Compliance

Defguard is ISO 27001 certified and built for European digital sovereignty: GDPR-native, NIS2-ready, with biometric MFA, full data residency, and transparent supply chain (SBOM).

European Digital Sovereignty: The Defguard Compliance Edge

Defguard combines formal certification with practical, auditable controls designed for regulated teams operating under EU legal and security requirements.

ISO 27001 NIS2 Directive GDPR Compliant

100% EU-Based & GDPR Native

Headquartered and developed in Poland, Defguard ensures zero exposure to the US CLOUD Act. It provides a legally "clean" stack for GDPR compliance, where data jurisdiction and residency are non-negotiable.

Biometric Zero-Trust MFA

Defguard enforces MFA at the protocol level using Desktop & Mobile Biometrics (FaceID/TouchID). This creates a secure "something you are" factor that satisfies NIS2 and ISO 27001 (A.8.5) without the logistics of hardware key distribution.

Granular Access Control (ISO A.5.15)

Enforce the Principle of Least Privilege with centralized ACLs. Defguard prevents lateral movement by restricting remote users to specific internal resources, directly mapping to ISO 27001 Access Control requirements.

Total Data Sovereignty

A strictly self-hosted architecture that keeps all cryptographic keys, user metadata, and traffic logs on your private infrastructure. No external cloud relays or third-party auth providers are required, ensuring maximum privacy.

Open-Source & Rust Transparency

Built with memory-safe Rust, our code is fully open and verifiable. This provides the "Secure Development" evidence required for ISO 27001 (A.8.28) and eliminates the risk of "black box" proprietary backdoors.

Supply Chain Security (SBOM)

In compliance with the EU Cyber Resilience Act, Defguard provides a detailed Software Bill of Materials (SBOM) and public pen-testing results, allowing your security team to audit every "ingredient" in your remote access stack.

Why ISO 27001 Matters
for Our Users

At Defguard we have always built security into the core of our product — from protocol-level WireGuard® MFA, through open-source transparency, to data sovereignty and zero foreign legal exposure.

Achieving ISO 27001 certification formalizes and externally validates our Information Security Management System. It demonstrates to enterprises, regulated organizations and public sector clients that:

  • Information security risks are systematically identified, assessed and treated
  • Security controls follow international best practices
  • Processes are continuously improved and audited
  • We maintain the same high standards internally that we provide to you
  • Your trust in Defguard as a secure, reliable VPN & zero-trust platform is backed by third-party certification

Complements our existing compliance strengths

  • NIS2-ready architecture with true VPN-level MFA
  • Full EU data residency & governance (Poland-based)
  • Audit-ready logs and SIEM integration
  • Support for GDPR, HIPAA, PCI DSS, NIST & similar frameworks through strong technical controls
  • Software Bill of Materials (SBOM) and public penetration testing reports for supply chain and transparency audits

ISO 27001:2023 Certification

Our ISO 27001:2023 certification and rigorous internal audits ensure that our systems, processes, and operations meet globally recognized benchmarks. Beyond compliance, we offer fully transparent development process and Secure By Design approach.

Iso preview image

  • Certification Body

    Bureau Veritas Certification Polska

  • Standard

    PN-EN ISO/IEC 27001:2023-08 Information security, cybersecurity and privacy protection - Information security management systems - Requirements

  • Certificate Number

    PL018610/P

  • Issue Date

    7 January 2026

  • Certification Cycle Start Date

    7 January 2026

  • Valid Until

    6 January 2029

  • Scope of Certification

    DELIVERING IT CYBERSECURITY SOLUTIONS FOR IDENTITY, SSO, REMOTE ACCESS, AND DEVICE ACCESS MANAGEMENT IN NETWORKS.

  • Issued by

    Bureau Veritas Polska Sp. z o.o., ul. Domaniewska 44A, 02-672 Warszawa, Poland

  • Verification

    To verify certificate validity please contact: Bureau Veritas Polska +48 22 549 04 00

Need Additional Certifications?

If your procurement or audit process requires additional certifications or evidence, contact our team.