Where is my data stored?

EU-hosted by default. Ask about self-hosted and air-gapped deployment for strict sovereignty requirements. On-premise and air-gapped deployment is available in the Enterprise plan.

Built with EU-sovereign AI. ASK is designed to link guidance back to underlying materials where possible. ASK does not train on your tenant data.

Why is FortisEU built on European infrastructure?

European organizations can keep compliance workflows on EU-hosted infrastructure with clear deployment options and evidence-backed operating controls.

What compliance frameworks do you support?

Map one control across NIS2, DORA, ISO 27001, SOC 2, and GDPR. We support key frameworks including NIS2, DORA, ISO 27001, SOC 2, and GDPR.

Can I migrate from another compliance tool?

Yes. If you're moving from another tool or from spreadsheets, we can help plan imports and map your existing controls and evidence into FortisEU. Contact us with what you're using today and what needs to move first.

EU-nativeBuilt for regulated entities

FortisEU: Automate compliance, manage risk, and prove trust across the EU.Automate compliance,manage risk,prove trust.

Pass your next NIS2, DORA, or ISO 27001 audit without spreadsheets. One control, one evidence link, every framework.

No login required

Hosted in France, EU84+ frameworksEU-native AI — no US dependency

NIS2

DORA

ISO 27001

GDPR

SOC 2

EU AI Act

ISO 42001

HIPAA

NIST CSF

CRA

HITRUST

Cyber Essentials

View all frameworks →

— The Platform

The EU-native compliance platform

Automate compliance, manage risk, and prove trust continuously—all from a single platform built for European regulatory requirements.

Automated Compliance

Get and stay compliant across NIS2, DORA, ISO 27001, GDPR, and more. No spreadsheets required.

Learn more

Risk Management

Manage risk from one central platform. Identify gaps, track remediation, and report to leadership.

Learn more

Vendor Risk Management

Posture signals, questionnaires, and evidence—unified vendor due diligence for your supply chain.

Learn more

Questionnaire Automation

Answer security questionnaires from a single source of truth. Reuse evidence across requests.

Learn more

ASK AI

Natural-language compliance guidance. European-made, no US model dependencies. Ask compliance questions in plain language and get actionable guidance.

Learn more

Board-Ready Reports

Generate audit-ready reports directly from the platform. Executive summaries, risk narratives, and audit packages.

Learn more

— Use Cases

Built for European Enterprises

Banking & Financial ServicesDORA

Challenge

Operationalize DORA's ICT risk management and third-party oversight requirements without turning every audit into a bespoke project.

Solution

Structured control mapping, evidence workflows, and third-party oversight artifacts designed for procurement and audit review.

Outcome

A repeatable DORA program with clear ownership, evidence links, and exportable reporting outputs.

Energy & Critical InfrastructureNIS2

Challenge

Run NIS2-aligned compliance operations with strict procurement and deployment constraints.

Solution

Self-hosted deployment options plus evidence workflows that work across IT and OT environments.

Outcome

A program that produces review-ready artifacts for leadership and procurement without security theater.

Healthcare & MedTechMulti-Framework

Challenge

Manage compliance across GDPR, NIS2, and ISO 27001 without duplicate work.

Solution

A unified control model that supports mapping and reuse of evidence across overlapping requirements.

Outcome

One place to manage controls, evidence, and vendor risk workflows across multiple programs.

Manufacturing & Supply ChainTPRM

Challenge

Assess and manage cybersecurity risk across a complex supply chain without adding administrative headcount.

Solution

Vendor workflows that combine questionnaires, posture signals, evidence, and tracked remediation.

Outcome

A repeatable vendor due diligence process with clear status visibility and exportable review artifacts.

— Pricing

Pricing aligned to compliance outcomes

Start with the plan that matches your compliance scope. Scale frameworks and team members as you grow.

Starter

For teams beginning their EU compliance journey. NIS2 essentials with AI guidance.

€399/mo

Up to 25 vendors
NIS2 compliance module
3 team members
50 AI queries/day
Email support
EU data residency

Create Account

Recommended

Growth

For organizations scaling across frameworks. Full NIS2, DORA, and ISO 27001 coverage.

€999/mo

Up to 100 vendors
NIS2 + DORA + ISO 27001
10 team members
500 AI queries/day
Priority support + 99.5% SLA
5 integrations

Create Account

Business

For enterprises with complex compliance needs. Unlimited everything. API access.

€2,499/mo

Unlimited vendors
All compliance frameworks
Unlimited team members
5,000 AI queries/day
Dedicated support + 99.9% SLA
Unlimited integrations
API access

Create Account

Custom

Enterprise

For critical infrastructure. On-premise deployment. Air-gap compatible. Full source code.

Contact Sales

Everything in Business
On-premise deployment
Air-gap compatible
Full source code access
White-label options
Plan SLA: 99.99%
Dedicated support engineer

Contact Sales

Enterprise / Self-Hosted

Need self-hosted or air-gapped deployment?

On-premise and air-gapped deployment is available in the Enterprise plan. Talk to an engineer about procurement requirements, deployment constraints, and the Enterprise path.

Fast human response from our team.

— Process

From signup to audit-ready operations

Subscribe and map

Pick your frameworks. FortisEU generates a control register with cross-framework mapping. One control satisfies NIS2 Art. 21, DORA Art. 5, and ISO 27001 A.8 simultaneously.

Connect evidence

Link policies, vendor assessments, and endpoint data to controls. Monolith agents collect device evidence automatically. Evidence reuses across audits and questionnaires.

Export and prove

Generate board-ready reports and audit packages. ASK answers regulatory questions in plain language. EU-sovereign AI, no US model dependencies.

NewFirst-Party Integration

Fortis Monolith

EU-sovereign endpoint compliance. No MDM required.

Collect device security evidence from every endpoint automatically. Same-database sync. All data on Scaleway France.

Learn more

Disk Encryption

Firewall Status

OS Patching

Software Inventory

— FAQ

Frequently Asked Questions

— Get Started

Build an
evidence-backed
compliance
posture.

Create account for full access. EU-hosted by default. Ask about self-hosted and air-gapped deployment for strict sovereignty requirements.

EU-hosted by defaultNo US data routingSelf-hosted & air-gapped

Read: State of EU Compliance 2026

FortisEU: Automate compliance, manage risk, and prove trust across the EU.Automate compliance,manage risk,prove trust.

The EU-native compliance platform

Automated Compliance

Risk Management

Vendor Risk Management

Questionnaire Automation

ASK AI

Board-Ready Reports

Built for European Enterprises

Pricing aligned to compliance outcomes

Starter

Growth

Business

Enterprise

Enterprise / Self-Hosted

From signup to audit-ready operations

Subscribe and map

Connect evidence

Export and prove

Fortis Monolith

Frequently Asked Questions

Build anevidence-backedcomplianceposture.

Build an
evidence-backed
compliance
posture.