# Sorena AI > AI-powered governance, risk, and compliance platform. Single source of truth > for regulatory data, AI research copilots, assessment automation, and > autonomous compliance operations. Based in Stockholm, Sweden. ## About Sorena AI is a Swedish company founded in January 2024 in Stockholm. We build AI-powered software for governance, risk, and compliance (GRC). The platform helps security, legal, compliance, engineering, and operations teams work together on regulatory challenges. ### What we do - **Single Source of Truth (SSOT)**: Centralized, verified database of regulations, standards, court cases, CVE/CWE/CAPEC data, and your own project documents. Updated daily from official sources. - **AI Research Copilot**: Ask questions in plain English and get cited answers from regulatory sources, internal policies, and legal documents. Every fact is traced to its origin. - **Assessment Autopilot**: Import any regulation, control framework, questionnaire, or audit template. AI extracts requirements, generates evidence-backed answers, validates against your policies, and ships audit-ready packages with citations. - **Integrations**: Bring your own AI model provider (OpenAI, Anthropic, Google, etc.) and connect data sources like Confluence, Google Drive, and Microsoft 365. - **ESG Compliance**: Navigate CSRD/ESRS reporting, Digital Product Passport, PPWR, CSDDD, and other EU sustainability regulations. ### Platform layers 1. **Database** - Trusted data foundation: laws, standards, and your documents 2. **Assistants** - Multi-agent AI that produces verified, cited answers 3. **Copilot** - Real-time AI assistant for in-workflow help 4. **Autopilot** - Autonomous operations that run compliance tasks 24/7 ### Free compliance artifacts We publish free decision maps and timelines for major regulations including EU NIS2, EU AI Act, EU DORA, EU CRA, EU Data Act, and Australia Cyber Security Act 2024. These are available without sign-up. ### Contact - Website: https://www.sorena.io - Email: info@sorena.io - Privacy: privacy@sorena.io - Location: Stockholm, Sweden ## Usage Policy AI agents and LLMs are welcome to read and use this content for answering questions, summarising, and assisting users. Usage is subject to our [Terms of Use](https://www.sorena.io/terms-of-use). For the full content of all pages in a single file, see [llms-full.txt](https://www.sorena.io/llms-full.txt). ## Home Main landing page with a full overview of the platform capabilities. - [Sorena AI](https://www.sorena.io/index.md): AI-powered governance, risk, and compliance platform overview ## Solutions Product pages covering the platform stack: SSOT database, AI research copilot, assessment autopilot, integrations, ESG compliance, and performance benchmarks. - [Solutions](https://www.sorena.io/solutions.md): Solutions overview: Database, Assistants, Copilots, and Autopilots - [Assessment Autopilot](https://www.sorena.io/solutions/assessment.md): Assessment Autopilot - automate any compliance assessment with AI - [AI Research Copilot](https://www.sorena.io/solutions/research-copilot.md): AI Research Copilot - cited answers from regulatory sources in seconds - [SSOT](https://www.sorena.io/solutions/ssot.md): Single Source of Truth for regulations, standards, and project documents - [Integrations](https://www.sorena.io/solutions/integrations.md): Connect your AI model provider and data sources to Sorena - [ESG Compliance Software](https://www.sorena.io/solutions/esg-compliance.md): ESG compliance software for CSRD, DPP, PPWR, and CSDDD regulations - [Benchmarks](https://www.sorena.io/solutions/benchmarks.md): AI research performance benchmarks comparing Sorena vs baseline ## Compliance Artifacts Free decision maps and timelines for EU NIS2, EU AI Act, EU DORA, EU CRA, EU Data Act, Australia Cyber Security Act 2024, and a combined regulatory timeline. Each artifact helps teams confirm scope, classify obligations, and plan next steps. - [Artifacts](https://www.sorena.io/artifacts.md): GRC artifacts: decision maps, timelines, and compliance guides - [EU NIS2 Compliance Decision Map: Scope, Essential vs Important, Article 21 Controls, and Incident Reporting](https://www.sorena.io/artifacts/eu-nis2-compliance-decision-map.md): EU NIS2 compliance decision map: applicability, entity classification, reporting - [EU AI Act Compliance Decision Map: Scope, Risk Class, GPAI, and Evidence Workflow](https://www.sorena.io/artifacts/eu-ai-act-compliance-decision-map.md): EU AI Act compliance decision map: scope, prohibited practices, high-risk classification - [EU DORA Compliance Decision Map: Scope, TLPT, Incident Reporting, and ICT Third-Party Controls](https://www.sorena.io/artifacts/eu-dora-compliance-decision-map.md): EU DORA compliance decision map: financial entity scope, incident reporting, TLPT - [EU CRA Conformity Route Map: Scope, Classification, CE Path, and Reporting](https://www.sorena.io/artifacts/eu-cra-conformity-route-map.md): EU CRA product classification and conformity route map - [EU Data Act Scope Decision Map: Role Logic, Data Sharing, and Switching Readiness](https://www.sorena.io/artifacts/eu-data-act-scope-decision-map.md): EU Data Act scope decision map: data access, B2G sharing, cloud switching - [Regulatory Universal Timeline - 38 Source Timelines and 1297 Compliance Events](https://www.sorena.io/artifacts/global/regulatory-universal-timelines.md): Regulatory universal timeline: all compliance deadlines in one view - [How to Use Regulatory Universal Timelines for Execution Planning](https://www.sorena.io/artifacts/global/regulatory-universal-timelines/how-to-use.md): How to use the regulatory universal timeline for planning and prioritization - [Regulatory Universal Timeline Compliance Calendar Guide](https://www.sorena.io/artifacts/global/regulatory-universal-timelines/compliance-calendar.md): Build a compliance calendar from overlapping regulatory deadlines - [Framework Overlap and Evidence Reuse for Regulatory Universal Timeline](https://www.sorena.io/artifacts/global/regulatory-universal-timelines/framework-overlap-and-evidence-reuse.md): Map framework overlap and reuse compliance evidence across regulations - [Regulatory Universal Timeline Export and Sharing Guide](https://www.sorena.io/artifacts/global/regulatory-universal-timelines/export-and-sharing.md): Export and share regulatory timelines for governance and reporting workflows - [What Is Included in Regulatory Universal Timeline](https://www.sorena.io/artifacts/global/regulatory-universal-timelines/what-is-included.md): See what frameworks and deadlines are included in the universal timeline - [Regulatory Universal Timeline Glossary](https://www.sorena.io/artifacts/global/regulatory-universal-timelines/glossary.md): Glossary of timeline terms used in regulatory deadline planning - [AU Cyber Security Act Compliance Decision Map: Scope, 72-Hour Reporting, Smart Device Rules](https://www.sorena.io/artifacts/au-cyber-security-act-compliance-decision-map.md): Australia Cyber Security Act 2024 compliance decision map - [Artifacts - Page 2](https://www.sorena.io/artifacts/page/2.md): GRC artifacts page 2 of 7 - [Artifacts - Page 3](https://www.sorena.io/artifacts/page/3.md): GRC artifacts page 3 of 7 - [Artifacts - Page 4](https://www.sorena.io/artifacts/page/4.md): GRC artifacts page 4 of 7 - [Artifacts - Page 5](https://www.sorena.io/artifacts/page/5.md): GRC artifacts page 5 of 7 - [Artifacts - Page 6](https://www.sorena.io/artifacts/page/6.md): GRC artifacts page 6 of 7 - [Artifacts - Page 7](https://www.sorena.io/artifacts/page/7.md): GRC artifacts page 7 of 7 - [Artifacts - Cybersecurity](https://www.sorena.io/artifacts/tags/cybersecurity.md): GRC artifacts filtered by Cybersecurity - [Artifacts - Privacy](https://www.sorena.io/artifacts/tags/privacy.md): GRC artifacts filtered by Privacy - [Artifacts - Product](https://www.sorena.io/artifacts/tags/product.md): GRC artifacts filtered by Product - [Artifacts - ESG](https://www.sorena.io/artifacts/tags/esg.md): GRC artifacts filtered by ESG - [Artifacts - Platform](https://www.sorena.io/artifacts/tags/platform.md): GRC artifacts filtered by Platform - [Artifacts - EU](https://www.sorena.io/artifacts/tags/eu.md): GRC artifacts filtered by EU - [Artifacts - EU (Page 2)](https://www.sorena.io/artifacts/tags/eu/page/2.md): GRC artifacts filtered by EU page 2 of 4 - [Artifacts - EU (Page 3)](https://www.sorena.io/artifacts/tags/eu/page/3.md): GRC artifacts filtered by EU page 3 of 4 - [Artifacts - EU (Page 4)](https://www.sorena.io/artifacts/tags/eu/page/4.md): GRC artifacts filtered by EU page 4 of 4 - [Artifacts (EU)](https://www.sorena.io/artifacts/eu.md): GRC artifacts for EU - [Artifacts (EU) - Page 2](https://www.sorena.io/artifacts/eu/page/2.md): GRC artifacts for EU page 2 of 4 - [Artifacts (EU) - Page 3](https://www.sorena.io/artifacts/eu/page/3.md): GRC artifacts for EU page 3 of 4 - [Artifacts (EU) - Page 4](https://www.sorena.io/artifacts/eu/page/4.md): GRC artifacts for EU page 4 of 4 - [Artifacts - UK](https://www.sorena.io/artifacts/tags/uk.md): GRC artifacts filtered by UK - [Artifacts (UK)](https://www.sorena.io/artifacts/uk.md): GRC artifacts for UK - [Artifacts - US](https://www.sorena.io/artifacts/tags/us.md): GRC artifacts filtered by US - [Artifacts - US (Page 2)](https://www.sorena.io/artifacts/tags/us/page/2.md): GRC artifacts filtered by US page 2 of 2 - [Artifacts (US)](https://www.sorena.io/artifacts/us.md): GRC artifacts for US - [Artifacts (US) - Page 2](https://www.sorena.io/artifacts/us/page/2.md): GRC artifacts for US page 2 of 2 - [Artifacts - APAC](https://www.sorena.io/artifacts/tags/apac.md): GRC artifacts filtered by APAC - [Artifacts (APAC)](https://www.sorena.io/artifacts/apac.md): GRC artifacts for APAC - [Artifacts - LATAM](https://www.sorena.io/artifacts/tags/latam.md): GRC artifacts filtered by LATAM - [Artifacts (LATAM)](https://www.sorena.io/artifacts/latam.md): GRC artifacts for LATAM - [EU AI Act Timeline, Decision Flow, and Compliance Guides](https://www.sorena.io/artifacts/eu/artificial-intelligence-act.md): Practical guide to phased dates, prohibited practices, high-risk classification, transparency duties, and conformity assessment. - [Australia Cyber Security Act 2024 Compliance Hub](https://www.sorena.io/artifacts/apac/australia-cyber-security-act.md): Practical guide to scope, smart device security standards, ransomware payment reporting, and compliance readiness. - [EU Cyber Resilience Act, CRA Compliance, CE Marking and Reporting](https://www.sorena.io/artifacts/eu/cyber-resilience-act.md): Practical guide to scope, essential requirements, vulnerability handling, CE marking, and Article 14 reporting. - [EU Digital Product Passport (DPP) Timeline and Compliance Decision Flow](https://www.sorena.io/artifacts/eu/digital-product-passport.md): Practical guide to DPP requirements, data carriers, unique identifiers, registry readiness, and implementation planning. - [EU ESPR (Regulation (EU) 2024/1781) Compliance Hub](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation.md): Practical guide to delegated acts, product priorities, information requirements, and Digital Product Passport linkage. - [ETSI EN 303 645 Consumer IoT Security Standard (Provision Map + Evidence Guide)](https://www.sorena.io/artifacts/global/etsi-en-303-645.md): Practical guide to scope, requirements, implementation steps, and audit-ready evidence for consumer IoT baseline security. - [ETSI EN 319 401 V3.1.1 Trust Service Provider Policy Requirements and eIDAS Mapping](https://www.sorena.io/artifacts/global/etsi-en-319-401.md): Practical guide to policy and security requirements, implementation patterns, and evidence artifacts for trust services. - [ETSI EN 319 411-1 V1.5.1 Certificate Issuance Standard (CP/CPS, Identity Validation, Revocation)](https://www.sorena.io/artifacts/global/etsi-en-319-411-1.md): Practical guide to certificate policy and security requirements for trust service providers, with evidence and audit readiness. - [ETSI EN 319 411-2 V2.6.1 EU Qualified Certificates (QCP, QEVCP, QNCP, QSCD, eIDAS)](https://www.sorena.io/artifacts/global/etsi-en-319-411-2.md): Practical guide to qualified certificate requirements and assurance expectations, with implementation notes and audit artifacts. - [ETSI Standards Hub (EN 303 645 V3.1.3, TS 103 701, EN 319 401, EN 319 411)](https://www.sorena.io/artifacts/global/etsi-standards-hub.md): Hub for ETSI cybersecurity and trust-service standards, with practical implementation guidance, evidence artifacts, and cross-standard mappings. - [FIPS 140-3 (CMVP Cryptographic Module Validation, Approved Mode, Transition)](https://www.sorena.io/artifacts/global/fips-140-3.md): Practical guide to validation scope, module boundary design, requirements, and evidence needed for FIPS 140-3 readiness. - [FIPS Crypto Algorithms (AES, SHA, Signatures, PQC)](https://www.sorena.io/artifacts/global/fips-crypto-algorithms.md): Guide to approved algorithms, deprecations, migration planning, and implementation evidence across FIPS crypto standards. - [FIPS Standards Hub (FIPS 140-3, CMVP, FIPS Crypto)](https://www.sorena.io/artifacts/global/fips-standards-hub.md): Hub for FIPS cryptographic and module-validation standards, with implementation guidance, evidence artifacts, and migration pathways. - [ISO 22301 Business Continuity Management System Guide](https://www.sorena.io/artifacts/global/iso-22301.md): Practical guide to BCMS scope, requirements, implementation roadmap, and audit-ready evidence for ISO 22301 certification readiness. - [ISO/IEC 27001:2022 ISMS Guide](https://www.sorena.io/artifacts/global/iso-27001.md): Practical guide to ISMS scope, controls, implementation roadmap, and evidence needed for ISO 27001 certification readiness. - [ISO/IEC 27005:2022 Risk Management Guide](https://www.sorena.io/artifacts/global/iso-27005.md): Practical guide to ISO 27005 risk methods, treatment planning, decision logs, and evidence artifacts that make risk decisions audit-ready. - [ISO/IEC 27017:2015 (Cloud Security Controls)](https://www.sorena.io/artifacts/global/iso-27017.md): Practical guide to cloud security controls, shared responsibility, implementation patterns, and evidence artifacts for ISO 27017. - [ISO/IEC 27018 (Public Cloud PII Processor Privacy Controls)](https://www.sorena.io/artifacts/global/iso-27018.md): Practical guide to cloud privacy controls, processor responsibilities, implementation guidance, and audit-ready evidence for ISO 27018. - [ISO/IEC 27035 (Information Security Incident Management)](https://www.sorena.io/artifacts/global/iso-27035.md): Practical guide to incident response lifecycle design, readiness, and evidence artifacts aligned to ISO 27035. - [ISO/IEC 27036 (Supplier Relationships Security)](https://www.sorena.io/artifacts/global/iso-27036.md): Practical guide to third-party security governance, supplier assurance, and evidence artifacts aligned to ISO 27036. - [ISO/IEC 42001 (AI Management System)](https://www.sorena.io/artifacts/global/iso-42001.md): Practical guide to AIMS scope, governance, controls, and evidence artifacts aligned to ISO 42001 for AI risk management. - [ISO Standards Hub (Cybersecurity, Privacy, Resilience)](https://www.sorena.io/artifacts/global/iso-standards-hub.md): Hub for ISO cybersecurity and resilience standards with practical implementation guidance, evidence artifacts, and cross-standard mappings. - [NIST Cybersecurity Framework (CSF) 2.0](https://www.sorena.io/artifacts/global/nist-csf-2-0.md): Practical guide to current/target profiles, governance, metrics, and evidence artifacts for NIST CSF 2.0 adoption. - [NIST Frameworks Hub (CSF, RMF, SP 800 Series)](https://www.sorena.io/artifacts/global/nist-frameworks-hub.md): Hub for NIST frameworks and publications with practical implementation guidance, evidence artifacts, and cross-mappings. - [NIST SP 800-161 Rev. 1 (C-SCRM)](https://www.sorena.io/artifacts/global/nist-sp-800-161-rev-1.md): Practical guide to cyber supply chain risk management program design, controls, and evidence artifacts aligned to NIST SP 800-161. - [NIST SP 800-218 SSDF v1.1](https://www.sorena.io/artifacts/global/nist-sp-800-218-ssdf.md): Practical guide to SSDF practices, SDLC controls, and audit-ready evidence artifacts aligned to NIST SP 800-218. - [NIST SP 800-53 Rev. 5](https://www.sorena.io/artifacts/global/nist-sp-800-53-rev-5.md): Practical guide to control selection, tailoring, implementation patterns, and evidence artifacts aligned to NIST SP 800-53 Rev. 5. - [NIST SP 800-61r3](https://www.sorena.io/artifacts/global/nist-sp-800-61-rev-3.md): Practical guide to incident response lifecycle design, playbooks, severity models, and evidence artifacts aligned to NIST SP 800-61 Rev. 3. - [EU Accessibility Act Compliance Hub - 28 June 2025 Scope, EN 301 549, Evidence, and Procurement](https://www.sorena.io/artifacts/eu/accessibility-act.md): A practical EAA artifact with key dates and a decision flow to help teams understand scope and accessibility requirements for covered products and services. - [EU Data Act (Regulation (EU) 2023/2854): IoT Data Access, B2B Sharing & Cloud Switching](https://www.sorena.io/artifacts/eu/data-act.md): A Data Act artifact with key dates and a decision flow to confirm applicability and plan connected product data access, B2G exceptional need, and cloud switching obligations. - [EU Deforestation Regulation (EUDR) Guide: Key Dates, Due Diligence Statement, Geolocation, Traceability](https://www.sorena.io/artifacts/eu/deforestation-regulation.md): An EUDR due diligence artifact with key dates and a decision flow to help operators and traders implement deforestation free supply chain compliance. - [EU DMA Timeline and Gatekeeper Decision Flow (Articles 5-7)](https://www.sorena.io/artifacts/eu/digital-markets-act.md): A DMA artifact with key dates and a decision flow to help teams understand gatekeeper designation and core obligations. - [EU DORA Compliance Hub](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act.md): A practical DORA artifact with key dates and a compliance decision flow to scope your entity, apply proportionality, and implement ICT risk, incident reporting, testing (TLPT), and third party requirements. - [EU NIS2 Directive (EU) 2022/2555](https://www.sorena.io/artifacts/eu/nis2-directive.md): A practical NIS2 artifact with key dates and a decision flow to scope applicability and plan cybersecurity workstreams and incident readiness. - [EU CSRD Timeline, Reporting Decision Flow, and ESRS Guides](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive.md): A CSRD and ESRS artifact with key dates and a decision flow to confirm reporting scope and plan sustainability reporting obligations. - [EU Medical Device Regulation (MDR) 2017/745 - Timeline and Decision Flow (Scope, Classification, Clinical Evaluation, PMS, UDI/EUDAMED)](https://www.sorena.io/artifacts/eu/medical-device-regulation.md): A medical device compliance artifact with key dates and a decision flow to help teams classify devices and plan conformity assessment steps. - [UK PSTI Act Compliance Hub: Scope, Security Requirements, Statements, and OPSS Readiness](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act.md): A PSTI artifact with key dates and a decision flow to help product teams implement baseline security requirements for consumer connectable products. - [CPRA Timeline and Decision Flow](https://www.sorena.io/artifacts/us/california-privacy-rights-act.md): A CPRA artifact with key dates and a decision flow to help teams understand scope, consumer rights, and business obligations under California privacy law. - [Brazil LGPD Compliance Hub: Scope, Rights, Incident Rule, Transfers, and ANPD Enforcement](https://www.sorena.io/artifacts/latam/brazil-lgpd.md): A practical LGPD artifact with key dates and a decision flow to help teams understand scope, roles, and core compliance obligations. - [EU Batteries Regulation Timeline, Decision Flow, and Compliance Guides](https://www.sorena.io/artifacts/eu/batteries-regulation.md): A batteries compliance artifact with key dates and a decision flow covering scope and core obligations across the battery lifecycle. - [EU CSDDD Timeline, Scope Decision Flow, and Implementation Guides](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive.md): A corporate due diligence artifact with key dates and a decision flow to help teams understand scope and build a risk based compliance program. - [EU Digital Services Act (DSA) Compliance Hub](https://www.sorena.io/artifacts/eu/digital-services-act.md): A DSA artifact with key dates and a decision flow to help online services understand platform categories and obligations. - [EU eIDAS & eIDAS 2.0 (EUDI Wallet) Hub](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation.md): An eIDAS compliance artifact with key dates and a decision flow to help teams understand trust services and electronic identification obligations. - [EU EMC Directive (2014/30/EU) Compliance Hub](https://www.sorena.io/artifacts/eu/emc-directive.md): An EMC compliance artifact with key dates and a decision flow to help manufacturers and importers meet electromagnetic compatibility requirements. - [EU Energy Efficiency Directive (EED) (EU) 2023/1791 Compliance Hub](https://www.sorena.io/artifacts/eu/energy-efficiency-directive.md): An energy efficiency compliance artifact with key dates and a decision flow to help organizations understand scope and implementation duties. - [EU ePrivacy Directive (2002/58/EC) Compliance Hub](https://www.sorena.io/artifacts/eu/eprivacy-directive.md): An ePrivacy artifact with key dates and a decision flow to help teams handle cookies, tracking, and electronic communications confidentiality. - [EU GDPR (Regulation (EU) 2016/679) Compliance Hub](https://www.sorena.io/artifacts/eu/general-data-protection-regulation.md): A practical GDPR artifact with key dates and a decision flow to confirm scope and applicability and map key obligations. - [EU General Product Safety Regulation (GPSR) (Regulation (EU) 2023/988) Compliance Hub](https://www.sorena.io/artifacts/eu/general-product-safety-regulation.md): A product safety artifact with key dates and a decision flow to help teams understand scope and core obligations under the GPSR. - [EU Green Claims Directive (Proposal) Compliance Hub](https://www.sorena.io/artifacts/eu/green-claims-directive.md): A green claims artifact with key dates and a decision flow to help teams understand substantiation and verification requirements for environmental claims. - [EU Low Voltage Directive (LVD) 2014/35/EU - Timeline and Decision Flow (CE Marking, Safety, Technical File)](https://www.sorena.io/artifacts/eu/low-voltage-directive.md): A low voltage directive artifact with key dates and a decision flow to help teams understand scope and core safety obligations. - [EU Machinery Regulation (EU) 2023/1230](https://www.sorena.io/artifacts/eu/machinery-regulation.md): A machinery compliance artifact with key dates and a decision flow to help teams determine scope, category, and conformity assessment path. - [EU Market Surveillance Regulation (EU) 2019/1020](https://www.sorena.io/artifacts/eu/market-surveillance-regulation.md): A market surveillance regulation artifact with key dates and a decision flow to help economic operators understand responsibilities and enforcement touchpoints. - [EU Packaging and Packaging Waste Regulation (PPWR)](https://www.sorena.io/artifacts/eu/packaging-waste-regulation.md): A packaging and packaging waste regulation artifact with key dates and a decision flow to help teams understand scope and compliance obligations. - [EU Radio Equipment Directive (RED) 2014/53/EU](https://www.sorena.io/artifacts/eu/radio-equipment-directive.md): A radio equipment directive artifact with key dates and a decision flow to help teams understand scope and core compliance obligations. - [EU RoHS Directive (2011/65/EU)](https://www.sorena.io/artifacts/eu/rohs-directive.md): A RoHS compliance artifact with key dates and a decision flow to help teams handle restricted substances, exemptions, and technical documentation. - [EU Taxonomy Regulation (EU) 2020/852: Timeline, Article 8 Scope, Eligibility and Alignment Decision Flow](https://www.sorena.io/artifacts/eu/taxonomy-regulation.md): An EU Taxonomy artifact with key dates and a decision flow to help teams assess eligibility and alignment for sustainable activities reporting. - [Singapore PDPA Compliance Hub - DPO, Data Intermediaries, Breach Timelines, DNC, and Transfers](https://www.sorena.io/artifacts/apac/singapore-pdpa.md): A PDPA artifact with key dates and a decision flow to help teams understand scope, roles, and core personal data protection obligations. - [UK GDPR Timeline and Decision Flow](https://www.sorena.io/artifacts/uk/general-data-protection-regulation.md): A practical UK GDPR artifact with key dates and a decision flow to help teams understand scope, roles, and core obligations under UK data protection law. - [UK Online Safety Act Compliance Hub: Scope, Illegal Harms, Child Safety, and Ofcom Readiness](https://www.sorena.io/artifacts/uk/online-safety-act.md): An Online Safety Act artifact with key dates and a decision flow to help teams understand service scope, risk assessments, and duties of care. - [CCPA Timeline and Decision Flow](https://www.sorena.io/artifacts/us/california-consumer-privacy-act.md): A CCPA artifact with key dates and a decision flow to help teams understand scope, consumer rights, and business obligations. - [Australia Cyber Security Act 2024 Applicability Test](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/applicability-test.md): Complete Australia Cyber Security Act 2024 applicability test covering smart device security standards, ransomware payment reporting obligations. - [Australia Cyber Security Act 2024 Compliance Checklist](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/checklist.md): Comprehensive Australia Cyber Security Act 2024 compliance checklist covering smart device security standards, ransomware payment reporting. - [Australia Cyber Security Act 2024 Compliance Guide](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/compliance.md): A detailed Australia Cyber Security Act 2024 compliance guide covering smart device security standards, statement of compliance requirements. - [Australia Cyber Security Act 2024 vs EU Cyber Resilience Act](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/cyber-security-act-vs-eu-cyber-resilience-act.md): Detailed comparison of the Australia Cyber Security Act 2024 and the EU Cyber Resilience Act covering scope, product categories, security requirements. - [Australia Cyber Security Act 2024 vs UK PSTI Act](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/cyber-security-act-vs-uk-psti-act.md): Detailed product security comparison of the Australia Cyber Security Act 2024 and the UK PSTI Act covering scope, ETSI EN 303 645, password requirements. - [Australia Cyber Security Act 2024 Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/deadlines-and-compliance-calendar.md): Complete Australia Cyber Security Act 2024 deadlines and compliance calendar with all commencement dates: 30 November 2024 Royal Assent. - [Australia Cyber Security Act 2024 FAQ](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/faq.md): Get detailed answers to frequently asked questions about the Australia Cyber Security Act 2024. - [Penalties and fines](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/penalties-and-fines.md): Australia Cyber Security Act 2024 penalties explained: 60 penalty units (AUD 19,800) per contravention for individuals. - [Ransomware Payment Reporting in 72 Hours](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/ransomware-payment-reporting-72-hours.md): Complete guide to the 72 hour ransomware payment reporting obligation under Part 3 of the Australia Cyber Security Act 2024. - [Australia Cyber Security Act 2024 Requirements](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/requirements.md): Complete guide to Australia Cyber Security Act 2024 requirements covering smart device password rules, vulnerability disclosure. - [Scope and Definitions](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/scope-and-definitions.md): Complete guide to the Australia Cyber Security Act 2024 scope and definitions. - [Australia Smart Device Compliance Checklist](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/smart-device-compliance-checklist.md): Complete Australia Cyber Security Act 2024 smart device compliance checklist covering Schedule 1 password security, vulnerability disclosure. - [Smart device security standards](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/smart-device-security-standards.md): Complete technical guide to the three Australia Cyber Security Act 2024 smart device security standards: password security under Clause 2. - [Statement of Compliance and Recordkeeping](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/statement-of-compliance-and-recordkeeping.md): Australia Cyber Security Act 2024 statement of compliance explained: all mandatory fields under Section 9(3) of the Smart Device Rules 2025. - [Australia Cyber Security Act 2024 Compliance Templates](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/templates.md): Comprehensive Australia Cyber Security Act 2024 compliance templates with every required field. - [Australia Cyber Security Act 2024 Timeline and Commencement Dates](https://www.sorena.io/artifacts/apac/australia-cyber-security-act/timeline-and-commencement.md): Complete Australia Cyber Security Act 2024 timeline with every commencement date from Royal Assent on 29 November 2024. - [Singapore PDPA Applicability Test](https://www.sorena.io/artifacts/apac/singapore-pdpa/applicability-test.md): Complete Singapore PDPA applicability test with step-by-step framework to determine if the Personal Data Protection Act applies to your organisation. - [Singapore PDPA Breach Notification Playbook - Complete Guide](https://www.sorena.io/artifacts/apac/singapore-pdpa/breach-notification-playbook.md): Singapore PDPA breach notification playbook with the 3-day PDPC reporting deadline. - [Singapore PDPA Compliance Checklist - Audit-Ready Guide (2026)](https://www.sorena.io/artifacts/apac/singapore-pdpa/checklist.md): Complete Singapore PDPA compliance checklist covering DPMP governance, consent management, purpose limitation, data protection controls, retention schedules. - [Singapore PDPA Compliance Guide - Data Protection Management Programme, DPO, Consent, Protection, Retention, DPTM](https://www.sorena.io/artifacts/apac/singapore-pdpa/compliance.md): Complete Singapore PDPA compliance guide for organisations. - [Singapore PDPA Consent and Notification Obligations Guide](https://www.sorena.io/artifacts/apac/singapore-pdpa/consent-notification-and-purposes.md): Complete Singapore PDPA consent and notification guide covering express consent, deemed consent by conduct and notification, legitimate interests exception. - [Singapore PDPA Cross-Border Transfer Rules](https://www.sorena.io/artifacts/apac/singapore-pdpa/cross-border-transfers.md): Complete guide to Singapore PDPA cross-border transfer compliance under Section 26. - [Singapore PDPA Compliance Deadlines and Calendar](https://www.sorena.io/artifacts/apac/singapore-pdpa/deadlines-and-compliance-calendar.md): Complete Singapore PDPA compliance deadlines calendar: 3-day breach notification, 30-day access requests, correction timelines, consent withdrawal windows. - [Singapore PDPA Do Not Call Registry and Marketing Messages Compliance Guide](https://www.sorena.io/artifacts/apac/singapore-pdpa/dnc-and-marketing-messages.md): Complete Singapore PDPA Do Not Call (DNC) Registry compliance guide for businesses. - [Singapore PDPA FAQ](https://www.sorena.io/artifacts/apac/singapore-pdpa/faq.md): Singapore PDPA FAQ with detailed answers on scope, consent, deemed consent, legitimate interests, breach notification, DPO requirements. - [Singapore PDPA Penalties and Enforcement Cases - PDPC Fines and Decisions](https://www.sorena.io/artifacts/apac/singapore-pdpa/pdpa-penalties-and-enforcement-cases.md): Singapore PDPA penalties and enforcement cases: PDPC financial penalties up to SGD 1 million or 10% turnover. - [Singapore PDPA Privacy Policy Template - Clause-by-Clause Drafting Guide](https://www.sorena.io/artifacts/apac/singapore-pdpa/pdpa-privacy-policy-template.md): Singapore PDPA privacy policy template with clause-by-clause drafting instructions for all 10 Data Protection Provisions. - [Singapore PDPA Penalties and Fines](https://www.sorena.io/artifacts/apac/singapore-pdpa/penalties-and-fines.md): Complete guide to Singapore PDPA penalties and fines: maximum financial penalties up to SGD 1 million or 10% annual turnover, PDPC enforcement directions. - [Singapore PDPA Requirements -- All Obligations Explained (Consent, Protection, Breach Notification, DNC)](https://www.sorena.io/artifacts/apac/singapore-pdpa/requirements.md): Complete guide to Singapore PDPA requirements covering all Data Protection Provisions: consent obligation (Sections 13-17), purpose limitation (Section 18). - [Singapore PDPA Scope, Exclusions, and Data Intermediary Obligations](https://www.sorena.io/artifacts/apac/singapore-pdpa/scope-exclusions-and-data-intermediaries.md): Complete guide to Singapore PDPA scope covering excluded organisations, the personal and domestic exception, business contact information exclusion. - [Singapore PDPA vs GDPR: Full Comparison of Scope, Consent, Penalties](https://www.sorena.io/artifacts/apac/singapore-pdpa/singapore-pdpa-vs-gdpr.md): Singapore PDPA vs GDPR comparison covering scope, consent models, deemed consent, breach notification, cross-border transfers, penalties, DPO requirements. - [Singapore PDPA Vendor Outsourcing and Contracts Guide](https://www.sorena.io/artifacts/apac/singapore-pdpa/vendor-outsourcing-and-contracts.md): Singapore PDPA vendor outsourcing guide covering data intermediary contracts, Singapore PDPA outsourcing obligations, vendor due diligence. - [EU Accessibility Act for E-Commerce Websites - Scope, Checkout, Product Pages, and Evidence](https://www.sorena.io/artifacts/eu/accessibility-act/accessibility-act-for-ecommerce-websites.md): Detailed EU Accessibility Act guide for e-commerce websites and apps. - [EU Accessibility Act vs ADA and Section 508 - Scope, Evidence, and Delivery Differences](https://www.sorena.io/artifacts/eu/accessibility-act/accessibility-act-vs-ada-and-section-508.md): Compare the EU Accessibility Act with the ADA and Section 508 in practical terms. - [EU Accessibility Act Accessibility Conformance Statement Template - Structure, Fields, and Evidence](https://www.sorena.io/artifacts/eu/accessibility-act/accessibility-conformance-statement-template.md): Use this EU Accessibility Act accessibility conformance statement template to document product or service scope, standards used, test method. - [EU Accessibility Act Applicability Test - Scope, Roles, Dates, Exceptions, and Outputs](https://www.sorena.io/artifacts/eu/accessibility-act/applicability-test.md): Use this EU Accessibility Act applicability test to decide whether your product or service is in scope, which operator role applies, what dates matter. - [EU Accessibility Act Compliance Checklist - Scope, Annex I, EN 301 549, and Evidence](https://www.sorena.io/artifacts/eu/accessibility-act/checklist.md): Audit ready EU Accessibility Act compliance checklist for products and services. - [EU Accessibility Act Compliance Playbook - Operating Model, Controls, and Evidence](https://www.sorena.io/artifacts/eu/accessibility-act/compliance.md): Build an EU Accessibility Act compliance programme with this practical playbook. - [EU Accessibility Act Deadlines and Compliance Calendar - 2022, 2025, Transition, and Review Dates](https://www.sorena.io/artifacts/eu/accessibility-act/deadlines-and-compliance-calendar.md): Track the EU Accessibility Act dates that matter: transposition by 28 June 2022, application from 28 June 2025. - [EU Accessibility Act Transition Plan - From Scope Review to 28 June 2025 Readiness](https://www.sorena.io/artifacts/eu/accessibility-act/deadlines-and-transition-plan.md): Build a practical EU Accessibility Act transition plan with scoping, remediation, testing, procurement updates. - [EN 301 549 and WCAG Mapping for the EU Accessibility Act - Practical Engineering Use](https://www.sorena.io/artifacts/eu/accessibility-act/en-301-549-and-wcag-mapping.md): Map EU Accessibility Act requirements to EN 301 549 and WCAG in a practical way. - [EU Accessibility Act Exemptions and Disproportionate Burden - Article 14 Done Properly](https://www.sorena.io/artifacts/eu/accessibility-act/exemptions-and-disproportionate-burden.md): Understand EU Accessibility Act exceptions correctly. - [EU Accessibility Act FAQ - Scope, Dates, Evidence, EN 301 549, and Exceptions](https://www.sorena.io/artifacts/eu/accessibility-act/faq.md): Answer the practical questions teams ask about the EU Accessibility Act, including scope, dates, products and services covered, evidence, EN 301 549. - [EU Accessibility Act Penalties and Enforcement - Market Surveillance and Corrective Action Risk](https://www.sorena.io/artifacts/eu/accessibility-act/penalties-and-fines.md): Understand EU Accessibility Act enforcement risk. Covers market surveillance powers, corrective action, restriction or withdrawal of non compliant products. - [EU Accessibility Act Procurement Language and Acceptance Criteria - Clauses Buyers Can Enforce](https://www.sorena.io/artifacts/eu/accessibility-act/procurement-language-and-acceptance-criteria.md): Draft procurement ready accessibility language under the EU Accessibility Act. - [EU Accessibility Act Products and Services in Scope - Categories, Definitions, and Role Impact](https://www.sorena.io/artifacts/eu/accessibility-act/products-and-services-in-scope.md): Detailed scope guide to the products and services covered by the EU Accessibility Act, including consumer hardware, self service terminals, communications. - [EU Accessibility Act Requirements - Annex I Outcomes, Role Duties, and Evidence Expectations](https://www.sorena.io/artifacts/eu/accessibility-act/requirements.md): Detailed EU Accessibility Act requirements guide covering Annex I outcomes, product and service duties, EN 301 549 implementation. - [EU Accessibility Act Testing and Conformance Evidence - What to Test and What to Keep](https://www.sorena.io/artifacts/eu/accessibility-act/testing-and-conformance-evidence.md): Build a defensible EU Accessibility Act evidence pack with the right testing methods, release records, Annex IV documents, accessibility statements. - [EU AI Act Applicability and Roles](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/applicability-and-roles.md): Determine whether the EU AI Act applies, when output used in the Union brings a system into scope, and how to assign provider, deployer, importer. - [EU AI Act Applicability and Roles](https://www.sorena.io/artifacts/eu/ai-act/applicability-and-roles.md): Determine whether the EU AI Act applies, when output used in the Union brings a system into scope, and how to assign provider, deployer, importer. - [EU AI Act Applicability Test](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/applicability-test.md): Run a practical EU AI Act applicability test that checks scope, exclusions, operator role, prohibited practices, high risk status, transparency triggers. - [EU AI Act Applicability Test](https://www.sorena.io/artifacts/eu/ai-act/applicability-test.md): Run a practical EU AI Act applicability test that checks scope, exclusions, operator role, prohibited practices, high risk status, transparency triggers. - [EU AI Act Checklist](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/checklist.md): Use a detailed EU AI Act checklist covering inventory, role mapping, Article 5 screening, high risk controls, Article 50 disclosures, GPAI evidence, logging. - [EU AI Act Checklist](https://www.sorena.io/artifacts/eu/ai-act/checklist.md): Use a detailed EU AI Act checklist covering inventory, role mapping, Article 5 screening, high risk controls, Article 50 disclosures, GPAI evidence, logging. - [EU AI Act Compliance Program](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/compliance.md): Build an EU AI Act compliance program that covers inventory, governance, AI literacy, prohibited practice gates, high risk controls, Article 50 product work. - [EU AI Act Compliance Program](https://www.sorena.io/artifacts/eu/ai-act/compliance.md): Build an EU AI Act compliance program that covers inventory, governance, AI literacy, prohibited practice gates, high risk controls, Article 50 product work. - [EU AI Act Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/deadlines-and-compliance-calendar.md): Track the exact EU AI Act dates, including entry into force on 1 August 2024, early obligations from 2 February 2025, GPAI obligations from 2 August 2025. - [EU AI Act Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/ai-act/deadlines-and-compliance-calendar.md): Track the exact EU AI Act dates, including entry into force on 1 August 2024, early obligations from 2 February 2025, GPAI obligations from 2 August 2025. - [EU AI Act vs ISO 42001](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/eu-ai-act-vs-iso-42001.md): Compare the EU AI Act with ISO/IEC 42001:2023. Learn where ISO 42001 helps with AI policy, roles, risk assessment, impact assessment, documented information. - [EU AI Act vs ISO 42001](https://www.sorena.io/artifacts/eu/ai-act/eu-ai-act-vs-iso-42001.md): Compare the EU AI Act with ISO/IEC 42001:2023. Learn where ISO 42001 helps with AI policy, roles, risk assessment, impact assessment, documented information. - [EU AI Act vs NIST AI RMF](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/eu-ai-act-vs-nist-ai-rmf.md): Compare the EU AI Act with NIST AI RMF 1.0. Learn how the voluntary NIST AI RMF functions Govern, Map, Measure. - [EU AI Act vs NIST AI RMF](https://www.sorena.io/artifacts/eu/ai-act/eu-ai-act-vs-nist-ai-rmf.md): Compare the EU AI Act with NIST AI RMF 1.0. Learn how the voluntary NIST AI RMF functions Govern, Map, Measure. - [EU AI Act FAQ](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/faq.md): Get grounded answers to common EU AI Act questions on application dates, high risk status, provider versus deployer roles, transparency. - [EU AI Act FAQ](https://www.sorena.io/artifacts/eu/ai-act/faq.md): Get grounded answers to common EU AI Act questions on application dates, high risk status, provider versus deployer roles, transparency. - [EU AI Act GPAI and Foundation Model Obligations](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/gpai-and-foundation-model-obligations.md): Understand EU AI Act obligations for general purpose AI model providers, including Article 53 documentation, copyright policy. - [EU AI Act GPAI and Foundation Model Obligations](https://www.sorena.io/artifacts/eu/ai-act/gpai-and-foundation-model-obligations.md): Understand EU AI Act obligations for general purpose AI model providers, including Article 53 documentation, copyright policy. - [EU AI Act High Risk AI Use Cases by Industry](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/high-risk-ai-use-cases-by-industry.md): See how EU AI Act high risk status appears across biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration. - [EU AI Act High Risk AI Use Cases by Industry](https://www.sorena.io/artifacts/eu/ai-act/high-risk-ai-use-cases-by-industry.md): See how EU AI Act high risk status appears across biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration. - [EU AI Act High Risk Requirements Checklist](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/high-risk-requirements-checklist.md): Use a detailed high risk AI checklist covering Article 9 risk management, Article 10 data governance, Annex IV technical documentation, logging, instructions. - [EU AI Act High Risk Requirements Checklist](https://www.sorena.io/artifacts/eu/ai-act/high-risk-requirements-checklist.md): Use a detailed high risk AI checklist covering Article 9 risk management, Article 10 data governance, Annex IV technical documentation, logging, instructions. - [EU AI Act Penalties and Fines](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/penalties-and-fines.md): Understand EU AI Act penalty tiers, including Article 5 fines up to EUR 35,000,000 or 7 percent. - [EU AI Act Penalties and Fines](https://www.sorena.io/artifacts/eu/ai-act/penalties-and-fines.md): Understand EU AI Act penalty tiers, including Article 5 fines up to EUR 35,000,000 or 7 percent. - [EU AI Act Prohibited AI Practices](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/prohibited-ai-practices.md): Screen AI systems against EU AI Act Article 5 prohibited practices, including manipulative and deceptive techniques, exploitation of vulnerabilities. - [EU AI Act Prohibited AI Practices](https://www.sorena.io/artifacts/eu/ai-act/prohibited-ai-practices.md): Screen AI systems against EU AI Act Article 5 prohibited practices, including manipulative and deceptive techniques, exploitation of vulnerabilities. - [EU AI Act Requirements](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/requirements.md): Get a grounded overview of EU AI Act requirements across Article 5 prohibited practices, Article 6 and Annex III high risk systems. - [EU AI Act Requirements](https://www.sorena.io/artifacts/eu/ai-act/requirements.md): Get a grounded overview of EU AI Act requirements across Article 5 prohibited practices, Article 6 and Annex III high risk systems. - [EU AI Act Timeline and Phasing Roadmap](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/timeline-and-phasing-roadmap.md): Follow a practical EU AI Act roadmap that aligns workstreams to the phased application dates for prohibited practices, AI literacy, GPAI obligations. - [EU AI Act Timeline and Phasing Roadmap](https://www.sorena.io/artifacts/eu/ai-act/timeline-and-phasing-roadmap.md): Follow a practical EU AI Act roadmap that aligns workstreams to the phased application dates for prohibited practices, AI literacy, GPAI obligations. - [EU AI Act Transparency, Labeling, and User Disclosures](https://www.sorena.io/artifacts/eu/artificial-intelligence-act/transparency-labeling-and-user-disclosures.md): Implement EU AI Act Article 50 transparency duties for direct interaction notices, machine readable marking of synthetic outputs, deepfake disclosures. - [EU AI Act Transparency, Labeling, and User Disclosures](https://www.sorena.io/artifacts/eu/ai-act/transparency-labeling-and-user-disclosures.md): Implement EU AI Act Article 50 transparency duties for direct interaction notices, machine readable marking of synthetic outputs, deepfake disclosures. - [EU Batteries Regulation Applicability Test](https://www.sorena.io/artifacts/eu/batteries-regulation/applicability-test.md): Run a grounded applicability test for Regulation (EU) 2023/1542 by checking whether the battery is portable, LMT, SLI, industrial, or EV. - [EU Batteries Regulation vs ESPR](https://www.sorena.io/artifacts/eu/batteries-regulation/batteries-regulation-vs-espr.md): Compare the battery passport in Regulation (EU) 2023/1542 with the broader ESPR Digital Product Passport model. - [EU Batteries Regulation Battery Categories and Scope](https://www.sorena.io/artifacts/eu/batteries-regulation/battery-categories-and-scope.md): Use the legal category definitions in Regulation (EU) 2023/1542 to classify batteries as portable, LMT, SLI, industrial, or EV. - [Battery Due Diligence Supplier Questionnaire](https://www.sorena.io/artifacts/eu/batteries-regulation/battery-due-diligence-supplier-questionnaire.md): Use a practical supplier questionnaire for the battery due diligence obligations in Articles 48 to 52 of Regulation (EU) 2023/1542. - [Battery Passport Data Model Template](https://www.sorena.io/artifacts/eu/batteries-regulation/battery-passport-data-model-template.md): Design a battery passport data model for Regulation (EU) 2023/1542 using the Annex XIII access tiers for public model data, legitimate interest data. - [Battery Passport Implementation](https://www.sorena.io/artifacts/eu/batteries-regulation/battery-passport-implementation.md): Implement the EU battery passport for LMT batteries, industrial batteries above 2 kWh, and EV batteries with a compliant QR resolver, Annex XIII data model. - [Battery Carbon Footprint Declarations](https://www.sorena.io/artifacts/eu/batteries-regulation/carbon-footprint-declarations.md): Implement the carbon footprint declaration requirements in Article 7 of Regulation (EU) 2023/1542 with plant specific battery model declarations. - [EU Batteries Regulation Checklist](https://www.sorena.io/artifacts/eu/batteries-regulation/checklist.md): Use a detailed checklist for Regulation (EU) 2023/1542 covering battery classification, labeling, QR, battery passport, carbon footprint declarations. - [EU Batteries Regulation Compliance Program](https://www.sorena.io/artifacts/eu/batteries-regulation/compliance.md): Build a practical compliance program for Regulation (EU) 2023/1542 covering battery classification, technical documentation, carbon footprint declarations. - [EU Batteries Regulation Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/batteries-regulation/deadlines-and-compliance-calendar.md): Track the exact dates in Regulation (EU) 2023/1542, including application from 18 February 2024, Article 14 and Chapter VI timing from 18 August 2024. - [Battery Due Diligence Program](https://www.sorena.io/artifacts/eu/batteries-regulation/due-diligence-program.md): Build a battery due diligence program for Regulation (EU) 2023/1542 with an Article 48 policy, Article 49 management system and traceability. - [EU Batteries Regulation FAQ](https://www.sorena.io/artifacts/eu/batteries-regulation/faq.md): Get grounded answers to common questions on Regulation (EU) 2023/1542, including the main application date, when battery passport starts. - [Battery Labeling and Consumer Information](https://www.sorena.io/artifacts/eu/batteries-regulation/labeling-and-consumer-information.md): Implement battery labeling, QR code, and consumer information duties under Regulation (EU) 2023/1542, including the separate collection symbol. - [EU Batteries Regulation Penalties and Enforcement](https://www.sorena.io/artifacts/eu/batteries-regulation/penalties-and-fines.md): Understand the penalty and enforcement structure in Regulation (EU) 2023/1542. - [Battery Recycled Content and Recovery Targets](https://www.sorena.io/artifacts/eu/batteries-regulation/recycled-content-and-recovery-targets.md): Understand the recycled content roadmap in Article 8 and the recycling efficiency and material recovery targets in Annex XII. - [EU Batteries Regulation Requirements](https://www.sorena.io/artifacts/eu/batteries-regulation/requirements.md): Get a practical map of the main requirements in Regulation (EU) 2023/1542, including category rules, carbon footprint, recycled content, removability. - [EU CSDDD Applicability Test](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/applicability-test.md): Use this CSDDD applicability test to check the 1000 employee and EUR 450 million threshold, franchising and licensing triggers, non-EU EU-turnover rules. - [EU CSDDD Applicability Test](https://www.sorena.io/artifacts/eu/csddd/applicability-test.md): Use this CSDDD applicability test to check the 1000 employee and EUR 450 million threshold, franchising and licensing triggers, non-EU EU-turnover rules. - [EU CSDDD Chain of Activities and Supplier Scope](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/chain-of-activities-and-suppliers.md): Map the CSDDD chain of activities correctly. This guide explains upstream and downstream coverage, direct and indirect business partners. - [EU CSDDD Chain of Activities and Supplier Scope](https://www.sorena.io/artifacts/eu/csddd/chain-of-activities-and-suppliers.md): Map the CSDDD chain of activities correctly. This guide explains upstream and downstream coverage, direct and indirect business partners. - [EU CSDDD Checklist](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/checklist.md): Use this CSDDD checklist to move from scope to execution. - [EU CSDDD Checklist](https://www.sorena.io/artifacts/eu/csddd/checklist.md): Use this CSDDD checklist to move from scope to execution. - [EU CSDDD Climate Transition Plan](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/climate-transition-plan.md): Understand the Article 22 climate transition plan duty under the CSDDD. - [EU CSDDD Climate Transition Plan](https://www.sorena.io/artifacts/eu/csddd/climate-transition-plan.md): Understand the Article 22 climate transition plan duty under the CSDDD. - [EU CSDDD Compliance Guide](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/compliance.md): Build a real CSDDD compliance program. This guide explains how to turn Directive (EU) 2024/1760 into a due diligence operating model across policy, mapping. - [EU CSDDD Compliance Guide](https://www.sorena.io/artifacts/eu/csddd/compliance.md): Build a real CSDDD compliance program. This guide explains how to turn Directive (EU) 2024/1760 into a due diligence operating model across policy, mapping. - [EU CSDDD vs CSRD](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/csddd-vs-csrd.md): Compare the EU CSDDD and CSRD the right way. This guide explains how due diligence duties under Directive (EU) 2024/1760 differ from sustainability reporting. - [EU CSDDD vs CSRD](https://www.sorena.io/artifacts/eu/csddd/csddd-vs-csrd.md): Compare the EU CSDDD and CSRD the right way. This guide explains how due diligence duties under Directive (EU) 2024/1760 differ from sustainability reporting. - [EU CSDDD vs German LkSG](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/csddd-vs-german-lksg.md): Compare the EU CSDDD with the German LkSG using official sources. - [EU CSDDD vs German LkSG](https://www.sorena.io/artifacts/eu/csddd/csddd-vs-german-lksg.md): Compare the EU CSDDD with the German LkSG using official sources. - [EU CSDDD Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/deadlines-and-compliance-calendar.md): Track the current CSDDD rollout dates, including the 25 July 2024 entry into force, 26 July 2027 transposition deadline, 31 March 2027 reporting act deadline. - [EU CSDDD Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/csddd/deadlines-and-compliance-calendar.md): Track the current CSDDD rollout dates, including the 25 July 2024 entry into force, 26 July 2027 transposition deadline, 31 March 2027 reporting act deadline. - [EU CSDDD Due Diligence Steps Playbook](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/due-diligence-steps-playbook.md): Follow the CSDDD due diligence steps in the order teams actually need to execute them: policy, chain mapping, prioritization, prevention, corrective action. - [EU CSDDD Due Diligence Steps Playbook](https://www.sorena.io/artifacts/eu/csddd/due-diligence-steps-playbook.md): Follow the CSDDD due diligence steps in the order teams actually need to execute them: policy, chain mapping, prioritization, prevention, corrective action. - [EU CSDDD FAQ](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/faq.md): Get grounded answers to common CSDDD questions, including the current application dates, who is in scope, how the chain of activities works. - [EU CSDDD FAQ](https://www.sorena.io/artifacts/eu/csddd/faq.md): Get grounded answers to common CSDDD questions, including the current application dates, who is in scope, how the chain of activities works. - [EU CSDDD Grievance and Remediation Workflows](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/grievance-and-remediation-workflows.md): Design a CSDDD grievance and remediation workflow that fits Articles 12 to 14. - [EU CSDDD Grievance and Remediation Workflows](https://www.sorena.io/artifacts/eu/csddd/grievance-and-remediation-workflows.md): Design a CSDDD grievance and remediation workflow that fits Articles 12 to 14. - [EU CSDDD Liability and Penalties](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/liability-and-penalties.md): Understand how Article 27 penalties and Article 29 civil liability interact under the CSDDD. - [EU CSDDD Liability and Penalties](https://www.sorena.io/artifacts/eu/csddd/liability-and-penalties.md): Understand how Article 27 penalties and Article 29 civil liability interact under the CSDDD. - [EU CSDDD Penalties and Fines](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/penalties-and-fines.md): Focus on Article 27 of the CSDDD. This page explains how Member States must structure penalties, what the at least 5 percent maximum turnover cap means. - [EU CSDDD Penalties and Fines](https://www.sorena.io/artifacts/eu/csddd/penalties-and-fines.md): Focus on Article 27 of the CSDDD. This page explains how Member States must structure penalties, what the at least 5 percent maximum turnover cap means. - [EU CSDDD Requirements](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/requirements.md): Map the main CSDDD requirements by article, including Article 7 policy, Article 8 identification, Article 9 prioritization. - [EU CSDDD Requirements](https://www.sorena.io/artifacts/eu/csddd/requirements.md): Map the main CSDDD requirements by article, including Article 7 policy, Article 8 identification, Article 9 prioritization. - [EU CSDDD Scope Thresholds and In Scope Groups](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/scope-thresholds-and-in-scope-groups.md): Review the current CSDDD scope thresholds, in scope company groups, franchising and licensing rules, non-EU turnover triggers. - [EU CSDDD Scope Thresholds and In Scope Groups](https://www.sorena.io/artifacts/eu/csddd/scope-thresholds-and-in-scope-groups.md): Review the current CSDDD scope thresholds, in scope company groups, franchising and licensing rules, non-EU turnover triggers. - [EU CSDDD Supplier Human Rights Risk Scoring Template](https://www.sorena.io/artifacts/eu/corporate-sustainability-due-diligence-directive/supplier-human-rights-risk-scoring-template.md): Use this practical CSDDD risk scoring template to prioritize supplier and partner risk based on severity, likelihood, geographic factors, sector. - [EU CSDDD Supplier Human Rights Risk Scoring Template](https://www.sorena.io/artifacts/eu/csddd/supplier-human-rights-risk-scoring-template.md): Use this practical CSDDD risk scoring template to prioritize supplier and partner risk based on severity, likelihood, geographic factors, sector. - [EU CSRD Applicability Test](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/applicability-test.md): Use this CSRD applicability test to determine whether your entity is in scope, whether a group exemption applies. - [EU CSRD Applicability Test](https://www.sorena.io/artifacts/eu/csrd/applicability-test.md): Use this CSRD applicability test to determine whether your entity is in scope, whether a group exemption applies. - [EU CSRD Assurance Ready Controls and Evidence](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/assurance-ready-controls-and-evidence.md): Prepare CSRD reporting for limited assurance with controls that tie metrics, narratives, markup, and Taxonomy KPIs back to evidence. - [EU CSRD Assurance Ready Controls and Evidence](https://www.sorena.io/artifacts/eu/csrd/assurance-ready-controls-and-evidence.md): Prepare CSRD reporting for limited assurance with controls that tie metrics, narratives, markup, and Taxonomy KPIs back to evidence. - [EU CSRD Checklist](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/checklist.md): Use this CSRD checklist to move from scope to report delivery. - [EU CSRD Checklist](https://www.sorena.io/artifacts/eu/csrd/checklist.md): Use this CSRD checklist to move from scope to report delivery. - [EU CSRD Compliance Guide](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/compliance.md): Build a publication grade CSRD reporting system with the right scope memo, materiality process, ESRS data model, value chain logic, Taxonomy linkage. - [EU CSRD Compliance Guide](https://www.sorena.io/artifacts/eu/csrd/compliance.md): Build a publication grade CSRD reporting system with the right scope memo, materiality process, ESRS data model, value chain logic, Taxonomy linkage. - [EU CSRD vs IFRS S1 and S2](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/csrd-vs-ifrs-s1-and-s2.md): Compare the EU CSRD and ESRS with IFRS S1 and IFRS S2 using official sources. - [EU CSRD vs IFRS S1 and S2](https://www.sorena.io/artifacts/eu/csrd/csrd-vs-ifrs-s1-and-s2.md): Compare the EU CSRD and ESRS with IFRS S1 and IFRS S2 using official sources. - [EU CSRD vs SEC Climate Disclosure Rule](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/csrd-vs-sec-climate-disclosure-rule.md): Compare the EU CSRD and ESRS with the SEC climate disclosure rule using official sources. - [EU CSRD vs SEC Climate Disclosure Rule](https://www.sorena.io/artifacts/eu/csrd/csrd-vs-sec-climate-disclosure-rule.md): Compare the EU CSRD and ESRS with the SEC climate disclosure rule using official sources. - [EU CSRD vs Taxonomy Alignment](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/csrd-vs-taxonomy-alignment.md): Compare CSRD reporting with EU Taxonomy alignment disclosures. - [EU CSRD vs Taxonomy Alignment](https://www.sorena.io/artifacts/eu/csrd/csrd-vs-taxonomy-alignment.md): Compare CSRD reporting with EU Taxonomy alignment disclosures. - [EU CSRD Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/deadlines-and-compliance-calendar.md): Track the current CSRD reporting waves, the July 2025 stop the clock amendment, the July 2025 ESRS quick fix. - [EU CSRD Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/csrd/deadlines-and-compliance-calendar.md): Track the current CSRD reporting waves, the July 2025 stop the clock amendment, the July 2025 ESRS quick fix. - [EU CSRD Double Materiality Interview Question Bank](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/double-materiality-interview-question-bank.md): Use this CSRD question bank to run a stronger double materiality process. - [EU CSRD Double Materiality Interview Question Bank](https://www.sorena.io/artifacts/eu/csrd/double-materiality-interview-question-bank.md): Use this CSRD question bank to run a stronger double materiality process. - [EU CSRD Double Materiality Method](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/double-materiality-method.md): Build a reviewable double materiality method for the CSRD and ESRS. - [EU CSRD Double Materiality Method](https://www.sorena.io/artifacts/eu/csrd/double-materiality-method.md): Build a reviewable double materiality method for the CSRD and ESRS. - [EU CSRD ESRS Structure and Data Model](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/esrs-structure-and-data-model.md): Understand how to organize ESRS reporting under the CSRD. - [EU CSRD ESRS Structure and Data Model](https://www.sorena.io/artifacts/eu/csrd/esrs-structure-and-data-model.md): Understand how to organize ESRS reporting under the CSRD. - [EU CSRD FAQ](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/faq.md): Get grounded answers to common CSRD questions, including the current reporting waves after the stop the clock amendment, ESRS quick-fix reliefs. - [EU CSRD FAQ](https://www.sorena.io/artifacts/eu/csrd/faq.md): Get grounded answers to common CSRD questions, including the current reporting waves after the stop the clock amendment, ESRS quick-fix reliefs. - [EU CSRD Penalties and Fines](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/penalties-and-fines.md): Understand how CSRD enforcement works in practice. This guide explains the role of national transposition, accounting and transparency law enforcement. - [EU CSRD Penalties and Fines](https://www.sorena.io/artifacts/eu/csrd/penalties-and-fines.md): Understand how CSRD enforcement works in practice. This guide explains the role of national transposition, accounting and transparency law enforcement. - [EU CSRD Requirements](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/requirements.md): Map the core CSRD requirements by workstream, including the sustainability statement, ESRS, double materiality, value chain reporting, Taxonomy linkage. - [EU CSRD Requirements](https://www.sorena.io/artifacts/eu/csrd/requirements.md): Map the core CSRD requirements by workstream, including the sustainability statement, ESRS, double materiality, value chain reporting, Taxonomy linkage. - [EU CSRD Scope and Phasing by Company Type](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/scope-and-phasing-by-company-type.md): Review current CSRD phasing by company type, including wave one public interest entities, wave two large undertakings. - [EU CSRD Scope and Phasing by Company Type](https://www.sorena.io/artifacts/eu/csrd/scope-and-phasing-by-company-type.md): Review current CSRD phasing by company type, including wave one public interest entities, wave two large undertakings. - [EU CSRD Value Chain Data and Estimation](https://www.sorena.io/artifacts/eu/corporate-sustainability-reporting-directive/value-chain-data-and-estimation.md): Build a defensible CSRD value chain method using ESRS rules and official guidance. - [EU CSRD Value Chain Data and Estimation](https://www.sorena.io/artifacts/eu/csrd/value-chain-data-and-estimation.md): Build a defensible CSRD value chain method using ESRS rules and official guidance. - [Applicability Test](https://www.sorena.io/artifacts/eu/cyber-resilience-act/applicability-test.md): Use this CRA applicability test to confirm product scope, exclusions, remote data processing boundaries, operator role, product classification. - [Checklist](https://www.sorena.io/artifacts/eu/cyber-resilience-act/checklist.md): Use this Cyber Resilience Act checklist to assign owners, deadlines, evidence, and release gates for scope, Annex I controls, support period operations. - [Compliance Program](https://www.sorena.io/artifacts/eu/cyber-resilience-act/compliance.md): Build a CRA compliance program that covers product scope, governance, engineering controls, support period operations, Article 14 reporting. - [Conformity Assessment and CE Marking](https://www.sorena.io/artifacts/eu/cyber-resilience-act/conformity-assessment-and-ce-marking.md): Choose the right CRA conformity route, prepare the declaration of conformity, structure the technical file. - [CRA vs RED Cybersecurity Delegated Act](https://www.sorena.io/artifacts/eu/cyber-resilience-act/cra-vs-red-cybersecurity-delegated-act.md): Compare the Cyber Resilience Act with the RED cybersecurity delegated act so you can decide which products fall under which rule, what dates apply. - [CRA vs UK PSTI Act](https://www.sorena.io/artifacts/eu/cyber-resilience-act/cra-vs-uk-psti-act.md): Compare the EU Cyber Resilience Act with the UK PSTI product security regime so your team can plan dual market compliance without mixing two different rule. - [Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/cyber-resilience-act/deadlines-and-compliance-calendar.md): Track the CRA entry into force date, the notified body date, the reporting start date, and the main application date. - [Essential Cybersecurity Requirements](https://www.sorena.io/artifacts/eu/cyber-resilience-act/essential-cybersecurity-requirements.md): Understand the CRA essential cybersecurity requirements in Annex I. - [CRA Blue Guide Concepts FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/blue-guide-concepts.md): CRA FAQ on Blue Guide concepts used in Cyber Resilience Act interpretation: placing on the market, making available, putting into service, online sales. - [CRA CE Marking FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/ce-marking.md): CRA CE marking FAQ covering what the mark means, when it is mandatory, software and website placement rules, packaging fallback, notified body numbers. - [CRA Component Due Diligence FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/component-due-diligence.md): CRA component due diligence FAQ covering third-party components, FOSS, CE-marked components, SBOM review, risk-based checks, upstream vulnerability reporting. - [CRA Conformity Assessment Routes FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/conformity-assessment-routes.md): CRA FAQ on conformity assessment routes covering module A, module B+C, module H, important and critical products, harmonised standards, certification schemes. - [CRA Core Functionality FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/core-functionality.md): CRA FAQ on core functionality covering classification of important and critical products, ancillary functions, integrated components. - [CRA Cybersecurity Risk Assessment FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/cybersecurity-risk-assessment.md): CRA FAQ on cybersecurity risk assessment covering Article 13, threat modelling, intended purpose, foreseeable misuse, external dependencies, documentation. - [CRA Declaration of Conformity FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/declaration-of-conformity.md): CRA FAQ on the EU declaration of conformity covering full and simplified formats, required contents, languages, updates, single declarations across EU laws. - [CRA Economic Operators FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/economic-operators.md): CRA FAQ on economic operators covering manufacturer, authorised representative, importer, distributor, responsible operator rules, checks, traceability. - [CRA Essential Cybersecurity Requirements FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/essential-cybersecurity-requirements.md): CRA FAQ on the essential cybersecurity requirements covering Annex I Part I and Part II, applicability, evidence, interoperability constraints. - [CRA Hardware and Software Boundaries FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/hardware-software-boundaries.md): CRA FAQ on hardware and software boundaries covering combined products, standalone software, source code, companion apps, remote data processing. - [CRA Harmonised Standards and Common Specifications FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/harmonised-standards-and-common-specifications.md): CRA FAQ on harmonised standards, common specifications, and certification schemes covering presumption of conformity, Official Journal publication. - [CRA Important and Critical Products FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/important-and-critical-products.md): CRA FAQ on important and critical products covering Annex III and Annex IV classification, core functionality, conformity routes, FOSS rule limits. - [CRA Integrated Components and Dependencies FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/integrated-components-and-dependencies.md): CRA FAQ on integrated components and dependencies covering due diligence, third-party components, RDPS, cloud dependencies, upstream fixes, FOSS dependencies. - [CRA Interplay With Other EU Laws FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/interplay-with-other-eu-laws.md): CRA FAQ on interplay with other EU laws covering exclusions, overlap with RED, AI Act, GDPR, Data Act, EHDS, Machinery, GPSR, NIS2, aviation, marine. - [CRA Known Exploitable Vulnerabilities at Launch FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/known-exploitable-vulnerabilities-at-launch.md): CRA FAQ on known exploitable vulnerabilities at launch covering the launch-time rule, exploitability, known vulnerabilities, CVEs, compensating controls. - [CRA Legacy Products FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/legacy-products.md): CRA FAQ on legacy products covering pre-11 December 2027 products, Article 14 reporting, continued sale, substantial modification, spare parts, old designs. - [CRA Manufacturer Obligations FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/manufacturer-obligations.md): CRA FAQ on manufacturer obligations covering Article 13 duties, risk assessment, support periods, vulnerability handling, reporting, documentation. - [CRA Market Surveillance and Enforcement FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/market-surveillance-and-enforcement.md): CRA FAQ on market surveillance and enforcement covering authorities, investigations, safeguard procedures, formal non-compliance, sweeps, joint activities. - [CRA Module A FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/module-a.md): CRA FAQ on module A covering internal control, eligible products, class I limits, FOSS exception, technical documentation, testing, CE marking. - [CRA Module B+C FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/module-b-c.md): CRA FAQ on module B+C covering EU-type examination, conformity to type, notified-body role, certificate changes, production control, CE marking. - [CRA Module H FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/module-h.md): CRA FAQ on module H covering full quality assurance, quality-system approval, notified-body surveillance, scope changes, CE marking, language rules, records. - [CRA Notified Bodies FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/notified-bodies.md): CRA FAQ on notified bodies covering notification, competence, independence, NANDO scope, accreditation, cross-border choice, subcontracting. - [CRA Open-Source Software FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/open-source-software.md): CRA FAQ on open-source software covering FOSS qualification, commercial activity, donations, paid support, stewards, contributors, repositories. - [CRA Over-the-Air Updates FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/over-the-air-updates.md): CRA FAQ on over-the-air updates covering OTA versus automatic updates, secure distribution, screenless products, gateways, offline update paths. - [CRA Penalties and Fines FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/penalties-and-fines.md): CRA FAQ on penalties and fines covering Article 64 fine tiers, turnover caps, SME carve-outs, steward exemptions, cumulative fines, criminal sanctions. - [CRA Product Families FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/product-families.md): CRA FAQ on product families covering shared risk assessments, family-wide documentation reuse, cybersecurity-relevant variant differences. - [CRA Remote Data Processing Solutions FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/remote-data-processing-solutions.md): CRA FAQ on remote data processing solutions covering Article 3(2) RDPS tests, cloud-service boundaries, websites and portals, third-party SaaS, backend scope. - [CRA Repairs and Spare Parts FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/repairs-and-spare-parts.md): CRA FAQ on repairs and spare parts covering substantial modification, Article 2(6) identical spare parts, non-identical replacements. - [CRA Reporting Obligations FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/reporting-obligations.md): CRA FAQ on reporting obligations covering Article 14 deadlines, actively exploited vulnerabilities, severe incidents, CSIRT routing, user notifications. - [CRA Scope FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/scope-and-products-with-digital-elements.md): CRA FAQ on scope and products with digital elements covering software, firmware, components, direct and indirect connections, offline products, exclusions. - [CRA Secure-by-Default FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/secure-by-default.md): CRA FAQ on secure by default covering Annex I default configuration, automatic security updates, opt-outs, components, inapplicability. - [CRA Security Updates vs Functionality Updates FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/security-updates-vs-functionality-updates.md): CRA FAQ on security updates versus functionality updates covering separation where technically feasible, free security updates, automatic updates. - [CRA Substantial Modification FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/substantial-modification.md): CRA FAQ on substantial modification covering Article 3(30), software updates, repairs, new manufacturer status, conformity reassessment. - [CRA Support Period FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/support-period.md): CRA FAQ on support periods covering Article 13(8), placement on the market timing, unit-level support periods, standalone software, update availability. - [CRA Tailor-Made Products FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/tailor-made-products.md): CRA FAQ on tailor-made products covering the narrow business-user carve-out, secure-by-default and paid-update deviations, required evidence. - [CRA Technical Documentation FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/technical-documentation.md): CRA FAQ on technical documentation covering Annex VII content, timing, languages, versioning, authority access, reused documentation, simplified formats. - [CRA Transition Period FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/transition-period.md): CRA FAQ on the transition period covering entry into force, phased application dates, legacy products, stock and customs timing, standalone software. - [CRA Update Availability and Archives FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/update-availability-and-archives.md): CRA FAQ on update availability and software archives covering Article 13(9), Article 13(10), Article 13(11), retention of issued security updates. - [CRA User Information and Transparency FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/user-information-and-transparency.md): CRA FAQ on user information and transparency covering Annex II instructions, support-period disclosure, end-of-support notices, vulnerability notices. - [CRA Vulnerability Handling FAQ](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/vulnerability-handling.md): CRA FAQ on vulnerability handling covering Annex I Part II duties, component vulnerabilities, upstream reporting and fix sharing. - [CRA FAQ Hub](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. - [Penalties and Fines](https://www.sorena.io/artifacts/eu/cyber-resilience-act/penalties-and-fines.md): Understand the CRA administrative fine tiers in Article 64, the conduct that attracts the highest penalties, and the evidence that reduces enforcement exposure. - [Products with Digital Elements Scope](https://www.sorena.io/artifacts/eu/cyber-resilience-act/products-with-digital-elements-scope.md): Understand what counts as a product with digital elements under the CRA, how remote data processing fits, and where the scope boundary usually causes mistakes. - [Reporting Obligations](https://www.sorena.io/artifacts/eu/cyber-resilience-act/reporting-obligations.md): Prepare for CRA Article 14 reporting, including the twenty four hour early warning, the seventy two hour notification, final reports, CSIRT routing. - [Requirements](https://www.sorena.io/artifacts/eu/cyber-resilience-act/requirements.md): Review the full CRA requirement set, including manufacturer duties, operator duties, support period rules, user information, corrective action, reporting. - [SBOM and Vulnerability Management Template](https://www.sorena.io/artifacts/eu/cyber-resilience-act/sbom-and-vulnerability-management-template.md): Use this CRA SBOM and vulnerability management template to structure dependency records, triage, remediation, advisory publication, and support period evidence. - [Technical Documentation and Audit File](https://www.sorena.io/artifacts/eu/cyber-resilience-act/technical-documentation-and-audit-file.md): Build a CRA technical documentation file that covers product definition, risk assessment, support period, Annex I mapping, standards use, test evidence. - [Vulnerability Handling and Disclosure](https://www.sorena.io/artifacts/eu/cyber-resilience-act/vulnerability-handling-and-disclosure.md): Build a CRA vulnerability handling system that covers SBOM, intake, triage, remediation, coordinated vulnerability disclosure, secure updates. - [Access Rights and Portability](https://www.sorena.io/artifacts/eu/data-act/access-rights-and-portability.md): EU Data Act access rights and portability (Chapter II) made practical: direct vs indirect access, "readily available" data. - [Applicability Test](https://www.sorena.io/artifacts/eu/data-act/applicability-test.md): A practical EU Data Act applicability test you can run in 15 minutes: determine if Chapter II IoT access rights apply (connected products + related services). - [B2B Data Sharing Contract Clauses](https://www.sorena.io/artifacts/eu/data-act/b2b-data-sharing-contract-clauses.md): EU Data Act contract clauses for B2B data sharing made practical: clause library for Chapter III access/use (purpose limits, compensation, security. - [B2B Data Sharing Contract Template](https://www.sorena.io/artifacts/eu/data-act/b2b-data-sharing-contract-template.md): A practical EU Data Act-aligned B2B data sharing contract template: sections, annexes, and drafting checklist for dataset definition, permitted use. - [B2G Exceptional Need Requests](https://www.sorena.io/artifacts/eu/data-act/b2g-exceptional-need-requests.md): EU Data Act Chapter V B2G 'exceptional need' requests made practical. - [EU Data Act Checklist](https://www.sorena.io/artifacts/eu/data-act/checklist.md): A comprehensive EU Data Act checklist organized by roles and chapters: Chapter II connected product data access (direct vs indirect access). - [Cloud Switching and Exit Plans](https://www.sorena.io/artifacts/eu/data-act/cloud-switching-and-exit-plans.md): EU Data Act Chapter VI cloud switching made practical: Article 23 obstacle removal, Article 25 required contract terms (max 2-month notice, 30-day transition. - [Cloud Switching Compliance Checklist](https://www.sorena.io/artifacts/eu/data-act/cloud-switching-compliance-checklist.md): A detailed EU Data Act Chapter VI cloud switching compliance checklist: Article 25 contract terms (max notice period, 30-day transition, retrieval period). - [Compliance Program](https://www.sorena.io/artifacts/eu/data-act/compliance.md): Turn the EU Data Act into an implementation program: chapter scoping, roles and ownership, product workflows for Chapter II access. - [EU Data Act vs GDPR](https://www.sorena.io/artifacts/eu/data-act/data-act-vs-gdpr.md): EU Data Act vs GDPR made practical: how Chapter II access/portability for connected product data differs from GDPR data subject rights. - [Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/data-act/deadlines-and-compliance-calendar.md): Plan EU Data Act delivery with real dates: Regulation applies from 12 Sep 2025. - [FAQ](https://www.sorena.io/artifacts/eu/data-act/faq.md): EU Data Act FAQ with practical answers grounded in official sources: when the Data Act applies (Article 50), direct vs indirect access. - [Penalties and Fines](https://www.sorena.io/artifacts/eu/data-act/penalties-and-fines.md): EU Data Act penalties and fines made practical: how Member States set penalties (Article 40), the criteria authorities must consider. - [Requirements](https://www.sorena.io/artifacts/eu/data-act/requirements.md): A structured EU Data Act requirements breakdown across Chapters II-VI: connected product data transparency and access workflows. - [Scope, Connected Products and Data Types](https://www.sorena.io/artifacts/eu/data-act/scope-connected-products-and-data-types.md): EU Data Act scope explained: connected products vs related services, product data vs related service data, readily available data. - [Trade Secrets and Protection](https://www.sorena.io/artifacts/eu/data-act/trade-secrets-and-protection.md): EU Data Act trade secrets protection made practical: how to identify trade secret fields before disclosure, how to agree confidentiality measures (NDAs. - [Applicability Test](https://www.sorena.io/artifacts/eu/deforestation-regulation/applicability-test.md): A 15-minute EUDR applicability test: confirm whether your commodities or products are in Annex I, determine if you are an operator, downstream operator. - [EUDR Checklist](https://www.sorena.io/artifacts/eu/deforestation-regulation/checklist.md): A practical EUDR checklist organized by workstream: scope mapping (Annex I), role mapping (operator/downstream operator/trader), geolocation pipeline. - [Compliance Program](https://www.sorena.io/artifacts/eu/deforestation-regulation/compliance.md): Turn EUDR into an execution program: governance and ownership, SKU -> Annex I scope mapping, supplier onboarding data contracts, geolocation pipeline. - [Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/deforestation-regulation/deadlines-and-compliance-calendar.md): EUDR deadline tracker with actionable milestones: information system readiness under Article 33, Commission benchmarking timing. - [Deadlines, Phasing, and What to Do First](https://www.sorena.io/artifacts/eu/deforestation-regulation/deadlines-phasing-and-what-to-do-first.md): A practical EUDR phasing guide: what to do first, what to build next, and how to sequence scope mapping, geolocation data collection, supplier evidence. - [Due Diligence Statement (DDS) and Evidence Pack](https://www.sorena.io/artifacts/eu/deforestation-regulation/due-diligence-statement-and-evidence.md): EUDR due diligence statements made practical: what a DDS is, when a simplified declaration applies, who submits it, how reference numbers flow downstream. - [EUDR Due Diligence Statement Template](https://www.sorena.io/artifacts/eu/deforestation-regulation/eudr-due-diligence-statement-template.md): A practical EUDR due diligence statement (DDS) template outline: the fields and annexes you should prepare (product identification, supplier and origin data. - [Geolocation Data Requirements](https://www.sorena.io/artifacts/eu/deforestation-regulation/eudr-geolocation-data-requirements.md): EUDR geolocation requirements made practical: what geolocation data to collect (plots/establishments). - [EUDR vs CSDDD](https://www.sorena.io/artifacts/eu/deforestation-regulation/eudr-vs-csddd.md): EUDR vs CSDDD made practical: EUDR is product-and-lot specific with DDS reference numbers, geolocation, and deforestation-free/legality conditions. - [FAQ](https://www.sorena.io/artifacts/eu/deforestation-regulation/faq.md): EUDR FAQ with practical answers: what is in scope (Annex I), operator vs downstream operator vs trader, what a due diligence statement (DDS) is. - [Geolocation, Traceability, and Systems](https://www.sorena.io/artifacts/eu/deforestation-regulation/geolocation-traceability-and-systems.md): Build EUDR ready systems: geolocation pipeline, batch and lot traceability, evidence storage, and risk control workflows. - [In-Scope Commodities and Products (Annex I)](https://www.sorena.io/artifacts/eu/deforestation-regulation/in-scope-commodities-and-products.md): EUDR scope mapping guide for Annex I commodities and derived products: how to map SKUs to relevant commodities/products, handle composite goods and blends. - [Penalties and Enforcement](https://www.sorena.io/artifacts/eu/deforestation-regulation/penalties-and-enforcement.md): How EUDR enforcement works in practice: competent authority checks, interim measures (including seizure/suspension). - [Penalties and Fines](https://www.sorena.io/artifacts/eu/deforestation-regulation/penalties-and-fines.md): EUDR penalties explained (Article 25): Member State penalty rules. - [Requirements](https://www.sorena.io/artifacts/eu/deforestation-regulation/requirements.md): A structured EUDR requirements map: Article 3 core conditions, operator obligations in Article 4, simplified declaration rules in Article 4a. - [Risk Assessment and Mitigation](https://www.sorena.io/artifacts/eu/deforestation-regulation/risk-assessment-and-mitigation.md): EUDR due diligence risk assessment and mitigation made practical: how to structure Articles 10-11 decisions, what inputs to use (origin, supplier. - [DMA Applicability Test (Gatekeeper Scoping)](https://www.sorena.io/artifacts/eu/digital-markets-act/applicability-test.md): A practical DMA applicability test for teams scoping EU Digital Markets Act exposure: core platform service (CPS) mapping, gatekeeper presumption thresholds. - [DMA Compliance Checklist (Execution-Ready)](https://www.sorena.io/artifacts/eu/digital-markets-act/checklist.md): An execution-ready EU DMA checklist: CPS scoping, gatekeeper thresholds, designation readiness, Article 5-7 obligation mapping, product/engineering controls. - [DMA Compliance Program & Monitoring (Compliance Function + Evidence)](https://www.sorena.io/artifacts/eu/digital-markets-act/compliance-program-and-monitoring.md): How to build an EU DMA compliance program that survives scrutiny: Article 28 compliance function design, monitoring readiness. - [EU DMA Compliance Guide (How to Comply)](https://www.sorena.io/artifacts/eu/digital-markets-act/compliance.md): A practical guide to EU Digital Markets Act (DMA) compliance: how to scope CPS, start the 6-month clock after designation, implement Articles 5-7 obligations. - [DMA Obligations List (Articles 5, 6, 7) - By Obligation](https://www.sorena.io/artifacts/eu/digital-markets-act/core-obligations-by-obligation.md): A detailed, obligation-by-obligation breakdown of the EU Digital Markets Act (DMA): Article 5 restrictions, Article 6 obligations (choice screens, app stores. - [DMA Deadlines & Compliance Calendar (Key Dates)](https://www.sorena.io/artifacts/eu/digital-markets-act/deadlines-and-compliance-calendar.md): A calendar-ready DMA deadlines guide: application date, gatekeeper notification (2 months), designation (45 working days), 6-month compliance deadline. - [DMA vs DSA: What's the Difference? (EU Platform Laws)](https://www.sorena.io/artifacts/eu/digital-markets-act/dma-vs-dsa.md): A practical comparison of the EU Digital Markets Act (DMA) vs the Digital Services Act (DSA): what each law regulates, who is in scope, core obligations. - [DMA Do's and Don'ts for Product Teams](https://www.sorena.io/artifacts/eu/digital-markets-act/dos-and-donts-for-product-teams.md): Practical DMA do's and don'ts for product and engineering teams: how to avoid self-preferencing, implement choice screens and default changes. - [DMA Enforcement: Penalties, Remedies, and Process](https://www.sorena.io/artifacts/eu/digital-markets-act/enforcement-penalties-and-remedies.md): How EU DMA enforcement works: information requests, monitoring, preliminary findings, non-compliance decisions, commitments, interim measures, remedies. - [EU DMA FAQ (Gatekeepers, Obligations, Deadlines)](https://www.sorena.io/artifacts/eu/digital-markets-act/faq.md): EU Digital Markets Act (DMA) FAQ: what is a gatekeeper, what counts as a core platform service (CPS), what are the key obligations (Articles 5-7). - [Gatekeeper Compliance Checklist (DMA Articles 5-7 + Article 11)](https://www.sorena.io/artifacts/eu/digital-markets-act/gatekeeper-compliance-checklist.md): A gatekeeper-focused DMA compliance checklist: what to implement within 6 months per listed CPS, how to structure the Article 11 compliance report. - [Gatekeeper Designation Guide (DMA Article 3)](https://www.sorena.io/artifacts/eu/digital-markets-act/gatekeeper-designation-guide.md): A practical guide to DMA gatekeeper designation: core platform service mapping, Article 3 thresholds (45M / 10,000 / EUR 7.5B / EUR 75B). - [DMA Fines & Penalties (10% / 20% / 1% + 5% per day)](https://www.sorena.io/artifacts/eu/digital-markets-act/penalties-and-fines.md): A practitioner guide to DMA penalties: non-compliance fines up to 10% worldwide turnover, repeat infringement fines up to 20%, procedural fines up to 1%. - [EU Digital Markets Act (DMA) Requirements (Articles 5-7)](https://www.sorena.io/artifacts/eu/digital-markets-act/requirements.md): A deep, execution-ready overview of EU DMA requirements for gatekeepers: Article 5 restrictions, Article 6 obligations (choice screens, app distribution. - [DMA Self-Preferencing Compliance Examples (Article 6(5))](https://www.sorena.io/artifacts/eu/digital-markets-act/self-preferencing-compliance-examples.md): Practical self-preferencing compliance guidance for DMA Article 6(5): what counts as self-preferencing in ranking/indexing/crawling, what "transparent, fair. - [EU DMA Timeline & Key Milestones](https://www.sorena.io/artifacts/eu/digital-markets-act/timeline-and-key-milestones.md): A grounded EU Digital Markets Act (DMA) timeline: application date, gatekeeper designations, compliance clocks, Article 7 staged interoperability milestones. - [DPP Applicability Test (ESPR Scoping)](https://www.sorena.io/artifacts/eu/digital-product-passport/applicability-test.md): A step-by-step applicability test for the EU Digital Product Passport (DPP): whether your product group is covered by an ESPR delegated act. - [DPP Architecture & Integration (Open Standards, Registry, APIs)](https://www.sorena.io/artifacts/eu/digital-product-passport/architecture-and-integration.md): An advanced architecture guide for EU Digital Product Passport (DPP): product-centric identifiers and resolvers. - [EU Digital Product Passport (DPP) Checklist](https://www.sorena.io/artifacts/eu/digital-product-passport/checklist.md): An audit-ready DPP checklist for ESPR 2024/1781: delegated act scoping, model/batch/item granularity, Annex III data mapping, data carriers (QR/ID). - [EU Digital Product Passport (DPP) Compliance Guide](https://www.sorena.io/artifacts/eu/digital-product-passport/compliance.md): A practical compliance guide for EU Digital Product Passport (DPP) under ESPR 2024/1781: how to scope delegated acts, implement Articles 9-15 requirements. - [DPP Data Carriers, Access Control & UX](https://www.sorena.io/artifacts/eu/digital-product-passport/data-carriers-access-control-and-ux.md): A deep guide to DPP data carriers and UX under ESPR 2024/1781: physical data carrier requirements (Article 10), persistent unique product identifiers. - [DPP Data Requirements & Fields (Annex III)](https://www.sorena.io/artifacts/eu/digital-product-passport/data-requirements-and-fields.md): A practitioner guide to EU DPP data requirements under ESPR (Regulation (EU) 2024/1781): what data fields can be required (Annex III). - [EU Digital Product Passport (DPP) Deadlines & Compliance Calendar](https://www.sorena.io/artifacts/eu/digital-product-passport/deadlines-and-compliance-calendar.md): A calendar-ready timeline for EU Digital Product Passport (DPP) under ESPR (Regulation (EU) 2024/1781): entry into force (18 Jul 2024). - [DPP Data Governance RACI Template](https://www.sorena.io/artifacts/eu/digital-product-passport/dpp-data-governance-raci-template.md): Copy/paste-ready governance templates for EU Digital Product Passport (DPP): RACI by Annex III field. - [DPP QR Code Implementation Guide](https://www.sorena.io/artifacts/eu/digital-product-passport/dpp-qr-code-implementation-guide.md): A practical implementation guide for using QR codes (and other data carriers) for EU Digital Product Passports: what ESPR requires (Article 10). - [DPP vs Traditional Product Passports (Labels, PDFs, EPREL)](https://www.sorena.io/artifacts/eu/digital-product-passport/dpp-vs-traditional-product-passports.md): A deep comparison of the EU Digital Product Passport (DPP) vs traditional product information approaches: physical labels, PDFs/manuals. - [EU Digital Product Passport (DPP) FAQ](https://www.sorena.io/artifacts/eu/digital-product-passport/faq.md): Answers to the most searched EU DPP questions: is DPP mandatory, which products are in scope, model vs batch vs item, what data is required (Annex III). - [DPP Governance, Verification & Audit Readiness](https://www.sorena.io/artifacts/eu/digital-product-passport/governance-verification-and-audit.md): An audit-readiness guide for EU Digital Product Passport (DPP): how to prove DPP data is accurate, complete and up to date (Article 9). - [DPP Implementation Playbook & Vendor Selection](https://www.sorena.io/artifacts/eu/digital-product-passport/implementation-playbook-and-vendor-selection.md): A practical playbook for implementing EU Digital Product Passport (DPP): program steps, roles, supplier onboarding, data model and identifiers. - [ESPR / DPP Penalties & Fines](https://www.sorena.io/artifacts/eu/digital-product-passport/penalties-and-fines.md): How penalties work for EU Digital Product Passport obligations under ESPR (Regulation (EU) 2024/1781): Member States set effective. - [EU Digital Product Passport (DPP) Requirements](https://www.sorena.io/artifacts/eu/digital-product-passport/requirements.md): A detailed, execution-ready breakdown of EU Digital Product Passport (DPP) requirements under ESPR (Regulation (EU) 2024/1781): availability (Article 9). - [What Is a Digital Product Passport (DPP)?](https://www.sorena.io/artifacts/eu/digital-product-passport/what-is-a-dpp.md): A deep explainer of the EU Digital Product Passport (DPP) under ESPR (Regulation (EU) 2024/1781): definition, who uses it, what data it contains (Annex III). - [DSA Ads & Recommender Systems](https://www.sorena.io/artifacts/eu/digital-services-act/ads-and-recommender-systems.md): A deep compliance guide for DSA advertising and recommender system obligations: ad transparency (Article 26), recommender system transparency (Article 27). - [DSA Applicability Test](https://www.sorena.io/artifacts/eu/digital-services-act/applicability-test.md): A step-by-step applicability test for the EU Digital Services Act (DSA, Regulation (EU) 2022/2065): EU offering triggers. - [EU DSA Checklist](https://www.sorena.io/artifacts/eu/digital-services-act/checklist.md): An audit-ready EU Digital Services Act (DSA) compliance checklist for Regulation (EU) 2022/2065: scope memo, terms transparency. - [EU DSA Compliance Guide](https://www.sorena.io/artifacts/eu/digital-services-act/compliance.md): A practical EU Digital Services Act (DSA) compliance guide for Regulation (EU) 2022/2065: scope memo and tiering. - [EU DSA Deadlines & Compliance Calendar](https://www.sorena.io/artifacts/eu/digital-services-act/deadlines-and-compliance-calendar.md): A DSA compliance calendar for Regulation (EU) 2022/2065: entry into force, general applicability, Digital Services Coordinator designation, Article 15, 24. - [DSA Transparency Report Template](https://www.sorena.io/artifacts/eu/digital-services-act/dsa-transparency-report-template.md): Copy and paste ready DSA transparency report template aligned to Regulation (EU) 2022/2065 and Implementing Regulation (EU) 2024/2835. - [DSA vs DMA](https://www.sorena.io/artifacts/eu/digital-services-act/dsa-vs-dma.md): A practical comparison of the EU Digital Services Act (DSA, Regulation (EU) 2022/2065) and the EU Digital Markets Act (DMA. - [DSA vs UK Online Safety Act](https://www.sorena.io/artifacts/eu/digital-services-act/dsa-vs-uk-online-safety-act.md): A practical comparison of the EU Digital Services Act (DSA, Regulation (EU) 2022/2065) and the UK Online Safety Act: scope (EU recipients vs UK users). - [DSA Enforcement & Investigations](https://www.sorena.io/artifacts/eu/digital-services-act/enforcement-penalties-and-investigations.md): A practical guide to DSA enforcement (Regulation (EU) 2022/2065): how Digital Services Coordinators (DSCs) supervise services. - [EU DSA FAQ](https://www.sorena.io/artifacts/eu/digital-services-act/faq.md): Practical answers to the most searched EU Digital Services Act (DSA) questions: who is in scope, what "hosting" and "online platform" mean. - [DSA Notice & Action Workflow](https://www.sorena.io/artifacts/eu/digital-services-act/notice-and-action-workflow.md): A deep implementation guide for DSA notice & action (Regulation (EU) 2022/2065, Article 16): intake design, required notice elements. - [DSA Penalties & Fines](https://www.sorena.io/artifacts/eu/digital-services-act/penalties-and-fines.md): How DSA penalties work under Regulation (EU) 2022/2065. - [EU Digital Services Act (DSA) Requirements](https://www.sorena.io/artifacts/eu/digital-services-act/requirements.md): A practical breakdown of DSA requirements (Regulation (EU) 2022/2065): obligations for intermediary services, hosting services, online platforms. - [VLOP/VLOSE Systemic Risk Assessment (DSA)](https://www.sorena.io/artifacts/eu/digital-services-act/risk-assessments-and-mitigation.md): A deep guide to DSA systemic risk management for VLOPs/VLOSEs: how to run the Article 34 systemic risk assessment (risk categories, frequency. - [EU DSA Service Types & Scope](https://www.sorena.io/artifacts/eu/digital-services-act/service-types-and-scope.md): How to classify your service under the EU Digital Services Act (DSA, Regulation (EU) 2022/2065): intermediary service types (mere conduit, caching, hosting). - [DSA Transparency Reporting](https://www.sorena.io/artifacts/eu/digital-services-act/transparency-reporting.md): A practical guide to EU Digital Services Act transparency reporting: what to publish for Article 15, what to add for Article 24. - [DORA Applicability Test](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/applicability-test.md): A step-by-step EU DORA applicability test (Regulation (EU) 2022/2554): determine if you are a covered financial entity under Article 2. - [DORA Applicability Test](https://www.sorena.io/artifacts/eu/dora/applicability-test.md): A step-by-step EU DORA applicability test (Regulation (EU) 2022/2554): determine if you are a covered financial entity under Article 2. - [EU DORA Checklist](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/checklist.md): An audit-ready EU DORA checklist (Regulation (EU) 2022/2554): scope memo and proportionality, ICT risk management control baseline. - [EU DORA Checklist](https://www.sorena.io/artifacts/eu/dora/checklist.md): An audit-ready EU DORA checklist (Regulation (EU) 2022/2554): scope memo and proportionality, ICT risk management control baseline. - [EU DORA Compliance Guide](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/compliance.md): A practical EU DORA compliance guide (Regulation (EU) 2022/2554): how to set up a DORA program, build an ICT risk management control baseline. - [EU DORA Compliance Guide](https://www.sorena.io/artifacts/eu/dora/compliance.md): A practical EU DORA compliance guide (Regulation (EU) 2022/2554): how to set up a DORA program, build an ICT risk management control baseline. - [EU DORA Deadlines & Compliance Calendar](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/deadlines-and-compliance-calendar.md): A DORA compliance calendar for Regulation (EU) 2022/2554: publication, entry into force, application date, key RTS and ITS including 2024/2956, 2025/301. - [EU DORA Deadlines & Compliance Calendar](https://www.sorena.io/artifacts/eu/dora/deadlines-and-compliance-calendar.md): A DORA compliance calendar for Regulation (EU) 2022/2554: publication, entry into force, application date, key RTS and ITS including 2024/2956, 2025/301. - [DORA Register of Information (RoI) Template Guide](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/dora-register-of-information-template.md): A practical guide to the DORA Register of Information templates: understand the ITS schema (Implementing Regulation (EU) 2024/2956). - [DORA Register of Information (RoI) Template Guide](https://www.sorena.io/artifacts/eu/dora/dora-register-of-information-template.md): A practical guide to the DORA Register of Information templates: understand the ITS schema (Implementing Regulation (EU) 2024/2956). - [DORA vs ISO/IEC 27001:2022](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/dora-vs-iso-27001.md): A deep DORA vs ISO 27001 comparison: where ISO/IEC 27001:2022 helps satisfy DORA ICT risk management and evidence expectations. - [DORA vs ISO/IEC 27001:2022](https://www.sorena.io/artifacts/eu/dora/dora-vs-iso-27001.md): A deep DORA vs ISO 27001 comparison: where ISO/IEC 27001:2022 helps satisfy DORA ICT risk management and evidence expectations. - [DORA vs NIS2 (EU)](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/dora-vs-nis2.md): A deep comparison of DORA and NIS2: who is in scope, what "security measures" mean, incident reporting differences, governance and enforcement posture. - [DORA vs NIS2 (EU)](https://www.sorena.io/artifacts/eu/dora/dora-vs-nis2.md): A deep comparison of DORA and NIS2: who is in scope, what "security measures" mean, incident reporting differences, governance and enforcement posture. - [DORA FAQ (EU) - Scope, Deadlines, Reporting, TLPT, RoI, and Third-Party Risk](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/faq.md): High-signal answers to the most searched DORA questions: who is in scope, when DORA applies (17 Jan 2025), what "critical or important functions" means. - [DORA FAQ (EU) - Scope, Deadlines, Reporting, TLPT, RoI, and Third-Party Risk](https://www.sorena.io/artifacts/eu/dora/faq.md): High-signal answers to the most searched DORA questions: who is in scope, when DORA applies (17 Jan 2025), what "critical or important functions" means. - [DORA ICT Risk Management Control Baseline](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/ict-risk-management-control-baseline.md): A deep DORA ICT risk management baseline: how to implement Chapter II of Regulation (EU) 2022/2554 as controls with acceptance criteria and evidence. - [DORA ICT Risk Management Control Baseline](https://www.sorena.io/artifacts/eu/dora/ict-risk-management-control-baseline.md): A deep DORA ICT risk management baseline: how to implement Chapter II of Regulation (EU) 2022/2554 as controls with acceptance criteria and evidence. - [DORA Major ICT Incident Reporting](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/major-incident-reporting.md): A practical DORA major incident reporting guide: build the Article 17 and 19 workflow, apply RTS 2024/1772 classification and RTS 2025/301 timing rules. - [DORA Major ICT Incident Reporting](https://www.sorena.io/artifacts/eu/dora/major-incident-reporting.md): A practical DORA major incident reporting guide: build the Article 17 and 19 workflow, apply RTS 2024/1772 classification and RTS 2025/301 timing rules. - [DORA Penalties, Fines, and Enforcement](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/penalties-and-fines.md): A practical DORA enforcement guide: how competent authorities' supervisory/investigatory/sanctioning powers work (Article 50). - [DORA Penalties, Fines, and Enforcement](https://www.sorena.io/artifacts/eu/dora/penalties-and-fines.md): A practical DORA enforcement guide: how competent authorities' supervisory/investigatory/sanctioning powers work (Article 50). - [DORA Register of Information (RoI) - How to Build It](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/register-of-information-how-to-build.md): Build an audit-ready DORA Register of Information (RoI): define scope and relational keys. - [DORA Register of Information (RoI) - How to Build It](https://www.sorena.io/artifacts/eu/dora/register-of-information-how-to-build.md): Build an audit-ready DORA Register of Information (RoI): define scope and relational keys. - [EU DORA Requirements](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/requirements.md): A practical breakdown of EU DORA (Regulation (EU) 2022/2554) requirements: ICT risk management framework (Chapter II). - [EU DORA Requirements](https://www.sorena.io/artifacts/eu/dora/requirements.md): A practical breakdown of EU DORA (Regulation (EU) 2022/2554) requirements: ICT risk management framework (Chapter II). - [EU DORA Scope & Covered Entities](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/scope-and-covered-entities.md): A practical scoping guide for EU DORA (Regulation (EU) 2022/2554): covered financial entities (Article 2), proportionality and simplified frameworks. - [EU DORA Scope & Covered Entities](https://www.sorena.io/artifacts/eu/dora/scope-and-covered-entities.md): A practical scoping guide for EU DORA (Regulation (EU) 2022/2554): covered financial entities (Article 2), proportionality and simplified frameworks. - [DORA Testing & TLPT Readiness](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/testing-and-tlpt-readiness.md): A deep DORA testing and TLPT readiness guide: build the Chapter IV testing program, prepare remediation and validation. - [DORA Testing & TLPT Readiness](https://www.sorena.io/artifacts/eu/dora/testing-and-tlpt-readiness.md): A deep DORA testing and TLPT readiness guide: build the Chapter IV testing program, prepare remediation and validation. - [DORA ICT Third-Party Risk Management + Contract Clauses](https://www.sorena.io/artifacts/eu/digital-operational-resilience-act/third-party-risk-and-contract-clauses.md): A deep guide to DORA ICT third-party risk: build the third-party risk strategy (Article 28), implement due diligence + ongoing monitoring. - [DORA ICT Third-Party Risk Management + Contract Clauses](https://www.sorena.io/artifacts/eu/dora/third-party-risk-and-contract-clauses.md): A deep guide to DORA ICT third-party risk: build the third-party risk strategy (Article 28), implement due diligence + ongoing monitoring. - [eIDAS Applicability Test](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/applicability-test.md): A practical applicability test for eIDAS and eIDAS 2.0: identify your roles (relying party, trust service provider/QTSP, wallet provider, attribute issuer). - [eIDAS Applicability Test](https://www.sorena.io/artifacts/eu/eidas/applicability-test.md): A practical applicability test for eIDAS and eIDAS 2.0: identify your roles (relying party, trust service provider/QTSP, wallet provider, attribute issuer). - [eIDAS Certificates and Authentication](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/certificates-and-authentication.md): A deep guide to eIDAS certificates and authentication: qualified certificates for signatures and seals, website authentication certificates. - [eIDAS Certificates and Authentication](https://www.sorena.io/artifacts/eu/eidas/certificates-and-authentication.md): A deep guide to eIDAS certificates and authentication: qualified certificates for signatures and seals, website authentication certificates. - [eIDAS Checklist and Evidence Pack](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/checklist-and-evidence.md): A deep eIDAS evidence guide: what artifacts auditors and supervisors ask for first, how to structure an evidence index. - [eIDAS Checklist and Evidence Pack](https://www.sorena.io/artifacts/eu/eidas/checklist-and-evidence.md): A deep eIDAS evidence guide: what artifacts auditors and supervisors ask for first, how to structure an evidence index. - [eIDAS Compliance Checklist](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/checklist.md): An audit-ready eIDAS checklist: scope your role (relying party vs QTSP vs wallet work), choose trust services and assurance levels. - [eIDAS Compliance Checklist](https://www.sorena.io/artifacts/eu/eidas/checklist.md): An audit-ready eIDAS checklist: scope your role (relying party vs QTSP vs wallet work), choose trust services and assurance levels. - [eIDAS Compliance Program](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/compliance.md): A deep eIDAS compliance playbook: build a role-scoped operating model for trust services and EUDI Wallet readiness, define owners and controls. - [eIDAS Compliance Program](https://www.sorena.io/artifacts/eu/eidas/compliance.md): A deep eIDAS compliance playbook: build a role-scoped operating model for trust services and EUDI Wallet readiness, define owners and controls. - [eIDAS & eIDAS 2.0 Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/deadlines-and-compliance-calendar.md): An eIDAS deadlines calendar with the dates that matter: 1 July 2016 baseline application, the 2024 eIDAS amendment. - [eIDAS & eIDAS 2.0 Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/eidas/deadlines-and-compliance-calendar.md): An eIDAS deadlines calendar with the dates that matter: 1 July 2016 baseline application, the 2024 eIDAS amendment. - [eIDAS vs E-SIGN Act vs UETA](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-esign-and-ueta.md): A practical comparison of EU eIDAS (Regulation (EU) No 910/2014, amended by Regulation (EU) 2024/1183) vs the US E-SIGN Act and UETA: legal effect. - [eIDAS vs E-SIGN Act vs UETA](https://www.sorena.io/artifacts/eu/eidas/eidas-vs-esign-and-ueta.md): A practical comparison of EU eIDAS (Regulation (EU) No 910/2014, amended by Regulation (EU) 2024/1183) vs the US E-SIGN Act and UETA: legal effect. - [eIDAS 2.0 vs eIDAS](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas2-vs-eidas.md): A grounded eIDAS 2.0 vs eIDAS comparison covering what Regulation (EU) 2024/1183 changed: EUDI Wallets, electronic attestations of attributes. - [eIDAS 2.0 vs eIDAS](https://www.sorena.io/artifacts/eu/eidas/eidas2-vs-eidas.md): A grounded eIDAS 2.0 vs eIDAS comparison covering what Regulation (EU) 2024/1183 changed: EUDI Wallets, electronic attestations of attributes. - [Electronic Signatures under eIDAS](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/electronic-signatures-and-legal-effect.md): A deep eIDAS electronic signature guide: decide AdES vs QES, understand legal effect and evidentiary strength, design signing ceremonies and remote signing. - [Electronic Signatures under eIDAS](https://www.sorena.io/artifacts/eu/eidas/electronic-signatures-and-legal-effect.md): A deep eIDAS electronic signature guide: decide AdES vs QES, understand legal effect and evidentiary strength, design signing ceremonies and remote signing. - [EUDI Wallet Readiness (eIDAS 2.0)](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/eudi-wallet-readiness.md): A deep EUDI Wallet readiness guide for product, security, and compliance teams: relying party acceptance strategy, identity + attribute flows. - [EUDI Wallet Readiness (eIDAS 2.0)](https://www.sorena.io/artifacts/eu/eidas/eudi-wallet-readiness.md): A deep EUDI Wallet readiness guide for product, security, and compliance teams: relying party acceptance strategy, identity + attribute flows. - [EUDI Wallet Technical Architecture Guide](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/eudi-wallet-technical-architecture-guide.md): A deep technical architecture guide for the EU Digital Identity (EUDI) Wallet ecosystem: wallet components, issuer + verifier flows. - [EUDI Wallet Technical Architecture Guide](https://www.sorena.io/artifacts/eu/eidas/eudi-wallet-technical-architecture-guide.md): A deep technical architecture guide for the EU Digital Identity (EUDI) Wallet ecosystem: wallet components, issuer + verifier flows. - [eIDAS FAQ (EU)](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/faq.md): High-signal answers to the most searched eIDAS questions: what eIDAS covers, AdES vs QES, how to choose a QTSP, what evidence to retain. - [eIDAS FAQ (EU)](https://www.sorena.io/artifacts/eu/eidas/faq.md): High-signal answers to the most searched eIDAS questions: what eIDAS covers, AdES vs QES, how to choose a QTSP, what evidence to retain. - [eIDAS Penalties, Liability, and Enforcement](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/penalties-and-fines.md): A practical eIDAS enforcement guide: how supervision and audits work for trust service providers and qualified trust services. - [eIDAS Penalties, Liability, and Enforcement](https://www.sorena.io/artifacts/eu/eidas/penalties-and-fines.md): A practical eIDAS enforcement guide: how supervision and audits work for trust service providers and qualified trust services. - [Qualified Trust Services and QTSP Selection](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/qualified-trust-services-and-qtsp-selection.md): A deep guide to qualified trust services and QTSP selection under eIDAS: how qualification works in practice, what due diligence and contract clauses matter. - [Qualified Trust Services and QTSP Selection](https://www.sorena.io/artifacts/eu/eidas/qualified-trust-services-and-qtsp-selection.md): A deep guide to qualified trust services and QTSP selection under eIDAS: how qualification works in practice, what due diligence and contract clauses matter. - [eIDAS Requirements (EU)](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/requirements.md): An advanced eIDAS requirements breakdown: trust services obligations, QTSP security and supervision expectations, relying party validation duties. - [eIDAS Requirements (EU)](https://www.sorena.io/artifacts/eu/eidas/requirements.md): An advanced eIDAS requirements breakdown: trust services obligations, QTSP security and supervision expectations, relying party validation duties. - [What eIDAS Covers (EU)](https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/what-eidas-covers.md): A practical eIDAS overview covering electronic identification, trust services, qualified trust services, electronic attestations of attributes. - [What eIDAS Covers (EU)](https://www.sorena.io/artifacts/eu/eidas/what-eidas-covers.md): A practical eIDAS overview covering electronic identification, trust services, qualified trust services, electronic attestations of attributes. - [EMC Directive Applicability Test](https://www.sorena.io/artifacts/eu/emc-directive/applicability-test.md): A practical EMC Directive applicability test: decide scope for Directive 2014/30/EU, classify apparatus vs fixed installations. - [EMC Directive Compliance Checklist](https://www.sorena.io/artifacts/eu/emc-directive/checklist.md): An audit-ready EMC Directive checklist (Directive 2014/30/EU): scope and classification (apparatus vs fixed installation), standards strategy. - [EMC Directive Compliance Program](https://www.sorena.io/artifacts/eu/emc-directive/compliance.md): A deep EMC Directive compliance playbook: build a role-scoped operating model for manufacturers/importers/distributors. - [EMC Conformity Assessment + Documentation](https://www.sorena.io/artifacts/eu/emc-directive/conformity-assessment-and-documentation.md): A deep guide to EMC conformity assessment and documentation for Directive 2014/30/EU: how to structure the technical documentation/technical file. - [EMC Directive Deadlines + Compliance Calendar](https://www.sorena.io/artifacts/eu/emc-directive/deadlines-and-compliance-calendar.md): A practical EMC compliance calendar for Directive 2014/30/EU with the legal baseline dates, recurring standards reviews. - [EMC Test Plan Template](https://www.sorena.io/artifacts/eu/emc-directive/emc-test-plan-template.md): A structured EMC test plan template you can copy and adapt for CE marking: scope and configuration matrix, standards selection. - [EMC Directive vs Low Voltage Directive (LVD)](https://www.sorena.io/artifacts/eu/emc-directive/emc-vs-low-voltage-directive.md): A practical comparison of the EU EMC Directive (2014/30/EU) vs the Low Voltage Directive (2014/35/EU): different objectives (EMC vs electrical safety). - [EMC Directive vs Radio Equipment Directive (RED)](https://www.sorena.io/artifacts/eu/emc-directive/emc-vs-radio-equipment-directive.md): A practical comparison of the EMC Directive (2014/30/EU) vs the Radio Equipment Directive (RED) (2014/53/EU): when wireless products fall under RED. - [EMC Essential Requirements + Testing](https://www.sorena.io/artifacts/eu/emc-directive/essential-requirements-and-testing.md): A deep EMC testing guide for Directive 2014/30/EU: translate essential requirements into emissions + immunity test plans. - [EMC Directive FAQ](https://www.sorena.io/artifacts/eu/emc-directive/faq.md): High-signal answers to common EMC Directive questions: what is in scope, apparatus vs fixed installations, what to test (emissions + immunity). - [EMC Harmonised Standards Strategy](https://www.sorena.io/artifacts/eu/emc-directive/harmonized-standards-and-deviations.md): A deep guide to harmonised standards under the EMC Directive: how presumption of conformity works. - [EMC Directive Enforcement](https://www.sorena.io/artifacts/eu/emc-directive/penalties-and-fines.md): A practical EMC enforcement guide: how market surveillance works under EU product rules, what authorities typically request (technical file, test reports. - [EMC Directive Requirements (2014/30/EU)](https://www.sorena.io/artifacts/eu/emc-directive/requirements.md): An advanced EMC Directive requirements breakdown: essential requirements (emissions + immunity), obligations for manufacturers/importers/distributors. - [EMC Directive Scope + Borderline Cases](https://www.sorena.io/artifacts/eu/emc-directive/scope-and-borderline-cases.md): A deep scope guide for the EU EMC Directive (2014/30/EU): how to decide if your product is in scope. - [EMC Directive Timeline](https://www.sorena.io/artifacts/eu/emc-directive/timeline.md): A practical EMC Directive timeline: adoption and publication of Directive 2014/30/EU. - [EED Applicability Test (Directive (EU) 2023/1791)](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/applicability-test.md): A practical applicability test for the EU Energy Efficiency Directive (EED. - [EED Checklist (Directive (EU) 2023/1791)](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/checklist.md): An audit-ready checklist for the EU Energy Efficiency Directive (EED, Directive (EU) 2023/1791): scope and boundary memo, 85 TJ vs 10 TJ route decision. - [EED Compliance Program (Directive (EU) 2023/1791)](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/compliance.md): A practical EED compliance playbook: governance, scope control, threshold route decision (85 TJ / 10 TJ), energy audit program (Annex VI quality gates). - [EED Deadlines & Compliance Calendar (Directive (EU) 2023/1791)](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/deadlines-and-compliance-calendar.md): A practical compliance calendar for the Energy Efficiency Directive, Directive (EU) 2023/1791: entry into force on 10 October 2023. - [Energy Audit Report Template (EED / EN 16247)](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/energy-audit-report-template.md): A practical energy audit report template aligned to the EED (Directive (EU) 2023/1791) and its Annex VI minimum criteria. - [EED Energy Audits (Directive (EU) 2023/1791 Article 11)](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/energy-audits.md): A deep-dive on EED energy audits: who must do them (>10 TJ 3-year average if no EMS), deadlines (first audit by 11 Oct 2026. - [EED vs CSRD](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/energy-efficiency-directive-vs-csrd.md): A practical comparison of the Energy Efficiency Directive (EED, Directive (EU) 2023/1791) vs the Corporate Sustainability Reporting Directive (CSRD. - [EED Energy Management System (EMS) (Directive (EU) 2023/1791 Article 11)](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/energy-management-systems.md): A practical guide to the EED EMS obligation: who must implement a certified energy management system (>85 TJ 3-year average). - [EED FAQ (Directive (EU) 2023/1791)](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/faq.md): High-signal answers to common EED questions: how to compute the 3-year average TJ. - [ISO 50001 vs EED](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/iso-50001-vs-energy-efficiency-directive.md): A practical comparison of ISO 50001 vs the EU Energy Efficiency Directive (EED, Directive (EU) 2023/1791): ISO 50001 is the EMS standard. - [EED Enforcement (Penalties)](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/penalties-and-fines.md): A practical enforcement guide for the Energy Efficiency Directive (EED): what the directive says about penalties (Article 32). - [EED Reporting & Metrics (Directive (EU) 2023/1791)](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/reporting-and-metrics.md): A practical reporting and metrics guide for EED compliance: what to track to support Article 11 thresholds and route decisions. - [EED Requirements (Directive (EU) 2023/1791)](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/requirements.md): A practical requirements breakdown of the EU Energy Efficiency Directive (EED. - [EED Scope: Who Must Comply (Directive (EU) 2023/1791)](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/scope-and-who-must-comply.md): A grounded scope guide for the Energy Efficiency Directive (EED. - [EED Timeline](https://www.sorena.io/artifacts/eu/energy-efficiency-directive/timeline.md): A high-signal timeline guide for the Energy Efficiency Directive, Directive (EU) 2023/1791: entry into force on 10 October 2023. - [ePrivacy Applicability Test (Directive 2002/58/EC)](https://www.sorena.io/artifacts/eu/eprivacy-directive/applicability-test.md): A practical EU ePrivacy applicability test: decide whether your product triggers terminal equipment access rules (cookies/SDKs/local storage/fingerprinting. - [ePrivacy Checklist (Directive 2002/58/EC)](https://www.sorena.io/artifacts/eu/eprivacy-directive/checklist.md): An audit-ready ePrivacy checklist: build a tracker inventory and Article 5(3) decision table (consent vs exemptions). - [ePrivacy Compliance Program](https://www.sorena.io/artifacts/eu/eprivacy-directive/compliance.md): A practical ePrivacy implementation playbook: governance, tracker inventory and Article 5(3) decision table, cookie banner and CMP design. - [Confidentiality of Communications (ePrivacy Directive)](https://www.sorena.io/artifacts/eu/eprivacy-directive/confidentiality-of-communications.md): A practical guide to communications confidentiality under the current ePrivacy Directive, Directive 2002/58/EC: how to classify content, traffic data. - [Cookies & Consent (ePrivacy Directive Article 5(3))](https://www.sorena.io/artifacts/eu/eprivacy-directive/cookies-and-consent.md): An advanced guide to cookie consent under the ePrivacy Directive (Directive 2002/58/EC): how Article 5(3) applies to cookies/SDKs/local storage. - [ePrivacy Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/eprivacy-directive/deadlines-and-compliance-calendar.md): A practical ePrivacy calendar built around the current directive baseline and recurring controls: the 2002 directive, the 2009 cookie amendment. - [Direct Marketing Consent Checklist (ePrivacy Article 13)](https://www.sorena.io/artifacts/eu/eprivacy-directive/direct-marketing-consent-checklist.md): A practical direct marketing consent checklist for ePrivacy (Directive 2002/58/EC, Article 13): consent capture fields, wording/version control. - [Direct Marketing Rules (ePrivacy Directive Article 13)](https://www.sorena.io/artifacts/eu/eprivacy-directive/direct-marketing-rules.md): A practical guide to ePrivacy direct marketing rules (Directive 2002/58/EC, Article 13): when prior consent is needed. - [ePrivacy Directive Enforcement (Cookies + Marketing)](https://www.sorena.io/artifacts/eu/eprivacy-directive/enforcement-and-fines.md): An advanced guide to ePrivacy Directive enforcement: who enforces national ePrivacy laws, what regulators look for in cookie banners and consent UX. - [ePrivacy Directive vs GDPR](https://www.sorena.io/artifacts/eu/eprivacy-directive/eprivacy-directive-vs-gdpr.md): A practical, source-grounded split between the ePrivacy Directive and GDPR: ePrivacy for placement/reading on devices and communications confidentiality. - [ePrivacy vs GDPR (Cookie Stack Blueprint)](https://www.sorena.io/artifacts/eu/eprivacy-directive/eprivacy-vs-gdpr.md): A combined ePrivacy + GDPR implementation blueprint for cookies, tracking, and marketing. - [EU Cookie Banner Requirements](https://www.sorena.io/artifacts/eu/eprivacy-directive/eu-cookie-banner-requirements.md): A practical cookie banner and CMP requirements guide: acceptance/reject parity, granularity, clear purposes, vendor transparency, no pre-ticked boxes. - [ePrivacy FAQ (Directive 2002/58/EC)](https://www.sorena.io/artifacts/eu/eprivacy-directive/faq.md): High-signal ePrivacy answers: when cookies/SDKs need consent (Article 5(3)), what counts as strictly necessary (WP29 WP194). - [ePrivacy Directive Penalties and Fines](https://www.sorena.io/artifacts/eu/eprivacy-directive/penalties-and-fines.md): Understand penalties and fine exposure under national laws implementing the ePrivacy Directive (Directive 2002/58/EC). - [ePrivacy Directive Requirements (2002/58/EC)](https://www.sorena.io/artifacts/eu/eprivacy-directive/requirements.md): A practical ePrivacy Directive requirements breakdown: terminal equipment access and cookie consent/exemptions (Article 5(3)). - [ESPR Applicability Test (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/applicability-test.md): A practical applicability test for the EU Ecodesign for Sustainable Products Regulation. - [ESPR Applicability Test (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/espr/applicability-test.md): A practical applicability test for the EU Ecodesign for Sustainable Products Regulation. - [EU ESPR Checklist (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/checklist.md): An audit-ready ESPR checklist covering Article 1 scoping, Article 18 product-priority screening, delegated-acts monitoring. - [EU ESPR Checklist (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/espr/checklist.md): An audit-ready ESPR checklist covering Article 1 scoping, Article 18 product-priority screening, delegated-acts monitoring. - [ESPR Compliance Program Operating Model](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/compliance-program-operating-model.md): Build an ESPR operating model around Regulation (EU) 2024/1781: role clarity, watchlist intake, delegated-act delivery, DPP governance. - [ESPR Compliance Program Operating Model](https://www.sorena.io/artifacts/eu/espr/compliance-program-operating-model.md): Build an ESPR operating model around Regulation (EU) 2024/1781: role clarity, watchlist intake, delegated-act delivery, DPP governance. - [EU ESPR Compliance Guide (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/compliance.md): An implementation-oriented ESPR compliance guide for Regulation (EU) 2024/1781 covering scope, delegated-act intake, DPP readiness, supplier verification. - [EU ESPR Compliance Guide (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/espr/compliance.md): An implementation-oriented ESPR compliance guide for Regulation (EU) 2024/1781 covering scope, delegated-act intake, DPP readiness, supplier verification. - [EU ESPR Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/deadlines-and-compliance-calendar.md): A practical ESPR compliance calendar built around the current law baseline and the real implementation milestones: entry into force on 18 July 2024. - [EU ESPR Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/espr/deadlines-and-compliance-calendar.md): A practical ESPR compliance calendar built around the current law baseline and the real implementation milestones: entry into force on 18 July 2024. - [ESPR and Digital Product Passport (DPP) Connection](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/espr-and-dpp-connection.md): Understand how ESPR turns Digital Product Passport into an operational system: Article 9 passport duties, Article 10 essential requirements. - [ESPR and Digital Product Passport (DPP) Connection](https://www.sorena.io/artifacts/eu/espr/espr-and-dpp-connection.md): Understand how ESPR turns Digital Product Passport into an operational system: Article 9 passport duties, Article 10 essential requirements. - [ESPR Delegated Acts Watchlist](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/espr-delegated-acts-watchlist.md): A practical delegated acts watchlist for EU ESPR (Regulation (EU) 2024/1781): what to monitor, how to structure your watchlist, how to run impact assessments. - [ESPR Delegated Acts Watchlist](https://www.sorena.io/artifacts/eu/espr/espr-delegated-acts-watchlist.md): A practical delegated acts watchlist for EU ESPR (Regulation (EU) 2024/1781): what to monitor, how to structure your watchlist, how to run impact assessments. - [ESPR vs Ecodesign Directive (2009/125/EC)](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/espr-vs-ecodesign-directive.md): Compare ESPR with the older Ecodesign Directive 2009/125/EC: broader scope, direct-applicability as a regulation, Article 18 working plans. - [ESPR vs Ecodesign Directive (2009/125/EC)](https://www.sorena.io/artifacts/eu/espr/espr-vs-ecodesign-directive.md): Compare ESPR with the older Ecodesign Directive 2009/125/EC: broader scope, direct-applicability as a regulation, Article 18 working plans. - [ESPR vs PPWR](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/espr-vs-ppwr.md): Compare ESPR and PPWR with a practical implementation lens: product design versus packaging design. - [ESPR vs PPWR](https://www.sorena.io/artifacts/eu/espr/espr-vs-ppwr.md): Compare ESPR and PPWR with a practical implementation lens: product design versus packaging design. - [EU ESPR FAQ (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/faq.md): Frequently asked questions about the EU Ecodesign for Sustainable Products Regulation (ESPR), Regulation (EU) 2024/1781: what it is, how delegated acts work. - [EU ESPR FAQ (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/espr/faq.md): Frequently asked questions about the EU Ecodesign for Sustainable Products Regulation (ESPR), Regulation (EU) 2024/1781: what it is, how delegated acts work. - [ESPR Information Requirements, Labeling, and Disclosure](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/information-requirements-labeling-and-disclosure.md): A grounded guide to ESPR information requirements, labels, and disclosure: Article 7 information duties, Article 9 DPP requirements. - [ESPR Information Requirements, Labeling, and Disclosure](https://www.sorena.io/artifacts/eu/espr/information-requirements-labeling-and-disclosure.md): A grounded guide to ESPR information requirements, labels, and disclosure: Article 7 information duties, Article 9 DPP requirements. - [ESPR Penalties and Enforcement](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/penalties-and-fines.md): A grounded ESPR penalties and enforcement guide covering Article 74 penalties, market-surveillance workflows, corrective action, DPP and registry evidence. - [ESPR Penalties and Enforcement](https://www.sorena.io/artifacts/eu/espr/penalties-and-fines.md): A grounded ESPR penalties and enforcement guide covering Article 74 penalties, market-surveillance workflows, corrective action, DPP and registry evidence. - [ESPR Product Priorities + Delegated Acts Tracker](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/product-priorities-and-delegated-acts-tracker.md): A practical tracker for ESPR product priorities and delegated acts: map product families to likely product groups, score readiness (data, suppliers, DPP). - [ESPR Product Priorities + Delegated Acts Tracker](https://www.sorena.io/artifacts/eu/espr/product-priorities-and-delegated-acts-tracker.md): A practical tracker for ESPR product priorities and delegated acts: map product families to likely product groups, score readiness (data, suppliers, DPP). - [EU ESPR Requirements (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/requirements.md): A practical ESPR requirements guide: understand the framework regulation (EU) 2024/1781. - [EU ESPR Requirements (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/espr/requirements.md): A practical ESPR requirements guide: understand the framework regulation (EU) 2024/1781. - [ESPR Timeline (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/timeline.md): A practical ESPR timeline guide built around the known milestones in Regulation (EU) 2024/1781: entry into force on 18 July 2024. - [ESPR Timeline (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/espr/timeline.md): A practical ESPR timeline guide built around the known milestones in Regulation (EU) 2024/1781: entry into force on 18 July 2024. - [What Is the EU ESPR? (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/ecodesign-for-sustainable-products-regulation/what-is-espr-and-why-it-matters.md): A practical explainer of the EU Ecodesign for Sustainable Products Regulation (ESPR), Regulation (EU) 2024/1781: what it is, why it matters. - [What Is the EU ESPR? (Regulation (EU) 2024/1781)](https://www.sorena.io/artifacts/eu/espr/what-is-espr-and-why-it-matters.md): A practical explainer of the EU Ecodesign for Sustainable Products Regulation (ESPR), Regulation (EU) 2024/1781: what it is, why it matters. - [GDPR Applicability Test (Article 2-3)](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/applicability-test.md): A practical GDPR applicability test for Regulation (EU) 2016/679: check material scope (Article 2), territorial scope (Article 3), establishment vs targeting. - [GDPR Applicability Test (Article 2-3)](https://www.sorena.io/artifacts/eu/gdpr/applicability-test.md): A practical GDPR applicability test for Regulation (EU) 2016/679: check material scope (Article 2), territorial scope (Article 3), establishment vs targeting. - [GDPR Breach Notification (72 Hours)](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/breach-notification-72-hours.md): An execution-ready guide to GDPR breach notification built on Articles 33 and 34, the EDPB breach-notification guidelines. - [GDPR Breach Notification (72 Hours)](https://www.sorena.io/artifacts/eu/gdpr/breach-notification-72-hours.md): An execution-ready guide to GDPR breach notification built on Articles 33 and 34, the EDPB breach-notification guidelines. - [EU GDPR Checklist (Regulation (EU) 2016/679)](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/checklist.md): An audit-ready GDPR checklist: scope and role mapping, lawful basis and consent, transparency and notices, DSAR workflows, DPIA governance, security measures. - [EU GDPR Checklist (Regulation (EU) 2016/679)](https://www.sorena.io/artifacts/eu/gdpr/checklist.md): An audit-ready GDPR checklist: scope and role mapping, lawful basis and consent, transparency and notices, DSAR workflows, DPIA governance, security measures. - [EU GDPR Compliance Guide](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/compliance.md): An execution-oriented GDPR compliance guide for Regulation (EU) 2016/679: program setup, governance, control design, evidence exports. - [EU GDPR Compliance Guide](https://www.sorena.io/artifacts/eu/gdpr/compliance.md): An execution-oriented GDPR compliance guide for Regulation (EU) 2016/679: program setup, governance, control design, evidence exports. - [GDPR Data Subject Rights + DSAR Workflow](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/data-subject-rights-and-dsar-workflow.md): A practical DSAR (data subject access request) playbook for GDPR Articles 12-22: build intake and identity verification, define system search scope. - [GDPR Data Subject Rights + DSAR Workflow](https://www.sorena.io/artifacts/eu/gdpr/data-subject-rights-and-dsar-workflow.md): A practical DSAR (data subject access request) playbook for GDPR Articles 12-22: build intake and identity verification, define system search scope. - [GDPR Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/deadlines-and-compliance-calendar.md): A grounded GDPR compliance calendar that combines fixed legal milestones, 27 April 2016 adoption, 25 May 2018 application, the 2021 SCC overhaul. - [GDPR Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/gdpr/deadlines-and-compliance-calendar.md): A grounded GDPR compliance calendar that combines fixed legal milestones, 27 April 2016 adoption, 25 May 2018 application, the 2021 SCC overhaul. - [GDPR DPIA (Article 35) + Risk Management](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/dpia-and-risk-management.md): A practical DPIA guide for GDPR Articles 35-36: how to screen for DPIA triggers, run a risk assessment focused on rights/freedoms. - [GDPR DPIA (Article 35) + Risk Management](https://www.sorena.io/artifacts/eu/gdpr/dpia-and-risk-management.md): A practical DPIA guide for GDPR Articles 35-36: how to screen for DPIA triggers, run a risk assessment focused on rights/freedoms. - [EU GDPR FAQ](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/faq.md): Frequently asked GDPR questions answered with practical implementation guidance: does GDPR apply (Article 3), what counts as personal data. - [EU GDPR FAQ](https://www.sorena.io/artifacts/eu/gdpr/faq.md): Frequently asked GDPR questions answered with practical implementation guidance: does GDPR apply (Article 3), what counts as personal data. - [GDPR vs CCPA/CPRA](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/gdpr-vs-ccpa.md): A practical comparison of GDPR (EU) and CCPA/CPRA (California): differences in applicability triggers, roles, legal bases versus sale/share models. - [GDPR vs CCPA/CPRA](https://www.sorena.io/artifacts/eu/gdpr/gdpr-vs-ccpa.md): A practical comparison of GDPR (EU) and CCPA/CPRA (California): differences in applicability triggers, roles, legal bases versus sale/share models. - [GDPR vs UK GDPR](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/gdpr-vs-uk-gdpr.md): A practical comparison of EU GDPR and UK GDPR: territorial scope triggers, regulator structure (one-stop-shop vs ICO), cross-border processing implications. - [GDPR vs UK GDPR](https://www.sorena.io/artifacts/eu/gdpr/gdpr-vs-uk-gdpr.md): A practical comparison of EU GDPR and UK GDPR: territorial scope triggers, regulator structure (one-stop-shop vs ICO), cross-border processing implications. - [GDPR International Transfers (Chapter V) + SCCs](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/international-transfers-and-sccs.md): A practical guide to GDPR international transfers (Chapter V): how to build a transfer map, choose mechanisms (adequacy vs SCCs). - [GDPR International Transfers (Chapter V) + SCCs](https://www.sorena.io/artifacts/eu/gdpr/international-transfers-and-sccs.md): A practical guide to GDPR international transfers (Chapter V): how to build a transfer map, choose mechanisms (adequacy vs SCCs). - [GDPR Lawful Basis (Article 6) + Consent (Article 7)](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/lawful-basis-and-consent.md): A practical guide to GDPR lawful bases (Article 6) and consent (Article 7): how to select a lawful basis per purpose, when consent is appropriate vs risky. - [GDPR Lawful Basis (Article 6) + Consent (Article 7)](https://www.sorena.io/artifacts/eu/gdpr/lawful-basis-and-consent.md): A practical guide to GDPR lawful bases (Article 6) and consent (Article 7): how to select a lawful basis per purpose, when consent is appropriate vs risky. - [GDPR Penalties and Fines](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/penalties-and-fines.md): A practical penalties guide for GDPR enforcement: how administrative fines work under Articles 83-84, what factors drive exposure (purpose drift. - [GDPR Penalties and Fines](https://www.sorena.io/artifacts/eu/gdpr/penalties-and-fines.md): A practical penalties guide for GDPR enforcement: how administrative fines work under Articles 83-84, what factors drive exposure (purpose drift. - [GDPR Processor Contracts (Article 28) + Vendor Management](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/processor-contracts-and-vendor-management.md): A practical vendor management guide for GDPR: how to operationalize Article 28 processor contracts, define controller vs processor roles. - [GDPR Processor Contracts (Article 28) + Vendor Management](https://www.sorena.io/artifacts/eu/gdpr/processor-contracts-and-vendor-management.md): A practical vendor management guide for GDPR: how to operationalize Article 28 processor contracts, define controller vs processor roles. - [GDPR RoPA Template (Article 30)](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/record-of-processing-activities-template.md): A practical Record of Processing Activities (RoPA) template for GDPR Article 30: controller and processor fields. - [GDPR RoPA Template (Article 30)](https://www.sorena.io/artifacts/eu/gdpr/record-of-processing-activities-template.md): A practical Record of Processing Activities (RoPA) template for GDPR Article 30: controller and processor fields. - [EU GDPR Requirements (Regulation (EU) 2016/679)](https://www.sorena.io/artifacts/eu/general-data-protection-regulation/requirements.md): A practical GDPR requirements breakdown: scope (Articles 2-3), principles (Article 5), lawful basis (Article 6-7), transparency (Articles 12-14). - [EU GDPR Requirements (Regulation (EU) 2016/679)](https://www.sorena.io/artifacts/eu/gdpr/requirements.md): A practical GDPR requirements breakdown: scope (Articles 2-3), principles (Article 5), lawful basis (Article 6-7), transparency (Articles 12-14). - [EU GPSR Applicability Test](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/applicability-test.md): A step-by-step EU GPSR applicability test for Regulation (EU) 2023/988: confirm whether your products are covered, whether exclusions apply. - [EU GPSR Checklist](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/checklist.md): An audit-ready EU GPSR checklist for Regulation (EU) 2023/988: scope and role mapping, documentation and traceability, supplier evidence. - [EU GPSR Compliance Program](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/compliance.md): A practical EU GPSR compliance playbook for Regulation (EU) 2023/988: program setup, governance cadence, risk assessment controls. - [EU GPSR Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/deadlines-and-compliance-calendar.md): A practical EU GPSR calendar for Regulation (EU) 2023/988: key dates and operational milestones, with a workstream-based plan covering scope and role mapping. - [EU GPSR Economic Operator Duties](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/economic-operator-duties.md): A practical guide to EU GPSR economic operator duties under Regulation (EU) 2023/988: how to map roles across your supply chain. - [EU GPSR FAQ](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/faq.md): Answers to common EU GPSR questions: scope and exclusions, used/repaired products, online marketplaces, Safety Gate/Safety Business Gateway notifications. - [GPSR vs Market Surveillance Regulation (EU) 2019/1020](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/gpsr-vs-market-surveillance-regulation.md): A practical comparison of EU GPSR (Regulation (EU) 2023/988) and the Market Surveillance Regulation (EU) 2019/1020: what each governs. - [GPSR vs Product Liability Directive (85/374/EEC)](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/gpsr-vs-product-liability-directive.md): A practical comparison of EU GPSR (Regulation (EU) 2023/988) and the Product Liability Directive (85/374/EEC). - [EU GPSR Online Marketplace Obligations](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/online-marketplace-obligations.md): A practical guide for online marketplaces under EU GPSR (Regulation (EU) 2023/988): who is a 'provider of an online marketplace'. - [EU GPSR Penalties and Enforcement](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/penalties-and-fines.md): A practical guide to enforcement under EU GPSR (Regulation (EU) 2023/988): how market surveillance works, what enforcement actions look like (restrictions. - [EU GPSR Product Recall Notice Template](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/product-recall-notice-template.md): A practical guide to the EU GPSR recall notice template: when it applies, how to fill it correctly, what evidence to retain. - [EU GPSR Recalls and Incident Management](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/recalls-and-incident-management.md): A practical recall and incident management playbook for EU GPSR (Regulation (EU) 2023/988): build a triage workflow, decide corrective actions vs recall. - [EU GPSR Requirements (Regulation (EU) 2023/988)](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/requirements.md): An implementation-grade breakdown of EU GPSR requirements under Regulation (EU) 2023/988: safe product lifecycle controls, risk assessment. - [EU GPSR Scope and Covered Products](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/scope-and-covered-products.md): A practical GPSR scope guide for Regulation (EU) 2023/988: what products are covered, common exclusions. - [EU GPSR Traceability and Documentation](https://www.sorena.io/artifacts/eu/general-product-safety-regulation/traceability-and-documentation.md): A practical GPSR documentation and traceability guide for Regulation (EU) 2023/988: what information to maintain. - [EU Green Claims Applicability Test](https://www.sorena.io/artifacts/eu/green-claims-directive/applicability-test.md): A step-by-step applicability test for green claims: decide whether a claim is a covered explicit environmental claim. - [EU Green Claims Checklist](https://www.sorena.io/artifacts/eu/green-claims-directive/checklist.md): An audit-ready checklist for green claims programs: claim inventory and classification, substantiation evidence packs (life-cycle boundaries, data quality. - [EU Green Claims Compliance Program](https://www.sorena.io/artifacts/eu/green-claims-directive/compliance.md): A practical green claims compliance playbook: program setup, governance cadence, claim taxonomy and inventory, substantiation standards. - [EU Green Claims Timeline and Readiness Calendar](https://www.sorena.io/artifacts/eu/green-claims-directive/deadlines-and-compliance-calendar.md): A practical timeline and readiness calendar for green claims. - [EU Green Claims FAQ](https://www.sorena.io/artifacts/eu/green-claims-directive/faq.md): Implementation-focused answers to common green claims questions: what counts as a green claim, how to substantiate and verify claims. - [EU Green Claims vs UK Green Claims Code](https://www.sorena.io/artifacts/eu/green-claims-directive/green-claims-directive-vs-uk-green-claims-code.md): A practical comparison for teams operating in both the EU and UK. - [Green Claims Substantiation Template](https://www.sorena.io/artifacts/eu/green-claims-directive/green-claims-substantiation-template.md): A copy/paste-ready substantiation template for environmental claims: claim card, boundary definition, life-cycle perspective. - [Greenwashing Risk Checklist](https://www.sorena.io/artifacts/eu/green-claims-directive/greenwashing-risk-checklist.md): A practical greenwashing risk checklist to review environmental claims before publication: vagueness and ambiguity checks, absolute vs comparative claims. - [Labels and Certification Schemes](https://www.sorena.io/artifacts/eu/green-claims-directive/labels-and-certification-schemes.md): A practical guide to governing environmental labels and certification schemes: how label-like messaging creates implied claims. - [Penalties and Enforcement](https://www.sorena.io/artifacts/eu/green-claims-directive/penalties-and-enforcement.md): A practical enforcement guide for green claims: how challenges and investigations typically unfold, what authorities and platforms ask for. - [Penalties and Fines](https://www.sorena.io/artifacts/eu/green-claims-directive/penalties-and-fines.md): A practical penalties guide for green claims: what drives penalty exposure in greenwashing cases (ambiguity, lack of substantiation, missing boundaries. - [Requirements](https://www.sorena.io/artifacts/eu/green-claims-directive/requirements.md): An implementation-grade breakdown of what the EU Green Claims Directive proposal aimed to require (and what best-practice programs still build). - [Substantiation and Evidence Pack](https://www.sorena.io/artifacts/eu/green-claims-directive/substantiation-and-evidence-pack.md): A practical evidence pack guide for environmental claims: claim inventory, evidence architecture, boundary and methodology documentation. - [Green Claims Templates](https://www.sorena.io/artifacts/eu/green-claims-directive/templates.md): A templates hub for environmental claims programs: claim card template, substantiation/evidence pack template, verification checklist. - [Verification and Audit Readiness](https://www.sorena.io/artifacts/eu/green-claims-directive/verification-and-audit-readiness.md): A practical verification and audit readiness guide for environmental claims: verification checklist, sampling strategy for claim portfolios. - [What Counts as a Green Claim?](https://www.sorena.io/artifacts/eu/green-claims-directive/what-counts-as-a-green-claim.md): A practical guide to what counts as a green claim (explicit environmental claim): product and corporate claims, absolute vs comparative claims. - [Applicability Test](https://www.sorena.io/artifacts/eu/low-voltage-directive/applicability-test.md): A step-by-step applicability test for the EU Low Voltage Directive (LVD) 2014/35/EU: voltage limits, Annex II exclusions, product vs component. - [Checklist](https://www.sorena.io/artifacts/eu/low-voltage-directive/checklist.md): An audit-ready CE marking checklist for the EU Low Voltage Directive (LVD) 2014/35/EU: scope memo + Annex II exclusions, Annex I safety objectives mapping. - [Compliance Program](https://www.sorena.io/artifacts/eu/low-voltage-directive/compliance.md): Build a scalable compliance program for EU Low Voltage Directive (LVD) 2014/35/EU: product family strategy, scope control, Annex I hazard mapping. - [Conformity Assessment and CE Marking](https://www.sorena.io/artifacts/eu/low-voltage-directive/conformity-assessment-and-ce.md): A practical CE marking workflow for EU Low Voltage Directive (LVD) 2014/35/EU: Module A (internal production control), risk assessment. - [Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/low-voltage-directive/deadlines-and-compliance-calendar.md): A practical compliance calendar for EU Low Voltage Directive 2014/35/EU: legal milestones from adoption through current application, release gate timing. - [Essential Safety Requirements (Annex I)](https://www.sorena.io/artifacts/eu/low-voltage-directive/essential-safety-requirements.md): Translate EU Low Voltage Directive (LVD) 2014/35/EU Annex I safety objectives into an engineering-ready hazard map: protection against electric shock. - [FAQ](https://www.sorena.io/artifacts/eu/low-voltage-directive/faq.md): High-signal FAQ for the EU Low Voltage Directive (LVD) 2014/35/EU: voltage limits, Annex II exclusions, do you need a notified body. - [Harmonised Standards](https://www.sorena.io/artifacts/eu/low-voltage-directive/harmonized-standards.md): How harmonised standards work under the EU Low Voltage Directive (LVD) 2014/35/EU: presumption of conformity, Official Journal (OJ) references. - [EU LVD vs EMC Directive](https://www.sorena.io/artifacts/eu/low-voltage-directive/low-voltage-directive-vs-emc-directive.md): A practical comparison of the EU Low Voltage Directive (LVD) 2014/35/EU and the EMC Directive 2014/30/EU. - [EU LVD vs Machinery Regulation](https://www.sorena.io/artifacts/eu/low-voltage-directive/low-voltage-directive-vs-machinery-regulation.md): A practical overlap guide for Low Voltage Directive (LVD) 2014/35/EU and Machinery Regulation (EU) 2023/1230: when the product is machinery/related product. - [Templates](https://www.sorena.io/artifacts/eu/low-voltage-directive/lvd-conformity-assessment-template.md): Copy/paste templates for EU Low Voltage Directive (LVD) 2014/35/EU compliance: scope memo (voltage + Annex II exclusions + overlap). - [Penalties and Fines](https://www.sorena.io/artifacts/eu/low-voltage-directive/penalties-and-fines.md): Enforcement overview for the EU Low Voltage Directive (LVD) 2014/35/EU: what market surveillance authorities typically ask for. - [Requirements](https://www.sorena.io/artifacts/eu/low-voltage-directive/requirements.md): An implementation-grade requirements breakdown for the EU Low Voltage Directive (LVD) 2014/35/EU: obligations for manufacturers, authorised representatives. - [Scope and Products](https://www.sorena.io/artifacts/eu/low-voltage-directive/scope-and-products.md): A practical scope guide for the EU Low Voltage Directive 2014/35/EU: voltage limits at 50 to 1000 V AC and 75 to 1500 V DC. - [Technical Documentation (Technical File)](https://www.sorena.io/artifacts/eu/low-voltage-directive/technical-documentation.md): Build an audit-ready LVD technical file for Directive 2014/35/EU: Annex III elements (product description, drawings/schematics, explanations, standards list. - [Applicability Test](https://www.sorena.io/artifacts/eu/machinery-regulation/applicability-test.md): A step-by-step applicability test for EU Machinery Regulation (EU) 2023/1230: is it machinery / related product / partly completed machinery. - [Checklist](https://www.sorena.io/artifacts/eu/machinery-regulation/checklist.md): An audit-ready CE marking checklist for EU Machinery Regulation (EU) 2023/1230: scope memo and exclusions (Article 2). - [Compliance Program](https://www.sorena.io/artifacts/eu/machinery-regulation/compliance.md): Build a scalable compliance program for EU Machinery Regulation (EU) 2023/1230: product family strategy, scope and exclusions control. - [Conformity Assessment and CE Marking](https://www.sorena.io/artifacts/eu/machinery-regulation/conformity-assessment-and-ce.md): A grounded guide to Article 25 conformity assessment under Regulation (EU) 2023/1230: Annex I Part A and Part B route selection, Module A versus B plus C, H. - [Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/machinery-regulation/deadlines-and-compliance-calendar.md): A grounded EU Machinery Regulation compliance calendar covering adoption on 14 June 2023, publication on 29 June 2023, entry into force on 19 July 2023. - [FAQ](https://www.sorena.io/artifacts/eu/machinery-regulation/faq.md): High-signal FAQ for EU Machinery Regulation (EU) 2023/1230: what is in scope and excluded, how Annex I Part A/Part B changes the conformity assessment route. - [Templates](https://www.sorena.io/artifacts/eu/machinery-regulation/machinery-ce-documentation-template.md): Copy/paste templates for EU Machinery Regulation (EU) 2023/1230 compliance: scope memo (Article 2 exclusions), Annex I classification note. - [Machinery Regulation vs EU AI Act](https://www.sorena.io/artifacts/eu/machinery-regulation/machinery-regulation-vs-eu-ai-act.md): A practical crosswalk for smart machinery: when the EU AI Act treats your AI as a high-risk safety component (Article 6). - [Machinery Regulation vs Machinery Directive](https://www.sorena.io/artifacts/eu/machinery-regulation/machinery-regulation-vs-machinery-directive.md): A grounded comparison of Regulation (EU) 2023/1230 and Directive 2006/42/EC covering direct applicability, corrected transition dates. - [Penalties and Fines](https://www.sorena.io/artifacts/eu/machinery-regulation/penalties-and-fines.md): A practical enforcement guide for Regulation (EU) 2023/1230: Article 50 national penalties, the 14 October 2026 penalty-notification deadline. - [Requirements](https://www.sorena.io/artifacts/eu/machinery-regulation/requirements.md): An implementation-grade breakdown of Regulation (EU) 2023/1230 covering scope and definitions, Annex I routing, Annex III risk assessment, Annex IV evidence. - [Risk Assessment Method](https://www.sorena.io/artifacts/eu/machinery-regulation/risk-assessment-method.md): A practical risk assessment method aligned to EU Machinery Regulation (EU) 2023/1230 Annex III general principles. - [Scope and Machine Categories](https://www.sorena.io/artifacts/eu/machinery-regulation/scope-and-machine-categories.md): A practical scope guide for EU Machinery Regulation (EU) 2023/1230: what counts as machinery, related products (interchangeable equipment. - [Software and Cybersecurity Considerations](https://www.sorena.io/artifacts/eu/machinery-regulation/software-and-cybersecurity-considerations.md): A practical guide to software and cybersecurity-related safety duties under Regulation (EU) 2023/1230: Annex III protection against corruption. - [Technical Documentation and Technical File](https://www.sorena.io/artifacts/eu/machinery-regulation/technical-documentation-and-technical-file.md): A practical Annex IV guide for Regulation (EU) 2023/1230: Part A vs Part B file structure, risk-assessment content, standards mapping. - [Timeline and Transition](https://www.sorena.io/artifacts/eu/machinery-regulation/timeline-and-transition.md): A grounded migration guide for Regulation (EU) 2023/1230 covering adoption on 14 June 2023, publication on 29 June 2023, entry into force on 19 July 2023. - [EU Market Surveillance Regulation applicability test](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/applicability-test.md): A practical applicability test for the EU Market Surveillance Regulation (Regulation (EU) 2019/1020). - [Authority request response playbook](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/authority-request-response-playbook.md): An operational playbook for responding to authority requests under Regulation (EU) 2019/1020: first-24-hour triage, Article 4 evidence packs. - [EU MSR checklist](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/checklist.md): An audit-ready checklist for the EU Market Surveillance Regulation (Regulation (EU) 2019/1020): online targeting and distance sales (Article 6). - [EU MSR compliance program](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/compliance.md): A practical implementation guide for the EU Market Surveillance Regulation (Regulation (EU) 2019/1020). - [EU MSR deadlines and compliance calendar](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/deadlines-and-compliance-calendar.md): Key dates for Regulation (EU) 2019/1020 covering early application from 1 January 2021 for Articles 29 to 33 and 36, general application from 16 July 2021. - [Enforcement powers and penalties](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/enforcement-powers-and-penalties.md): A practical enforcement guide for Regulation (EU) 2019/1020 covering Article 11 risk-based checks, Article 14 authority powers. - [EU MSR FAQ](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/faq.md): Answers to common questions about the EU Market Surveillance Regulation (Regulation (EU) 2019/1020): online targeting (Article 6). - [Investigations and evidence requests](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/investigations-and-evidence-requests.md): A practical guide to MSR investigations under Regulation (EU) 2019/1020 covering Article 11 risk-based checks. - [Market surveillance for online marketplaces](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/market-surveillance-for-online-marketplaces.md): A practical guide for online marketplaces under Regulation (EU) 2019/1020: Article 6 distance-sales targeting, Article 7(2) cooperation. - [MSR vs GPSR](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/market-surveillance-regulation-vs-gpsr.md): A grounded comparison of Regulation (EU) 2019/1020 and Regulation (EU) 2023/988: MSR as the enforcement and coordination framework. - [Online sales under the EU Market Surveillance Regulation](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/online-sales-and-marketplaces.md): A practical guide for ecommerce sellers under Regulation (EU) 2019/1020: Article 6 distance-sales targeting, Article 4 operator identification. - [EU MSR penalties and fines](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/penalties-and-fines.md): Penalty exposure under Regulation (EU) 2019/1020: what Article 41 requires, why penalties differ by Member State. - [EU Market Surveillance Regulation requirements](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/requirements.md): A practical requirements breakdown for Regulation (EU) 2019/1020 covering Article 4 EU economic-operator tasks, Article 6 distance-sales targeting. - [EU MSR Article 4 economic operator duties and responsible-person setup](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/responsible-person-and-economic-operator-duties.md): A practical guide to Article 4 of Regulation (EU) 2019/1020: when an EU economic operator is required, who can act, what Article 4(3) tasks they perform. - [What changes with EU market surveillance](https://www.sorena.io/artifacts/eu/market-surveillance-regulation/what-market-surveillance-changes.md): A practical 'what changed' guide for Regulation (EU) 2019/1020: stronger EU-wide coordination, explicit online/distance sales targeting logic (Article 6). - [Applicability Test](https://www.sorena.io/artifacts/eu/medical-device-regulation/applicability-test.md): A step-by-step MDR applicability test for Regulation (EU) 2017/745: confirm intended purpose, device definition and exclusions. - [Compliance Checklist](https://www.sorena.io/artifacts/eu/medical-device-regulation/checklist.md): An MDR compliance checklist you can run per device family: scope + role, classification and conformity assessment route, QMS controls (incl. - [Clinical Evaluation Overview](https://www.sorena.io/artifacts/eu/medical-device-regulation/clinical-evaluation-overview.md): A practical MDR clinical evaluation overview: how to define clinical claims and intended purpose, plan the clinical evaluation (CEP). - [CER Template](https://www.sorena.io/artifacts/eu/medical-device-regulation/clinical-evaluation-report-template.md): A practical Clinical Evaluation Report (CER) template for MDR (Regulation (EU) 2017/745): a copy-ready CER structure aligned to Annex XIV. - [Compliance Guide](https://www.sorena.io/artifacts/eu/medical-device-regulation/compliance.md): A practical EU MDR compliance guide for Regulation (EU) 2017/745: how to build an MDR operating model from scope and classification to conformity assessment. - [Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/medical-device-regulation/deadlines-and-compliance-calendar.md): A practical MDR deadlines and compliance calendar: MDR application timing, Regulation (EU) 2023/607 transition conditions. - [Device Classification Guide](https://www.sorena.io/artifacts/eu/medical-device-regulation/device-classification-guide.md): A practical MDR device classification guide for Annex VIII: how to write a classification memo, apply implementing rules, decide invasiveness and duration. - [FAQ](https://www.sorena.io/artifacts/eu/medical-device-regulation/faq.md): High-signal EU MDR FAQ: Is my product a medical device? Is my software in scope? What is Rule 11? Do I need a notified body? What goes in the technical file. - [MDR vs IVDR](https://www.sorena.io/artifacts/eu/medical-device-regulation/mdr-vs-ivdr.md): A practical MDR vs IVDR comparison for mixed device portfolios: scope differences (medical devices vs in vitro diagnostics), classification approaches. - [Penalties and Fines](https://www.sorena.io/artifacts/eu/medical-device-regulation/penalties-and-fines.md): A practical MDR enforcement guide: how penalties work under EU MDR (sanctions set by Member States), common enforcement triggers (misleading claims. - [PMS and Vigilance](https://www.sorena.io/artifacts/eu/medical-device-regulation/post-market-surveillance-and-vigilance.md): A practical MDR PMS and vigilance guide: build the Annex III PMS system, decide when PSUR or PMS report applies, meet serious-incident timelines of 15 days. - [PMS Plan Template](https://www.sorena.io/artifacts/eu/medical-device-regulation/post-market-surveillance-plan-template.md): A practical MDR Post-Market Surveillance (PMS) plan template aligned to MDR Annex III: copy-ready sections for device scope, data sources. - [QMS and Technical File](https://www.sorena.io/artifacts/eu/medical-device-regulation/qms-and-technical-file.md): A practical MDR QMS and technical-file guide: Article 10 and 15 governance, Annex II and III file structure, GSPR traceability. - [Requirements](https://www.sorena.io/artifacts/eu/medical-device-regulation/requirements.md): A grounded MDR requirements guide for Regulation (EU) 2017/745: scope and role mapping, Annex VIII classification, Article 10 and 15 governance. - [Transition Timelines](https://www.sorena.io/artifacts/eu/medical-device-regulation/transition-timelines.md): A practical MDR transition and legacy-device timeline guide: how Article 120 works after Regulation (EU) 2023/607, which conditions must stay true. - [UDI and EUDAMED](https://www.sorena.io/artifacts/eu/medical-device-regulation/udi-and-eudamed.md): A practical MDR UDI and EUDAMED guide: Basic UDI-DI, UDI-DI, UDI-PI, actor registration and SRN, Article 29 device registration. - [Applicability Test](https://www.sorena.io/artifacts/eu/nis2-directive/applicability-test.md): A grounded NIS2 applicability test: map each legal entity to Annex I or Annex II, apply the NIS2 size-cap rule and regardless-of-size triggers. - [Article 21 Control Baseline](https://www.sorena.io/artifacts/eu/nis2-directive/article-21-control-baseline.md): A practical Article 21 control baseline for NIS2: translate Article 21(2)(a) to (j) into owned controls, KPIs, tests, and evidence. - [Checklist](https://www.sorena.io/artifacts/eu/nis2-directive/checklist.md): An audit-ready EU NIS2 compliance checklist: scope (Annex I/II + size-cap rules), essential vs important classification, Article 21 control baseline. - [Compliance Guide](https://www.sorena.io/artifacts/eu/nis2-directive/compliance.md): A practical EU NIS2 compliance guide: how to run scope and classification, build Article 21 controls, implement Article 23 reporting workflows. - [Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/nis2-directive/deadlines-and-compliance-calendar.md): A practical EU NIS2 deadlines and compliance calendar with the legal anchor dates that matter: entry into force on 16 January 2023. - [FAQ](https://www.sorena.io/artifacts/eu/nis2-directive/faq.md): High-intent EU NIS2 FAQ: who is in scope, how essential vs important works, what Article 21 requires. - [Incident Reporting Workflow](https://www.sorena.io/artifacts/eu/nis2-directive/incident-reporting-workflow.md): A practical NIS2 incident reporting workflow grounded in Article 23 and Commission Implementing Regulation (EU) 2024/2690: define significant incidents. - [Management Body Accountability](https://www.sorena.io/artifacts/eu/nis2-directive/management-body-accountability.md): A practical Article 20 governance guide for EU NIS2: what the management body must approve and oversee, how liability and training work. - [National Transposition Tracker](https://www.sorena.io/artifacts/eu/nis2-directive/national-transposition-tracker.md): A practical NIS2 national transposition tracker: monitor Member State implementation, find competent authority and CSIRT routes. - [NIS2 vs ISO/IEC 27001](https://www.sorena.io/artifacts/eu/nis2-directive/nis2-vs-iso-27001.md): A practical NIS2 vs ISO/IEC 27001 mapping: how to reuse an ISMS (risk assessment, policies, internal audits, management review. - [NIS2 vs ISO/IEC 27017](https://www.sorena.io/artifacts/eu/nis2-directive/nis2-vs-iso-27017.md): A practical mapping for cloud teams: how NIS2 Article 21 controls and Article 23 reporting apply to cloud service providers and cloud-dependent organisations. - [NIS2 vs NIS1](https://www.sorena.io/artifacts/eu/nis2-directive/nis2-vs-nis1.md): A practical comparison of NIS2 vs NIS1: what changed in scope and sectors, how essential vs important works. - [Penalties and Fines](https://www.sorena.io/artifacts/eu/nis2-directive/penalties-and-fines.md): A practical NIS2 enforcement guide: how supervision works for essential vs important entities (Articles 32-33), what enforcement measures authorities can use. - [Requirements](https://www.sorena.io/artifacts/eu/nis2-directive/requirements.md): A practical EU NIS2 requirements breakdown grounded in Articles 20 to 23, the Article 3 and Article 4 guidelines, and Implementing Regulation (EU) 2024/2690. - [Scope: Essential vs Important](https://www.sorena.io/artifacts/eu/nis2-directive/scope-essential-vs-important.md): A practical guide to NIS2 scope classification: how essential vs important entities work (Article 3). - [Supply Chain Security Program](https://www.sorena.io/artifacts/eu/nis2-directive/supply-chain-security-program.md): A practical NIS2 supply chain security program (Article 21(d)): vendor tiering, security requirements, onboarding/offboarding controls, continuous assurance. - [Applicability Test](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/applicability-test.md): A practical PPWR applicability test for Regulation (EU) 2025/40: determine whether an item is packaging. - [PPWR Compliance Checklist](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/checklist.md): An audit-ready PPWR compliance checklist for Regulation (EU) 2025/40: scope your packaging portfolio, map Article 5-7 materials rules (PFAS, heavy metals. - [PPWR Compliance Guide](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/compliance.md): A practical PPWR compliance guide for Regulation (EU) 2025/40: how to structure a defensible compliance program, what 'conformity' means for packaging. - [PPWR Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/deadlines-and-compliance-calendar.md): A practical PPWR deadlines and compliance calendar for Regulation (EU) 2025/40: entry into force on 11 February 2025, application from 12 August 2026. - [PPWR FAQ](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/faq.md): A source-grounded PPWR FAQ for Regulation (EU) 2025/40: when it applies (12 Aug 2026), what changes in 2030 (empty space 50%, Annex V restrictions. - [Labelling and Consumer Information](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/labeling-and-consumer-info.md): A practical PPWR labelling guide for Regulation (EU) 2025/40: harmonised composition labels (Article 12), reusable packaging labels + QR/digital carriers. - [PPWR Penalties and Fines](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/penalties-and-fines.md): A practical PPWR enforcement and penalties guide for Regulation (EU) 2025/40: what Article 68 requires (Member State penalties rules by 12 Feb 2027. - [PFAS and Restricted Substances](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/pfas-and-restricted-substances.md): A practical PPWR chemicals guide for Regulation (EU) 2025/40 Article 5: minimise substances of concern, comply with heavy metals limits. - [PPWR Labelling Checklist](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/ppwr-labeling-checklist.md): An audit-ready PPWR labelling checklist: composition labels (Article 12), reusable packaging labels and QR/digital carriers, deposit-and-return marking. - [PPWR Recyclability Assessment Template](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/ppwr-recyclability-assessment-template.md): A copyable PPWR recyclability assessment template for Regulation (EU) 2025/40 Article 6: packaging unit inputs (BOM, components, predominant material). - [PPWR vs ESPR](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/ppwr-vs-espr.md): A practical guide to PPWR vs ESPR: PPWR (Regulation (EU) 2025/40) sets packaging-specific rules (recyclability, labelling, PFAS, reuse/refill, empty space. - [Recyclability and Design Requirements](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/recyclability-and-design-requirements.md): A practical Article 6 guide for PPWR recyclability: how to assess design-for-recycling, treat integrated vs separate components. - [Requirements](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/requirements.md): A practical PPWR requirements breakdown for Regulation (EU) 2025/40: Article 5 substance and PFAS limits. - [Reuse and Refill Targets](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/reuse-refill-targets.md): A practical PPWR reuse and refill guide for Regulation (EU) 2025/40: Article 28 refill rules, Article 29 reuse targets for transport packaging. - [Scope and Packaging Definitions](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/scope-and-packaging-definitions.md): A practical PPWR scope and definitions guide: what counts as packaging, how to classify sales/grouped/transport/e-commerce packaging, take-away packaging. - [PPWR Timeline and Deadlines](https://www.sorena.io/artifacts/eu/packaging-waste-regulation/timeline-and-deadlines.md): A phased PPWR roadmap for Regulation (EU) 2025/40: entry into force in February 2025, application from August 2026, key implementing acts in 2026 to 2028. - [RED Applicability Test](https://www.sorena.io/artifacts/eu/radio-equipment-directive/applicability-test.md): A structured RED applicability test for Directive 2014/53/EU: determine if your product is radio equipment, whether any exclusions apply. - [RED Compliance Checklist](https://www.sorena.io/artifacts/eu/radio-equipment-directive/checklist.md): An audit-ready RED compliance checklist for Directive 2014/53/EU: scope and classification, essential requirements mapping (safety/health, EMC, spectrum). - [RED Compliance Program](https://www.sorena.io/artifacts/eu/radio-equipment-directive/compliance.md): A practical RED compliance program playbook for Directive 2014/53/EU: set up governance, map essential requirements to standards and tests. - [Conformity Assessment and CE Marking](https://www.sorena.io/artifacts/eu/radio-equipment-directive/conformity-assessment-and-ce.md): A practical guide to RED conformity assessment and CE marking under Directive 2014/53/EU. - [RED Cybersecurity Requirements](https://www.sorena.io/artifacts/eu/radio-equipment-directive/cybersecurity-requirements.md): A practical RED cybersecurity requirements guide: Delegated Regulation (EU) 2022/30 activates Article 3(3)(d) network protection. - [RED Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/eu/radio-equipment-directive/deadlines-and-compliance-calendar.md): A practical RED deadlines and compliance calendar: core RED dates (transposition by 12 Jun 2016; measures apply from 13 Jun 2016. - [RED FAQ](https://www.sorena.io/artifacts/eu/radio-equipment-directive/faq.md): A practical RED FAQ for Directive 2014/53/EU: what is radio equipment, what is in scope, what happened in the 2016/2017 transition. - [Harmonised Standards and Test Plans](https://www.sorena.io/artifacts/eu/radio-equipment-directive/harmonized-standards-and-test-plans.md): A practical guide to harmonised standards under the EU Radio Equipment Directive (RED) 2014/53/EU: how presumption of conformity works. - [RED Penalties and Enforcement](https://www.sorena.io/artifacts/eu/radio-equipment-directive/penalties-and-fines.md): A practical RED enforcement and penalties guide for Directive 2014/53/EU: how market surveillance works in practice. - [RED Conformity Assessment Template](https://www.sorena.io/artifacts/eu/radio-equipment-directive/red-conformity-assessment-template.md): A practical RED conformity assessment template for Directive 2014/53/EU: a CE technical file structure with sections for scope memo. - [RED Cybersecurity Delegated Act Guide](https://www.sorena.io/artifacts/eu/radio-equipment-directive/red-cybersecurity-delegated-act-guide.md): Step-by-step implementation guide for the RED cybersecurity delegated act. - [RED vs Cyber Resilience Act (CRA)](https://www.sorena.io/artifacts/eu/radio-equipment-directive/red-vs-cyber-resilience-act.md): A practical comparison of RED vs CRA: RED (Directive 2014/53/EU) is radio-equipment-specific and. - [Essential Requirements](https://www.sorena.io/artifacts/eu/radio-equipment-directive/requirements.md): A practical RED essential requirements guide for Directive 2014/53/EU: map Article 3 requirements to product features and verification evidence for safety. - [Scope and Classification](https://www.sorena.io/artifacts/eu/radio-equipment-directive/scope-and-classification.md): A practical RED scope and classification guide for Directive 2014/53/EU: what counts as radio equipment, which Annex I exclusions take products out of scope. - [RED Timeline](https://www.sorena.io/artifacts/eu/radio-equipment-directive/timeline.md): A practical RED timeline and roadmap: the core RED transition dates. - [RoHS Applicability Test](https://www.sorena.io/artifacts/eu/rohs-directive/applicability-test.md): A structured EU RoHS applicability test for Directive 2011/65/EU: determine if your product is electrical and electronic equipment (EEE). - [RoHS Compliance Checklist](https://www.sorena.io/artifacts/eu/rohs-directive/checklist.md): An audit-ready RoHS compliance checklist for Directive 2011/65/EU: scope and EEE category mapping. - [RoHS Compliance Program](https://www.sorena.io/artifacts/eu/rohs-directive/compliance.md): A practical RoHS compliance program playbook for Directive 2011/65/EU: set up governance, map homogeneous material risks across your BOM. - [RoHS Deadlines and Compliance Calendar (2013, 2014, 2017, 2019, 2021)](https://www.sorena.io/artifacts/eu/rohs-directive/deadlines-and-compliance-calendar.md): A RoHS compliance calendar you can actually operationalize: staged applicability dates (22 July 2014/2017/2019). - [RoHS Exemptions Tracking](https://www.sorena.io/artifacts/eu/rohs-directive/exemptions-tracking.md): A practical RoHS exemptions tracking guide for Directive 2011/65/EU: how Annex III and Annex IV exemptions work. - [EU RoHS FAQ (Scope, Exemptions, Phthalates, Technical File, CE)](https://www.sorena.io/artifacts/eu/rohs-directive/faq.md): High-signal EU RoHS FAQ grounded in official sources: what counts as EEE, staged applicability (22 July 2014/2017/2019). - [RoHS Enforcement, Penalties, and Fines](https://www.sorena.io/artifacts/eu/rohs-directive/penalties-and-fines.md): What EU RoHS enforcement looks like in practice: market surveillance checks, documentation requests, CE marking scrutiny. - [RoHS Requirements](https://www.sorena.io/artifacts/eu/rohs-directive/requirements.md): A practical RoHS requirements breakdown for Directive 2011/65/EU: restricted substances thresholds in homogeneous materials (Annex II). - [Restricted Substances and Thresholds](https://www.sorena.io/artifacts/eu/rohs-directive/restricted-substances-and-thresholds.md): A practical RoHS restricted substances guide for Directive 2011/65/EU: the 10 substances in Annex II, homogeneous material threshold logic (0.1% for most. - [RoHS Exemptions Tracker Guide](https://www.sorena.io/artifacts/eu/rohs-directive/rohs-exemptions-tracker-guide.md): A practical guide to building a RoHS exemptions tracker: recommended tracker fields (exemption reference, exact wording, scope conditions. - [RoHS Supplier Declaration Template](https://www.sorena.io/artifacts/eu/rohs-directive/rohs-supplier-declaration-template.md): A practical RoHS supplier declaration template for Directive 2011/65/EU. - [RoHS vs REACH](https://www.sorena.io/artifacts/eu/rohs-directive/rohs-vs-reach.md): A practical RoHS vs REACH guide: RoHS (Directive 2011/65/EU) restricts specific substances in EEE above thresholds in homogeneous materials and is tied to CE. - [Supplier Declarations and Verification](https://www.sorena.io/artifacts/eu/rohs-directive/supplier-declarations-and-verification.md): A practical supplier evidence playbook for EU RoHS Directive 2011/65/EU. - [Technical Documentation and CE](https://www.sorena.io/artifacts/eu/rohs-directive/technical-documentation-and-ce.md): A practical RoHS technical documentation guide for Directive 2011/65/EU. - [EU RoHS Timeline: RoHS 1 (2002) -> RoHS 2 (2011/2013) -> Open Scope (2019) -> Phthalates (2019/2021)](https://www.sorena.io/artifacts/eu/rohs-directive/timeline.md): A date-by-date EU RoHS timeline for implementers: RoHS 1 (2002), RoHS 2 recast and transposition (2011 - 2013). - [EU Taxonomy Applicability Test (Article 8): In-Scope Entities, Activities, and Disclosures](https://www.sorena.io/artifacts/eu/taxonomy-regulation/applicability-test.md): A practical EU Taxonomy applicability test for Regulation (EU) 2020/852 and Article 8 disclosures: determine whether your entity must disclose. - [EU Taxonomy Checklist (Article 8): Audit-Ready Eligibility, Alignment, KPIs, Evidence Packs](https://www.sorena.io/artifacts/eu/taxonomy-regulation/checklist.md): An audit-ready EU Taxonomy checklist for Regulation (EU) 2020/852 and Article 8 disclosures: scope/perimeter, activity mapping. - [EU Taxonomy Compliance Program (Article 8): Implementation Playbook for KPIs and Evidence](https://www.sorena.io/artifacts/eu/taxonomy-regulation/compliance.md): A practical EU Taxonomy compliance program playbook for Regulation (EU) 2020/852: set governance, build an activity mapping register. - [EU Taxonomy Deadlines and Disclosure Calendar: Article 8 Reporting Dates, 2026 Simplification, GAR](https://www.sorena.io/artifacts/eu/taxonomy-regulation/deadlines-and-compliance-calendar.md): A practical EU Taxonomy calendar covering Regulation (EU) 2020/852, the Article 8 disclosure timetable, the 2023 and 2024 reporting phases. - [EU Taxonomy Delegated Acts Tracker: 2021/2139, 2021/2178, 2022/1214, 2023/2485, 2023/2486, 2026/73](https://www.sorena.io/artifacts/eu/taxonomy-regulation/delegated-acts-tracker.md): Track the full EU Taxonomy delegated-act stack, including the climate, environmental, disclosure, and 2026 simplification acts. - [EU Taxonomy DNSH and Minimum Safeguards: Evidence, OECD, UNGP, ILO, SFDR Link](https://www.sorena.io/artifacts/eu/taxonomy-regulation/dnsh-and-minimum-safeguards.md): A practical guide to EU Taxonomy DNSH and minimum safeguards. - [EU Taxonomy FAQ: Article 8, Eligibility vs Alignment, GAR, Minimum Safeguards, 2026 Simplification](https://www.sorena.io/artifacts/eu/taxonomy-regulation/faq.md): A grounded EU Taxonomy FAQ covering Article 8 scope, eligibility vs alignment, turnover CapEx OpEx KPIs, GAR, minimum safeguards, the 2025 Commission Notice. - [EU Taxonomy KPIs and Disclosure Workflow: Turnover, CapEx, OpEx, GAR, Article 8](https://www.sorena.io/artifacts/eu/taxonomy-regulation/kpis-and-disclosure-workflow.md): Build an EU Taxonomy disclosure workflow that can survive review. - [EU Taxonomy Enforcement, Measures, Penalties and Fines (Articles 5-7)](https://www.sorena.io/artifacts/eu/taxonomy-regulation/penalties-and-fines.md): How EU Taxonomy enforcement works in practice: competent authorities monitor compliance for disclosures under Articles 5 to 7. - [EU Taxonomy Requirements (2020/852): Eligibility, Alignment, DNSH, Minimum Safeguards, Article 8 KPIs](https://www.sorena.io/artifacts/eu/taxonomy-regulation/requirements.md): A practical requirements breakdown for Regulation (EU) 2020/852 (EU Taxonomy): what environmentally sustainable means. - [EU Taxonomy Scope and Reporting Entities: Who Must Disclose Under Article 8](https://www.sorena.io/artifacts/eu/taxonomy-regulation/scope-and-reporting-entities.md): Understand EU Taxonomy scope and reporting entities under Article 8. - [EU Taxonomy Technical Screening Criteria: Documentation, Evidence Packs, and Audit Trail](https://www.sorena.io/artifacts/eu/taxonomy-regulation/screening-criteria-and-documentation.md): How to document EU Taxonomy alignment against technical screening criteria: build a criteria-by-criteria mapping. - [Taxonomy Eligibility vs Alignment (EU Taxonomy): What You Can Claim, What You Must Prove](https://www.sorena.io/artifacts/eu/taxonomy-regulation/taxonomy-eligibility-vs-alignment-explained.md): A high-signal explainer of EU Taxonomy eligibility vs alignment: eligibility means the activity is covered/listed. - [EU Taxonomy vs CSRD: How Article 8 Taxonomy Disclosures Fit Into CSRD Reporting](https://www.sorena.io/artifacts/eu/taxonomy-regulation/taxonomy-vs-csrd.md): Compare EU Taxonomy and CSRD the practical way. Learn how Article 8 Taxonomy disclosures fit inside the broader CSRD reporting system. - [EU Taxonomy vs SFDR: How Taxonomy Data Flows Into GAR, Product Disclosures, and Investor Requests](https://www.sorena.io/artifacts/eu/taxonomy-regulation/taxonomy-vs-sfdr.md): Understand the practical relationship between EU Taxonomy and SFDR. - [EU Taxonomy Templates (Activity Register, KPI Workbook, Evidence Pack Index, DNSH, Safeguards)](https://www.sorena.io/artifacts/eu/taxonomy-regulation/templates.md): Practical EU Taxonomy templates you can copy/paste: activity mapping register, eligibility/alignment register, criteria mapping template, DNSH register. - [ETSI EN 303 645 Compliance & Conformance Assessment (ICS/IXIT Evidence)](https://www.sorena.io/artifacts/global/etsi-en-303-645/compliance.md): How to operationalize ETSI EN 303 645 compliance for consumer IoT: conformance assessment approach (ETSI TS 103 701), ICS/IXIT-style evidence. - [ETSI EN 303 645 vs UK PSTI (Practical Mapping for Connectable Products)](https://www.sorena.io/artifacts/global/etsi-en-303-645/etsi-en-303-645-vs-uk-psti.md): Practical comparison of ETSI EN 303 645 baseline consumer IoT security provisions vs the UK PSTI security requirements regime. - [ETSI EN 303 645 FAQ (Consumer IoT Security Standard)](https://www.sorena.io/artifacts/global/etsi-en-303-645/faq.md): Answering common product-team questions about ETSI EN 303 645: unique passwords, vulnerability disclosure policy requirements, secure software updates. - [ETSI EN 303 645 Requirements (Provision Map 5.1-5.13)](https://www.sorena.io/artifacts/global/etsi-en-303-645/requirements.md): Provision-by-provision ETSI EN 303 645 requirements for consumer IoT: passwords, vulnerability disclosure policy, secure software updates, secure storage. - [ETSI EN 303 645 Secure Updates & Vulnerability Disclosure (VDP + CVD)](https://www.sorena.io/artifacts/global/etsi-en-303-645/secure-update-and-vulnerability-disclosure.md): Deep implementation guide for ETSI EN 303 645 update security and vulnerability disclosure: publish a VDP, run coordinated vulnerability disclosure (CVD). - [ETSI EN 319 401 Audit & Conformity Assessment (Evidence Pack + Checklist)](https://www.sorena.io/artifacts/global/etsi-en-319-401/audit-and-conformity-assessment.md): Audit readiness guide for ETSI EN 319 401 Trust Service Providers: how conformity assessment works in practice, what auditors sample. - [ETSI EN 319 401 Compliance Playbook for Trust Service Providers (TSPs)](https://www.sorena.io/artifacts/global/etsi-en-319-401/compliance.md): How to operationalize ETSI EN 319 401 compliance for Trust Service Providers: scope definition, governance, risk assessment to control mapping. - [ETSI EN 319 401 vs eIDAS (Mapping to Article 19 & 24 TSP Obligations)](https://www.sorena.io/artifacts/global/etsi-en-319-401/etsi-en-319-401-vs-eidas.md): Practical mapping of ETSI EN 319 401 requirements to the EU eIDAS Regulation (EU) No 910/2014. - [ETSI EN 319 401 FAQ for Trust Service Providers (TSPs)](https://www.sorena.io/artifacts/global/etsi-en-319-401/faq.md): Frequently asked questions about ETSI EN 319 401 for Trust Service Providers: what a Trust Service Practice Statement is, how risk assessment drives controls. - [ETSI EN 319 401 Requirements (REQ-5/6/7 Map for Trust Service Providers)](https://www.sorena.io/artifacts/global/etsi-en-319-401/requirements.md): Clause-by-clause ETSI EN 319 401 requirements mapping for Trust Service Providers (TSPs): risk assessment (REQ-5). - [ETSI EN 319 411-1 V1.5.1 Compliance Playbook (CA and TSP Certificate Issuance Operations)](https://www.sorena.io/artifacts/global/etsi-en-319-411-1/compliance.md): How to operationalize ETSI EN 319 411-1 V1.5.1 for certificate issuing Trust Service Providers: CP and CPS governance, repository duties. - [ETSI EN 319 411-1 V1.5.1 FAQ (CP vs CPS, TLS Policies, Revocation, OCSP/CRL)](https://www.sorena.io/artifacts/global/etsi-en-319-411-1/faq.md): Answering real-world questions about ETSI EN 319 411-1 V1.5.1: CP vs CPS, policy families, identity validation, repository duties, revocation. - [ETSI EN 319 411-1 V1.5.1 Requirements (CP/CPS, Identity Validation, Revocation, OCSP/CRL)](https://www.sorena.io/artifacts/global/etsi-en-319-411-1/requirements.md): ETSI EN 319 411-1 V1.5.1 requirements map for Trust Service Providers issuing certificates: CP vs CPS, policy OIDs, repository duties, identity validation. - [ETSI EN 319 411-2 V2.6.1 Compliance Playbook (EU Qualified Certificates and QSCD Operations)](https://www.sorena.io/artifacts/global/etsi-en-319-411-2/compliance.md): How to operationalize ETSI EN 319 411-2 V2.6.1 for EU qualified certificates: policy OID governance, CP and CPS disclosures, identity verification workflows. - [ETSI EN 319 411-2 V2.6.1 FAQ (EU Qualified Certificates, QCP, QNCP, QEVCP, QSCD)](https://www.sorena.io/artifacts/global/etsi-en-319-411-2/faq.md): Frequently asked questions about ETSI EN 319 411-2 V2.6.1 for qualified trust service providers: policy OIDs, QSCD requirements, trusted-list validation. - [ETSI EN 319 411-2 V2.6.1 Requirements (EU Qualified Certificates, QCP, QEVCP, QNCP, QSCD)](https://www.sorena.io/artifacts/global/etsi-en-319-411-2/requirements.md): ETSI EN 319 411-2 V2.6.1 requirements map for EU qualified certificates under eIDAS: qualified policy OIDs, identity verification, QSCD obligations. - [Choose the Right ETSI Standard (EN 303 645 V3.1.3, TS 103 701, EN 319 401, EN 319 411)](https://www.sorena.io/artifacts/global/etsi-standards-hub/choose-the-right-etsi-standard.md): A practical decision guide to choose the right ETSI cybersecurity standard by product versus service scope and assurance objective. - [ETSI vs ISO for Cybersecurity Standards: When to Use Each](https://www.sorena.io/artifacts/global/etsi-standards-hub/etsi-vs-iso.md): ETSI vs ISO explained for cybersecurity and assurance teams using current ETSI examples such as EN 303 645 V3.1.3, TS 103 701 V2.1.1, EN 319 401 V3.1.1. - [ETSI Standards FAQ (Current EN 303 645, TS 103 701, EN 319 401, EN 319 411)](https://www.sorena.io/artifacts/global/etsi-standards-hub/faq.md): ETSI standards FAQ for security, product, and assurance teams: current ETSI editions, how EN 303 645 and TS 103 701 relate, what EN 319 401 covers. - [What Is Included in ETSI Standards Hub (Current IoT and Trust Services Stack)](https://www.sorena.io/artifacts/global/etsi-standards-hub/what-is-included.md): A coverage map of the ETSI cybersecurity standards included in this hub using current editions: EN 303 645 V3.1.3, TS 103 701 V2.1.1, EN 319 401 V3.1.1. - [FIPS 140-3 Compliance (CMVP Validation Playbook, Approved Mode, Transition)](https://www.sorena.io/artifacts/global/fips-140-3/compliance.md): A practical FIPS 140-3 compliance and validation playbook for CMVP cryptographic module validation: boundary, security level selection, approved mode. - [FIPS 140-3 FAQ (CMVP Validation, Approved Mode, Embedded Modules, Transition)](https://www.sorena.io/artifacts/global/fips-140-3/faq.md): FIPS 140-3 FAQ for cryptographic module teams: what FIPS 140-3 covers, how CMVP validation works, what approved mode means. - [FIPS 140-3 Validation Checklist (CMVP Lab Readiness, Approved Mode, Transition)](https://www.sorena.io/artifacts/global/fips-140-3/fips-140-3-validation-checklist.md): A practical FIPS 140-3 validation checklist for CMVP lab readiness: boundary, services, approved mode, documentation, self-tests, SSP management. - [FIPS 140-3 Module Boundary and Services Mapping (Approved Mode, Embedded Modules)](https://www.sorena.io/artifacts/global/fips-140-3/module-boundary-and-service-mapping.md): Advanced guide to FIPS 140-3 cryptographic module boundary definition and services mapping: boundary diagrams, approved-mode indicators, SSP access. - [FIPS 140-3 Security Levels (Level 1 to Level 4) Explained](https://www.sorena.io/artifacts/global/fips-140-3/security-levels-explained.md): FIPS 140-3 security levels explained: what Level 1, Level 2, Level 3, and Level 4 mean, how they affect boundary and deployment assumptions. - [AES (FIPS 197) - How to Use AES Safely](https://www.sorena.io/artifacts/global/fips-crypto-algorithms/aes-fips-197.md): Advanced implementation guide for AES under FIPS 197 upd1: AES-128, AES-192, AES-256, approved modes. - [Digital Signatures (FIPS 186-5 DSS and FIPS 204 ML-DSA)](https://www.sorena.io/artifacts/global/fips-crypto-algorithms/digital-signatures-fips-186-5-and-fips-204.md): Advanced guide to FIPS digital signatures: RSA, ECDSA, deterministic ECDSA, EdDSA, and post-quantum ML-DSA. - [FIPS Crypto Algorithms FAQ (AES, SHA, Signatures, PQC)](https://www.sorena.io/artifacts/global/fips-crypto-algorithms/faq.md): FAQ for FIPS crypto adoption: AES, SHA-2 and SHA-3, digital signatures, post-quantum standards. - [Post-Quantum Cryptography (FIPS 203, 204, 205) - Migration Guide](https://www.sorena.io/artifacts/global/fips-crypto-algorithms/post-quantum-fips-203-204-205.md): Practical post-quantum cryptography migration guidance grounded in FIPS 203, FIPS 204, and FIPS 205. - [Secure Hash (FIPS 180-4 SHA-2, FIPS 202 SHA-3, SHAKE)](https://www.sorena.io/artifacts/global/fips-crypto-algorithms/secure-hash-fips-180-4-and-fips-202.md): Deep guide to FIPS secure hash standards: SHA-2 under FIPS 180-4 and SHA-3 plus SHAKE under FIPS 202. Learn digest selection, XOF rules, and evidence strategy. - [FIPS Standards FAQ (Procurement, CMVP, Evidence)](https://www.sorena.io/artifacts/global/fips-standards-hub/faq.md): FIPS Standards FAQ for procurement, compliance, and crypto-engineering teams: what FIPS-compliant means, FIPS algorithms versus FIPS 140-3 validated modules. - [FIPS vs Common Criteria (CC) - What to Validate vs Evaluate](https://www.sorena.io/artifacts/global/fips-standards-hub/fips-vs-common-criteria.md): Deep comparison of FIPS, especially FIPS 140-3 and CMVP, versus Common Criteria: scope differences, evidence overlap, and when procurement requires both. - [FIPS vs NIST SP Series (Standards vs Cryptographic Guidance)](https://www.sorena.io/artifacts/global/fips-standards-hub/fips-vs-nist-sp-series.md): Deep comparison of FIPS standards versus NIST Special Publications in the cryptographic ecosystem: how they differ, how they are used together. - [What Is Included in FIPS Standards Hub (FIPS 140-3, CMVP, FIPS Crypto)](https://www.sorena.io/artifacts/global/fips-standards-hub/what-is-included.md): Coverage map for the FIPS Standards Hub: FIPS 140-3 cryptographic module requirements, CMVP context and guidance. - [ISO 22301 Business Impact Analysis Template](https://www.sorena.io/artifacts/global/iso-22301/business-impact-analysis-template.md): Use this ISO 22301 business impact analysis template to capture prioritized activities, impact tolerances, dependencies, recovery targets. - [ISO 22301 Compliance Playbook](https://www.sorena.io/artifacts/global/iso-22301/compliance.md): A practical ISO 22301 compliance playbook for implementing a business continuity management system: context, leadership, planning, support. - [ISO 22301 FAQ](https://www.sorena.io/artifacts/global/iso-22301/faq.md): Direct answers to common ISO 22301 questions on BCMS scope, BIA, plans, exercises, certification, audit evidence. - [ISO 22301 vs DORA](https://www.sorena.io/artifacts/global/iso-22301/iso-22301-vs-dora.md): Compare ISO 22301 and DORA to see where a business continuity management system supports digital operational resilience and where DORA adds binding ICT. - [ISO 22301 Testing and Exercises](https://www.sorena.io/artifacts/global/iso-22301/testing-and-exercises.md): Practical ISO 22301 testing and exercises guidance for designing an exercise programme, evaluating continuity documentation and capabilities. - [ISO 27001 Audit Readiness](https://www.sorena.io/artifacts/global/iso-27001/audit-readiness.md): Prepare for ISO/IEC 27001 audits with a structured evidence pack, SoA traceability, internal audit and management review outputs. - [ISO 27001 Compliance Playbook](https://www.sorena.io/artifacts/global/iso-27001/compliance.md): Implement ISO/IEC 27001:2022 with a practical ISMS playbook for scope, risk assessment, risk treatment, Statement of Applicability, Annex A alignment. - [ISO 27001 FAQ](https://www.sorena.io/artifacts/global/iso-27001/faq.md): Clear answers to common ISO/IEC 27001:2022 questions on the Statement of Applicability, Annex A, risk treatment, certification, audit evidence. - [ISO 27001 Implementation Roadmap](https://www.sorena.io/artifacts/global/iso-27001/implementation-roadmap.md): A practical ISO/IEC 27001:2022 implementation roadmap with phases, gates, scope decisions, risk and SoA milestones, control rollout priorities. - [ISO 27001 vs NIS2](https://www.sorena.io/artifacts/global/iso-27001/iso-27001-vs-nis2.md): See how ISO/IEC 27001:2022 supports NIS2 cybersecurity governance and where NIS2 adds legal obligations for incident reporting, supervision. - [ISO 27001 Requirements and Evidence](https://www.sorena.io/artifacts/global/iso-27001/requirements.md): Understand ISO/IEC 27001:2022 requirements across Clauses 4 to 10, Annex A, risk treatment, and the Statement of Applicability. - [ISO 27005 Compliance Playbook](https://www.sorena.io/artifacts/global/iso-27005/compliance.md): Operationalize ISO/IEC 27005:2022 with a practical playbook for context, criteria, risk assessment, risk treatment, residual risk acceptance, communication. - [ISO 27005 FAQ](https://www.sorena.io/artifacts/global/iso-27005/faq.md): Answers to common ISO/IEC 27005 questions on risk criteria, acceptance criteria, risk owners, treatment plans, residual risk, NIST comparisons. - [ISO 27005 vs NIST SP 800-30](https://www.sorena.io/artifacts/global/iso-27005/iso-27005-vs-nist-800-30.md): Compare ISO/IEC 27005 and NIST SP 800-30 to see how information security risk management guidance and risk assessment guidance fit together. - [ISO 27005 Risk Assessment Template](https://www.sorena.io/artifacts/global/iso-27005/risk-assessment-template.md): Use this ISO/IEC 27005 risk assessment template to capture context, criteria, scenario details, likelihood, consequence, uncertainty, risk owner, evaluation. - [ISO 27005 Risk Treatment Plan Template](https://www.sorena.io/artifacts/global/iso-27005/risk-treatment-plan-template.md): Use this ISO/IEC 27005 risk treatment plan template to document treatment options, selected actions, owners, milestones, evidence links, acceptance criteria. - [ISO 27017 Cloud Provider Checklist (Due Diligence + Evidence)](https://www.sorena.io/artifacts/global/iso-27017/cloud-provider-checklist.md): ISO/IEC 27017 cloud provider checklist for due diligence: what to ask, what evidence to request. - [ISO 27017 Compliance (Cloud Controls Implementation Playbook)](https://www.sorena.io/artifacts/global/iso-27017/compliance.md): A practical ISO/IEC 27017 compliance playbook for cloud security controls: scope, shared responsibility, cloud-specific control implementation. - [ISO 27017 Control Mapping to ISO 27001 (SoA + Evidence)](https://www.sorena.io/artifacts/global/iso-27017/control-mapping-to-iso-27001.md): How to map ISO/IEC 27017 cloud security guidance to an ISO/IEC 27001 ISMS: Statement of Applicability, control owners, shared responsibility. - [ISO 27017 FAQ (Cloud Security Controls, Audit, and Evidence)](https://www.sorena.io/artifacts/global/iso-27017/faq.md): Frequently asked questions about ISO/IEC 27017: what it is, how it relates to ISO 27001 and ISO 27002, shared responsibility in cloud security. - [ISO 27017 Shared Responsibility Model (Provider vs Customer)](https://www.sorena.io/artifacts/global/iso-27017/shared-responsibility-model.md): A practical ISO/IEC 27017 shared responsibility model for cloud services: who owns which security responsibilities in IaaS, PaaS, and SaaS. - [ISO 27018 Compliance (Public Cloud PII Processor Playbook)](https://www.sorena.io/artifacts/global/iso-27018/compliance.md): A practical ISO/IEC 27018 compliance playbook for public cloud PII processors. - [ISO 27018 FAQ (Public Cloud PII Processor Controls)](https://www.sorena.io/artifacts/global/iso-27018/faq.md): Frequently asked questions about ISO/IEC 27018 for public cloud PII processors. - [ISO 27018 vs GDPR (Processor Controls and Evidence Mapping)](https://www.sorena.io/artifacts/global/iso-27018/iso-27018-vs-gdpr.md): Compare ISO/IEC 27018 and GDPR for cloud processor operations. - [ISO 27018 Privacy Control Checklist (Public Cloud PII Processor)](https://www.sorena.io/artifacts/global/iso-27018/privacy-control-checklist.md): An ISO/IEC 27018 privacy control checklist for public cloud PII processors. - [ISO 27018 Vendor Contract Requirements (Processor Clauses and Evidence)](https://www.sorena.io/artifacts/global/iso-27018/vendor-contract-requirements.md): Processor contract requirements based on ISO/IEC 27018 and GDPR. - [ISO 27035 Compliance (Incident Management Operating Model)](https://www.sorena.io/artifacts/global/iso-27035/compliance.md): A practical ISO/IEC 27035 compliance playbook for incident management. - [ISO 27035 FAQ (Incident Management, Team Roles, and Evidence)](https://www.sorena.io/artifacts/global/iso-27035/faq.md): Frequently asked questions about ISO/IEC 27035. Understand the 2023 series structure, IMT and IRT roles, event report forms, incident logs, prioritization. - [ISO 27035 Incident Response Playbook (Roles, Forms, and Operations)](https://www.sorena.io/artifacts/global/iso-27035/incident-response-playbook.md): A practical ISO/IEC 27035 incident response playbook that covers event reporting, triage, analysis, containment, eradication, recovery, communications. - [ISO 27035 Incident Severity and Escalation Matrix (Classification and Priority Template)](https://www.sorena.io/artifacts/global/iso-27035/incident-severity-and-escalation-matrix.md): A grounded ISO/IEC 27035 severity and escalation matrix template for classification, evaluation, prioritization, predetermined response times. - [ISO 27035 vs NIST SP 800-61r3 (Incident Response Mapping)](https://www.sorena.io/artifacts/global/iso-27035/iso-27035-vs-nist-800-61r3.md): Compare ISO/IEC 27035 and NIST SP 800-61r3 for incident response. - [ISO 27036 Compliance (Supplier Relationship Security Program)](https://www.sorena.io/artifacts/global/iso-27036/compliance.md): A practical ISO/IEC 27036 compliance playbook for supplier relationship security: governance, lifecycle processes (planning, selection, agreement. - [ISO 27036 Contract Security Clauses (Supplier Agreements + Cloud)](https://www.sorena.io/artifacts/global/iso-27036/contract-security-clauses.md): A practical ISO/IEC 27036 contract clause pack: supplier agreement requirements, audit and assurance evidence, subcontractor visibility. - [ISO 27036 FAQ (Supplier Security, Indirect Suppliers, Cloud Supply Chain)](https://www.sorena.io/artifacts/global/iso-27036/faq.md): ISO/IEC 27036 FAQ for third-party risk management (TPRM): which parts to use across 27036-1, 27036-2, 27036-3, and 27036-4, supplier relationship life cycle. - [ISO 27036 Supplier Assurance Framework (Tiering, Evidence, Monitoring)](https://www.sorena.io/artifacts/global/iso-27036/supplier-assurance-framework.md): Build an ISO/IEC 27036-aligned supplier assurance framework: tier suppliers, define supplier selection criteria and agreement requirements. - [ISO 27036 Third-Party Risk Checklist (Vendor Due Diligence + Monitoring)](https://www.sorena.io/artifacts/global/iso-27036/third-party-risk-checklist.md): An ISO/IEC 27036-aligned third-party risk checklist: supplier tiering, vendor due diligence, supplier selection criteria, contract security clauses. - [ISO 42001 Compliance (AI Management System Playbook)](https://www.sorena.io/artifacts/global/iso-42001/compliance.md): A practical ISO/IEC 42001 compliance playbook to implement an AI Management System (AIMS): scope, AI policy, roles and responsibilities. - [ISO 42001 Controls and Governance Model (Annex A + Operating Routines)](https://www.sorena.io/artifacts/global/iso-42001/controls-and-governance-model.md): Turn ISO/IEC 42001 into an AI governance operating model: Annex A control objectives and controls, Annex B implementation guidance. - [ISO 42001 FAQ (AIMS, Risk Assessment, Impact Assessment, Audit)](https://www.sorena.io/artifacts/global/iso-42001/faq.md): ISO/IEC 42001 FAQ for AI Management System (AIMS) implementation: what the standard covers, clause structure, Annex A controls. - [ISO 42001 vs EU AI Act (Mapping + Evidence Reuse)](https://www.sorena.io/artifacts/global/iso-42001/iso-42001-vs-eu-ai-act.md): A practical ISO/IEC 42001 vs EU AI Act mapping: how an AI Management System (AIMS) supports AI Act obligations (risk management, data governance. - [ISO 42001 Requirements (Clause-by-Clause Breakdown + Evidence)](https://www.sorena.io/artifacts/global/iso-42001/requirements.md): An advanced ISO/IEC 42001 requirements breakdown: clauses 4-10 (context, leadership, planning, support, operation, performance evaluation, improvement). - [Choose the Right ISO Standard (27001, 27005, 27017, 27018, 27035, 27036, 22301, 42001)](https://www.sorena.io/artifacts/global/iso-standards-hub/choose-the-right-standard.md): A practical decision guide to choose the right ISO standard by objective: ISMS certification (ISO 27001), risk management (ISO 27005). - [ISO Standards Hub FAQ (27001, 27005, 27017, 27018, 27035, 27036, 22301, 42001)](https://www.sorena.io/artifacts/global/iso-standards-hub/faq.md): FAQ for ISO standards selection and implementation: what certification means, which standard to start with. - [ISO Standards vs Regulations (How to Combine Both)](https://www.sorena.io/artifacts/global/iso-standards-hub/iso-standards-vs-regulations.md): Standards vs regulations explained: what ISO standards do (governance + controls + evidence) vs what laws require (scope + obligations + enforcement). - [What's Included in the ISO Standards Hub (Coverage + Bundles)](https://www.sorena.io/artifacts/global/iso-standards-hub/what-is-included.md): Coverage map of key ISO standards for cybersecurity, privacy, resilience, and AI governance: ISO 27001, ISO 27005, ISO 27017, ISO 27018, ISO 27035, ISO 27036. - [NIST CSF 2.0 Compliance Playbook (Profiles, Tiers, GOVERN)](https://www.sorena.io/artifacts/global/nist-csf-2-0/compliance.md): A practical NIST CSF 2.0 compliance playbook: establish GOVERN, implement CSF Core outcomes, build Current and Target Organizational Profiles. - [NIST CSF 2.0 Current vs Target Profile Template (Step-by-Step)](https://www.sorena.io/artifacts/global/nist-csf-2-0/current-vs-target-profile-template.md): How to build a NIST CSF 2.0 Current Profile and Target Profile: template columns, prioritization method, evidence mapping. - [NIST CSF 2.0 FAQ (Profiles, Tiers, GOVERN, Evidence)](https://www.sorena.io/artifacts/global/nist-csf-2-0/faq.md): NIST CSF 2.0 FAQ: what changed in CSF 2.0 (GOVERN, supply chain focus), how to build Organizational Profiles, how to choose CSF Tiers. - [NIST CSF 2.0 Governance and Metrics (GOVERN + Board Reporting)](https://www.sorena.io/artifacts/global/nist-csf-2-0/governance-and-metrics.md): How to operationalize the NIST CSF 2.0 GOVERN function: decision rights, risk acceptance, enterprise risk integration, supplier risk governance. - [NIST CSF 2.0 vs ISO 27001 (Mapping + How to Run Both)](https://www.sorena.io/artifacts/global/nist-csf-2-0/nist-csf-vs-iso-27001.md): NIST CSF 2.0 vs ISO/IEC 27001 explained: outcomes framework vs certifiable management system. - [Choose the Right NIST Standard (CSF, RMF, 800-53, 800-61r3, 800-161r1, SSDF)](https://www.sorena.io/artifacts/global/nist-frameworks-hub/choose-the-right-nist-standard.md): Decision guide to choose the right NIST framework or publication by objective: governance and communication (CSF), control baseline depth (SP 800-53). - [NIST Frameworks Hub FAQ (CSF, SP 800, RMF, NIST vs ISO)](https://www.sorena.io/artifacts/global/nist-frameworks-hub/faq.md): FAQ for choosing and implementing NIST frameworks: CSF 2.0, SP 800 publications, RMF context, control mappings, evidence cadence. - [NIST vs ISO (Framework Mapping, Governance, and Evidence Reuse)](https://www.sorena.io/artifacts/global/nist-frameworks-hub/nist-vs-iso.md): NIST vs ISO explained for practical implementation: outcomes-driven NIST frameworks vs certifiable ISO management systems. - [What Is Included in the NIST Frameworks Hub (CSF, RMF, SP 800)](https://www.sorena.io/artifacts/global/nist-frameworks-hub/what-is-included.md): Coverage map for key NIST frameworks and publications: NIST CSF 2.0, RMF, SP 800-53, SP 800-61r3, SP 800-161r1, SP 800-218 SSDF. - [NIST SP 800-161 Rev. 1 Compliance Playbook (C-SCRM)](https://www.sorena.io/artifacts/global/nist-sp-800-161-rev-1/compliance.md): Practical SP 800-161 Rev. 1 compliance playbook: integrate C-SCRM with enterprise risk management, define strategy and implementation plan. - [NIST SP 800-161 Rev. 1 Contract and Monitoring Controls](https://www.sorena.io/artifacts/global/nist-sp-800-161-rev-1/contract-and-monitoring-controls.md): Practical contract and monitoring controls for C-SCRM under SP 800-161 Rev. - [NIST SP 800-161 Rev. 1 FAQ (C-SCRM Implementation)](https://www.sorena.io/artifacts/global/nist-sp-800-161-rev-1/faq.md): NIST SP 800-161 Rev. 1 FAQ: scope, applicability outside federal environments, supplier risk tiering, acquisition and contract controls, C-SCRM metrics. - [NIST SP 800-161 Rev. 1 Supplier Risk Tiering Model](https://www.sorena.io/artifacts/global/nist-sp-800-161-rev-1/supplier-risk-tiering.md): Build a risk-based supplier tiering model aligned to SP 800-161 Rev. - [NIST SP 800-218 SSDF Compliance Playbook](https://www.sorena.io/artifacts/global/nist-sp-800-218-ssdf/compliance.md): Task-level SSDF compliance playbook grounded to NIST SP 800-218: PO, PS, PW, and RV implementation, secure environments, release integrity. - [NIST SP 800-218 SSDF Evidence for Audits](https://www.sorena.io/artifacts/global/nist-sp-800-218-ssdf/evidence-for-audits.md): Build an SSDF evidence pack grounded to NIST SP 800-218 with PO, PS, PW, and RV artifacts, release integrity data, provenance and SBOM records. - [NIST SP 800-218 SSDF FAQ](https://www.sorena.io/artifacts/global/nist-sp-800-218-ssdf/faq.md): Practical SSDF FAQ grounded to NIST SP 800-218: what SSDF is, how to phase PO PS PW RV, how to handle legacy products, what suppliers should provide. - [NIST SP 800-218 SSDF Secure Development Practices](https://www.sorena.io/artifacts/global/nist-sp-800-218-ssdf/secure-development-practices.md): Task-level SSDF practice guide covering PO, PS, PW, and RV: secure toolchains, environment separation, release integrity, provenance, third-party components. - [NIST SP 800-53A Rev. 5 Assessment Procedures](https://www.sorena.io/artifacts/global/nist-sp-800-53-rev-5/assessment-procedures-800-53a.md): Grounded guide to SP 800-53A Rev. 5 covering assessment objectives, determination statements, examine interview test methods, depth and coverage. - [NIST SP 800-53 Rev. 5 Compliance Playbook](https://www.sorena.io/artifacts/global/nist-sp-800-53-rev-5/compliance.md): Grounded playbook for SP 800-53 Rev. 5 covering integrated security and privacy controls, control ownership at organization mission and system levels. - [NIST SP 800-53 Rev. 5 Control Tailoring Method](https://www.sorena.io/artifacts/global/nist-sp-800-53-rev-5/control-tailoring-method.md): Grounded control tailoring method for SP 800-53 Rev. - [NIST SP 800-53 Rev. 5 Evidence and Audit Readiness](https://www.sorena.io/artifacts/global/nist-sp-800-53-rev-5/evidence-and-audit-readiness.md): Grounded SP 800-53 evidence guide covering control-to-evidence mapping, common-control inheritance, freshness and sampling, assessment findings. - [NIST SP 800-53 Rev. 5 FAQ](https://www.sorena.io/artifacts/global/nist-sp-800-53-rev-5/faq.md): Practical FAQ on NIST SP 800-53 Rev. 5 covering federal and non-federal use, Rev. - [NIST SP 800-53 Rev. 5 vs ISO 27001](https://www.sorena.io/artifacts/global/nist-sp-800-53-rev-5/nist-800-53-vs-iso-27001.md): Grounded comparison of NIST SP 800-53 Rev. 5 and ISO 27001 covering control-catalog depth, ISMS governance, assessment style. - [NIST SP 800-61r3 Compliance Playbook](https://www.sorena.io/artifacts/global/nist-sp-800-61-rev-3/compliance.md): Grounded incident-response playbook for NIST SP 800-61r3 covering the CSF 2.0 community-profile model, roles, risk-based incident management, communications. - [NIST SP 800-61r3 FAQ](https://www.sorena.io/artifacts/global/nist-sp-800-61-rev-3/faq.md): Practical FAQ on NIST SP 800-61r3 covering what changed from r2, incident declaration, risk evaluation factors, containment versus observation. - [NIST SP 800-61r3 Incident Response Playbook Template](https://www.sorena.io/artifacts/global/nist-sp-800-61-rev-3/incident-response-playbook-template.md): Grounded incident-response playbook template based on NIST SP 800-61r3 with incident criteria, incident lead, risk evaluation factors, communications tracks. - [NIST SP 800-61r3 vs ISO 27035](https://www.sorena.io/artifacts/global/nist-sp-800-61-rev-3/nist-800-61-vs-iso-27035.md): Grounded comparison of NIST SP 800-61r3 and ISO 27035 covering the CSF 2.0 community-profile model, management-process structure, communications, recovery. - [NIST SP 800-61r3 Severity Classification and SLA Model](https://www.sorena.io/artifacts/global/nist-sp-800-61-rev-3/severity-classification-and-sla-model.md): Grounded severity and SLA model for NIST SP 800-61r3 using NIST risk evaluation factors such as asset criticality, impact, scope, threat behavior. - [ANPD Enforcement and Fines](https://www.sorena.io/artifacts/latam/brazil-lgpd/anpd-enforcement-and-fines.md): Grounded ANPD enforcement guide covering inspection procedure, sanctions progression, Article 52 factors, Resolution CD ANPD No. - [Brazil LGPD Applicability Test](https://www.sorena.io/artifacts/latam/brazil-lgpd/applicability-test.md): Grounded Brazil LGPD applicability test covering Article 3 territorial reach, Article 4 exclusions, controller versus operator allocation. - [Brazil LGPD Incident Reporting and Breach Notification](https://www.sorena.io/artifacts/latam/brazil-lgpd/breach-notification.md): Grounded Brazil LGPD incident reporting guide covering Article 48, ANPD Resolution CD ANPD No. - [Brazil LGPD Checklist](https://www.sorena.io/artifacts/latam/brazil-lgpd/checklist.md): Audit-ready Brazil LGPD checklist covering scope, role allocation, lawful bases, rights timing, DPO disclosure, security, incident reporting. - [Brazil LGPD Compliance Program Guide](https://www.sorena.io/artifacts/latam/brazil-lgpd/compliance.md): Build a grounded Brazil LGPD compliance program around scope, lawful bases, rights, records, incident reporting, transfers, DPO, and ANPD-ready evidence. - [Brazil LGPD Data Subject Rights](https://www.sorena.io/artifacts/latam/brazil-lgpd/data-subject-rights.md): Grounded Brazil LGPD rights guide covering Articles 18 to 20, free requests, immediate simplified confirmation, full access declaration within 15 days. - [Brazil LGPD Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/latam/brazil-lgpd/deadlines-and-compliance-calendar.md): Brazil LGPD compliance calendar covering key legal and ANPD milestones plus recurring duties for rights, incidents, transfers, training. - [Brazil LGPD FAQ](https://www.sorena.io/artifacts/latam/brazil-lgpd/faq.md): Practical Brazil LGPD FAQ answering common scope, lawful basis, rights, incident, transfer, DPO, and enforcement questions using the law and ANPD guidance. - [Brazil LGPD International Transfers](https://www.sorena.io/artifacts/latam/brazil-lgpd/international-transfers.md): Grounded Brazil LGPD transfer guide covering Articles 33 to 35, adequacy, ANPD standard contractual clauses, specific clauses, binding corporate rules. - [Brazil LGPD Lawful Bases](https://www.sorena.io/artifacts/latam/brazil-lgpd/lawful-bases.md): Grounded Brazil LGPD lawful basis guide covering Article 7 and 11 bases, consent rules, ANPD legitimate interest guide, sensitive data. - [Brazil LGPD DSAR Response Template](https://www.sorena.io/artifacts/latam/brazil-lgpd/lgpd-dsar-response-template.md): Use a Brazil LGPD DSAR response template aligned to Articles 18 and 19, immediate simplified response, full declaration within 15 days, denial rationale. - [Brazil LGPD vs CCPA and CPRA](https://www.sorena.io/artifacts/latam/brazil-lgpd/lgpd-vs-ccpa.md): Grounded comparison of Brazil LGPD and CCPA or CPRA covering scope logic, legal basis model, rights timing, cross-border governance, and reusable controls. - [Brazil LGPD vs GDPR](https://www.sorena.io/artifacts/latam/brazil-lgpd/lgpd-vs-gdpr.md): Grounded comparison of Brazil LGPD and GDPR covering scope, lawful bases, rights timing, DPO rules, transfer mechanisms, incident reporting. - [Brazil LGPD Penalties and Fines](https://www.sorena.io/artifacts/latam/brazil-lgpd/penalties-and-fines.md): Grounded Brazil LGPD penalties guide covering Article 52 sanctions, 2 percent fine cap, R$50 million limit per infraction, publicization, blocking, deletion. - [Brazil LGPD Requirements](https://www.sorena.io/artifacts/latam/brazil-lgpd/requirements.md): Operational Brazil LGPD requirements map covering scope, lawful bases, transparency, rights, records, DPO, security, incidents, transfers. - [Brazil LGPD Templates](https://www.sorena.io/artifacts/latam/brazil-lgpd/templates.md): Practical Brazil LGPD template library priorities covering DSAR responses, incident communications, lawful basis records, transfer assessments. - [UK Online Safety Act Age Assurance Options](https://www.sorena.io/artifacts/uk/online-safety-act/age-assurance-options.md): Grounded age assurance guide for the UK Online Safety Act covering January 2025 pornography guidance, highly effective age assurance. - [UK Online Safety Act Applicability Test](https://www.sorena.io/artifacts/uk/online-safety-act/applicability-test.md): Grounded UK Online Safety Act applicability test covering regulated user-to-user and search services, Schedule 1 exemptions, provider pornography scope. - [UK Online Safety Act Checklist](https://www.sorena.io/artifacts/uk/online-safety-act/checklist.md): Audit-ready UK Online Safety Act checklist covering service scope, illegal risk assessment, child access and child risk assessment, moderation, complaints. - [UK Online Safety Act Children Safety Duties](https://www.sorena.io/artifacts/uk/online-safety-act/children-safety-duties.md): Grounded guide to UK Online Safety Act children safety duties covering section 81 timing, children access assessments, children risk assessments. - [UK Online Safety Act Compliance Program](https://www.sorena.io/artifacts/uk/online-safety-act/compliance.md): Program design guide for UK Online Safety Act compliance covering governance, scope, assessments, moderation, age assurance, complaints, metrics. - [UK Online Safety Act Content Moderation and Appeals](https://www.sorena.io/artifacts/uk/online-safety-act/content-moderation-and-appeals.md): Grounded guide to UK Online Safety Act moderation and appeals requirements covering sections 21, 32, 71, and 72, complaints design, terms enforcement. - [UK Online Safety Act Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/uk/online-safety-act/deadlines-and-compliance-calendar.md): Grounded UK Online Safety Act calendar covering 26 October 2023 enactment, 31 January 2024 offences, 16 December 2024 illegal harms codes. - [UK Online Safety Act Enforcement and Penalties](https://www.sorena.io/artifacts/uk/online-safety-act/enforcement-and-penalties.md): Grounded UK Online Safety Act enforcement guide covering Ofcom information notices, senior manager naming, confirmation decisions. - [UK Online Safety Act FAQ](https://www.sorena.io/artifacts/uk/online-safety-act/faq.md): Practical FAQ on the UK Online Safety Act covering who is in scope, what changed in 2025, child access and risk assessments, age assurance, category duties. - [UK Online Safety Act Illegal Content Duties](https://www.sorena.io/artifacts/uk/online-safety-act/illegal-content-duties-explained.md): Grounded guide to UK Online Safety Act illegal content duties covering user-to-user and search services, illegal content risk assessments. - [UK Online Safety Act vs EU Digital Services Act](https://www.sorena.io/artifacts/uk/online-safety-act/online-safety-act-vs-dsa.md): Practical comparison of the UK Online Safety Act and the EU Digital Services Act covering regulated service models, illegal content frameworks. - [UK Online Safety Act Risk Assessment Template](https://www.sorena.io/artifacts/uk/online-safety-act/online-safety-risk-assessment-template.md): Practical UK Online Safety Act risk assessment template covering service profile, harms inventory, controls, residual risk, child access, child safety. - [UK Online Safety Act Penalties and Fines](https://www.sorena.io/artifacts/uk/online-safety-act/penalties-and-fines.md): Grounded penalty guide for the UK Online Safety Act covering the GBP 18 million or 10 percent worldwide revenue cap. - [UK Online Safety Act Requirements](https://www.sorena.io/artifacts/uk/online-safety-act/requirements.md): Detailed UK Online Safety Act requirements guide mapping scope, illegal content duties, child safety duties, terms enforcement, complaints, categorisation. - [UK Online Safety Act Risk Assessments Playbook](https://www.sorena.io/artifacts/uk/online-safety-act/risk-assessments-playbook.md): Operational playbook for UK Online Safety Act risk assessments covering sequencing, ownership, evidence collection, control design. - [UK Online Safety Act Service Scope and Categorization](https://www.sorena.io/artifacts/uk/online-safety-act/service-scope-and-categorization.md): Grounded service scope and categorisation guide for the UK Online Safety Act covering Part 3 logic, likely to be accessed by children, Category 1, 2A. - [UK PSTI Act Applicability Test](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/applicability-test.md): Grounded UK PSTI applicability test covering section 4 relevant connectable product logic, internet-connectable and network-connectable products. - [UK PSTI Act Applicability Test](https://www.sorena.io/artifacts/uk/psti-act/applicability-test.md): Grounded UK PSTI applicability test covering section 4 relevant connectable product logic, internet-connectable and network-connectable products. - [UK PSTI Act Checklist](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/checklist.md): Audit-ready UK PSTI checklist covering product scope, role allocation, the three mandatory security requirements, statement of compliance handling, retention. - [UK PSTI Act Checklist](https://www.sorena.io/artifacts/uk/psti-act/checklist.md): Audit-ready UK PSTI checklist covering product scope, role allocation, the three mandatory security requirements, statement of compliance handling, retention. - [UK PSTI Act Compliance Program](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/compliance.md): Program design guide for UK PSTI compliance covering product scope, engineering controls, statement governance, supply-chain checks. - [UK PSTI Act Compliance Program](https://www.sorena.io/artifacts/uk/psti-act/compliance.md): Program design guide for UK PSTI compliance covering product scope, engineering controls, statement governance, supply-chain checks. - [UK PSTI Act Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/deadlines-and-compliance-calendar.md): Grounded UK PSTI calendar covering 6 December 2022 Royal Assent, 29 April 2024 commencement, and the 2025 amendments now in force. - [UK PSTI Act Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/uk/psti-act/deadlines-and-compliance-calendar.md): Grounded UK PSTI calendar covering 6 December 2022 Royal Assent, 29 April 2024 commencement, and the 2025 amendments now in force. - [UK PSTI Act FAQ](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq.md): Practical FAQ on the UK PSTI regime covering product scope, the three mandatory requirements, statement of compliance issues, role duties, retention. - [UK PSTI Act FAQ](https://www.sorena.io/artifacts/uk/psti-act/faq.md): Practical FAQ on the UK PSTI regime covering product scope, the three mandatory requirements, statement of compliance issues, role duties, retention. - [UK PSTI OPSS Enforcement and Penalties](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/opss-enforcement-and-penalties.md): Grounded OPSS enforcement guide for the UK PSTI regime covering risk-based and proportionate intervention, escalating enforcement, evidence expectations. - [UK PSTI OPSS Enforcement and Penalties](https://www.sorena.io/artifacts/uk/psti-act/opss-enforcement-and-penalties.md): Grounded OPSS enforcement guide for the UK PSTI regime covering risk-based and proportionate intervention, escalating enforcement, evidence expectations. - [UK PSTI Penalties and Fines](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/penalties-and-fines.md): Practical guide to UK PSTI penalties and enforcement exposure covering why statement defects, support-period mismatches. - [UK PSTI Penalties and Fines](https://www.sorena.io/artifacts/uk/psti-act/penalties-and-fines.md): Practical guide to UK PSTI penalties and enforcement exposure covering why statement defects, support-period mismatches. - [UK PSTI Password and Update Policy Requirements](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-password-and-update-policy-requirements.md): Grounded guide to UK PSTI password and update obligations covering unique or user-defined credentials, public vulnerability disclosure information. - [UK PSTI Password and Update Policy Requirements](https://www.sorena.io/artifacts/uk/psti-act/psti-password-and-update-policy-requirements.md): Grounded guide to UK PSTI password and update obligations covering unique or user-defined credentials, public vulnerability disclosure information. - [UK PSTI Statement of Compliance Template](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-statement-of-compliance-template.md): Practical UK PSTI statement of compliance template guide covering product identification, applicable requirements, defined support period, drafting controls. - [UK PSTI Statement of Compliance Template](https://www.sorena.io/artifacts/uk/psti-act/psti-statement-of-compliance-template.md): Practical UK PSTI statement of compliance template guide covering product identification, applicable requirements, defined support period, drafting controls. - [UK PSTI vs EU Cyber Resilience Act](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-vs-eu-cyber-resilience-act.md): Practical comparison of the UK PSTI regime and the EU Cyber Resilience Act covering product scope, baseline security duties, vulnerability handling. - [UK PSTI vs EU Cyber Resilience Act](https://www.sorena.io/artifacts/uk/psti-act/psti-vs-eu-cyber-resilience-act.md): Practical comparison of the UK PSTI regime and the EU Cyber Resilience Act covering product scope, baseline security duties, vulnerability handling. - [UK PSTI Relevant Connectable Products Scope](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/relevant-connectable-products-scope.md): Detailed scope guide for UK PSTI relevant connectable products covering section 4 and 5 definitions, internet-connectable products. - [UK PSTI Relevant Connectable Products Scope](https://www.sorena.io/artifacts/uk/psti-act/relevant-connectable-products-scope.md): Detailed scope guide for UK PSTI relevant connectable products covering section 4 and 5 definitions, internet-connectable products. - [UK PSTI Act Requirements](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/requirements.md): Detailed UK PSTI requirements guide covering the three mandatory security requirements, statement and deemed-compliance rules, and retention periods where the statement route applies. - [UK PSTI Act Requirements](https://www.sorena.io/artifacts/uk/psti-act/requirements.md): Detailed UK PSTI requirements guide covering the three mandatory security requirements, statement and deemed-compliance rules, and retention periods where the statement route applies. - [UK PSTI Security Requirements in Practice](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/security-requirements-in-practice.md): Operational guide for implementing UK PSTI security requirements in practice across engineering, firmware, support, vulnerability handling. - [UK PSTI Security Requirements in Practice](https://www.sorena.io/artifacts/uk/psti-act/security-requirements-in-practice.md): Operational guide for implementing UK PSTI security requirements in practice across engineering, firmware, support, vulnerability handling. - [UK PSTI Statement of Compliance and Evidence](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/statement-of-compliance-and-evidence.md): Grounded guide to UK PSTI statement-of-compliance obligations covering section 9, Schedule 2A alternatives, minimum information, and retention where the statement route applies. - [UK PSTI Statement of Compliance and Evidence](https://www.sorena.io/artifacts/uk/psti-act/statement-of-compliance-and-evidence.md): Grounded guide to UK PSTI statement-of-compliance obligations covering section 9, Schedule 2A alternatives, minimum information, and retention where the statement route applies. - [UK PSTI Supply Chain Roles](https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/supply-chain-roles-manufacturer-importer-distributor.md): Grounded guide to UK PSTI supply-chain roles covering manufacturer, importer, and distributor duties, statement handling, compliance-failure escalation. - [UK PSTI Supply Chain Roles](https://www.sorena.io/artifacts/uk/psti-act/supply-chain-roles-manufacturer-importer-distributor.md): Grounded guide to UK PSTI supply-chain roles covering manufacturer, importer, and distributor duties, statement handling, compliance-failure escalation. - [UK GDPR Applicability Test](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/applicability-test.md): Assess UK GDPR territorial scope, controller or processor role, special category triggers, and UK transfer exposure with a defensible applicability test. - [UK GDPR Applicability Test](https://www.sorena.io/artifacts/uk/uk-gdpr/applicability-test.md): Assess UK GDPR territorial scope, controller or processor role, special category triggers, and UK transfer exposure with a defensible applicability test. - [UK GDPR Breach Notification](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/breach-notification.md): Operational guide to UK GDPR breach notification, including the 72 hour ICO deadline, processor escalation, breach logging. - [UK GDPR Breach Notification](https://www.sorena.io/artifacts/uk/uk-gdpr/breach-notification.md): Operational guide to UK GDPR breach notification, including the 72 hour ICO deadline, processor escalation, breach logging. - [UK GDPR Checklist](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/checklist.md): Practical UK GDPR checklist for accountability, lawful basis, Article 30 records, processor contracts, rights handling, transfers, and breach readiness. - [UK GDPR Checklist](https://www.sorena.io/artifacts/uk/uk-gdpr/checklist.md): Practical UK GDPR checklist for accountability, lawful basis, Article 30 records, processor contracts, rights handling, transfers, and breach readiness. - [UK GDPR Children and Age Appropriate Design](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/children-and-age-appropriate-design.md): Implement the UK Children's Code with grounded guidance on likely to be accessed tests, high privacy defaults, profiling limits, geolocation, age assurance. - [UK GDPR Children and Age Appropriate Design](https://www.sorena.io/artifacts/uk/uk-gdpr/children-and-age-appropriate-design.md): Implement the UK Children's Code with grounded guidance on likely to be accessed tests, high privacy defaults, profiling limits, geolocation, age assurance. - [UK GDPR Compliance Program](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/compliance.md): Build a UK GDPR compliance program with accountability, Article 30 records, DPIAs, controller processor contracts, rights operations, transfer controls. - [UK GDPR Compliance Program](https://www.sorena.io/artifacts/uk/uk-gdpr/compliance.md): Build a UK GDPR compliance program with accountability, Article 30 records, DPIAs, controller processor contracts, rights operations, transfer controls. - [UK GDPR Data Subject Rights](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/data-subject-rights.md): Operational guide to UK GDPR data subject rights, including access, rectification, erasure, restriction, portability, objection. - [UK GDPR Data Subject Rights](https://www.sorena.io/artifacts/uk/uk-gdpr/data-subject-rights.md): Operational guide to UK GDPR data subject rights, including access, rectification, erasure, restriction, portability, objection. - [UK GDPR Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/deadlines-and-compliance-calendar.md): Calendar view of UK GDPR milestones, including January 1, 2021 applicability, March 2022 transfer tools, one month rights deadlines. - [UK GDPR Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/uk/uk-gdpr/deadlines-and-compliance-calendar.md): Calendar view of UK GDPR milestones, including January 1, 2021 applicability, March 2022 transfer tools, one month rights deadlines. - [UK GDPR FAQ](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/faq.md): Practical UK GDPR FAQ covering scope, lawful basis, rights timing, breach reporting, transfers, children, and enforcement exposure. - [UK GDPR FAQ](https://www.sorena.io/artifacts/uk/uk-gdpr/faq.md): Practical UK GDPR FAQ covering scope, lawful basis, rights timing, breach reporting, transfers, children, and enforcement exposure. - [IDTA vs EU SCCs](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/idta-vs-eu-sccs.md): Compare the UK IDTA, UK Addendum, and EU standard contractual clauses for UK GDPR transfer compliance, contract selection, and transfer risk assessments. - [IDTA vs EU SCCs](https://www.sorena.io/artifacts/uk/uk-gdpr/idta-vs-eu-sccs.md): Compare the UK IDTA, UK Addendum, and EU standard contractual clauses for UK GDPR transfer compliance, contract selection, and transfer risk assessments. - [UK GDPR Penalties and Fines](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/penalties-and-fines.md): Guide to UK GDPR penalties and fines, including the 17.5 million pounds or 4 percent upper tier, the 8.7 million pounds or 2 percent standard tier. - [UK GDPR Penalties and Fines](https://www.sorena.io/artifacts/uk/uk-gdpr/penalties-and-fines.md): Guide to UK GDPR penalties and fines, including the 17.5 million pounds or 4 percent upper tier, the 8.7 million pounds or 2 percent standard tier. - [UK GDPR Requirements](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/requirements.md): Control level UK GDPR requirements covering principles, lawful basis, transparency, rights, Article 30 records, security, contracts, transfers, and DPIAs. - [UK GDPR Requirements](https://www.sorena.io/artifacts/uk/uk-gdpr/requirements.md): Control level UK GDPR requirements covering principles, lawful basis, transparency, rights, Article 30 records, security, contracts, transfers, and DPIAs. - [UK GDPR Transfers, IDTA, and UK Addendum](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/transfers-idta-and-uk-addendum.md): Detailed UK GDPR international transfers guide covering adequacy, UK IDTA, UK Addendum, transfer risk assessments, vendor governance, and UK bridge reliance. - [UK GDPR Transfers, IDTA, and UK Addendum](https://www.sorena.io/artifacts/uk/uk-gdpr/transfers-idta-and-uk-addendum.md): Detailed UK GDPR international transfers guide covering adequacy, UK IDTA, UK Addendum, transfer risk assessments, vendor governance, and UK bridge reliance. - [UK GDPR vs Data Protection Act 2018](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/uk-gdpr-vs-data-protection-act-2018.md): Compare the UK GDPR and the Data Protection Act 2018, including what the UK GDPR does directly and where the DPA 2018 supplements, restricts, or extends it. - [UK GDPR vs Data Protection Act 2018](https://www.sorena.io/artifacts/uk/uk-gdpr/uk-gdpr-vs-data-protection-act-2018.md): Compare the UK GDPR and the Data Protection Act 2018, including what the UK GDPR does directly and where the DPA 2018 supplements, restricts, or extends it. - [UK GDPR vs EU GDPR](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/uk-gdpr-vs-eu-gdpr.md): Practical comparison of the UK GDPR and EU GDPR, including scope, transfers, regulators, adequacy, and operational divergence for multinational programmes. - [UK GDPR vs EU GDPR](https://www.sorena.io/artifacts/uk/uk-gdpr/uk-gdpr-vs-eu-gdpr.md): Practical comparison of the UK GDPR and EU GDPR, including scope, transfers, regulators, adequacy, and operational divergence for multinational programmes. - [UK vs EU GDPR Differences](https://www.sorena.io/artifacts/uk/general-data-protection-regulation/uk-vs-eu-differences.md): Operational differences between the UK and EU privacy regimes, including transfer tools, adequacy lists, regulators, notices, and programme governance. - [UK vs EU GDPR Differences](https://www.sorena.io/artifacts/uk/uk-gdpr/uk-vs-eu-differences.md): Operational differences between the UK and EU privacy regimes, including transfer tools, adequacy lists, regulators, notices, and programme governance. - [CCPA Applicability Test](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/applicability-test.md): Test whether a business is in scope under the current California threshold model. - [CCPA Applicability Test](https://www.sorena.io/artifacts/us/ccpa/applicability-test.md): Test whether a business is in scope under the current California threshold model. - [CCPA Privacy Policy Template](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/ccpa-privacy-policy-template.md): Write a California privacy policy that actually matches the statute and regulations. - [CCPA Privacy Policy Template](https://www.sorena.io/artifacts/us/ccpa/ccpa-privacy-policy-template.md): Write a California privacy policy that actually matches the statute and regulations. - [CCPA vs CPRA](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/ccpa-vs-cpra.md): Compare the original CCPA and the CPRA amendments using the deltas that change real implementation work. - [CCPA vs CPRA](https://www.sorena.io/artifacts/us/ccpa/ccpa-vs-cpra.md): Compare the original CCPA and the CPRA amendments using the deltas that change real implementation work. - [CCPA vs GDPR](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/ccpa-vs-gdpr.md): Compare California CCPA obligations with the GDPR without assuming the two models are interchangeable. - [CCPA vs GDPR](https://www.sorena.io/artifacts/us/ccpa/ccpa-vs-gdpr.md): Compare California CCPA obligations with the GDPR without assuming the two models are interchangeable. - [CCPA Checklist](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/checklist.md): Track the California controls that must actually exist in policy, product, and vendor operations. - [CCPA Checklist](https://www.sorena.io/artifacts/us/ccpa/checklist.md): Track the California controls that must actually exist in policy, product, and vendor operations. - [CCPA Compliance Program](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/compliance.md): Build a California privacy programme that survives regulator questions and product change. - [CCPA Compliance Program](https://www.sorena.io/artifacts/us/ccpa/compliance.md): Build a California privacy programme that survives regulator questions and product change. - [CCPA Consumer Rights Workflow](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/consumer-rights-workflow.md): Run California rights operations with clear timing, verification, and downstream instructions. - [CCPA Consumer Rights Workflow](https://www.sorena.io/artifacts/us/ccpa/consumer-rights-workflow.md): Run California rights operations with clear timing, verification, and downstream instructions. - [CCPA Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/deadlines-and-compliance-calendar.md): Use the dates that actually shape California privacy work. - [CCPA Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/us/ccpa/deadlines-and-compliance-calendar.md): Use the dates that actually shape California privacy work. - [Do Not Sell or Share Implementation](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/do-not-sell-share-implementation.md): Implement California opt out controls that actually work across websites, apps, and partner pipelines. - [Do Not Sell or Share Implementation](https://www.sorena.io/artifacts/us/ccpa/do-not-sell-share-implementation.md): Implement California opt out controls that actually work across websites, apps, and partner pipelines. - [CCPA Enforcement and Penalties](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/enforcement-and-penalties.md): Understand how California enforcement usually starts and what evidence the agency will ask for. - [CCPA Enforcement and Penalties](https://www.sorena.io/artifacts/us/ccpa/enforcement-and-penalties.md): Understand how California enforcement usually starts and what evidence the agency will ask for. - [CCPA FAQ](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/faq.md): Answer the California privacy questions that usually stall implementation. - [CCPA FAQ](https://www.sorena.io/artifacts/us/ccpa/faq.md): Answer the California privacy questions that usually stall implementation. - [CCPA Penalties and Fines](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/penalties-and-fines.md): Know the penalty ranges, then work backward to the controls that reduce them. - [CCPA Penalties and Fines](https://www.sorena.io/artifacts/us/ccpa/penalties-and-fines.md): Know the penalty ranges, then work backward to the controls that reduce them. - [CCPA Privacy Notices and Disclosures](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/privacy-notices-and-disclosures.md): Design the California notice stack so each disclosure appears in the right place and says the right thing. - [CCPA Privacy Notices and Disclosures](https://www.sorena.io/artifacts/us/ccpa/privacy-notices-and-disclosures.md): Design the California notice stack so each disclosure appears in the right place and says the right thing. - [CCPA Requirements](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/requirements.md): Translate California law into control statements that can be implemented, tested, and audited. - [CCPA Requirements](https://www.sorena.io/artifacts/us/ccpa/requirements.md): Translate California law into control statements that can be implemented, tested, and audited. - [CCPA Scope and Thresholds](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/scope-and-thresholds.md): Use the real California threshold tests instead of rough privacy folklore. - [CCPA Scope and Thresholds](https://www.sorena.io/artifacts/us/ccpa/scope-and-thresholds.md): Use the real California threshold tests instead of rough privacy folklore. - [CCPA Service Provider and Contractor Contracts](https://www.sorena.io/artifacts/us/california-consumer-privacy-act/service-provider-contractor-contracts.md): Draft California vendor contracts that work in practice, not only on paper. - [CCPA Service Provider and Contractor Contracts](https://www.sorena.io/artifacts/us/ccpa/service-provider-contractor-contracts.md): Draft California vendor contracts that work in practice, not only on paper. - [CPRA Applicability Test](https://www.sorena.io/artifacts/us/california-privacy-rights-act/applicability-test.md): Confirm California scope and then identify which CPRA specific obligations activate. - [CPRA Applicability Test](https://www.sorena.io/artifacts/us/cpra/applicability-test.md): Confirm California scope and then identify which CPRA specific obligations activate. - [CCPA vs CPRA What Changed](https://www.sorena.io/artifacts/us/california-privacy-rights-act/ccpa-vs-cpra-what-changed.md): Use the actual legal and operational deltas when upgrading an older California programme. - [CCPA vs CPRA What Changed](https://www.sorena.io/artifacts/us/cpra/ccpa-vs-cpra-what-changed.md): Use the actual legal and operational deltas when upgrading an older California programme. - [CPRA Checklist](https://www.sorena.io/artifacts/us/california-privacy-rights-act/checklist.md): Track the California privacy workstreams that changed under CPRA and the 2026 rules. - [CPRA Checklist](https://www.sorena.io/artifacts/us/cpra/checklist.md): Track the California privacy workstreams that changed under CPRA and the 2026 rules. - [CPRA Compliance Program](https://www.sorena.io/artifacts/us/california-privacy-rights-act/compliance.md): Run a California programme that can absorb ongoing CPPA rules without constant redesign. - [CPRA Compliance Program](https://www.sorena.io/artifacts/us/cpra/compliance.md): Run a California programme that can absorb ongoing CPPA rules without constant redesign. - [CPRA Consumer Rights Workflow](https://www.sorena.io/artifacts/us/california-privacy-rights-act/consumer-rights-workflow.md): Run California rights operations across delete, correct, know, opt out, and limit. - [CPRA Consumer Rights Workflow](https://www.sorena.io/artifacts/us/cpra/consumer-rights-workflow.md): Run California rights operations across delete, correct, know, opt out, and limit. - [CPRA Contracts, Contractors, and Service Providers](https://www.sorena.io/artifacts/us/california-privacy-rights-act/contracts-contractors-and-service-providers.md): Draft California recipient contracts that support both baseline CPRA compliance and the newer assurance obligations. - [CPRA Contracts, Contractors, and Service Providers](https://www.sorena.io/artifacts/us/cpra/contracts-contractors-and-service-providers.md): Draft California recipient contracts that support both baseline CPRA compliance and the newer assurance obligations. - [CPPA Regulations Tracker](https://www.sorena.io/artifacts/us/california-privacy-rights-act/cppa-regulations-tracker.md): Track the California rules that changed the operating baseline in 2026 and the related regulator outputs. - [CPPA Regulations Tracker](https://www.sorena.io/artifacts/us/cpra/cppa-regulations-tracker.md): Track the California rules that changed the operating baseline in 2026 and the related regulator outputs. - [CPRA Risk Assessment Template](https://www.sorena.io/artifacts/us/california-privacy-rights-act/cpra-risk-assessment-template.md): Use a California specific template that matches the current rule structure instead of a generic DPIA form. - [CPRA Risk Assessment Template](https://www.sorena.io/artifacts/us/cpra/cpra-risk-assessment-template.md): Use a California specific template that matches the current rule structure instead of a generic DPIA form. - [CPRA vs Colorado Privacy Act](https://www.sorena.io/artifacts/us/california-privacy-rights-act/cpra-vs-colorado-privacy-act.md): Compare the California and Colorado models before reusing a state privacy template across both. - [CPRA vs Colorado Privacy Act](https://www.sorena.io/artifacts/us/cpra/cpra-vs-colorado-privacy-act.md): Compare the California and Colorado models before reusing a state privacy template across both. - [CPRA vs Virginia VCDPA](https://www.sorena.io/artifacts/us/california-privacy-rights-act/cpra-vs-virginia-vcdpa.md): Compare California and Virginia privacy models before reusing contracts or request flows across both. - [CPRA vs Virginia VCDPA](https://www.sorena.io/artifacts/us/cpra/cpra-vs-virginia-vcdpa.md): Compare California and Virginia privacy models before reusing contracts or request flows across both. - [CPRA Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/us/california-privacy-rights-act/deadlines-and-compliance-calendar.md): Use the dates that matter for the current California privacy regime. - [CPRA Deadlines and Compliance Calendar](https://www.sorena.io/artifacts/us/cpra/deadlines-and-compliance-calendar.md): Use the dates that matter for the current California privacy regime. - [CPRA FAQ](https://www.sorena.io/artifacts/us/california-privacy-rights-act/faq.md): Answer the California questions that stall CPRA implementation decisions. - [CPRA FAQ](https://www.sorena.io/artifacts/us/cpra/faq.md): Answer the California questions that stall CPRA implementation decisions. - [CPRA Penalties and Fines](https://www.sorena.io/artifacts/us/california-privacy-rights-act/penalties-and-fines.md): Understand what makes California exposure larger, faster, and harder to defend. - [CPRA Penalties and Fines](https://www.sorena.io/artifacts/us/cpra/penalties-and-fines.md): Understand what makes California exposure larger, faster, and harder to defend. - [CPRA Requirements](https://www.sorena.io/artifacts/us/california-privacy-rights-act/requirements.md): Translate the current California regime into control statements that teams can build and test. - [CPRA Requirements](https://www.sorena.io/artifacts/us/cpra/requirements.md): Translate the current California regime into control statements that teams can build and test. - [CPRA Risk Assessments and Cybersecurity Audits](https://www.sorena.io/artifacts/us/california-privacy-rights-act/risk-assessments-and-cybersecurity-audits.md): Prepare for the California assurance duties that now have real structure, timing, and evidence requirements. - [CPRA Risk Assessments and Cybersecurity Audits](https://www.sorena.io/artifacts/us/cpra/risk-assessments-and-cybersecurity-audits.md): Prepare for the California assurance duties that now have real structure, timing, and evidence requirements. - [CPRA Sensitive Personal Information](https://www.sorena.io/artifacts/us/california-privacy-rights-act/sensitive-personal-information.md): Handle SPI with the level of design and evidence the California rules now expect. - [CPRA Sensitive Personal Information](https://www.sorena.io/artifacts/us/cpra/sensitive-personal-information.md): Handle SPI with the level of design and evidence the California rules now expect. - [CRA FAQ Hub](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items index) - [CRA FAQ Hub - Page 2](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/2.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 2 of 54) - [CRA FAQ Hub - Page 3](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/3.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 3 of 54) - [CRA FAQ Hub - Page 4](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/4.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 4 of 54) - [CRA FAQ Hub - Page 5](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/5.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 5 of 54) - [CRA FAQ Hub - Page 6](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/6.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 6 of 54) - [CRA FAQ Hub - Page 7](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/7.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 7 of 54) - [CRA FAQ Hub - Page 8](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/8.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 8 of 54) - [CRA FAQ Hub - Page 9](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/9.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 9 of 54) - [CRA FAQ Hub - Page 10](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/10.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 10 of 54) - [CRA FAQ Hub - Page 11](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/11.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 11 of 54) - [CRA FAQ Hub - Page 12](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/12.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 12 of 54) - [CRA FAQ Hub - Page 13](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/13.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 13 of 54) - [CRA FAQ Hub - Page 14](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/14.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 14 of 54) - [CRA FAQ Hub - Page 15](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/15.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 15 of 54) - [CRA FAQ Hub - Page 16](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/16.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 16 of 54) - [CRA FAQ Hub - Page 17](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/17.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 17 of 54) - [CRA FAQ Hub - Page 18](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/18.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 18 of 54) - [CRA FAQ Hub - Page 19](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/19.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 19 of 54) - [CRA FAQ Hub - Page 20](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/20.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 20 of 54) - [CRA FAQ Hub - Page 21](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/21.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 21 of 54) - [CRA FAQ Hub - Page 22](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/22.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 22 of 54) - [CRA FAQ Hub - Page 23](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/23.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 23 of 54) - [CRA FAQ Hub - Page 24](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/24.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 24 of 54) - [CRA FAQ Hub - Page 25](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/25.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 25 of 54) - [CRA FAQ Hub - Page 26](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/26.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 26 of 54) - [CRA FAQ Hub - Page 27](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/27.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 27 of 54) - [CRA FAQ Hub - Page 28](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/28.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 28 of 54) - [CRA FAQ Hub - Page 29](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/29.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 29 of 54) - [CRA FAQ Hub - Page 30](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/30.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 30 of 54) - [CRA FAQ Hub - Page 31](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/31.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 31 of 54) - [CRA FAQ Hub - Page 32](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/32.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 32 of 54) - [CRA FAQ Hub - Page 33](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/33.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 33 of 54) - [CRA FAQ Hub - Page 34](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/34.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 34 of 54) - [CRA FAQ Hub - Page 35](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/35.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 35 of 54) - [CRA FAQ Hub - Page 36](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/36.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 36 of 54) - [CRA FAQ Hub - Page 37](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/37.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 37 of 54) - [CRA FAQ Hub - Page 38](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/38.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 38 of 54) - [CRA FAQ Hub - Page 39](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/39.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 39 of 54) - [CRA FAQ Hub - Page 40](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/40.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 40 of 54) - [CRA FAQ Hub - Page 41](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/41.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 41 of 54) - [CRA FAQ Hub - Page 42](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/42.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 42 of 54) - [CRA FAQ Hub - Page 43](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/43.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 43 of 54) - [CRA FAQ Hub - Page 44](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/44.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 44 of 54) - [CRA FAQ Hub - Page 45](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/45.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 45 of 54) - [CRA FAQ Hub - Page 46](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/46.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 46 of 54) - [CRA FAQ Hub - Page 47](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/47.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 47 of 54) - [CRA FAQ Hub - Page 48](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/48.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 48 of 54) - [CRA FAQ Hub - Page 49](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/49.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 49 of 54) - [CRA FAQ Hub - Page 50](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/50.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 50 of 54) - [CRA FAQ Hub - Page 51](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/51.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 51 of 54) - [CRA FAQ Hub - Page 52](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/52.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 52 of 54) - [CRA FAQ Hub - Page 53](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/53.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 53 of 54) - [CRA FAQ Hub - Page 54](https://www.sorena.io/artifacts/eu/cyber-resilience-act/faq/items/page/54.md): Browse the CRA FAQ hub for Blue Guide market-access concepts, CE marking, and component due diligence. (FAQ items page 54 of 54) ## Company Company background, values, culture, and contact information. Sorena AI is based in Stockholm, Sweden. - [About Us](https://www.sorena.io/about-us.md): About Sorena AI - our story, values, and culture - [Contact Us](https://www.sorena.io/contact.md): Contact Sorena AI for demos, partnerships, and support ## Legal Legal and policy documents: privacy policy, terms of use, and DMCA. - [Privacy Policy](https://www.sorena.io/privacy.md): Privacy policy and data protection practices - [Terms of Use](https://www.sorena.io/terms-of-use.md): Terms of use and service guidelines - [DMCA Policy](https://www.sorena.io/dmca.md): DMCA notice and takedown policy