Kardu

Prepare for ISO 27001 and NIS2.Everything in one system.

A Governance, Risk and Compliance platform for european SMEs that need a single architecture that covers multiple obligations without duplication.

Request early accessSee the product
EU Directive 2022/2555

NIS2 is not optional.European companies must demonstrate their security posture. Kardu maintain your compliance and turns it into a competitive advantage.

See how Kardu covers NIS2View official documentation →

It applies to your company if...

You have more than 50 employees or exceed 10M EUR in annual revenue in essential or important sectors.

The deadline is already active

NIS2 transposition is underway across the EU. National authorities can already start inspections.

Kardu manages it

Mapped controls, linked evidence and audit-ready reporting. All in one system.

SMEs no longer ask only: «what do we need to comply with?»

The bigger questions now is: «how we build resilience in the process?»

80%

Reduction in audit time

From weeks to days. Evidence organised and ready for the auditor in one click.

5x

Interconnected frameworks

Five regulatory frameworks managed from a single system, without switching tools.

20h

Initial program setup

From zero to an active program with configured controls and Compliance Score calculated.

100%

Data hosted in the EU

Frankfurt, Germany. No US CLOUD Act exposure. Data never leaves the EEA.

What is the CLOUD Act?

Everything you need to manage your compliance

A unified system that covers the complete cycle — from risk identification to compliance demonstration.

Controls Management

NIS2, ISO 27001, ENS and DORA in one panel. Assign, review and update controls without duplicating work across frameworks.

Linked Evidence

Every control has its evidence attached. Automatic expiries, reminders and full lifecycle traceability.

Public Trust Center

Public page of your security posture. Share with clients, partners and auditors with a single link.

Automations

No-code workflows. Automatic alerts, assignments and reminders based on events in your compliance program.

Team Management

Integrated RACI matrix. Assign owners by control and framework. Team training and awareness included.

Reporting and Audit

Audit-ready reports with one click. PDF export with integrity hash. Immutable change history.

See all features

All your frameworks in one system

Kardu automatically cross-references controls across frameworks. A control that meets NIS2 can cover up to 60% of ISO 27001 without duplicating work.

Mandatory

NIS2

Mandatory European cybersecurity directive.

21 risk management measures

View official documentation →

Certifiable

ISO 27001

International information security standard.

93 controls across 4 themes

View official documentation →

Spain

ENS

National Security Scheme for public entities.

75 security measures

View official documentation →

Financial

DORA

Digital operational resilience for the financial sector.

ICT risk management

View official documentation →

Privacy

GDPR

European regulation on the protection of personal data.

99 articles, 6 legal bases

View official documentation →

From zero to compliance in weeks, not months

Built for European SMEs and scale-ups that need ISO 27001 or NIS2 — without a dedicated compliance team.

1

Your org is live

Integrate your existing tools and configure your organization in minutes.

2

Map, don't duplicate

Select the frameworks that apply to your company. Kardu cross-references controls automatically.

3

Assign ownership

Distribute controls to your team with clear roles and responsibilities.

4

Collect evidence

Attach proof to each control. Automatic expiries and reminders.

5

Audit-ready, always

Generate audit-ready reports with one click. Your documentation always up to date.

Request early access

Plans for every stage of your compliance

No lock-in. No hidden costs. New frameworks included in your plan at no extra charge.

MonthlyAnnual

Free Trial

Free

7 days

7 days to explore Kardu with no commitment.

  • 3 frameworks included
  • Intermediate product access
  • Up to 3 users
  • Data retained 30 days after expiry
  • No credit card required
Start free

Starter

€49/mo

For small teams starting their compliance program.

  • 1 active framework
  • Up to 5 users
  • 100 evidence items
  • Basic Trust Center
  • Email support
Get Starter
Most popular

Growth

€149/mo

For companies managing multiple frameworks and teams.

  • 3 active frameworks
  • Up to 20 users
  • 500 evidence items
  • Automations included
  • Full Trust Center
  • Priority support
Get Growth

Pro

€499/mo

For organizations with full NIS2 requirements and large teams.

  • All frameworks
  • Up to 50 users (NIS2 criteria)
  • 1,000 evidence items
  • API access
  • MSP mode included
  • Dedicated support
Get Pro

Prices exclude VAT. Billed in euros.

Resources for your compliance

View all articles
NIS25 min · January 2026

NIS2 and incident notification: 24 hours to report, 72 hours to explain

The clock starts at the moment of the incident. We explain how to structure your notification process to avoid missing deadlines.

ISO 270015 min · January 2026

Why evidence is what really decides a security audit

A control without evidence does not exist for the auditor. We tell you what counts, what does not, and how to organise it.

GRC5 min · December 2025

Your security posture as a competitive advantage: how the Trust Center changes sales conversations

Companies that demonstrate their security win more contracts. We explain how to turn compliance into a commercial argument.

Request early access.

Access is by invitation. We work directly with each organisation to ensure the product fits their regulatory reality from day one.

  • Priority product access
  • Special early adopter pricing
  • Data hosted in the EU
  • No lock-in

0/500

Response within 48 hours. No spam.