All sectors
💻
S06 · EU Compliance

Software / SaaS — compliance

Software products and SaaS platforms face the broadest new EU regulatory scope. CRA applies from 2027, AI Act from 2024–2026, NIS2 catches managed service providers — and AVG applies to every customer you have in the EU.

Start free compliance scan Speak to Mike
Relevant roles: CTO · CEO · CISO

What keeps compliance officers awake

// SECTOR REALITY

CRA requires security-by-design for all products with digital elements — meaning your entire product development lifecycle must change. AI Act imposes conformity assessments for high-risk AI. NIS2 catches MSPs and cloud providers as essential or important entities.

Applicable EU frameworks

CRA
Cyber Resilience Act
Security-by-design for all software products. Mandatory from 2027. Vulnerability disclosure, support periods.
AI Act
EU Artificial Intelligence Act
Risk classification for AI systems. High-risk = conformity assessment + CE marking. In force 2024–2026.
NIS2
Network & Information Security Directive 2
MSPs and cloud providers: important entity obligations, supply chain security.
AVG/GDPR
Algemene Verordening Gegevensbescherming
Data processing agreements, DPA for customers, privacy-by-design.
Free · 30 minutes

Know exactly where you stand

The CMO→FMO scan gives you a personalised compliance report for Software / SaaS. 9 questions. Instant report. No registration.

Start CMO → FMO scan (free) ← Other sectors