Do I need GDPR compliance for my website?

Yes. Any website accessible from the EU that collects data — even IP addresses or cookies — must comply with GDPR. This includes privacy policies, cookie consent, and data processing records.

Which EU regulations apply to online shops?

Online shops must comply with GDPR (data protection), ePrivacy Directive (cookies), European Accessibility Act (accessible checkout), and potentially NIS2 (cybersecurity) if above size thresholds.

Do I need double opt-in for newsletters in the EU?

Yes. Under GDPR, you need documented proof of consent for marketing emails. Double opt-in is the gold standard and practically required in Germany (BDSG/UWG) and recommended across the EU.

Does NIS2 apply to SaaS companies?

Yes. NIS2 explicitly includes cloud computing and SaaS providers as essential entities. This means mandatory risk management, incident reporting within 24 hours, and management accountability.

Free — no account needed

Which regulations apply to your business?

You run a website? Collect emails? Sell online? Provide a cloud service? Each of these triggers specific EU regulatory obligations. Find your scenario below.

Quick reality check

GDPR

Applies if you process any personal data of EU residents

NIS2

Applies if you provide digital services and exceed size thresholds

EAA

Applies to all digital products and services from June 2025

What does your business do?

Select your scenario to see which regulations apply, what your obligations are, and what happens if you don't comply.

Company Website

You have a website? You have obligations.

3 frameworks

Newsletter & Email Marketing

Collecting email addresses? Welcome to double opt-in territory.

2 frameworks

Online Shop / E-Commerce

Selling online means regulatory obligations stack up fast.

4 frameworks

SaaS / Cloud Platform

You process other people's data? That changes everything.

4 frameworks

Business Email Communication

Every email your company sends is subject to regulations.

2 frameworks

Customer Portal / User Accounts

User accounts mean identity data. Identity data means serious obligations.

3 frameworks

Mobile App

Apps collect more data than websites — and the rules are stricter.

4 frameworks

API / Developer Platform

APIs are invisible to users — but not to regulators.

3 frameworks

Not sure? Quick self-check.

If you answer yes to 2 or more of these, you likely have regulatory obligations.

I collect personal data (names, emails, addresses) I use external tools or services (analytics, email providers, payment) My website or app is accessible from EU countries I have customers or users outside my home country I store data in the cloud My company has more than 10 employees

Most businesses check 3 or more. The question isn't whether regulations apply — it's which ones and how strictly.

See where you stand — in seconds

Our free scanner checks your website's security posture, SSL configuration, security headers, email authentication, and more. No account needed.

Scan your website for free

This page provides general information about EU regulatory frameworks. It does not constitute legal advice. Consult a qualified legal professional for advice specific to your situation. SiteGuardian documents your monitoring continuously — compliance is your organisation's responsibility.

Which regulations apply to your business?

Quick reality check

What does your business do?

Company Website

Newsletter & Email Marketing

Online Shop / E-Commerce

SaaS / Cloud Platform

Business Email Communication

Customer Portal / User Accounts

Mobile App

API / Developer Platform

Not sure? Quick self-check.

See where you stand — in seconds

Are you sure?