Regulatory Obligation Mapper
# 06. Regulatory Obligation Mapper
**Domain:** Compliance
**Level:** Practitioner
## Use Case
Map a regulation, standard, or new legal requirement to existing controls, policies, and processes. Identifies which obligations are covered, which are partially covered, and which are unaddressed. The starting point for any compliance programme.
## Variables
| Variable | What to Enter | Example |
|----------|--------------|---------|
| `[REGULATION_OR_STANDARD]` | The regulation or standard to map | e.g. EU AI Act (Articles 9-17 for high-risk AI providers), ISO 42001:2023 Clauses 4-10, DPDP Act 2023 (India), GDPR Chapter III (data subject rights) |
| `[SPECIFIC_OBLIGATIONS]` | Paste or list the specific articles, clauses, or requirements to map | Paste the text or list the references - the more specific, the better the output |
| `[EXISTING_CONTROLS_AND_POLICIES]` | Your current controls, policies, and processes | List what you have: policy names and versions, system controls, process controls, governance structures |
| `[ORGANISATION_TYPE]` | Organisation type and regulatory role | e.g. EU AI Act high-risk AI provider, ISO 42001 certification candidate, GDPR data controller and processor |
| `[MAPPING_PURPOSE]` | Why this mapping is being done | e.g. Pre-certification readiness, regulatory submission, annual compliance review, response to new regulation |
## The Prompt
Copy everything below this line. Replace all `[VARIABLES]` with your specific information. Paste into Claude, GPT-4o, Gemini, or any capable LLM.
---when to use it
Community prompt sourced from the open-source GitHub repo KunalCyber/GRC-Prompts-Library (MIT). A "Regulatory Obligation Mapper" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.
tags
roleplaycommunitygeneral
source
KunalCyber/GRC-Prompts-Library · MIT