU_AI_ACT', 'GDPR'] }) }); ``` ### 2. Configure Alert Rules Set up automatic alerts for compliance violations: ```typescript theme={null} const alertConfig = { riskLevel: 'high', channels: ['email', 'slack'], triggers: { governorViolations: true, riskScoreThreshold: 70, missingDocumentation: true } }; ``` ### 3. Review Dashboard Monitor your compliance status: * Real-time violation tracking * Compliance score trending * Required documentation status * Upcoming deadline alerts ## Standard Workflows ### EU AI Act Compliance Workflow **1. Risk Classification** * Automatic risk assessment for all AI models * Classification: Minimal, Limited, High, Unacceptable **2. Documentation Generation** * Auto-generate required technical documentation * Track document versions and updates * Maintain audit trail **3. Continuous Monitoring** * Real-time content validation via Governor * Automated risk scoring * Performance monitoring **4. Incident Response** * Automatic case creation for violations * Assignment and tracking * Resolution workflow ### GDPR Compliance Workflow **1. Data Minimization** * Hash prompts instead of storing full text * Configurable retention periods * Automatic data deletion **2. User Rights Management** * Right to access (data export) * Right to erasure (data deletion) * Right to portability **3. Consent Management** * Track consent for AI processing * Withdrawal workflows * Audit logs ## Custom Workflows ### Creating a Custom Workflow Define custom compliance rules for your organization: ```yaml theme={null} workflows: - name: "Financial Services Compliance" triggers: - event: "model_deployment" - event: "high_risk_output" steps: - action: "risk_assessment" threshold: 60 - action: "require_approval" approvers: ["compliance@company.com"] - action: "generate_documentation" templates: ["financial_risk_doc"] - action: "notify" channels: ["email", "slack"] ``` ### Workflow Actions Available actions in custom workflows: * `risk_assessment` - Calculate risk score * `require_approval` - Human-in-the-loop validation * `generate_documentation` - Auto-create compliance docs * `notify` - Send alerts * `block_deployment` - Prevent high-risk deployments * `create_case` - Open compliance case * `log_audit` - Record compliance event ## Integration with CI/CD ### GitHub Actions Example ```yaml theme={null} name: Compliance Check on: pull_request: push: branches: [main] jobs: compliance: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Run Compliance Scan run: | curl -X POST https://regpilot.dev/api/compliance/scan \ -H "X-API-Key: ${{ secrets.REGPILOT_API_KEY }}" \ -d '{"repository": "${{ github.repository }}"}' - name: Check Compliance Score run: | SCORE=$(curl https://regpilot.dev/api/compliance/score \ -H "X-API-Key: ${{ secrets.REGPILOT_API_KEY }}") if [ $SCORE -lt 80 ]; then echo "Compliance score too low: $SCORE" exit 1 fi ``` ## Best Practices ### 1. Regular Audits Schedule regular compliance audits: * Weekly: Review violation cases * Monthly: Compliance score review * Quarterly: Full documentation audit * Annually: Third-party compliance assessment ### 2. Incident Response Plan Maintain a clear incident response workflow: 1. **Detection** - Automated alerts 2. **Assessment** - Evaluate severity 3. **Containment** - Immediate actions 4. **Investigation** - Root cause analysis 5. **Remediation** - Fix the issue 6. **Documentation** - Record everything 7. **Review** - Prevent recurrence ### 3. Documentation Maintenance Keep compliance documentation up-to-date: * Version control all documents * Regular review cycles * Stakeholder sign-off * Centralized storage in RegPilot ### 4. Team Training Ensure team awareness: * Onboarding compliance training * Regular compliance updates * Role-specific responsibilities * Clear escalation paths ## Monitoring & Reporting ### Compliance Dashboard Track key metrics: * Overall compliance score (0-100%) * Active violations by severity * Documentation completion rate * Days to next audit deadline ### Automated Reports Generate compliance reports: * Daily violation summary * Weekly trend analysis * Monthly executive summary * Quarterly board report ### Export Options ```typescript theme={null} // Export compliance data const report = await fetch('https://regpilot.dev/api/compliance/export', { headers: { 'X-API-Key': API_KEY }, body: JSON.stringify({ format: 'pdf', // or 'json', 'csv' period: 'last_quarter', sections: ['violations', 'models', 'documentation'] }) }); ``` ## Need Help? * 📧 Email: [compliance@regpilot.dev](mailto:compliance@regpilot.dev) * 💬 Slack: [RegPilot Community](https://regpilot.dev/slack) * 📚 Docs: [Compliance Guide](/compliance/eu-ai-act-overview)