Compliance

One engagement, every framework

A single Sandline engagement maps onto every mainstream EU and UAE security framework. The output is reusable evidence — not duplicated work per audit.

NIS2

NIS2 Directive (EU 2022/2555)

The EU directive that turns cybersecurity into a board-level legal obligation for essential and important entities across 18 sectors.

See the mapping

DORA

Digital Operational Resilience Act (EU 2022/2554)

The EU regulation that makes ICT risk a first-class concern for financial entities, with enforced uniformity across the EU since January 2025.

See the mapping

ISO 27001

ISO/IEC 27001:2022

The international standard for information security management systems. The most widely-recognised certification a security buyer will ask you for.

See the mapping

PCI-DSS

PCI Data Security Standard 4.0

The card-payment industry’s security baseline. If you store, process or transmit cardholder data, the QSA will check every line of this against your environment.

See the mapping

CRA

EU Cyber Resilience Act

The EU regulation that makes cybersecurity a CE-marking obligation for products with digital elements — with serious obligations for vendors.

See the mapping

GDPR

General Data Protection Regulation (EU 2016/679)

The EU privacy law that makes "appropriate technical and organisational measures" a legal test, not a marketing claim.

See the mapping

Book a 30-minute call

Tell us about the regulation you need to satisfy and the systems in scope. We will come back with a scoping note and a fixed-price proposal within three working days.

Book a consultation