Verification of Regulatory Compliance

Check if your company is compliant with NIS2, DORA, RODO and EU AI Act - with a quote from a specific article

Report of compliance with a specific regulation: a list of requirements, the status of their compliance in your company and a map of corrective actions. Each non-compliance documented with a quote from the regulatory act – ready to present to your insurer, contractor or law firm.

Select regulation – 499 zł

Package of 5 adjustments – PLN 1,999

499 PLN net

– single report (one adjustment)

or PLN 1,999 net

– package of 5 reports (savings of PLN 496)

Select regulation – 499 zł

Package of 5 adjustments – PLN 1,999

PROCESS

The problem - why it matters

A package of regulations that changes the rules for companies in the European Union comes into force between 2024 and 2027. NIS2 covers more than 96,000 Polish companies and requires documentation of security measures under penalty of up to €10 million or 2% of annual turnover. DORA applies to the financial sector and its ICT providers – the penalty is 1% of daily turnover for each day of non-compliance. The EU AI Act introduces obligations for any company using artificial intelligence – penalties of up to €35 million or 7% of turnover. RODO is already in effect, but is being enforced more actively.

Most companies do not know whether they are subject to any of these regulations, much less exactly which requirements they do and do not meet. A traditional compliance review at a law firm costs up to tens of thousands of zlotys and takes weeks. Our report is the first step: a quick, repeatable, automated diagnosis of the state of compliance – with a clear map of what needs to be improved.

PROCESS

What exactly are we checking

For each selected regulation, we generate a list of all legal obligations that potentially apply to your company – along with a quote from the relevant article of the legislation and a link to the official source. We then collate these requirements with the responses to a contextual survey and the results of an automated infrastructure scan (if you have previously performed Cyber Monitoring and Scanning with us).

Available adjustments (selectable):

NIS2

Directive on security of networks and information systems

DORA

Digital Operational Resilience Act (financial sector and its ICT providers)

EU AI Act

Artificial intelligence regulation

RODO / GDPR

General Data Protection Regulation

Others on request

We are happy to expand the catalog. Let us know via the contact form

What specifically you will find in the report:

List of all articles of regulation potentially relevant to your company with a citation from the legislation

Identification of priority areas for improvement (based on the risk vs cost of implementation matrix)

Status of fulfillment of each requirement: met / partially met / not met

Estimated financial (maximum penalty) and regulatory risk for each unmet requirement

solution

What you get

Executive Summary Report (management)

Percentage score of compliance with selected regulation, top 5 risks requiring immediate action, estimated financial exposure of the company in PLN, and recommended order of work. Written in business language, with emphasis on management decisions, not legal details.

Full report for compliance officer / compliance department

A complete list of articles of the selected regulation in the form of a compliance matrix, with citations from the legislation, the status of each requirement, evidence gathered during the analysis and an indication of areas for improvement. Format in accordance with the expectations of certification verifiers – can be part of the documentation of the information security management system.

Delivery format

PDF + interactive compliance map in customer panel (filtering by article, status, priority). Ability to export to Excel/CSV to prepare your own internal reports.

“Article 21(2) of NIS2 requires implementation of an incident management policy – in your company status: not met. Maximum penalty: €10 million or 2% of turnover.”

How does it work?

Process in 3 steps

Select an adjustment (or several)

In the shopping cart, you select the specific regulation to which the verification applies. You can add several regulations to the same order or take advantage of a package of 5 verifications at a discount (for example: NIS2, DORA, RODO, AI Act + one to be selected in the future within the same package).

Complete a contextual survey (15-30 minutes)

After purchase, we provide a smart questionnaire tailored to the selected regulation in the customer panel. Questions in simple business language, with prompts and examples. It adapts to your answers – we don’t ask about things that don’t apply to your company.

You receive a report (up to 48 hours)

We collate your answers from the survey with a list of regulatory requirements, throw in the results of an infrastructure scan (if you have an active Cyber Monitoring subscription) and generate a full compliance report. Where the answer is ambiguous or incomplete, we default to the more stringent option in the report – indicating an area for further verification. The entire process from survey completion to finished report takes a maximum of 48 hours.

solution

Price variants

One-time report

499 zł

Report of compliance with 1 selected regulation + 2 versions of the report

Package of 5 reports

PLN 1,999

5 arbitrary adjustments (saving £496 vs 5×499)

The package of 5 reports can be provided in stages – you use the reports within 12 months of purchase. No subscription model for this service.

Who this service is for

The Regulatory Compliance Report is essential for any company that wants a documented answer to the question “am I compliant with NIS2/DORA/RODO/EU AI Act”. Particularly recommended for companies that have received an inquiry from a contractor, insurer or authority about their compliance status, are subject to reporting requirements, are planning ISO 27001 certification, are running services that require regular compliance testing (e.g., for each implementation), or simply want to know where they stand.

The suite of 5 reports makes sense for companies operating in multiple regulatory areas simultaneously – typically IT vendors for the financial sector (NIS2 + DORA + RODO), software houses using AI (NIS2 + EU AI Act + RODO) or companies planning a broad approach to compliance.

Frequently Asked Questions (FAQ)

Is the report a substitute for a lawyer's review?

No. The report is informative and diagnostic – indicating where there are potentially compliance gaps and where it is worth looking more closely. For legal decisions (e.g., interpretation of a specific article, legal risk assessment, litigation advice), we recommend consulting with a law firm. Our role is to provide the law firm with a concrete starting point – a structured list of areas to review. This significantly reduces the time (and cost) of the law firm’s work, because the lawyer does not have to map your company from scratch himself – he gets a ready-made groundwork.

Where do the quotes from the legislation come from?

All citations are from official published versions of legal acts – the Official Journal of the EU, the Official Gazette of the Republic of Poland. Each quotation has a link to the official source in the report. We do not use any unofficial translations or interpretations.

What if I don't know how to answer a survey question?

Each question has contextual prompts and examples. If you are still in doubt, you can mark “don’t know” – the report will tell you that this area needs further verification, and the requirement itself will be treated in a more stringent variant (i.e.: not met to be confirmed).

Is the report valid indefinitely?

The report reflects the status at the time it was generated. Regulations change, your business grows, and the regulations themselves are sometimes revised – we recommend refreshing the report once every 12 months or after significant changes (new technology, new market, change in scale of business, change in the regulation itself). A package of 5 reports allows you to do this at no additional cost.

Limitations of the service (disclaimer)

Verification is based on survey responses and data provided by the client. Inaccurate or incomplete answers affect the accuracy of the report. The report is informative and does not constitute a legal opinion. In areas where the certainty of AI interpretation is less than 85%, the report clearly indicates the need for verification with legal counsel. The full range of limitations is described in the Terms and Conditions.

offer

Packages and related services

The Regulatory Compliance Report is most often ordered together with the

OSINT & Personnel Security

99,00 zł

Checks what data on key employees is publicly available

Cyber Monitoring & Scanning

249,00 zł

Comprehensive diagnosis: technology + people

Recon Package

749,00 zł

all three of the above services in one package at a discount of ~12%

See what they know about you - before they take advantage

Any non-compliance with the citation of the legal act. Any penalty valued in PLN.

Order a report – 499 zł

Package of 5 reports – 1,999 zł