Compliance is generally understood as the documenting and auditing of evidence deemed sufficient to demonstrate conformance to a rule, a specification, a policy or a law. In this paper, we consider, in the specific context of software development, what are the legal and technical challenges raised by such an understanding of compliance. More specifically, we ask a) what is the nature of this evidence; b) how can sufficiency be defined, and c) how precisely defined is the task of auditing this evidence.