Two auditors scored both Sorena Research Copilot and ChatGPT (baseline) against the same requirements across 43 real-world compliance, regulatory research, and document analysis sessions.
Two auditors scored Sorena at 100% in every session
Scored against granular compliance requirements
100% factual accuracy (0 factual errors) vs 183 factual errors in ChatGPT (baseline) responses
How each tool performed across compliance research sessions
Scores reflect independent verification against source documentation.
Incorrect statements presented as fact across all sessions.
Compliance requirements addressed with accurate information.
Session-by-session benchmarks for compliance research. Click any row to view the full scenario, score breakdown, and high-level takeaways.
| Session | Category | Scenario | Sorena Score | ChatGPT Score | Factual errors | Notes |
|---|---|---|---|---|---|---|
#012026-01-06 | Privacy Audit | Privacy Notice Audit - Global e-commerce retailer Audit of a global e-commerce privacy notice against GDPR and CPRA/CCPA, focusing on transparency, retention, cross-border transfers, and user rights. | 100% | 38% | 5 | |
#022026-01-06 | AI Act Compliance | AI Terms & Privacy Audit - AI lab Audit of an AI lab’s consumer terms and privacy policy for EU AI Act and GDPR, focusing on provider duties, transparency, and operational compliance. | 100% | 19% | 3 | |
#032026-01-06 | Privacy Audit | Privacy Policy Audit - Consumer device manufacturer Privacy policy audit for a consumer device ecosystem, assessing GDPR/CPRA disclosures, retention clarity, transfers, and rights transparency. | 100% | 21% | 5 | |
#042026-01-06 | AI Act Compliance | Cloud Service Terms Audit - Major cloud provider Contract-focused audit of cloud service terms and privacy notices for EU AI Act and GDPR coverage, including transfers, processor terms, and AI restrictions. | 100% | 19% | 4 | |
#052026-01-06 | Regulatory Timeline | EUDR Timeline - Office equipment manufacturer EU Deforestation Regulation (EUDR) workback plan for a paper supply chain, with due diligence milestones, evidence expectations, and reporting deadlines. | 100% | 19% | 9 | |
#062026-01-06 | Regulatory Timeline | EUDR Timeline - Beverage multinational EUDR compliance timeline for a global beverage supply chain, mapping commodity sourcing to scope, due diligence steps, and declaration deadlines. | 100% | 13% | 7 | |
#072026-01-06 | Regulatory Timeline | EU Data Act Timeline - Connected appliance manufacturer EU Data Act compliance timeline for a connected-appliance manufacturer, covering data access, sharing, trade secrets, and cloud switching requirements. | 100% | 26% | 1 | |
#082026-01-06 | Privacy Audit | Privacy Policy Audit - Gaming platform Privacy policy audit for a gaming platform, focusing on GDPR transparency and CPRA/CCPA disclosures for California residents. | 100% | 43% | 3 | |
#092026-01-06 | AI Act Compliance | AI Terms & Privacy Audit - AI platform Audit of an AI platform’s terms and privacy policy for EU AI Act and GDPR readiness, emphasizing transparency, training boundaries, and provider vs deployer responsibilities. | 100% | 48% | 6 | |
#102026-01-06 | AI Act Compliance | Cloud Terms + DPA Audit - Cloud provider Audit of cloud service terms and a data processing addendum for GDPR Article 28 and EU AI Act readiness, including key contractual caveats and deployer obligations (e.g., FRIA). | 100% | 33% | 5 | |
#112026-01-06 | AI Act Compliance | AI API Terms + Privacy Audit - Model API provider Audit of an AI model API’s terms and privacy policy for GDPR and EU AI Act requirements, focusing on data-use boundaries, retention, and developer obligations. | 100% | 28% | 1 | |
#122026-01-06 | Privacy Audit | Privacy Policy Audit - Global search platform Privacy policy audit for a global search platform, assessing data categories, purposes, rights, transfers, retention, and opt-out tooling under GDPR and CPRA. | 100% | 25% | 4 | |
#132026-01-06 | Privacy Audit | Privacy Policy Audit - Social platform Privacy policy audit for a social platform, focusing on disclosure completeness, legal bases, retention clarity, and rights mechanisms under GDPR and CPRA. | 100% | 22% | 5 | |
#142026-01-06 | Privacy Audit | Privacy Statement Audit - Enterprise software vendor Enterprise privacy statement audit for GDPR and CPRA, focusing on transparency obligations, retention, DSAR mechanics, and user rights coverage. | 100% | 47% | 2 | |
#152026-01-06 | AI Act Compliance | Product Terms + Privacy Audit - Enterprise cloud/vendor Audit of enterprise product terms and privacy statements for EU AI Act and GDPR, focused on contractual commitments and shared responsibilities across the AI value chain. | 100% | 31% | 1 | |
#162026-01-06 | Privacy Audit | Privacy Statement Audit - Streaming service Privacy statement audit for a streaming service, evaluating GDPR transparency and CPRA disclosures such as sharing, preference signals, and required policy structure. | 100% | 33% | 5 | |
#172026-01-06 | Privacy Audit | Terms + Privacy Audit - Secure messaging app Audit of a secure messaging app’s terms and privacy disclosures for GDPR and CPRA, focusing on lawful bases, retention, rights, and audit-ready gaps. | 100% | 32% | 1 | |
#182026-01-06 | Privacy Audit | Privacy Policy Audit - Music streaming service Privacy policy audit for a music streaming service, reviewing GDPR/CPRA disclosures around data categories, sharing, international transfers, and rights. | 100% | 36% | 1 | |
#192026-01-06 | Privacy Audit | Privacy Policy Audit - Messaging platform Privacy policy audit for a messaging platform under GDPR and CPRA, including transfers, retention, rights workflows, and required disclosures. | 100% | 56% | 1 | |
#202026-01-06 | Privacy Audit | Privacy Policy Audit - Short-form video platform Privacy policy audit for a short-form video platform under GDPR and CPRA, focusing on disclosures, rights, ad legal bases, and cross-border processing. | 100% | 24% | 6 | |
#212026-01-06 | Privacy Audit | Privacy Policy Audit - Social network Privacy policy audit for a social network, evaluating GDPR and CPRA transparency items, user rights coverage, and retention disclosures. | 100% | 30% | 5 | |
#222026-01-07 | Employment Law | Union Comparison - Swedish software developer Comparison of Swedish unions and collective agreements for a full-time software developer, covering benefits, tradeoffs, and agreement coverage. | 100% | 20% | 1 | |
#232026-01-07 | Employment Law | Employment Contract Review - Sweden Employment contract compliance review under Swedish law, identifying risk areas, missing mandatory elements, and practical remediation guidance. | 100% | 17% | 2 | |
#242026-01-07 | Technical Review | Security Guidelines Review - Connected products Technical review of connected product security guidelines, identifying inconsistencies and aligning requirements to real regulatory regimes and standards. | 100% | 25% | 12 | |
#252026-01-10 | Technical Review | Cybersecurity Conformity Planning - CE/CRA readiness Cybersecurity conformity assessment planning for CE/RED readiness, including evidence artifacts, assessment steps, test strategy, and documentation expectations. | 100% | 37% | 5 | |
#262026-01-10 | Technical Review | IoT Security Crosswalk + Test Plan - Consumer IoT Consumer IoT security crosswalk and test plan, mapping ETSI and NIST requirements into testable procedures and evidence lists. | 100% | 30% | 4 | |
#272026-01-10 | Technical Review | FIPS 140 Delta Analysis - Cryptographic modules Delta analysis of FIPS 140-1 vs FIPS 140-2 for cryptographic modules, highlighting changed requirements and assessment implications. | 100% | 41% | 1 | |
#282026-01-10 | Technical Review | FIPS ↔ ISO Crypto Module Mapping Crosswalk between FIPS and ISO/IEC cryptographic module requirements, mapping controls and clarifying evidence expectations for audits. | 100% | 34% | 1 | |
#292026-01-10 | Technical Review | ISO 27001/27002 Migration Package - ISMS update ISO 27001/27002 migration package from 2013 to 2022, covering control changes, reorganization themes, and statement of applicability updates. | 100% | 34% | 4 | |
#302026-01-10 | Technical Review | NIST 800-53 ↔ ISO 27001/27002 Mapping Control mapping between NIST SP 800-53 Rev. 5 and ISO/IEC 27001:2022 Annex A to support alignment, crosswalks, and audit preparation. | 100% | 12% | 5 | |
#312026-01-10 | Technical Review | NIST CSF 1.1 to 2.0 Crosswalk Crosswalk from NIST Cybersecurity Framework 1.1 to 2.0, highlighting changes and mapping structure to support transition planning. | 100% | 29% | 5 | |
#322026-01-10 | Technical Review | NIST 800-171 Rev. 3 Delta + CMMC Mapping Clause-level delta analysis of NIST SP 800-171 Rev. 2 vs Rev. 3 with CMMC 2.0 mapping, identifying added objectives and assessment impact. | 100% | 18% | 4 | |
#332026-01-10 | Technical Review | OT Security Framework Crosswalk + Gaps (IEC 62443/NIST) OT security framework crosswalk between IEC 62443 requirements and NIST SP 800-82 guidance, identifying gaps plus example tests and evidence. | 100% | 20% | 3 | |
#342026-01-10 | Technical Review | PCI DSS v3.2.1 to v4.0 Delta + Crosswalk PCI DSS v3.2.1 to v4.0 delta analysis with crosswalks to NIST SP 800-53 Rev. 5 and ISO/IEC 27001:2022, including key changes and timelines. | 100% | 32% | 3 | |
#352026-01-14 | Sustainability Compliance | EU Energy Efficiency Directive Readiness - IoT appliances Readiness assessment for an EU IoT home-appliance manufacturer under the EU Energy Efficiency Directive, including obligations, exemptions, and a practical implementation plan. | 100% | 26% | 8 | |
#362026-01-14 | Sustainability Compliance | ESPR + Digital Product Passport Readiness - Appliances Readiness assessment for ESPR and Digital Product Passport obligations for an EU smart-appliance manufacturer, covering applicability, data requirements, and execution plan. | 100% | 22% | 2 | |
#372026-01-14 | Sustainability Compliance | EU Batteries Regulation Readiness - Embedded batteries Readiness plan for EU Batteries Regulation obligations relevant to consumer appliances with embedded or supplied batteries, including labeling, due diligence, and reporting. | 100% | 27% | 6 | |
#382026-01-14 | Sustainability Compliance | EU CSDDD Readiness - Supply chain due diligence Readiness assessment for EU corporate sustainability due diligence obligations for an EU-listed appliance manufacturer, including governance, risk mapping, and remediation. | 100% | 34% | 4 | |
#392026-01-14 | Sustainability Compliance | EU CSRD/ESRS Compliance Plan - Listed appliance manufacturer CSRD/ESRS compliance applicability and readiness plan for an EU-listed smart-appliance manufacturer, including reporting scope, materiality, assurance, and data controls. | 100% | 20% | 11 | |
#402026-01-14 | Sustainability Compliance | EU CSRD/ESRS Compliance Plan - Listed automotive manufacturer CSRD/ESRS applicability and compliance plan for an EU-listed automotive manufacturer, including ESRS scope, phased timelines, and operational reporting readiness. | 100% | 25% | 5 | |
#412026-01-14 | Sustainability Compliance | EU Green Claims Readiness - IoT appliances Readiness assessment for EU green-claims compliance in marketing and product communications for an EU IoT appliance manufacturer. | 100% | 12% | 6 | |
#422026-01-14 | Sustainability Compliance | EU Packaging Waste EPR Readiness - Appliances Packaging waste and EPR compliance readiness plan for an EU home-appliance manufacturer, covering registration, reporting, labeling, and operational controls. | 100% | 14% | 6 | |
#432026-01-14 | Sustainability Compliance | EU Water Sustainability Readiness - IoT appliances EU water-sustainability and water-efficiency compliance readiness plan for IoT appliances, including product efficiency, disclosures, and governance. | 100% | 14% | 5 |
Click any row to expand evaluation notes and see the per-auditor breakdown.
Purpose-built AI for compliance research delivers measurable advantages
100% coverage across 4,332 requirements, with no surprise gaps left for auditors to find.
0 factual errors flagged across 43 sessions, reducing the risk of acting on incorrect information.
Direct links to exact text passages in legal documents for full traceability.
Purpose-built for regulatory research, not a general-purpose tool stretched thin.
Transparent two-step scoring process with an independent second review
A requirement was marked correct only if the response:
Each session was scored independently by two auditors. Neither auditor saw the other's evaluation until scoring was complete.
Scores shown are the combined average from both auditors.
See how our Research Copilot can transform your compliance research with a personalized demo.
Explore other solutions