What is Kardu's Compliance Score?

The Compliance Score is a number from 0 to 100 that reflects the real state of your compliance across each framework. It updates automatically as you add evidence. It is the only KPI that boards, investors and clients understand without needing technical context.

← Back to blogGRC

What is Kardu?

4 min · June 2026 · Kardu Team

Last updated: 31 May 2026

TL;DR: Kardu is the GRC platform that organises your company's security around ISO 27001, covers NIS2, ENS and DORA simultaneously, and turns your compliance posture into a visible sales asset. No dedicated security team required.

Is your company ready to prove its security today?

Not in six months when the audit arrives. Not when a client demands it. Today. With real evidence, active controls and a report ready to share in one click.

For most European SMEs, the honest answer is no. Not because they lack controls, but because they lack a system to organise them, document them and keep them up to date.

Kardu is that system.

A security control, data backup, mapped simultaneously across ISO 27001, NIS2, DORA and ENS

What does Kardu actually do?

Kardu is a Governance, Risk and Compliance (GRC) platform designed specifically for European companies with 10 to 250 employees that need to manage their security in an organised way without a dedicated CISO team.

In practice, Kardu does four things:

Organises your security controls around the ISO 27001 framework and automatically maps them to NIS2, ENS and DORA. A control that satisfies NIS2 also satisfies ISO 27001, with no extra work.
Links evidence to each control. Every policy, log, record or document is attached to the control it demonstrates, with cryptographic timestamping and expiry alerts.
Makes your security posture visible. Your public Trust Center shows your Compliance Score in real time to clients, prospects and auditors.
Automates the repetitive work. Reminders, assignments and alerts so no control goes without evidence and no deadline catches you off guard.

Who is Kardu for?

Kardu is for the operations or IT lead at a European SME who:

Has just received a security questionnaire from a large enterprise client
Knows NIS2 applies to them but doesn't know where to start
Has ISO 27001 certification on the roadmap but isn't sure how to get there

It's also for MSPs managing compliance across multiple clients who need a platform that lets them do it efficiently from a single account.

Why does Kardu exist?

The GRC tools on the market were built for large corporations with dedicated compliance teams and six-figure budgets. They're expensive, complex and require consultants to implement.

At the same time, European regulation keeps growing: NIS2, DORA, ENS, the AI Act. European SMEs face the same fundamental obligations as large enterprises, with far fewer resources to manage them.

The geopolitical context adds urgency. In February 2026, Reuters reported that the US government had ordered its diplomats to actively push back against European data sovereignty initiatives. For European companies, the choice of infrastructure is no longer just technical: it's strategic.

Kardu exists to close that gap: a modern, affordable GRC system built from the ground up for the European regulatory context. Data in Frankfurt, AI in Paris (Mistral), with no dependency on American infrastructure.

How do you get started with Kardu?

Kardu is in closed beta. The first teams to join get priority access and a direct line to the product team.

If you want to be one of them, request access at kardu.eu.

Frequently asked questions

What is Kardu? Kardu is a GRC (Governance, Risk and Compliance) platform designed for European SMEs with 10 to 250 employees. It organises security controls around ISO 27001 and automatically maps them to NIS2, ENS and DORA, without requiring a dedicated CISO.

Who is Kardu for? For the operations, IT or company lead at a European SME that has received a security questionnaire from a large client, needs to comply with NIS2, or has ISO 27001 on their roadmap. Also for MSPs managing compliance across multiple clients.

How long does it take to implement Kardu? Most teams have their first Compliance Score visible in under a week. Guided onboarding covers priority controls on day one.

Is my data stored in Europe? Yes. All data is hosted on servers in Frankfurt, Germany. It never leaves the European Union.

Do I need a security expert to use Kardu? No. Kardu is designed to be used by someone without a security background. The language is operational, not technical-legal.

← Back to blog