Your Citizen right to Check · Use Real-time compliance

NormGap Check

Does the service provider meet the legal requirements?

Before you share your personal information with a service, you should know how it is handled. This includes where your data is stored, who can access it, whether it leaves the EU, and how AI may be used to process it.

NormGap Check gives you a clear, easy-to-understand overview of the legal requirements that apply to the provider, together with potential privacy, security, and AI-related risks—helping you make informed decisions before you trust a service with your data.

§ 01 · Providers of IT services

Search for a provider

The compliance assessment (GDPR, NIS2, DORA, etc.) is continuously sourced from a system of tokenized laws analyzed by a Mistral LLM.

Scope:

Example
Domains triggered
4/9
Estimated obligation range
68–205
Flagged uncertain
5questions

§ Triggered domains — likely scope

GDPR
Top concern
Data Protection (GDPR)
Q4_PERSONAL_DATA = YES | LIMITED
Needs deeper analysis to bind obligations to your systems.
AI_ACT_DEPLOYER_LIGHT
Top concern
AI Act — third-party deployer
Q7_AI_SYSTEMS = USES_THIRD_PARTY
Needs deeper analysis to bind obligations to your systems.
DORA
Top concern
Financial Operational Resilience (DORA)
Q3_SECTOR = FINANCIAL_SERVICES
Needs deeper analysis to bind obligations to your systems.
SCHREMS_II
Third-country transfers (Schrems II)
Q6_DATA_TRANSFER = US_SUBPROCESSOR | OTHER_THIRD_COUNTRY
Needs deeper analysis to bind obligations to your systems.

§ Not triggered — monitor only

Artificial Intelligence (AI Act) · Cybersecurity (NIS2) · Public Procurement · European Accessibility Act · Medical Devices (MDR)

Search a provider to see real data.