--- title: "Artifacts" canonical_url: "https://www.sorena.io/artifacts" source_url: "https://www.sorena.io/artifacts" author: "Sorena AI" description: "GRC artifacts generated by Sorena AI from a simple prompt." keywords: - "GRC artifacts" - "governance risk and compliance" - "compliance artifacts" - "compliance checklists" - "compliance checklist" - "compliance calendar" - "compliance deadlines calendar" - "compliance templates" - "policy templates" - "audit checklist" - "decision maps" - "compliance decision maps" - "cybersecurity compliance" - "privacy compliance" - "product compliance" - "EU compliance" - "UK compliance" - "US privacy compliance" - "NIS2 guide" - "Cyber Resilience Act CRA guide" - "EU Data Act guide" - "EU DORA guide" - "ISO 27001 implementation guide" - "NIST CSF 2.0 guide" - "ETSI EN 303 645 guide" - "Sorena AI" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # Artifacts *Artifacts* ## Governance, Risk, and Compliance Artifacts GRC artifacts generated by Sorena AI from a simple prompt. What you see here is a snapshot, and they age fast. Our Copilot regenerates, combines, and tailors them to your context on demand. Our Autopilot evaluates where you stand, finds the gaps, and acts on them. [Stop auditing yourself](/solutions/assessment.md) *Web UI pagination: 7 pages. This markdown export includes all 61 artifacts.* ## Available Artifacts ### [Regulatory Universal Timeline](/artifacts/global/regulatory-universal-timelines.md) A combined view of regulatory deadlines across frameworks. See what is coming and when, then tailor a custom view for your organisation with Sorena. By Sorena AI | Updated 2026-02-12 ### [Cyber Resilience Act Timeline and Compliance Decision Flow](/artifacts/eu/cyber-resilience-act.md) Practical guide to scope, essential requirements, vulnerability handling, CE marking, and Article 14 reporting. By Sorena AI | Updated 2026-03-11 | Published 2026-03-04 ### [AI Act Timeline and Compliance Decision Flow](/artifacts/eu/artificial-intelligence-act.md) Practical guide to phased dates, prohibited practices, high-risk classification, transparency duties, and conformity assessment. By Sorena AI | Updated 2026-03-04 ### [Australia Cyber Security Act Timeline and Compliance Decision Flow](/artifacts/apac/australia-cyber-security-act.md) Practical guide to scope, smart device security standards, ransomware payment reporting, and compliance readiness. By Sorena AI | Updated 2026-03-04 ### [Digital Product Passport Timeline and Compliance Decision Flow](/artifacts/eu/digital-product-passport.md) Practical guide to DPP requirements, data carriers, unique identifiers, registry readiness, and implementation planning. By Sorena AI | Updated 2026-03-04 ### [ESPR Timeline and Compliance Decision Flow](/artifacts/eu/ecodesign-for-sustainable-products-regulation.md) Practical guide to delegated acts, product priorities, information requirements, and Digital Product Passport linkage. By Sorena AI | Updated 2026-03-04 ### [ETSI EN 303 645 Implementation Guide](/artifacts/global/etsi-en-303-645.md) Practical guide to scope, requirements, implementation steps, and audit-ready evidence for consumer IoT baseline security. By Sorena AI | Updated 2026-03-04 ### [ETSI EN 319 401 Implementation Guide](/artifacts/global/etsi-en-319-401.md) Practical guide to policy and security requirements, implementation patterns, and evidence artifacts for trust services. By Sorena AI | Updated 2026-03-04 ### [ETSI EN 319 411-1 Implementation Guide](/artifacts/global/etsi-en-319-411-1.md) Practical guide to certificate policy and security requirements for trust service providers, with evidence and audit readiness. By Sorena AI | Updated 2026-03-04 ### [ETSI EN 319 411-2 Implementation Guide](/artifacts/global/etsi-en-319-411-2.md) Practical guide to qualified certificate requirements and assurance expectations, with implementation notes and audit artifacts. By Sorena AI | Updated 2026-03-04 ### [ETSI Standards Hub](/artifacts/global/etsi-standards-hub.md) Hub for ETSI cybersecurity and trust-service standards, with practical implementation guidance, evidence artifacts, and cross-standard mappings. By Sorena AI | Updated 2026-03-04 ### [FIPS 140-3 Implementation Guide](/artifacts/global/fips-140-3.md) Practical guide to validation scope, module boundary design, requirements, and evidence needed for FIPS 140-3 readiness. By Sorena AI | Updated 2026-03-04 ### [FIPS Standards Hub](/artifacts/global/fips-standards-hub.md) Hub for FIPS cryptographic and module-validation standards, with implementation guidance, evidence artifacts, and migration pathways. By Sorena AI | Updated 2026-03-04 ### [FIPS-Approved Crypto Algorithms Guide](/artifacts/global/fips-crypto-algorithms.md) Guide to approved algorithms, deprecations, migration planning, and implementation evidence across FIPS crypto standards. By Sorena AI | Updated 2026-03-04 ### [ISO 22301 Implementation Guide](/artifacts/global/iso-22301.md) Practical guide to BCMS scope, requirements, implementation roadmap, and audit-ready evidence for ISO 22301 certification readiness. By Sorena AI | Updated 2026-03-04 ### [ISO 27001 Implementation Guide](/artifacts/global/iso-27001.md) Practical guide to ISMS scope, controls, implementation roadmap, and evidence needed for ISO 27001 certification readiness. By Sorena AI | Updated 2026-03-04 ### [ISO 27005 Risk Management Guide](/artifacts/global/iso-27005.md) Practical guide to ISO 27005 risk methods, treatment planning, decision logs, and evidence artifacts that make risk decisions audit-ready. By Sorena AI | Updated 2026-03-04 ### [ISO 27017 Cloud Security Controls Guide](/artifacts/global/iso-27017.md) Practical guide to cloud security controls, shared responsibility, implementation patterns, and evidence artifacts for ISO 27017. By Sorena AI | Updated 2026-03-04 ### [ISO 27018 Cloud Privacy Controls Guide](/artifacts/global/iso-27018.md) Practical guide to cloud privacy controls, processor responsibilities, implementation guidance, and audit-ready evidence for ISO 27018. By Sorena AI | Updated 2026-03-04 ### [ISO 27035 Incident Response Guide](/artifacts/global/iso-27035.md) Practical guide to incident response lifecycle design, readiness, and evidence artifacts aligned to ISO 27035. By Sorena AI | Updated 2026-03-04 ### [ISO 27036 Supplier Security Guide](/artifacts/global/iso-27036.md) Practical guide to third-party security governance, supplier assurance, and evidence artifacts aligned to ISO 27036. By Sorena AI | Updated 2026-03-04 ### [ISO 42001 AI Management System Guide](/artifacts/global/iso-42001.md) Practical guide to AIMS scope, governance, controls, and evidence artifacts aligned to ISO 42001 for AI risk management. By Sorena AI | Updated 2026-03-04 ### [ISO Standards Hub](/artifacts/global/iso-standards-hub.md) Hub for ISO cybersecurity and resilience standards with practical implementation guidance, evidence artifacts, and cross-standard mappings. By Sorena AI | Updated 2026-03-04 ### [NIST CSF 2.0 Implementation Guide](/artifacts/global/nist-csf-2-0.md) Practical guide to current/target profiles, governance, metrics, and evidence artifacts for NIST CSF 2.0 adoption. By Sorena AI | Updated 2026-03-04 ### [NIST Frameworks Hub](/artifacts/global/nist-frameworks-hub.md) Hub for NIST frameworks and publications with practical implementation guidance, evidence artifacts, and cross-mappings. By Sorena AI | Updated 2026-03-04 ### [NIST SP 800-161 Rev. 1 C-SCRM Guide](/artifacts/global/nist-sp-800-161-rev-1.md) Practical guide to cyber supply chain risk management program design, controls, and evidence artifacts aligned to NIST SP 800-161. By Sorena AI | Updated 2026-03-04 ### [NIST SP 800-218 SSDF Implementation Guide](/artifacts/global/nist-sp-800-218-ssdf.md) Practical guide to SSDF practices, SDLC controls, and audit-ready evidence artifacts aligned to NIST SP 800-218. By Sorena AI | Updated 2026-03-04 ### [NIST SP 800-53 Rev. 5 Controls Guide](/artifacts/global/nist-sp-800-53-rev-5.md) Practical guide to control selection, tailoring, implementation patterns, and evidence artifacts aligned to NIST SP 800-53 Rev. 5. By Sorena AI | Updated 2026-03-04 ### [NIST SP 800-61 Rev. 3 Incident Response Guide](/artifacts/global/nist-sp-800-61-rev-3.md) Practical guide to incident response lifecycle design, playbooks, severity models, and evidence artifacts aligned to NIST SP 800-61 Rev. 3. By Sorena AI | Updated 2026-03-04 ### [EU Accessibility Act Timeline and Decision Flow](/artifacts/eu/accessibility-act.md) A practical EAA artifact with key dates and a decision flow to help teams understand scope and accessibility requirements for covered products and services. By Sorena AI | Updated 2026-02-23 | Published 2026-02-21 ### [EU Data Act Timeline and Scope Decision Flow](/artifacts/eu/data-act.md) A Data Act artifact with key dates and a decision flow to confirm applicability and plan connected product data access, B2G exceptional need, and cloud switching obligations. By Sorena AI | Updated 2026-02-23 ### [EU Deforestation Regulation (EUDR) Timeline and Decision Flow](/artifacts/eu/deforestation-regulation.md) An EUDR due diligence artifact with key dates and a decision flow to help operators and traders implement deforestation free supply chain compliance. By Sorena AI | Updated 2026-02-23 | Published 2026-02-22 ### [EU Digital Markets Act Timeline and Decision Flow](/artifacts/eu/digital-markets-act.md) A DMA artifact with key dates and a decision flow to help teams understand gatekeeper designation and core obligations. By Sorena AI | Updated 2026-02-23 | Published 2026-02-21 ### [EU DORA Timeline and Compliance Decision Flow](/artifacts/eu/digital-operational-resilience-act.md) A practical DORA artifact with key dates and a compliance decision flow to scope your entity, apply proportionality, and implement ICT risk, incident reporting, testing (TLPT), and third party requirements. By Sorena AI | Updated 2026-02-23 ### [EU NIS2 Timeline and Compliance Decision Flow](/artifacts/eu/nis2-directive.md) A practical NIS2 artifact with key dates and a decision flow to scope applicability and plan cybersecurity workstreams and incident readiness. By Sorena AI | Updated 2026-02-23 ### [EU CSRD and ESRS Timeline and Decision Flow](/artifacts/eu/corporate-sustainability-reporting-directive.md) A CSRD and ESRS artifact with key dates and a decision flow to confirm reporting scope and plan sustainability reporting obligations. By Sorena AI | Updated 2026-02-22 ### [EU MDR Timeline and Decision Flow](/artifacts/eu/medical-device-regulation.md) A medical device compliance artifact with key dates and a decision flow to help teams classify devices and plan conformity assessment steps. By Sorena AI | Updated 2026-02-22 ### [UK PSTI Product Security Timeline and Decision Flow](/artifacts/uk/product-security-and-telecommunications-infrastructure-act.md) A PSTI artifact with key dates and a decision flow to help product teams implement baseline security requirements for consumer connectable products. By Sorena AI | Updated 2026-02-22 ### [US CPRA Timeline and Decision Flow](/artifacts/us/california-privacy-rights-act.md) A CPRA artifact with key dates and a decision flow to help teams understand scope, consumer rights, and business obligations under California privacy law. By Sorena AI | Updated 2026-02-22 ### [Brazil LGPD Timeline and Decision Flow](/artifacts/latam/brazil-lgpd.md) A practical LGPD artifact with key dates and a decision flow to help teams understand scope, roles, and core compliance obligations. By Sorena AI | Updated 2026-02-21 ### [EU Batteries Regulation Timeline and Decision Flow](/artifacts/eu/batteries-regulation.md) A batteries compliance artifact with key dates and a decision flow covering scope and core obligations across the battery lifecycle. By Sorena AI | Updated 2026-02-21 ### [EU CSDDD Timeline and Decision Flow](/artifacts/eu/corporate-sustainability-due-diligence-directive.md) A corporate due diligence artifact with key dates and a decision flow to help teams understand scope and build a risk based compliance program. By Sorena AI | Updated 2026-02-21 ### [EU Digital Services Act Timeline and Decision Flow](/artifacts/eu/digital-services-act.md) A DSA artifact with key dates and a decision flow to help online services understand platform categories and obligations. By Sorena AI | Updated 2026-02-21 ### [EU eIDAS Timeline and Decision Flow](/artifacts/eu/electronic-identification-and-trust-services-regulation.md) An eIDAS compliance artifact with key dates and a decision flow to help teams understand trust services and electronic identification obligations. By Sorena AI | Updated 2026-02-21 ### [EU EMC Directive Timeline and Decision Flow](/artifacts/eu/emc-directive.md) An EMC compliance artifact with key dates and a decision flow to help manufacturers and importers meet electromagnetic compatibility requirements. By Sorena AI | Updated 2026-02-21 ### [EU Energy Efficiency Directive Timeline and Decision Flow](/artifacts/eu/energy-efficiency-directive.md) An energy efficiency compliance artifact with key dates and a decision flow to help organizations understand scope and implementation duties. By Sorena AI | Updated 2026-02-21 ### [EU ePrivacy Timeline and Decision Flow](/artifacts/eu/eprivacy-directive.md) An ePrivacy artifact with key dates and a decision flow to help teams handle cookies, tracking, and electronic communications confidentiality. By Sorena AI | Updated 2026-02-21 ### [EU GDPR Timeline and Decision Flow](/artifacts/eu/general-data-protection-regulation.md) A practical GDPR artifact with key dates and a decision flow to confirm scope and applicability and map key obligations. By Sorena AI | Updated 2026-02-21 ### [EU GPSR Timeline and Decision Flow](/artifacts/eu/general-product-safety-regulation.md) A product safety artifact with key dates and a decision flow to help teams understand scope and core obligations under the GPSR. By Sorena AI | Updated 2026-02-21 ### [EU Green Claims Directive Timeline and Decision Flow](/artifacts/eu/green-claims-directive.md) A green claims artifact with key dates and a decision flow to help teams understand substantiation and verification requirements for environmental claims. By Sorena AI | Updated 2026-02-21 ### [EU LVD Directive Timeline and Decision Flow](/artifacts/eu/low-voltage-directive.md) A low voltage directive artifact with key dates and a decision flow to help teams understand scope and core safety obligations. By Sorena AI | Updated 2026-02-21 ### [EU Machinery Regulation Timeline and Decision Flow](/artifacts/eu/machinery-regulation.md) A machinery compliance artifact with key dates and a decision flow to help teams determine scope, category, and conformity assessment path. By Sorena AI | Updated 2026-02-21 ### [EU MSR Timeline and Decision Flow](/artifacts/eu/market-surveillance-regulation.md) A market surveillance regulation artifact with key dates and a decision flow to help economic operators understand responsibilities and enforcement touchpoints. By Sorena AI | Updated 2026-02-21 ### [EU PPWR Timeline and Decision Flow](/artifacts/eu/packaging-waste-regulation.md) A packaging and packaging waste regulation artifact with key dates and a decision flow to help teams understand scope and compliance obligations. By Sorena AI | Updated 2026-02-21 ### [EU RED Directive Timeline and Decision Flow](/artifacts/eu/radio-equipment-directive.md) A radio equipment directive artifact with key dates and a decision flow to help teams understand scope and core compliance obligations. By Sorena AI | Updated 2026-02-21 ### [EU RoHS Timeline and Decision Flow](/artifacts/eu/rohs-directive.md) A RoHS compliance artifact with key dates and a decision flow to help teams handle restricted substances, exemptions, and technical documentation. By Sorena AI | Updated 2026-02-21 ### [EU Taxonomy Timeline and Decision Flow](/artifacts/eu/taxonomy-regulation.md) An EU Taxonomy artifact with key dates and a decision flow to help teams assess eligibility and alignment for sustainable activities reporting. By Sorena AI | Updated 2026-02-21 ### [Singapore PDPA Timeline and Decision Flow](/artifacts/apac/singapore-pdpa.md) A PDPA artifact with key dates and a decision flow to help teams understand scope, roles, and core personal data protection obligations. By Sorena AI | Updated 2026-02-21 ### [UK GDPR Timeline and Decision Flow](/artifacts/uk/general-data-protection-regulation.md) A practical UK GDPR artifact with key dates and a decision flow to help teams understand scope, roles, and core obligations under UK data protection law. By Sorena AI | Updated 2026-02-21 ### [UK Online Safety Act Timeline and Decision Flow](/artifacts/uk/online-safety-act.md) An Online Safety Act artifact with key dates and a decision flow to help teams understand service scope, risk assessments, and duties of care. By Sorena AI | Updated 2026-02-21 ### [US CCPA Timeline and Decision Flow](/artifacts/us/california-consumer-privacy-act.md) A CCPA artifact with key dates and a decision flow to help teams understand scope, consumer rights, and business obligations. By Sorena AI | Updated 2026-02-21 ## Pagination Pages: [1](/artifacts.md) | [2](/artifacts/page/2.md) | [3](/artifacts/page/3.md) | [4](/artifacts/page/4.md) | [5](/artifacts/page/5.md) | [6](/artifacts/page/6.md) | [7](/artifacts/page/7.md) ## Want these tailored to your needs? Get a customised guideline aligned to your organisation, systems, and deadlines, with clear actions your team can execute. [Talk to an expert](/contact.md) --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts