EU-sovereign · Hetzner Frankfurt · GDPR-native

Prove software control.
Pass the audit.

EagleEye is the governance platform for EU mid-market organizations that need to prove control of their software, browser extensions, and AI tooling — with a legally defensible audit trail for NIS2, DORA, and TISAX.

Request a demo See features
Hetzner Frankfurt · DE data residency GDPR Article 28 compliant NIS2 · DORA · TISAX ready SOC 2 roadmap · ISO 27001 mapping

Your auditor will ask what software runs on your endpoints. Can you answer?

NIS2, DORA, TISAX, and ISO 27001 all require evidence of software control — not just a policy document, but a defensible record of every install, approval decision, and policy enforcement action. Most IT teams cannot produce this on demand.

No audit trail

Software installs happen without approval records. When an auditor asks who approved this and when, no one has an answer.

Shadow software everywhere

Browser extensions, AI tools, IDE plugins, MCP servers — none of it shows up in Intune or your EDR, but all of it is in scope for NIS2 Article 21.

Compliance evidence is manual

Export season means weeks of spreadsheet consolidation. NIS2 gives you 24 hours to report. DORA requires continuous evidence, not quarterly snapshots.

One control plane. Full governance loop.

Discover every piece of software on every endpoint, apply approval workflows, enforce policy, and export audit evidence — in one system.

01

Discover

Agent collects all software, extensions, AI tools, MCP servers, and IDE plugins from Windows, macOS, and Linux endpoints.

02

Classify

Automatic risk scoring against NVD CVE database, CISA KEV, and VirusTotal. AI-generated plain-English risk summaries for approvers.

03

Govern

Policy engine routes items to approval queues. Approvers see risk context, alternatives, and permission analysis inline.

04

Prove

Append-only audit log records every state change. One-click export to CSV, JSON, CycloneDX SBOM, or compliance framework PDF.

What EagleEye covers

Software inventory

All desktop applications across Windows, macOS, and Linux — including store apps, portable executables, and system packages. Real-time detection within seconds of install.

Browser extensions

Chrome, Edge, and Firefox extension governance. Permission analysis, host access scoring, and the same approval workflow as desktop software.

AI tool governance

Claude Desktop, Cursor, VS Code MCP servers, IDE plugins — catalogued, risk-scored, and subject to the same approval policy as any other software.

Vulnerability enrichment

NVD CVE + CISA KEV + OSV + VirusTotal. Exact version-accurate matching — no false positives from keyword search.

Approval workflows

Role-based queues, inline risk context, ServiceNow and Jira Service Management integration, automated ITSM ticket sync.

Compliance evidence

ISO 27001 Annex A.8, NIS2 Article 21, SOC 2 CC6, DORA, TISAX control mapping. PDF reports and one-click evidence packs for auditors.

SIEM forwarding

Syslog/CEF, Splunk HEC, Microsoft Sentinel, Elastic, Datadog, and any generic HTTP endpoint. Every policy event is SIEM-ready.

SBOM export

CycloneDX 1.6 and SPDX 2.3 JSON exports — per device or org-wide. Required by EU Cyber Resilience Act and many enterprise procurement teams.

Built for Europe

Why EU mid-market teams choose EagleEye

US-based governance tools were built for US compliance frameworks. EagleEye was designed from day one for the NIS2, DORA, TISAX, and KRITIS requirements that regulated EU organizations actually face.

  • EU data residency — All data processed and stored on Hetzner servers in Frankfurt, Germany. No transatlantic transfers. GDPR-native architecture.
  • Framework-native evidence — Evidence exports are formatted for NIS2 Article 21, DORA ICT third-party risk, TISAX AL2/AL3, and ISO 27001 Annex A.8 — not generic spreadsheets.
  • Database-level tenant isolation — PostgreSQL Row Level Security enforces tenant boundaries at the DB layer — a bug in application code cannot expose your data to another customer.
  • Designed for auditors, not engineers — Every output is readable by a BSI-certified auditor, not just a developer. The audit trail is a legal document, not a log file.
Compliance frameworks covered
NIS2 Article 21 — ICT supply chain risk, software governance controls
DORA ICT third-party risk register, asset inventory, incident evidence
TISAX VDA ISA AL2/AL3 — information security assessment evidence
ISO 27001 Annex A.8 — asset management, access control evidence
SOC 2 CC6 — logical and physical access controls (roadmap)
EU AI Act High-risk AI system inventory, GPAI model tracking

Ready to show your auditor the evidence?

Request a live demo. We will walk through your specific framework requirements and show you exactly what evidence EagleEye produces.

Request a demo See pricing →