Skip to main content
FORTISEU
EU-nativeBuilt for regulated entities

FortisEU: Automate compliance, manage risk, and prove trust across the EU.Automate compliance,manage risk,prove trust.

Pass your next NIS2, DORA, or ISO 27001 audit without spreadsheets. One control, one evidence link, every framework.

No login required
Hosted in France, EUevery framework your auditor asks aboutEU-native AI — no US dependency
Regulator-facing artifacts

Prepares regulator-facing artifacts.

FortisEU keeps regulator-facing workflows in the product: NIS2 Article 23 incident notification workpapers, DORA Article 28 Register of Information lifecycle support, and audit-readiness summaries that show evidence status, gaps, and responsible owners.

  • NIS2 Art. 23

    Incident notification workpapers

    Workpapers and deadline tracking for early warning, 72 h notification, and final report, with jurisdiction context and dry-run controls.

    See how
  • DORA Art. 28

    Register of Information

    Lifecycle-managed RoI records with snapshots, diffs, and ESA-aligned export preparation.

    See how
  • DORA Art. 11–14

    Business continuity & PIR

    BCP / DRP records, structured post-incident reviews, crisis communication templates, and readiness checks across the core pillars.

    See how
  • Audit-readiness

    Cross-pillar summary

    Cross-pillar readiness summary across NIS2 / DORA / GDPR, with evidence status, gaps, and responsible owners in one view.

    See how
Agentic Trust

Supervised agents for regulatory execution.

FortisEU agents draft, simulate, route, and evidence regulated work. High-risk, external, and security-sensitive actions stay policy-bound until the right human approval is captured.

Supervised agents

8

Autonomy bands

L0-L4

Ledger mode

Hash chain

Policy posture

Tenant caps

Evidence Attestation

Level

L4 internal

Gate

collection allowed, assertions gated

Artifact

hashed evidence snapshot

Incident Notification

Level

L3 supervised

Gate

human sign-off for authority submission

Artifact

DORA/NIS2 notification package

DORA Register

Level

L3 supervised

Gate

approval before EBA register export

Artifact

cell-level RoI delta manifest

AI Governance

Level

L3 supervised

Gate

human oversight for high-risk AI

Artifact

AI Act oversight bundle

Deterministic simulation before execution
Append-only action ledger
Tenant policy caps and approval SLAs
NIS2
DORA
GDPR
EU AI Act
EU CRA
ISO 27001
ISO 42001
SOC 2
ISO 27701
ISO 22301
PCI DSS
TISAX
View all frameworks →
Cost of non-compliance

Compliance is cheaper
than the fine.

Four EU regulations stack independent legal bases on the same incident. For a €100M revenue company, the theoretical combined exposure reaches ~€75M. Calculate your organisation's exposure under GDPR, NIS2, DORA and the EU AI Act.

NIS2
2%
Essential entitiescap €10M
DORA
2%
ICT resiliencecap €10M
GDPR
4%
Data protectioncap €20M
EU AI Act
7%
Prohibited practicescap €35M

Whichever is higher: percentage of global annual turnover, or the regulation's fixed minimum. Cumulative across regulations.

Calculate your exposure

— The Platform

The EU-native compliance platform

Automate compliance, manage risk, and prove trust continuously—all from a single platform built for European regulatory requirements.

— Use Cases

Built for European Enterprises

Banking & Financial ServicesDORA
Challenge

Operationalize DORA's ICT risk management and third-party oversight requirements without turning every audit into a bespoke project.

Solution

Structured control mapping, evidence workflows, and third-party oversight artifacts designed for procurement and audit review.

Outcome

A repeatable DORA program with clear ownership, evidence links, and exportable reporting outputs.

Energy & Critical InfrastructureNIS2
Challenge

Run NIS2-aligned compliance operations with strict procurement and deployment constraints.

Solution

Self-hosted deployment options plus evidence workflows that work across IT and OT environments.

Outcome

A program that produces review-ready artifacts for leadership and procurement without security theater.

Healthcare & MedTechMulti-Framework
Challenge

Manage compliance across GDPR, NIS2, and ISO 27001 without duplicate work.

Solution

A unified control model that supports mapping and reuse of evidence across overlapping requirements.

Outcome

One place to manage controls, evidence, and vendor risk workflows across multiple programs.

Manufacturing & Supply ChainTPRM
Challenge

Assess and manage cybersecurity risk across a complex supply chain without adding administrative headcount.

Solution

Vendor workflows that combine questionnaires, posture signals, evidence, and tracked remediation.

Outcome

A repeatable vendor due diligence process with clear status visibility and exportable review artifacts.

Transport & LogisticsNIS2
Challenge

Trans-Carpathia Logistics — case study coming Q3 2026.

Solution

Placeholder entry. Real customer narrative will replace this once the engagement closes.

Outcome

Anti-fabrication: no synthetic quote, no invented metrics. Returning here when the data exists.

— Pricing

Pricing aligned to compliance outcomes

Start with the plan that matches your compliance scope. Scale frameworks and team members as you grow.

Starter

For teams beginning their EU compliance journey. NIS2 essentials with AI guidance.

€399/mo
  • Up to 25 vendors
  • 3 team members
  • 50 AI queries/day
  • Core frameworks + reporting
  • EU data residency posture
Create account
Recommended

Growth

For organizations scaling across frameworks. Full NIS2, DORA, and ISO 27001 coverage.

€999/mo
  • Up to 100 vendors
  • 10 team members
  • 500 AI queries/day
  • 5 integrations
  • Plan SLA: 99.5%
Create account

Business

For enterprises with complex compliance needs. Unlimited everything. API access.

€2,499/mo
  • Unlimited vendors
  • All frameworks + workflows
  • Unlimited team members
  • AI queries/day: 5,000
  • Plan SLA: 99.9%
Create account
Custom

Enterprise

For critical infrastructure. On-premise deployment. Air-gap compatible. Full source code.

Contact
  • Everything in Business
  • Plan SLA: 99.99%
  • Procurement acceleration via Trust Center
Talk to an engineer

Run multi-tenant compliance for clients? See Partner / MSSP pricing →

Enterprise / Self-Hosted

Need self-hosted or air-gapped deployment?

On-premise and air-gapped deployment is available in the Enterprise plan. Talk to an engineer about procurement requirements, deployment constraints, and the Enterprise path.

Fast human response from our team.

— Process

From signup to audit-ready operations

01

Subscribe and map

Pick your frameworks. FortisEU generates a control register with cross-framework mapping. One control satisfies NIS2 Art. 21, DORA Art. 5, and ISO 27001 A.8 simultaneously.

02

Connect evidence

Link policies, vendor assessments, and endpoint data to controls. Monolith agents collect device evidence automatically. Evidence reuses across audits and questionnaires.

03

Export and prove

Generate board-ready reports and audit-readiness packs. ASK answers regulatory questions in plain language. EU-sovereign AI, no US model dependencies.

NewFirst-Party Integration

Fortis Monolith

EU-sovereign endpoint compliance. No MDM required.

Collect device security evidence from every endpoint automatically. Same-database sync. All data on Scaleway France.

Learn more
Disk Encryption
Firewall Status
OS Patching
Software Inventory
— FAQ

Frequently Asked Questions

— Get Started

Build an
evidence-backed
compliance
posture.

Create account for full access. EU-hosted by default. Ask about self-hosted and air-gapped deployment for strict sovereignty requirements.

EU-hosted by defaultNo US data routingSelf-hosted & air-gapped
Read: State of EU Compliance 2026