Kardu

From Europe
to Europe.

Kardu was born with a clear purpose: to create a practical and efficient solution for regulatory compliance management. We know how complicated it is to deal with tools that are not designed for this, especially for SMEs. Therefore, we decided to build the GRC platform that we really needed, focusing on simplifying processes and eliminating dependence on expensive solutions that do not benefit the European ecosystem.

Founded · December 2025

Ago 2026

Estimated official release date

Full MVP · 5 frameworks

Carduelis carduelis
European goldfinch

The name has a history.

The thistle is a thick-stemmed plant, armed with spines, that few dare to touch. Carduelis carduelis, the European goldfinch, does not avoid it, it seeks it out. With its fine beak and characteristic precision, it extracts exactly what it needs from where others see only obstacles.

Kardu takes its name from there. European regulation — NIS2, ISO 27001, ENS, DORA — is dense, complex and full of edges. We do not simplify it by pretending it is not. We navigate it with method.

Our values

The principles we don't negotiate.

Every product and architecture decision passes through these four filters.

01

Security by design

We build Kardu with the same principles we preach. Every architecture decision prioritizes the security and privacy of our clients' data.

+
02

Europe by design

We are not an American company with servers in Europe. We are a European product, built for European companies, with data that never leaves the EU. Today we apply data residency; our roadmap points toward full data sovereignty.

+
03

Full transparency

We publish our threat model, our sub-processors and our compliance status. If we ask for trust, we demonstrate it first.

+
04

The human always decides

No decision affecting compliance status is made without explicit human action. Automation prepares. The human judges.

+
Public commitments

What we promise. In writing.

The system never asserts non-compliance, it signals gaps

No evidence, no control

Every action generates an immutable record

Public pricing. No mandatory demo

Data in Frankfurt. No CLOUD Act exposure

Open sub-processors. Always

From frustration to product.

1

December 2025

The idea is born

After years managing compliance with spreadsheets and American tools, the decision: build what we needed.

2

February 2026

First users

The first teams start using Kardu to manage their ISO 27001 and NIS2 programs.

3

March 2026

Now

Early access

We open early access to European companies that want to lead their compliance.

4

August 2026

Upcoming

Full MVP

Official launch with all 5 complete frameworks, public Trust Center and MSP mode.

Early access

Looking for the first companies that want to lead their compliance.

Help us build the right product with priority access and at no cost. In exchange we only ask for your feedback.

Request accessSee the product