Compliance Guides
The regulations that matter, explained simply.
Clear, plain-English explainers for 24 regulations and standards — what each one is, who it applies to, the key deadlines, and the penalties for getting it wrong. Written for compliance officers, general counsel, and operators.
AI governance · 1
Cybersecurity · 1
Data protection · 2
GDPR
DraftThe EU's data protection law governing how personal data of people in the EU/EEA is collected, used, and protected.
HIPAA
DraftUS federal law setting national standards to protect the privacy and security of individuals' health information held by health entities.
Digital & platforms · 1
ESG & supply chain · 4
CSDDD
DraftEU law requiring large companies to run human-rights and environmental due diligence across their chain of activities; delayed and narrowed by Omnibus I.
CSRD
DraftEU directive requiring large and listed companies to report standardised sustainability information; significantly narrowed and delayed by the 2026 Omnibus reform.
EUDR
DraftEU law banning placement/export of 7 commodities and derived products linked to deforestation after 31 Dec 2020; due diligence applies from 30 Dec 2026.
Modern Slavery Act
DraftUK law requiring large businesses to publish an annual statement on steps taken to address slavery and human trafficking in their operations and supply chains.
Employment & HR · 1
Environmental · 1
Financial crime · 1
Financial services · 4
DORA
DraftDORA is the EU regulation setting uniform ICT and cyber resilience rules for financial entities and their tech providers, applying from 17 Jan 2025.
MiCA
DraftEU-wide rules for crypto-asset issuers and service providers; ART/EMT rules apply from 30 Jun 2024, CASP rules from 30 Dec 2024.
MiFID II
DraftEU framework regulating investment firms and trading venues, strengthening investor protection, best execution, transparency and reporting.
PSD2
DraftEU directive modernising payment services: opens bank-account access to third parties and mandates strong customer authentication for electronic payments.
Governance · 1
Health & safety · 1
Information security · 3
ISO 27001
DraftISO/IEC 27001:2022 is the international standard for information security management systems (ISMS), specifying requirements and 93 controls.
PCI DSS
DraftGlobal security standard for organizations that store, process, or transmit cardholder data; enforced by the card brands, not a law.
SOC 2
DraftSOC 2 is an AICPA attestation report in which a licensed CPA examines a service organization's controls against the Trust Services Criteria.
Quality management · 1
Sustainable finance · 2
EU Taxonomy
DraftEU classification system defining when an economic activity counts as environmentally sustainable, used for sustainability disclosures.
SFDR
DraftEU rules requiring financial firms to disclose how they handle sustainability risks and ESG impacts at entity and product level.
These guides are general information about public law and standards, not legal advice. They do not create a client relationship. Verify requirements against official sources and qualified counsel for your situation.