Outcome for IT & Compliance

European to
the Core.

Built by a team in Finland. Hosted 100% in the EU. GDPR, NIS2, and CLOUD Act immunity by architecture — not by checkbox. The platform your IT and compliance teams can approve without caveats.

Request Demo Security & Governance arrow_forward

Hosting

100% EU

CLOUD Act

Immune

API Access

Open

Security & Compliance

Compliance Posture

Secure
verified_user

GDPR

Architectural
shield

CLOUD Act

Immune
policy

NIS2 / DORA

Compliant
dns

Data Residency

EU-Only
api

REST / GraphQL API

ONLINE

US-hosted platforms put your compliance at risk

Compliance teams veto vendors over data sovereignty gaps. Regulations are tightening, not relaxing.

gavel

“Legal vetoed our last vendor because of CLOUD Act exposure. We need a platform we can actually approve.”

European procurement now requires real data sovereignty — not a checkbox in a US-hosted platform.

What compliance teams face

Vendors with CLOUD Act exposure.

GDPR treated as checkbox, not architecture.

NIS2, DORA, EU Data Act deadlines approaching.

cloud_off

CLOUD Act Exposure

US-headquartered vendors fall under the CLOUD Act regardless of where data is stored. Your data may be accessible to US authorities.

security

GDPR as Checkbox

Most platforms treat GDPR as configuration, not architecture. Data residency “options” are not real sovereignty.

integration_instructions

Closed Ecosystems

Limited API access creates vendor lock-in. Data export is restricted and integrations require expensive custom work.

update

Regulation Is Tightening

NIS2, DORA, and the EU Data Act raise the bar for data governance and portability. Platforms that aren't ready now will create gaps.

European compliance built in, not bolted on

Every layer — hosting, APIs, audit trails, access control — is European by default.

lock

Step 01

EU-Native Hosting

100% EU-hosted. Data never leaves European jurisdiction. Immune to the U.S. CLOUD Act.

api

Step 02

Open REST/GraphQL APIs

Full API access to your stack. Connect to any LMS, CRM, or accounting system. Data always exportable.

history

Step 03

Immutable Audit Trails

Every action recorded in an immutable audit trail. Full provenance for regulatory review.

admin_panel_settings

Step 04

RBAC with Regional e-ID

Granular permissions at organisation, department, and role level. SSO + BankID + FTN + regional e-ID.

EU regulations: what's coming

CompetenceFlow addresses these requirements by architecture, not as add-ons.

Regulation
Timeline
Key Requirements
CompetenceFlow Response

NIS2 Directive

Effective 2024
Supply-chain security, incident reporting, risk management for essential/important entities
Immutable audit trails, incident logging, RBAC enforcement

DORA

Effective 2025
ICT risk management, digital operational resilience, third-party risk oversight
EU-native hosting, full data portability, transparent SLA

EU Data Act

2025–2027
Data portability, interoperability, fair access, switching rights
Open APIs, standard data export, no vendor lock-in

Compliance by region

Region-specific compliance, identity, and integrations — covered.

N

Nordics

Identity

Swedish BankID, Norwegian BankID, Finnish Trust Network (FTN)

Finance Integration

Visma (Netvisor, Tripletex, e-conomic) • Fortnox

Credential Registers

Taitorekisteri (Finland) • SSG Skillnation • ID06

D

DACH

Compliance

GoBD-compliant audit trails • BSI C5 ready • AZAV workflow support

Finance Integration

DATEV • SKR03/04 • ZUGFeRD e-invoicing

Data Governance

Immutable journal entries • Full provenance chain

F

France

Cloud Standard

SecNumCloud alignment • EU-hosted infrastructure

Quality Framework

Qualiopi audit-ready workflows • Evidence trail generation

E-Invoicing

Factur-X • Peppol • Machine-readable formats

lock_open Transparency & Portability

Transparent SaaS. Your data is always yours.

No hidden costs. No vendor lock-in. Full data export at any time. Annual contracts with a standard exit clause.

See Pricing arrow_forward

Open APIs. No lock-in.

Full access to your data. Connect to any system in your stack.

api

CompetenceFlow API

v2 • REST • GraphQL

REST GraphQL JSON-native Webhooks OAuth 2.0
GET /api/v2/sessions
POST /api/v2/credentials/export
GQL /graphql — full query access

JSON-native • OAuth 2.0 • Webhook support • Full data export in JSON/CSV

Data Export

Full — anytime

No-Code Builder

Drag-and-drop connectors

Vendor Lock-in

Zero

Common Questions

Answers to the concerns we hear most from training providers evaluating a platform change.

A platform your compliance
team can approve.

Built by a team in Finland. Hosted in Europe. Compliant with European regulation. See it in action.

Request Demo European Foundation