Built on Microsoft 365 · Your tenant · Your data

Enterprise compliance.
Inside your
Microsoft 365.

Stop managing EU regulatory obligations in spreadsheets. ProdComply deploys a fully digitised, enterprise-grade product compliance platform directly inside your existing SharePoint environment — tailored to your product portfolio, owned by you, hosted by you. Forever.

Book a Free Call Explore Platform →
No new software to procure or licence
Runs on SharePoint your IT already approved
Your existing Microsoft DPA covers everything
Tailored to your exact product portfolio
Deployed and live in 8 weeks
ProdComply · Portfolio Dashboard
SharePoint · Live
PRODUCTS
14
8 Mfr · 6 Dist
⚡ SEP 2026
11/14
3 pending action
PROGRESS
43%
Dec 2027 readiness
NB REQUIRED
3
Class II · Notified Body
Product Gate Pipeline
Microsoft Graph · Owners live
Gate 1
Wearable ECG Patch
Mfr Default
8%
Gate 2
Patient Monitor Pro X
Mfr Class II
32% · NB req.
Smart Infusion Pump v4
Mfr Class II
28%
Gate 3
Surgical Robot Module
Mfr Class II
54% · NB pending
Lab Analyser Unit
Dist Default
72%
Gate 4
Vital Signs Monitor v2
Dist
88% · ⚡ Ready
Portable Ultrasound G2
Dist
91% · ⚡ Ready
Gate 5
Glucose Sensor Gen.2
100% ✓
⚡ Sep 2026 Readiness
Vital Signs Monitor v2
✓ Ready
Portable Ultrasound G2
✓ Ready
Patient Monitor Pro X
SBOM pending
Smart Infusion Pump v4
SRP missing
Automated Reminders
Power Automate
7-day target date reminder
Email to responsible owner · 3 sent today
Active
Overdue escalation
Escalates to Compliance Lead
Active
Sep 2026 monthly countdown
All owners · 20th of each month
Active
153
11 Sep 2026 CRA Art.14 — SBOM + active vulnerability reporting mandatory for all connected products on EU market
608
11 Dec 2027 CRA full enforcement — CE marking, technical file, EU DoC, CVD policy, 10-year security updates
⚠️
Fines up to €15,000,000 or 2.5% of global annual turnover — per Regulation (EU) 2024/2847 Art. 64
The Platform
Enterprise compliance.
Built on what you already own.
A purpose-built compliance management application deployed directly inside your Microsoft 365 SharePoint environment — configured for your exact regulatory obligations and product portfolio.
📊
No more Excel. No more shared drives. No more version confusion.
Most manufacturers track EU regulatory obligations across fragmented spreadsheets, email chains, and shared drives — no version control, no audit trail, no real-time visibility, one person editing at a time, evidence lost in inboxes. ProdComply replaces all of that with a live collaborative enterprise application on infrastructure your organisation already owns, already trusts, and already pays for.
🔒 Zero third-party risk. Nothing leaves your Microsoft 365 tenant.

Your existing DPA

You already have a data processing agreement with Microsoft. No new DPA negotiation. No legal review. Nothing to sign with a new vendor.

Backup by Microsoft

90-day recycle bin. Geo-redundant storage. Full version history on every list item and document. Microsoft's enterprise SLA covers everything.

IT already approved it

Your IT organisation already audited and approved SharePoint. No new security review. No penetration test. No vendor questionnaire to complete.

GDPR by default

Microsoft handles all data residency and GDPR obligations. Your compliance data stays within your chosen EU region automatically.

SSO + MFA inherited

Microsoft Entra ID authentication, MFA, and conditional access policies apply automatically. No separate identity or access management needed.

No vendor lock-in. Ever.

All data lives in standard SharePoint lists in your own tenant. If you ever stop using ProdComply — your compliance data stays yours permanently. No export fees. No hostage data.

🎯

Regulatory Applicability Engine

A structured product vetting questionnaire automatically determines which EU regulations apply to each product — CRA risk class, Data Act scope, NIS 2 supply chain obligations, IEC 62443-4-1 applicability — before a single obligation is tracked.

🏗️

Gate-Based Evidence Tracking

Every regulatory obligation mapped to the exact development gate where it must be addressed. Evidence requirements appear at precisely the right stage — compliance embedded into how your product teams already work, not running in parallel.

👥

Microsoft Graph Owner Assignment

Evidence ownership assigned via live Microsoft Graph directory integration. Real names, real roles, real departments — pulled directly from your company directory. No manual lists. No stale data when people change roles.

🔔

Power Automate Reminders

Configurable automated email reminders before target dates. Overdue escalation workflows. Sep 2026 monthly countdown to all product owners. Zero manual chasing — the platform manages the follow-up automatically.

⚠️

Art. 22 Modification Detection

Automatic legal warning when a third-party product integration is detected as a substantial modification under CRA Art. 22 — role flips to Manufacturer, conformity obligations reset, new compliance programme initiated automatically.

📊

Real-Time Management Dashboard

Board-level portfolio compliance view. Sep 2026 readiness per product. Overdue obligation count. Class II NB assessment status. Evidence completion trends. No status meetings needed — leadership visibility without asking anyone.

Platform Showcase
See it in action.
Every screen running natively inside Microsoft 365 SharePoint — no external hosting, no third-party login, no data leaving your tenant.
Portfolio Dashboard — Real-time visibility across your entire product range
Gate pipeline · KPI tiles · Sep 2026 readiness · Dec 2027 progress · Power Automate reminders · Microsoft Graph owner integration · Overdue escalations
Screen 01 · Dashboard
ProdComply Dashboard
Product Compliance Journey — Every CRA obligation per product, gate by gate
Class II · Notified Body mandatory warning · Evidence per obligation with Annex references · Owner assignment · Target dates · Sep 2026 critical items · Vuln handling lifecycle
Screen 02 · Product Journey
ProdComply Product Journey
Evidence Capture — Microsoft Graph + Power Automate
Live people search from company directory · Automated reminders · Target dates · Evidence link · Annex citation
Evidence Modal
Art. 22 Substantial Modification Detection
Automatic legal warning when third-party integration triggers Manufacturer role · Evidence reset · New product created instantly
Substantial Modification
Regulatory Coverage
The full EU product
regulatory stack. One platform.
ProdComply covers every regulation that applies to connected hardware products placed on the EU market — from product design through end of life.
REGULATION (EU) 2024/2847 · IN FORCE 10 DEC 2024
EU Cyber Resilience Act
⚡ Sep 2026 · Dec 2027
Mandatory cybersecurity requirements for all hardware and software products with digital elements placed on the EU market. Applies to Manufacturers, Importers, and Distributors regardless of where they are established.
SBOM in machine-readable format (CycloneDX/SPDX) — Sep 2026
Art. 14 active vulnerability reporting: 24h early warning → 72h notification → 14-day final report to national CSIRT — Sep 2026
13 essential cybersecurity requirements (Annex I Part I) — Dec 2027
CVD policy, 8 vulnerability handling obligations (Annex I Part II) — Dec 2027
Technical File (Annex VII), EU DoC, CE marking, 5-year support period declaration — Dec 2027
Class II products: Notified Body assessment mandatory — Module B+C or H
Art. 22: Substantial modification resets full Manufacturer obligations
DIRECTIVE (EU) 2022/2555 · IN FORCE 18 OCT 2024
NIS 2 Directive — Supply Chain
Active · Customer-driven urgency
Under Art. 21(2)(d), Essential and Important Entities — energy operators, grid operators, hospitals, transport authorities — are legally required to assess and manage cybersecurity risks across their entire supply chain. This creates a binding compliance flow-down to their product suppliers and system integrators.
NIS 2-regulated customers require documented secure development lifecycle evidence from product suppliers
Procurement contracts increasingly mandate IEC 62443-4-1 ML2 as minimum supplier requirement
ProdComply generates exportable NIS 2 supplier security profiles per product for procurement questionnaires
SBOM availability per product required for supply chain vulnerability management under NIS 2
Penalties for Essential Entities: up to €10M or 2% of global turnover — driving urgent supplier qualification
REGULATION (EU) 2023/2854 · APPLICABLE 12 SEP 2025
EU Data Act
In force · Products from Sep 2026
Mandates that manufacturers of connected products design and build products so that data generated by the product is accessible to users in real-time, machine-readable, and shareable with third parties under FRAND terms. Applies to all connected hardware placed on the EU market.
Data access by design (Art. 3-4): products must be designed so users can access generated data easily, securely, and free of charge
Pre-contractual transparency (Art. 3): disclosure of data types, access mechanisms, and sharing conditions before purchase
Data sharing on request (Art. 5): make product data available to third parties designated by users under FRAND terms
API specifications and data format documentation maintained and available
Data access obligations for new products placed on market from 12 September 2026
IEC 62443-4-1 · INTERNATIONAL STANDARD · CRA CONFORMITY PREREQUISITE
IEC 62443-4-1 Secure Development Lifecycle
Contract-driven · CRA prerequisite
Defines Secure Development Lifecycle (SDL) process requirements for manufacturers of products used in Industrial Automation and Control Systems. Increasingly required by contract from NIS 2-regulated customers and as a prerequisite for CRA Notified Body assessment of Class I and II products.
8 Security Practices: Security Management · Security Requirements · Secure Design · Secure Implementation · Verification & Validation · Issue Management · Update Management · Security Documentation
ML2 (Managed): documented, repeatable SDL processes — minimum for CRA Class I conformity and most NIS 2 customer contracts
ML3 (Defined): standardised organisational process — required for SDLA certification via TÜV SÜD, UL Solutions, Bureau Veritas
ProdComply tracks maturity level progression per practice with evidence attached per requirement — audit-ready SDLA dossier
Built for Every Stakeholder
Every team. One platform.
Everyone sees what they need.
ProdComply is not a tool for one function. It connects product, security, legal, quality, and leadership around a single compliance source of truth — all inside Microsoft 365.
Product
Product Manager / Portfolio Lead
  • Full portfolio view across all development gates
  • Sep 2026 and Dec 2027 readiness per product
  • Regulatory class determined automatically per product
  • Management dashboard ready for board reporting
  • No compliance expertise required to operate the system
Security
Cybersecurity / Product Security
  • Full evidence tracking per CRA and IEC 62443-4-1 obligation
  • SBOM management and version control per product
  • Art. 14 SRP runbook and CSIRT reporting workflow
  • CVD policy status, vulnerability tracking, resolution
  • IEC 62443-4-1 practice evidence per requirement and ML level
Legal
Legal / Regulatory Affairs
  • Conformity assessment route per product (Module A / B+C / H)
  • Notified Body engagement tracking and status
  • EU Declaration of Conformity preparation workflow
  • Art. 22 substantial modification detection and legal warning
  • Data Act disclosure documentation and FRAND policy tracking
Quality
Quality Assurance / Regulatory Affairs
  • IEC 62443-4-1 ML2 audit dossier — ready for SDLA certification
  • Test evidence per security verification and validation requirement
  • Harmonised standard applicability per product
  • Certification body engagement records and status
  • Annex VII technical documentation completeness tracking
Integration
System Integrators / Solution Architects
  • NIS 2 supply chain compliance package per integrated product
  • Exportable supplier security profiles for Art. 21(2)(d) questionnaires
  • CRA conformity status per component in integrated solution
  • Substantial modification risk assessment for integration scenarios
  • SBOM per component for supply chain vulnerability management
Leadership
C-Suite / Board
  • Single portfolio compliance dashboard — no manual aggregation
  • Sep 2026 critical obligations RAG status at a glance
  • Regulatory fine exposure per non-compliant product
  • Management reporting without asking the team for updates
  • Audit-ready evidence trail for market authority inspections
How It Works
From gap to compliant
in 8 weeks.
A structured 8-week engagement — from regulatory applicability assessment through to a live, fully configured compliance platform running inside your Microsoft 365 environment.
01 · WEEKS 1-2

Regulatory Assessment

We classify every product in your portfolio. Manufacturer vs Distributor role. CRA risk class per Implementing Regulation 2025/2392. Data Act scope. IEC 62443-4-1 applicability. NIS 2 supply chain exposure. Sep 2026 vs Dec 2027 gap analysis. Written management report with remediation roadmap.

02 · WEEKS 3-5

Platform Deployment

ProdComply deployed directly on your SharePoint tenant. All products configured with their specific obligation sets. Microsoft Graph owner integration live. Power Automate reminder workflows activated. Management dashboard operational. No IT procurement. No security review. No new vendor.

03 · WEEKS 6-7

Evidence Sprint

Sep 2026 critical obligations prioritised. SBOM strategy and tooling guidance. CVD policy drafting support. Art. 14 SRP runbook creation. Supplier conformance templates. IEC 62443-4-1 ML2 evidence framework configured. NIS 2 supplier security profile template finalised.

04 · WEEK 8

Handover & Training

Product owner training workshop. Management dashboard walkthrough. Administrator and governance training. Power Automate reminder configuration handover. Full documentation package. Your team is fully autonomous at handover — no ongoing consultant dependency.

Everything deployed on your infrastructure. Owned by you permanently.
No annual licence fees. No ongoing subscription. No data hosted externally. Your compliance programme is a Microsoft 365 application that belongs to your organisation — today, next year, and in 2030 when the next regulation arrives.
Start Your Assessment →
Get Started
Sep 2026 is
153 days away.
Book a free 30-minute call. We will assess your product portfolio against the CRA Sep 2026 obligations and tell you exactly where your gaps are — no commitment required.
raed.kakish@prodcomply.com Explore Platform
No sales pitch. No commitment. Just clarity on your compliance gaps and a clear path forward.