The full list. Short answers to what compliance leads ask before, during, and after buying. Grouped by what stage you're in.
Authored and reviewed by compliance management professionals with decades of regulatory experience. Each checklist is built question by question against the published regulation or standard — every article, annex and clause — not scraped, not paraphrased, not generated wholesale. Every provision is signed off and recorded as covered, informational or out of scope in the Compliance Matrix that ships free with every checklist.
Every checklist ships with a free Compliance Matrix you can download before you buy. It lists every article, annex or clause of the regulation as a row, with its coverage status (Covered / Informational / Out of scope) and the audit questions that map to it. You can verify the methodology line by line before paying — it's the artefact your own auditor can use to check the checklist, and the single biggest difference between this and a template pack.
Every Compliance Matrix states the exact version of the regulation or standard the checklist was reviewed against, and the catalogue card shows the current version. You always know which edition the checklist tracks.
Every article, annex and clause in scope is reviewed individually. Provisions that carry no obligation on your organisation — definitions, scope statements, recitals — are recorded as Informational in the matrix rather than generating an audit question. They're acknowledged, not skipped. Provisions addressed solely to supervisory authorities are explicitly out of scope: they apply to the regulator, not to you.
Each question carries: the regulatory citation it derives from, the source regulation text reproduced verbatim inline, a four-state compliance classification (Documented & Implemented / Documented Not Implemented / Not Documented but Implemented / Not Documented and Not Implemented), a finding-level field, suggested evidence to request, and a management-system reference field for your own cross-reference. Structured for sample-based auditing under a management-system framework such as ISO 27001.
Every amendment within your 12-month update window is re-authored against the new version, re-rendered through the same pipeline, and emailed to you automatically. The publish SLA is 30 days from the date the regulator publishes — non-delivery within that window counts as a defect under the refund policy. You don't have to watch the EUR-Lex feed; we do.
Five formats of one reviewed content set:
The free Compliance Matrix ships alongside as the coverage-verification document.
Within your organisation, yes — employees and contractors working for the licensee organisation may use, print, annotate and reference the checklist as part of their normal work. Sharing outside the organisation (other firms, file-sharing networks, supplier portals, third-party GRC systems) is not permitted under the licence. The licence is per organisation.
Yes. The Data Bank CSV and Question Bank XML are built for ingestion into third-party audit and GRC software with structured-import support. The XML carries a stable XSD contract so your data team maps the schema once; the CSV is the universal flat-table fallback for tools that accept tabular input. The Audit Workbook XLSX is also a standalone working format if your team prefers spreadsheet-based audits.
Send us the details via the contact form. If we verify the defect (wrong content, corrupt file, regulation-version mismatch, missed provision), we refund the full purchase and fix it in the next publish. Defect-only refunds, but no time window — you can claim a defect refund at any point during the 12-month update period.
You keep every artefact you've downloaded — no DRM, no remote disable. What stops is delivery of new amendments published after your update period ends. Thirty days before that date we'll email a one-click link to buy the next 12 months at the then-current price. If you renew, the new period back-dates to the anniversary so there's no missed-month gap. If you don't, nothing else happens — you have what you have.
Request a re-send via the contact form using the email address you purchased with. We'll resend fresh download links within one business day. The artefacts you purchased don't expire — we can re-issue links to the exact edition you bought, even after your update period has ended.
No. It's a one-off purchase that includes 12 months of updates — a single invoice, a single approval line, no card on file. Thirty days before your update period ends we'll email a one-click link to buy the next 12 months. You choose; nothing happens automatically.
Yes. A VAT-compliant invoice PDF is issued automatically on payment, addressed to the organisation name you provide at checkout (not the cardholder's personal name). It carries a sequential number, the supplier VAT details for Contenza K/S, CVR 43349023, Denmark, and a full line-item VAT breakdown. EU B2B reverse-charge is automatic when you provide a valid VAT ID — the invoice states "Reverse charge — VAT to be accounted for by the recipient."
Yes — for buyers whose procurement requires a PO and invoice before payment. Tell us via the contact form which checklist you need and we'll issue an invoice addressed to your organisation, payable by card or bank transfer on your terms. Default self-serve checkout is card-then-invoice; the manual route exists for procurement-heavy buyers.
Through Stripe Checkout: all major credit and debit cards, SEPA Direct Debit for EU buyers, and Apple Pay / Google Pay where supported. EU B2B buyers can provide a VAT ID at checkout for automatic reverse-charge. For invoice-first / NET-30 buyers, bank transfer via Stripe Invoicing is also available.
We store only what's required to deliver the product and meet bookkeeping law: your email, organisation name, the country and VAT details captured at checkout, and the purchase record itself. Card data is held by Stripe, never by us. Server logs are retained for 90 days. Marketing contact is opt-in only via the unticked checkbox at checkout. You can make a GDPR request via the contact form (access, correction, erasure, portability, objection).
The licence doesn't transfer automatically with a sale or merger, but transfer is usually a formality — send the original organisation name and the successor entity via the contact form and we'll update the licensee on record. The 12-month update period continues uninterrupted and future amendment emails switch to the new contact you provide.
Defect-only. If you identify a defect — wrong content, a mistranscribed regulation, a factual error — tell us via the contact form. We verify, correct, and reissue the affected artefacts within a reasonable timeframe at no further charge. Amendments published during your 12-month update period are re-authored and reissued automatically; non-delivery within 30 days of publication is treated as a defect under this clause. The free Compliance Matrix and sample PDF are the pre-purchase verification path.