ConformScan
Hosted 100% in Germany · No US subprocessors

Security compliance
that builds trust.

Continuously audit your AWS, Azure & GCP infrastructure against NIS2, DSGVO, BSI C5 and ANSSI. Read-only access, EU data residency.

Compare Plans

No credit card1 free scan/monthEU data residency

Overall Compliance
87/100
+4% vs last scan
NIS2
91%
DSGVO
84%
BSI C5
78%
ANSSI
82%
Critical findings
S3 bucket encryption disabled
28d open
MFA not enforced on root
12d open
CloudTrail logging disabled
5d open

Platform

Everything you need for EU cloud compliance.

01
0+

Automated Compliance Checks

Continuous audit across AWS, Azure and GCP. NIS2, DORA, DSGVO, BSI C5, ANSSI, CIS Benchmarks, and ISO 27001 — all cross-mapped. Results in minutes, not weeks.

resource "aws_s3_bucket" {
  # ConformScan fix
  server_side_encryption {
    apply_by_default = true
  }
}

Remediation Code

Copy-paste Terraform or CLI fixes for every finding.

02

Findings Tracker & Drift Detection

Every finding timestamped, versioned, and tracked across scans. See regressions the moment they happen — not after your auditor does.

S3 bucket unencrypted
NIS2 · 3d SLA
MFA not enforced
ISO 27001 · 12d open
CloudTrail logging disabled
BSI C5 · 5d open
+47pts
03

Slack · Teams · Jira · ServiceNow

Critical findings land in your channel or ticket queue automatically — with SLA countdown so nothing stays open past deadline.

🔴 S3 bucket unencrypted · NIS2 · 3d SLA
🟡 MFA not enforced · 12d open
🟢 CloudTrail fix deployed · resolved
04

Audit-Ready PDF Reports

One click — a complete audit report lands in your inbox. EN, DE, and FR for cross-border compliance teams.

Executive Summary

One page your board actually reads: overall score, top risks, week-over-week trend.

87
Score
↑4%
vs last scan
3
Critical
05

Teams, RBAC & CI/CD

Owner, Admin, Member, Viewer — each role sees exactly what they need. Block non-compliant infra before it ships with 10 ready-to-use pipeline templates.

OwnerAdminMemberViewer

GitHub Actions

- name: ConformScan check
uses: conformscan/scan-action@v1
with:
fail_on: critical

Frameworks

7 EU frameworks.
One scan.

Continuously audited against every regulatory standard that matters in Europe — automatically cross-mapped to your infrastructure findings.

01

NIS2 Directive

Mandatory — Oct 2024
02

DORA

Mandatory — Jan 2025
03

DSGVO / RGPD (GDPR)

Up to €20M fines
04

BSI C5 Catalogue

German Standard
05

ANSSI SecNumCloud

French Certification
06

ISO 27001

Global Standard
07

CIS Benchmarks

Global Benchmarks

700+ checks cross-mapped across all 7 frameworks.

Your data never leaves the EU.

Our servers run in Germany (Netcup, Karlsruhe). Credentials are encrypted at rest with Fernet and never exit the EU. Read-only IAM access only.

EU Residency Check — PASS

> scanning infrastructure...

EC2_012 | Checking instance region...

PASS | Region is 'eu-central-1' (Frankfurt)

AZURE_STORAGE_001 | Checking location...

PASS | Location is 'Germany West Central'

RDS_007 | Checking DB region...

PASS | Region is 'eu-central-1'

Compliance Risks

Why it matters.

NIS2 — Art. 21 & 23
€10M
or 2% of global turnover

Failure to implement adequate security measures or report an incident within 24 hours.

ConformScan flags this in 3 days
DSGVO / GDPR — Art. 83
€20M
or 4% of global turnover

Processing personal data without adequate technical safeguards. Unencrypted databases or public S3 buckets.

ConformScan flags this in 7 days
BSI C5 — Public sector
Lost contracts
disqualification from tenders

German federal procurement increasingly requires BSI C5 attestation. Without it, you cannot bid on public sector contracts.

Maps every check to BSI C5

ConformScan told us we had an unencrypted RDS instance that had been open for 34 days. We didn't know. Our auditor did.

— Head of IT Security, German logistics company (180 employees)

Simple, transparent pricing

Scale as your compliance needs grow.

Starter
Free
1 Scans/month
  • 1 scan/month
  • 1 cloud account
  • 1 framework
  • Email support
Professional
€249/month
Unlimited scans · 5 accounts
Popular
  • Unlimited scans
  • All 7 EU frameworks
  • 5 cloud accounts
  • PDF reports (EN/DE/FR)
  • CI/CD integration
Enterprise
Custom
Unlimited accounts · Dedicated CSM
  • Everything in Pro
  • Unlimited cloud accounts
  • SSO (SAML/OIDC)
  • Dedicated support

Blog

Compliance guides for cloud teams

All articles →
NIS2

NIS2 Compliance Checklist for AWS: The Complete 2025 Guide

8 min read →GDPR

GDPR/DSGVO Cloud Security: What AWS & Azure Users Must Fix in 2025

7 min read →BSI C5

BSI C5 Audit Preparation: A Step-by-Step Guide for Cloud Teams

9 min read →
ConformScan — Cloud Compliance Scanner for EU Regulations | NIS2, DORA, DSGVO, BSI C5, ANSSI, CIS, ISO 27001