BETA · GateTest is in active polish ahead of public launch. Some flows are rough. Found a bug? hello@gatetest.ai — we're reading every message.
EUCountry-specific compliance

GateTest for European Union

GDPR is the floor. NIS2 widened the scope to thousands more 'essential' and 'important' entities in 2024. DORA hit financial entities in January 2025. GateTest's 91 modules cover the technical-control evidence each one asks for, without forcing a tool sprawl.

Run a scan — from $29See compliance modules

What devs in European Union build with

Stack and host shapes we see across the European Union dev market — GateTest is tuned for all of them.

Popular stack
Next.jsTypeScriptPostgresStripeNode.js
Popular hosts
HetznerVercel (eu region)AWS Frankfurt (eu-central-1)

The 3 modules most relevant in European Union

Every European Union scan runs all 91 modules — these three are the highest-signal for GDPR + NIS2 + DORA.

logPiiSecurity

Credentials, tokens, request bodies and sensitive identifiers logged in plaintext.

envVarsSecurity

Cross-references .env.example with process.env reads. Flags NEXT_PUBLIC_* / VITE_* client-bundled keys.

secretsSecurity

AWS keys, GitHub tokens, Stripe keys, passwords, private keys, DB strings — caught before commit.

GDPR + NIS2 + DORA — what GateTest catches

Each bullet ties a real GateTest module to a specific clause in the European Union compliance landscape. Official source →

secrets
GDPR Article 32 — appropriate technical measures

Hardcoded credentials are the single most common Article 32 failure cited in DPA notices. secrets module catches AKIA / ASIA / GitHub PAT / Stripe live / Slack / Anthropic / private-key shapes pre-commit.

logPii
GDPR Article 5(1)(f) — confidentiality

logPii blocks the PII-into-logs class — bare logger calls with password/token/jwt/req.body, JSON.stringify(user), template-string interpolation of sensitive identifiers.

dependencies
NIS2 Article 21 — risk-management measures

dependencies scans npm / pip / go.mod / Cargo / Bundler / Composer / Maven / Gradle and flags wildcards, deprecated packages, missing lockfiles — directly supports the supply-chain measures NIS2 requires.

tlsSecurity
DORA Article 9 — ICT risk management

tlsSecurity flags rejectUnauthorized: false, NODE_TLS_REJECT_UNAUTHORIZED=0, verify=False (Python) — the MITM-shipping pattern DORA explicitly calls out.

envVars
GDPR Article 25 — data-protection by design

envVars flags NEXT_PUBLIC_* / VITE_* / REACT_APP_* prefixes that bundle secrets into client JS, plus declared-but-unused env vars that signal abandoned configuration.

Honest limitations

GateTest is a code-quality + security scanner — not a SOC 2 / HIPAA / ISO auditor. We catch the technical findings auditors look for, but the audit itself needs a qualified human assessor.

  • ·Data-residency in the EU is a host-level concern — Vercel, AWS and Cloudflare all offer EU-only regions; GateTest doesn't verify your deployment region.
  • ·Member-state implementations of NIS2 differ on penalties and timelines; check your national transposition.

Who hires GateTest in European Union

Berlin SaaS preparing for a DPA audit after a customer DPIA request
Dutch fintech inside DORA's January 2025 scope expansion
Paris e-commerce shop needing CNIL-defensible technical controls

Pricing

Starting at $29 USD — paid via Stripe in your local currency.

Quick
$29
4 modules
Full
$99
All 91 modules
Scan + Fix
$199
+ AI auto-fix PR
Forensic
$399
+ pair review + exec summary
CLI is MIT-licensedAvailable on GitHub Marketplace soon

Try it on your own repo

$29 Quick scan, no signup. Pay only when results land.

Run a European Union scan — $29