This document is a template provided as a starting point for your compliance documentation. It does not constitute legal advice and should be reviewed by a qualified legal professional before use. Viktoria Compliance accepts no liability for the use of this template.
Compliance Document Templates
Download and customize GDPR-compliant document templates for your organisation. These templates are starting points — always consult a legal professional.
Privacy Policy Template
GDPR-compliant privacy policy template covering Articles 13 and 14 requirements. Suitable for websites, apps, and online services.
Data Processing Agreement Template
GDPR Article 28 compliant data processing agreement between a data controller and data processor.
Records of Processing Activities Template
GDPR Article 30 compliant register of processing activities. Every data controller must maintain this record.
Personal Data Breach Response Procedure
GDPR Articles 33 and 34 compliant procedure for detecting, assessing, containing, and reporting personal data breaches. Adopt as an internal policy document.
NIS2 Business Continuity Plan — Template
NIS2 business continuity and crisis management plan aligned with Article 21(2)(c) and (d) of Directive (EU) 2022/2555. Adopt as an internal cybersecurity governance document for essential and important entities.
NIS2 Compliance Policy — Template
Master cybersecurity compliance policy aligned with Articles 20–23 of Directive (EU) 2022/2555. Establishes governance, risk management, security measures and reporting obligations for essential and important entities.
NIS2 Incident Response Plan — Template
Operational incident response procedure aligned with Article 23 of Directive (EU) 2022/2555. Covers detection, triage, containment, recovery and the 24-hour, 72-hour and one-month reporting obligations to the competent authority and CSIRT.
NIS2 Cybersecurity Risk Assessment — Template
Cybersecurity risk assessment template aligned with Article 21(1) and (2)(a) of Directive (EU) 2022/2555. Documents the risk-based approach required of essential and important entities and supports evidence of compliance to the supervisory authority.
NIS2 Supply Chain Security Policy — Template
Vendor and third-party cybersecurity policy aligned with Article 21(2)(d) of Directive (EU) 2022/2555. Establishes vendor assessment, contractual security requirements and supply-chain incident notification obligations.
AI Act Risk Classification Decision — Template
Risk classification decision for AI systems under Regulation (EU) 2024/1689. Determines whether a system is prohibited (Art. 5), high-risk (Art. 6 + Annex III), GPAI (Art. 51-55), or limited/minimal risk.
AI System Inventory and Register — Template
Live register of every AI system the entity provides or deploys. Implements Article 11 + Annex IV documentation for high-risk AI systems and Articles 53-55 for GPAI under Regulation (EU) 2024/1689.
AI Act Conformity Assessment Procedure — Template
Procedure for conformity assessment of high-risk AI systems under Article 43 of Regulation (EU) 2024/1689. Internal control for Annex III systems or third-party assessment via a notified body for Annex I systems. Produces the EU declaration of conformity (Article 47) and CE marking (Article 48).
AI Act Transparency Notice — Template
User-facing transparency document under Article 50 of Regulation (EU) 2024/1689. Covers AI-interaction disclosure, deepfake labelling, emotion-recognition / biometric-categorisation notification, and the GPAI training-data summary required under Article 53(1)(d). Applicable from 2 August 2026.
AI Governance Policy — Template
Master AI governance policy under Regulation (EU) 2024/1689. Establishes the AI Officer role, AI ethics review board, incident reporting under Article 73, AI literacy programme (Article 4), and the corporate framework that connects risk classification, conformity assessment and post-market monitoring.
AI Act Human Oversight Procedure — Template
Procedure for designing and exercising human oversight of high-risk AI systems under Article 14 of Regulation (EU) 2024/1689. Covers operator selection, training, override authority, intervention patterns and the deployer-side implementation of provider-supplied oversight measures (Article 26(2)).
AI Act Data Quality and Management Procedure — Template
Procedure for high-risk AI systems under Article 10 of Regulation (EU) 2024/1689. Covers training, validation and testing data set governance, bias detection and mitigation, statistical-properties documentation, and the special-categories-of-personal-data exception in Article 10(5).