Kaamos
// product reference

Know what matters. See what Kaamos supports.

Use this as a practical information bank for EU regulations, assurance frameworks, and public-sector criteria. Supported frameworks are marked with a ribbon; the rest help you understand what buyers and regulators may ask for before you commit roadmap time.

Run the regulation checkBack to product
// coverage

Binding EU regulations

Legal regimes and directives that can bind EU software companies directly or through regulated customers.

  1. binding

    DORA

    EU regulation for ICT risk management and operational resilience in the financial sector.

  2. binding

    EU AI Act

    EU regulation for AI providers and deployers, with stronger duties for high-risk and general-purpose AI systems.

  3. Supported
    binding

    GDPR

    EU privacy regulation governing personal data processing, security, accountability, and data-subject rights.

  4. Supported
    binding

    NIS2

    EU cybersecurity directive for essential and important entities, including many digital providers and ICT service companies.

  5. binding

    CRA

    EU regulation introducing cybersecurity obligations for products with digital elements placed on the EU market.

  6. binding

    MDR / IVDR

    EU medical device and in vitro diagnostic regulations, including requirements for qualifying software.

  7. binding

    DSA

    EU regulation for intermediary, hosting, and online platform services offered to EU users.

  8. binding

    ePrivacy

    EU rules for cookies, tracking, electronic marketing, and confidentiality of electronic communications.

  9. binding

    MiCA

    EU regulation for crypto-asset issuers and crypto-asset service providers.

  10. binding

    PSD2

    EU directive for payment services, strong customer authentication, open banking, and operational requirements.

  11. binding

    eIDAS 2.0

    EU digital identity and trust-services regulation expanding the European Digital Identity framework.

// coverage

Voluntary security frameworks

Voluntary frameworks that buyers ask for because they make security work auditable and repeatable.

  1. Supported
    recommended

    ISO 27001

    International standard for building and certifying an information security management system.

  2. recommended

    ISO 42001

    International management-system standard for organizations developing or using AI systems.

  3. Supported
    recommended

    SOC 2

    AICPA attestation used by enterprise buyers to evaluate security, availability, confidentiality, processing integrity, and privacy controls.

  4. recommended

    ISO 27701

    Privacy information management extension to ISO 27001 and ISO 27002.

  5. recommended

    Cyber Essentials

    UK cybersecurity certification focused on core technical controls.

  6. recommended

    NIST CSF

    Cybersecurity framework commonly used as a shared vocabulary for risk, controls, and maturity.

// coverage

Public-sector and contractual criteria

Criteria that become binding through procurement, public-sector contracts, or payment networks.

  1. binding

    PCI DSS

    Payment-card security standard required by card networks for environments that store, process, or transmit cardholder data.

  2. binding

    Julkri

    Finnish public-administration security criteria for non-classified information and public-sector procurement.

  3. binding

    Katakri

    Finnish national security audit criteria used for classified information and high-assurance public-sector work.