### Problem to solve Customers with complex GitLab group environments do not have the necessary features and insight to manage group-level compliance. Currently, customers create custom solutions to implement controls that meet, or try to meet, their internal compliance program requirements. This places a burden (time and cost) on customers to develop solutions to challenges GitLab introduces to their compliance programs. ### What's Next and Why With a focus on **easily-digestible compliance information** and compliance management, the following areas will be key to evolving our group-level compliance features: * Compliance Dashboard(s) * Organizations need to be able to view aggregate compliance information about their group environments. * Exportable Reports * Activity that occurs within GitLab needs to be exportable for auditing purposes and without necessitating an API solution. * Extending Audit Events API * Customers, especially of `.com`, need more detailed information about their group activity. This information should be available via API for more technical implementations in complex compliance programs. * Controls Enforcement * Users of GitLab should not be able to modify or bypass controls (e.g. merge request approvals) set by `Owners`