BETA · GateTest is in active polish ahead of public launch. Some flows are rough. Found a bug? hello@gatetest.ai — we're reading every message.
6 compliance regimes

What GateTest catches, by regulation.

Compliance is a programme, not a tool. But every major regime has a list of code-level findings auditors sample — secrets in source, missing TLS, PII in logs, unrotated credentials, vulnerable dependencies. GateTest catches those before the auditor sees them.

Every page below ties specific GateTest findings to specific clauses of the regulation. We also publish what GateTest does NOT cover — physical security, contracts, training — because compliance honesty matters.

GDPR
May 2018
General Data Protection Regulation
European Union (plus UK GDPR mirror in the United Kingdom)
Regulators in 2025-26 have moved past warning letters — Meta, TikTok, and Amazon have each been fined nine figures. The fastest way to fail
HIPAA
Privacy Rule 2003, Security Rule 2005, HITECH amendments 2009
Health Insurance Portability and Accountability Act
United States
OCR enforcement has shifted to telehealth and AI-powered clinical SaaS — the 2024-25 wave of breach reports points back to swallowed errors
SOC 2
2010 (Trust Services Criteria revised 2017, refreshed 2022)
SOC 2 Trust Services Criteria (Type I and Type II)
Global
By 2026 every Series B SaaS sale in North America requires a Type II report. The Type II window is 6-12 months of evidence, so the technical
CCPA
January 2020 (CCPA); January 2023 (CPRA amendments + CPPA enforcement)
California Consumer Privacy Act (amended by the CPRA)
California, USA
The California Privacy Protection Agency reached full enforcement throughput in 2024-25. Their public sweeps focus on "sale or sharing" disc
PCI DSS
v4.0 published March 2022, mandatory from 31 March 2024 (with newer requirements effective 31 March 2025)
Payment Card Industry Data Security Standard (v4.0)
Global
PCI DSS v4.0 became fully mandatory in March 2025. v4.0 specifically calls out client-side script integrity (Requirement 6.4.3), TLS configu
ISO 27001
ISO/IEC 27001:2022 published 25 October 2022; transition from 2013 version closes 31 October 2025.
ISO/IEC 27001:2022 — Information security management systems
Global
By the end of 2025, every company on the 2013 standard has to be re-certified against 2022's Annex A — the new control set explicitly names

One scan, every regime's technical findings.

Per-scan pricing. AI auto-fix PR on Scan + Fix and Forensic tiers.

Run a scan →