scrive logo
Try for free
Home/Extended Compliance

Extended Compliance: An EU solution for European companies

This solution isn’t only for organisations in highly regulated industries, it’s for anyone looking for a solution that keeps their data secure for the foreseeable future. Scrive EC (Extended Compliance) ensures digital sovereignty for your digital transactions, to avoid foreign jurisdiction risks, by solely utilising data hosting owned and operated within Europe.

Contact usWhy Scrive

QTSP for qualified electronic signatures

ISO 27001

 

EU data hosting

 

DORA

 

Benefits of Extended Compliance

EU-only data hosting
All Scrive EC services are hosted within the EU at all times, helping you avoid regulatory uncertainty around cross-border data transfers.

Avoid exposure to US long-arm jurisdiction (E.g. CLOUD Act & FISA)
Scrive EC services are exclusively hosted on European-owned infrastructure, ensuring your data remains protected from potential U.S. surveillance or legal jurisdiction.

Compliant by design
Built for legal teams, DPOs and CISOs who demand clear, provable safeguards for privacy, security and compliance.

Enterprise-grade information security
Scrive maintains an ISO 27001 certification, protecting your data with industry best practices in access control, encryption, risk management, and continuous monitoring.

Built for European digital sovereignty

Data security’s importance cannot be overstated and recent world events have made more companies than ever realise that they need to go above and beyond in order to remain compliant and resilient.

Scrive EC (Extended Compliance) is a specialised deployment of the Scrive platform, offering e-signing and ID verification services that meet the highest standards of digital sovereignty and legal risk mitigation. It’s designed for organisations looking for a future proof solution, built not only for the needs of today but to prepare for the challenges of tomorrow. Scrive EC helps you avoid exposure to US data jurisdiction and ensure compliance with GDPR and eIDAS.

Key capabilities

With Scrive EC, you get the same core platform experience as with other Scrive solutions.

You get secure e-signing, ID verification with a set of predetermined eIDs and IDVs, qualified electronic signatures (QES) and full audit trails. All delivered through a specialised, compliance-first deployment designed for organisations with a low risk appetite who require that their data stays entirely within the EU.

E-signing & ID verification
Qualified Electronic Signatures (QES)
EU-only data hosting
GDPR, DORA & eIDAS alignment
Avoid US data jurisdiction
ISO 27001 certification
Local language support

Designed for peace of mind

Scrive EC provides you with confidence that your organisation is operating within a fully EU-governed legal and technical environment, reducing compliance risk and protecting your stakeholders. This may previously have been something primarily for the organisations with an especially low risk appetite, but that is no longer the case. With the growing uncertainty and volatility of modern politics, and therefore regulations & international relations, it’s essential for everyone to have a truly future-proof solution to protect their organisation.

With Scrive EC, you don’t have to choose between security and usability. You can meet user & customer expectations of a smooth, digital experience without ever sacrificing security or compliance in the process.

Trust built on compliance and security

As an EU-certified Qualified Trust Service Provider (QTSP) under eIDAS, Scrive is the ideal partner for those organisations who put a clear emphasis on security and regulatory compliance. We offer Qualified Electronic Signatures (QES), the highest level of e-signature available in the EU, with legal effect equal to a handwritten signature and built-in standardised validation across borders.

Compliance without compromise

Talk to our experts about how Scrive EC can help your organisation stay secure, compliant, and in control.

+44
Number of employees
Select country

Frequently Asked Questions (FAQ)

  • What makes Scrive EC different?

    While Scrive always makes use of data hosting within the EU, Scrive EC is hosted and operated exclusively by Europen owned infrastructure. This prevents exposure to the CLOUD Act, FISA, or similar foreign jurisdiction laws, keeping your data fully under EU protection and simplifying GDPR compliance.

  • Does Scrive EC still offer all the same features?

    With Scrive EC, you get the same core platform experience, e-signing, ID verification with a set of predetermined eIDs and IDVs, qualified electronic signatures, full audit trails, delivered through a specialised, compliance-first deployment designed for organisations with a low risk appetite who require that their data stays entirely within the EU.

  • What is the U.S. CLOUD Act, and why should I care?

    The CLOUD Act allows U.S. authorities to request data from U.S.-based or owned companies, regardless of where that data is stored. If your digital service provider is subject to U.S. law, there’s a chance your data could be subject to U.S. legal requests and accessed without your knowledge, even if it never leaves the EU.

  • What is FISA, and how does it differ from the CLOUD Act?

    FISA (specifically Section 702) enables U.S. intelligence agencies to collect data for surveillance purposes from non-U.S. persons. Unlike the CLOUD Act, which involves formal legal requests, FISA surveillance is typically secretive and doesn’t require a warrant, raising major concerns for GDPR compliance.

  • Are European organisations really at risk from these laws?

    Yes. EU courts and regulators have acknowledged that U.S. law can conflict with European data protection rights. The Schrems II decision made it clear that using U.S.-controlled services can expose EU data to foreign access risks, even as to data stored in Europe.

  • Are non-U.S. cloud providers subject to the CLOUD Act?

    The CLOUD Act specifically targets U.S.-based companies and their subsidiaries. Non-U.S. cloud providers without ties to the U.S. are generally not subject to the CLOUD Act. However, it’s essential to assess each provider’s legal obligations and potential exposure to foreign laws.​

  • What measures can EU organisations take to protect their data from U.S. surveillance laws?

    EU organisations can consider using cloud services provided by companies headquartered within the EU that do not have legal obligations to the U.S. Additionally, implementing robust encryption and data protection measures can help safeguard data.​

  • Has the Schrems II decision impacted the relevance of the CLOUD Act and FISA for EU data protection?

    Yes, the Schrems II decision invalidated the Privacy Shield framework, highlighting concerns about U.S. surveillance practices and their incompatibility with EU data protection standards. This has increased scrutiny on the use of U.S. controlled data hosting (even on EU soil) and the applicability of laws like the CLOUD Act and FISA.

  • Are there any ongoing efforts to address the conflicts between U.S. surveillance laws and EU data protection regulations?

    In 2023, the US and EU agreed on a third framework for Trans-Atlantic data sharing with the aim of bridging the gap between US and EU data protection standards (the EU-U.S. Data Privacy Framework). However, uncertainty still remains on the long-term viability of this third attempt and the dismantling of the PCLOB increased the likelihood of a “Schrems III” decision from the Court of Justice of the European Union.