Compliance
NIS2, DORA, EU AI Act, GDPR — the technical side only.
Technical leads who have to translate legal text to engineering work.
Legal just forwarded the NIS2 transposition deadline. DORA applies to your financial partner. The CFO wants EU AI Act readiness for the next funding round. You're an engineering team, not a compliance department — and you still need to ship the technical controls that satisfy all three regimes without drowning in paperwork.
Most compliance courses are written by lawyers for lawyers. This track is written for engineers by people who've translated Article 21 into YAML. You graduate knowing exactly which config change earns you which paragraph in which audit.
Get on the waitlist
We ship in cohorts. Early-access members get first picks on missions, credentials, and Sentinel mentor sessions.
Weekly Security Report
Critical CVEs, fix guides, and hardening tips — free, every week.
- ✦First-cohort template access (Tier 1 regulators pre-filled)
- ✦Quarterly office hours with a compliance specialist
- ✦Audit-prep checklist reviewed against your specific regime
- ✦Priority on new regime coverage (DORA updates, AI Act implementing acts)
Concrete outcomes. No lecture notes.
- 01NIS2 Article 21 mapped to specific engineering controls you can verify in CI
- 02DORA ICT risk-management evidence you can attach to partner due diligence
- 03EU AI Act Annex IV technical documentation template (pre-filled for common stacks)
- 04GDPR Article 32 compliant encryption, access, and logging posture
- 05An evidence collection pipeline that auto-updates on every deploy
- 06An audit-readiness kit: one folder, everything the auditor will ask for
- 07Regulator communication templates reviewed by a specialised lawyer
- 08A plain-English mapping document bridging engineering work to compliance language
- ▸Technical leads assigned to NIS2/DORA/AI Act readiness
- ▸Engineering managers who have to translate legal text into sprints
- ▸Security engineers in regulated industries (fintech, healthtech, energy)
- ▸CTOs asking 'are we covered?' and getting silence back
Direct coverage of NIS2, DORA, EU AI Act, GDPR Art. 32, ISO 27001. Evidence produced is reusable across frameworks — fill in once, reference in any audit response. Does not replace legal counsel; sharpens the engineering side so legal counsel has less to argue about.
Our DORA audit was scheduled at 9 AM. I had no idea we would be asked for evidence at the technical layer. Ran the Compliance track over the weekend. At 8:58 I walked in with a binder. Auditor asked three questions. We passed.
Defender III — Compliance
8 missions + produce a real or synthetic audit response binder. Binder is reviewed by a practising compliance professional before cert is issued.
- ✓W3C Verifiable Credential — Compliance track
- ✓Full template library — NIS2, DORA, AI Act, GDPR, ISO 27001
- ✓Quarterly regime update emails (structured changelog)
- ✓Discount on ClawGuru Pro for 12 months (compliance-grade audit logging)
Questions we already got.
Is this a substitute for a lawyer?+
No. It handles the engineering side. For interpretation of legal obligations or audit defence, you still want a specialist. This track makes their job cheaper.
Are the templates jurisdiction-specific?+
NIS2, DORA, and AI Act are EU-wide. GDPR templates include German BfDI and Austrian DSB references. For other jurisdictions, the structure transfers; local names will differ.
How often is this updated?+
Every time a regime updates. Implementing Acts, delegated acts, ENISA guidance — we track them and update the corresponding missions.