Find Your EU Compliance Starting Point

Step 1 of 3 — Your organisation

Tell us about your company

Size and sector determine which regulations apply — and at what urgency. These two answers filter out most of what doesn't concern you.

How large is your organisation?

Headcount and revenue thresholds gate most EU sustainability and cybersecurity obligations.

Micro — fewer than 10 employeesExempt from most major reporting obligations. GDPR and AI Act still apply.

Small — 10 to 49 employeesNIS2 exemptions may apply. CSRD not yet mandatory. Core digital regulations apply.

Medium — 50 to 249 employeesNIS2 applies if you're in a critical sector. CSRD thresholds may be approaching.

Large — 250 or more employees, or €40M+ revenueFull scope of CSRD, NIS2, and most EU regulations. Immediate compliance obligations.

Which sector best describes your organisation?

Some regulations only apply to specific industries — DORA for finance, NIS2 for critical infrastructure. Pick the closest match.

🏦Finance, banking, insurance, payments

⚡Energy, health, transport, telecoms, water

💻Technology, software, digital services

🛒Retail, e-commerce, consumer goods

🏭Manufacturing, industrial, hardware

💼Professional services, consulting, legal

🏛️Public sector, government, NGOs

◎Other

Step 2 of 3 — What your company does

Data, AI, and products

Three more questions that activate specific EU regulations. Each one is a clean yes/no signal for a different compliance framework.

Does your organisation collect or process personal data of people in the EU?

Personal data includes names, emails, phone numbers, IP addresses, purchase history, HR records — any information that identifies or could identify a person.

Yes — customers, users, or marketing databases

Minimally — employees and basic contacts only

No / not applicable

Does your organisation develop, deploy, or use AI systems?

AI systems include recommendation engines, automated decisions, CV screening, fraud detection, chatbots, generative AI in products — any system using machine learning.

Yes — we build AI into our products or services

Yes — we use AI tools in our operations

No / not currently

Do you manufacture, import, or distribute physical or software products commercially in the EU?

This covers connected hardware, IoT devices, embedded systems, commercial off-the-shelf software, or any product with a digital element sold to customers.

Yes — hardware or connected devices

Yes — commercial software or SaaS

No — we are a service business

Step 3 of 3 — Sustainability reporting

One last question

EU sustainability reporting (CSRD/ESRS) has some of the most complex obligations — and many companies don't yet know they're in scope.

Is your organisation subject to — or expecting to become subject to — mandatory EU sustainability reporting?

Large companies (250+ staff or €40M+ revenue) operating in the EU must report under CSRD from FY2024 onwards. Listed SMEs follow from FY2026.

Yes — we already report or are in scope nowFY2024/2025 mandatory reporting. Full ESRS disclosure required.

Likely — within the next 1–2 yearsGrowing company, listed SME, or approaching the 250-employee threshold.

Unsure — we may be in scopeNot sure whether our size or structure triggers CSRD obligations.

No — we are below the thresholdsMicro, small, or non-EU-listed company clearly below CSRD scope.

Find your EU compliance starting point

Tell us about your company

Data, AI, and products

One last question

Good news — your compliance footprint is manageable

Ready to dive deeper?