EU Industry Benchmark
Regulatory
Anonymized security posture data for the regulatory sector across the EU. Based on 347 monitored sites.
45.5
Avg. Score /100
D
Avg. Grade
347
Sites Tracked
+5.0
vs. EU Average
Critical findings in this industry
281 of 347 without HTTPS redirect
344 of 347 with unencrypted email (no STARTTLS)
347 of 347 without DMARC protection (spoofable)
84 of 347 missing 3+ critical security headers
249 of 347 without DNSSEC (vulnerable to DNS spoofing)
297 of 347 without CAA records (unrestricted certificate issuance)
330 of 347 without MTA-STS (email downgrade attacks possible)
Grade Distribution
Security across Europe
Average security score by country — hover for details, click to explore.
/100 · sites
Score by Country
Hosting & Data Residency
28%
EU-headquartered provider
72%
Non-EU provider (CLOUD Act / Schrems II)
Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49
All data is anonymized. No individual sites are identified. Statistics updated weekly.