SaaS / Cloud Platform
You process other people's data? That changes everything.
SaaS platforms are data processors under GDPR and potential essential/important entities under NIS2. You need DPAs, incident response, and potentially sector-specific compliance.
Vérification de la réalité
If your largest customer asked for your SOC 2 report and Data Processing Agreement today, could you deliver?
GDPR (General Data Protection Regulation)
mandatory Art. 28, Art. 30(2), Art. 32, Art. 33(2)Vos obligations
- Data Processing Agreement (Art. 28) for every customer
- Sub-processor management and notification
- Data breach notification to controllers without undue delay
- Technical and organisational measures documented (Art. 32)
- Data Protection Impact Assessment if high-risk processing
- Records of processing as processor (Art. 30(2))
SiteGuardian surveille cela
- TLS/HTTPS encryption monitoring
- Automated cookie consent detection
- Security headers analysis
- Email transport encryption checks
- Breach notification SLA tracking (72h)
- Digital DPA/AVV signing
Risque en cas de non-conformité
Loss of enterprise customers who require DPAs. Joint liability with controllers. Fines up to 4% turnover.
NIS2 Directive (Cybersecurity)
mandatory Art. 21, Art. 23Vos obligations
- Cloud computing providers are essential entities
- Risk management measures (Art. 21) mandatory
- Incident reporting: 24h early warning, 72h notification
- Supply chain security for dependencies
- Management body accountability
SiteGuardian surveille cela
- 24h/72h/1m incident reporting SLA
- DNSSEC and DNS security monitoring
- Security headers and TLS enforcement
- Uptime and availability monitoring
- Supply chain risk scoring
- Incident auto-classification (NIS2 Art. 23)
Risque en cas de non-conformité
Cloud/SaaS providers explicitly in NIS2 scope. Fines up to €10M. Management personal liability.
Cyber Resilience Act (CRA)
conditional Art. 10, Art. 11, Art. 13Vos obligations
- Security by design for products with digital elements
- Vulnerability handling and disclosure obligations
- Security updates for the product's expected lifetime
- Software Bill of Materials (SBOM) provision
SiteGuardian surveille cela
- TLS version and cipher suite monitoring
- Security headers enforcement checks
- Certificate chain and expiry validation
Risque en cas de non-conformité
Products banned from EU market. Fines up to €15M or 2.5% of global turnover.
European Accessibility Act (EAA)
mandatory Art. 4, Art. 13, Art. 31Vos obligations
- WCAG 2.2 AA for all user-facing interfaces
- Accessible documentation and onboarding
- Alternative access methods for disabled users
SiteGuardian surveille cela
- WCAG 2.2 Level AA conformance auditing
- Automated accessibility scoring
- Violation severity breakdown and remediation hints
- Daily accessibility scans
Risque en cas de non-conformité
B2B SaaS used by employees covered under EAA. Public sector procurement requires accessibility.
Cela vous concerne-t-il ?
Si vous répondez oui à 2 ou plus, ces réglementations s'appliquent très probablement à votre entreprise.
Voyez où vous en êtes
Notre scanner gratuit vérifie la posture de sécurité de votre site, SSL, en-têtes, authentification e-mail et plus. Aucun compte requis.
Scan your platform's securityCette page fournit des informations générales sur les cadres réglementaires de l'UE. Elle ne constitue pas un avis juridique. Consultez un professionnel du droit qualifié pour des conseils adaptés à votre situation. SiteGuardian documente votre surveillance en continu — la conformité relève de la responsabilité de votre organisation.