I've been chatting with a lot of developers across Europe and companies that aim to sell products in the EU. A common trend I'm seeing is that compliance work is increasingly being pushed onto engineering teams—most of whom don't have any legal training. We've all had our hands full with GDPR, but now there are additional regulations like the Corporate Sustainability Reporting Directive (CRA), NIS2's incident reporting requirements, the AI Act's risk classifications, and DORA for financial tech companies. The source materials are daunting too—think 400-page PDFs filled with legal jargon that are constantly being updated and cross-referenced.
I'm wondering about a few things:
- How much sprint time do these compliance tasks eat up for your team?
- Who takes ownership of compliance in your company: is it legal, engineering, or does it just go to whoever happens to be assigned?
- Has anyone found resources or tools that do simplify this process, or is it still a manual slog each time?
I'm raising these questions because I've been having similar frustrating discussions with many developers, and I'm curious if my situation is common.
5 Answers
This isn't just a dev problem, honestly. Every profession has its compliance hurdles! Just like a restaurant has to meet health codes, developers are now facing their own compliance requirements. It's about time legal woke up to privacy issues.
Compliance is tough, especially with accessibility regulations. I’ve started integrating automated checks like axe-core into our CI pipeline, which helps catch around 30% of issues automatically. It doesn’t cover everything, but it helps manage the more straightforward violations while you tackle the trickier stuff.
It's wild, but all tech-related tasks often end up on the devs, even things like setting up TVs in the board room. The only upside? You might find yourself in a position to influence how compliance is managed since you’re seen as an authority on the matter. Just push for a budget for tools like Secureframe or any GRC solutions to handle this properly, because juggling it with everything else isn't sustainable.
Totally relate! It's like being handed a huge contract and told to implement it by the end of the week without proper guidance. From what I've seen, companies often rely on vague directions from legal, with developers left guessing. And about tracking sprint time—few companies acknowledge how much time we lose in compliance loopholes. It just shows up as 'this feature took longer than planned.'
We usually just raise any compliance questions with our compliance teams. If they give the green light, we move forward. Honestly, it's unreasonable to expect devs to handle all the intricate compliance nuances.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads