GDPR
GDPR is treated as operational obligation, not loose content.
Compliance
Compliance work that stays organised
European companies face, among others, GDPR, the EU AI Act, and NIS2 — but most early-stage companies only need to comply with the basics.
GDPRIn effect since 2018
AI ActPhased 2025-2026
NIS2Implementation 2024-2025
I - Maturity
Compliance should start with what matters for the company stage.
Cut through regulatory complexity. Know exactly what applies to your company stage and skip what doesn't. Practical compliance for founders, not lawyers.
MVP checklistFirst actions
From guide to workflow.
Resources, FAQs, and product paths stay connected so the team leaves reading with concrete actions.
Privacy policy published
Cookie banner implemented
DPAs with vendors signed
Processing register created
Data subject rights process
AI risk classification (if applicable)
EU AI Act
EU AI Act is treated as operational obligation, not loose content.
NIS2
NIS2 is treated as operational obligation, not loose content.
Checklist
Minimum viable compliance first. Then the system.
The hub keeps FAQs and resources tied to first compliance actions.
01
Privacy policy published
02
Cookie banner implemented
03
DPAs with vendors signed
04
Processing register created
05
Data subject rights process
06
AI risk classification (if applicable)
Privacy policy published
Initial action to move out of basic risk.
Cookie banner implemented
Initial action to move out of basic risk.
DPAs with vendors signed
Initial action to move out of basic risk.
II - FAQ
FAQs stay inside the hub.
The structured answers continue to feed the FAQPage schema.
Compliance made simple for companies
Outlex guides you through regulatory requirements step by step.
GDPR · AI Act · NIS2 · Product-connected resources