Compliance

Defguard is ISO 27001 certified and built for European digital sovereignty: GDPR-native, NIS2-ready, with biometric MFA, full data residency, and transparent supply chain (SBOM).

European Digital Sovereignty: The Defguard Compliance Edge

Defguard combines formal certification with practical, auditable controls designed for regulated teams operating under EU legal and security requirements.

100% EU-Based & GDPR Native

Headquartered and developed in Poland, Defguard ensures zero exposure to the US CLOUD Act. It provides a legally "clean" stack for GDPR compliance, where data jurisdiction and residency are non-negotiable.

Biometric Zero-Trust MFA

Defguard enforces MFA at the protocol level using Desktop & Mobile Biometrics (FaceID/TouchID). This creates a secure "something you are" factor that satisfies NIS2 and ISO 27001 (A.8.5) without the logistics of hardware key distribution.

Granular Access Control (ISO A.5.15)

Enforce the Principle of Least Privilege with centralized ACLs. Defguard prevents lateral movement by restricting remote users to specific internal resources, directly mapping to ISO 27001 Access Control requirements.

Total Data Sovereignty

A strictly self-hosted architecture that keeps all cryptographic keys, user metadata, and traffic logs on your private infrastructure. No external cloud relays or third-party auth providers are required, ensuring maximum privacy.

Open-Source & Rust Transparency

Built with memory-safe Rust, our code is fully open and verifiable. This provides the "Secure Development" evidence required for ISO 27001 (A.8.28) and eliminates the risk of "black box" proprietary backdoors.

Supply Chain Security (SBOM)

In compliance with the EU Cyber Resilience Act, Defguard provides a detailed Software Bill of Materials (SBOM) and public pen-testing results, allowing your security team to audit every "ingredient" in your remote access stack.

Why ISO 27001 Matters for Our Users

At Defguard we have always built security into the core of our product — from protocol-level WireGuard® MFA, through open-source transparency, to data sovereignty and zero foreign legal exposure.

Achieving ISO 27001 certification formalizes and externally validates our Information Security Management System. It demonstrates to enterprises, regulated organizations and public sector clients that:

  • Information security risks are systematically identified, assessed and treated
  • Security controls follow international best practices
  • Processes are continuously improved and audited
  • We maintain the same high standards internally that we provide to you
  • Your trust in Defguard as a secure, reliable VPN & zero-trust platform is backed by third-party certification

Complements our existing compliance strengths

  • NIS2-ready architecture with true VPN-level MFA
  • Full EU data residency & governance (Poland-based)
  • Audit-ready logs and SIEM integration
  • Support for GDPR, HIPAA, PCI DSS, NIST & similar frameworks through strong technical controls
  • Software Bill of Materials (SBOM) and public penetration testing reports for supply chain and transparency audits

ISO 27001:2023 Certification

Our ISO 27001:2023 certification and rigorous internal audits ensure that our systems, processes, and operations meet globally recognized benchmarks. Beyond compliance, we offer fully transparent development process and Secure By Design approach.

Certificate issued: 7 January 2026

Valid until: 6 January 2029

Certificate No.: PL018610/P

Certification BodyBureau Veritas Certification Polska
StandardPN-EN ISO/IEC 27001:2023-08
Information security, cybersecurity and privacy protection — Information security management systems — Requirements
Certificate NumberPL018610/P
Issue Date7 January 2026
Certification Cycle Start Date7 January 2026
Valid Until6 January 2029
Scope of CertificationDELIVERING IT CYBERSECURITY SOLUTIONS FOR IDENTITY, SSO, REMOTE ACCESS, AND DEVICE ACCESS MANAGEMENT IN NETWORKS.
VerificationTo verify certificate validity please contact:
Bureau Veritas Polska
+48 22 549 04 00

Certificate

Issued by Bureau Veritas Polska Sp. z o.o., ul. Domaniewska 44A, 02-672 Warszawa, Poland

Download Certificate PDF (Official Bureau Veritas Certificate)
Defguard ISO 27001:2023-08 Certificate issued by Bureau Veritas Certification Polska - Certificate No. PL018610/P, Valid from 7 January 2026 to 6 January 2029