P PQC Auditor
en pl de

Pricing

Fixed-fee tiers. No hidden retainers. Annual MONITOR add-on available after the first audit.

DEMO
Free

Public surface scan of a single domain. Lead magnet. Not an audit.

Start audit
STARTER
€299

Single-domain audit with executive PDF. For small SaaS not yet under DORA scope.

Start audit
BASIC
€799

Up to five domains. Executive plus technical PDF. NIS2 Art. 21(2)(f) framing.

Start audit
PROFESSIONAL
€1990

Up to ten domains. NIS2 + GDPR Art. 32 framing. Operator-reviewed.

Start audit
Most chosen for KNF / BaFin entities
FINTECH
€4990

Up to twenty domains. Full DORA Art. 9-10 traceability, EBA/GL/2025/02 compatibility, KNF Rekomendacja D / BaFin BAIT cross-references. Money-back guarantee. Five business days.

Start audit
ENTERPRISE
From €9990

Group / holding structures, custom scope, on-site briefing. Contact us with your RFP.

Start audit
Add-on
MONITOR (add-on)
€99 / month

Continuous certificate-expiry and PQC-readiness monitoring after the first audit. Cancel any time.

Add-on
COMPLIANCE ANNUAL
€2990 / year

Annual re-audit at locked-in pricing. Recommended for DORA-supervised entities.

Money-back guarantee

If the final report contains fewer than three actionable findings rated CRITICAL, HIGH or MEDIUM (excluding INSUFFICIENT_DATA fallbacks), we refund the full €4990. Our reasoning is simple: if a regulated fintech in 2026 has fewer than three actionable PQC findings, your environment is genuinely ready and you should not have paid us.

Frequently asked questions

Is your audit recognised by KNF / UKNF for DORA Article 9 evidence? +

Our deliverable maps each finding to DORA Articles 9 and 10 and to NIST FIPS 203, 204 and 205. It is compatible with EBA Guidelines on ICT and Security Risk Management (EBA/GL/2025/02) and the KNF Rekomendacja D format. Final regulatory acceptance is, as always, the supervisor's prerogative; our role is to provide the audit trail.

What is your relationship to NIST and ENISA? +

We do not certify on behalf of NIST or ENISA. We apply the published FIPS 203, FIPS 204 and FIPS 205 standards (effective 14 August 2024) and the ENISA Post-Quantum Cryptography current-state guidance to your environment, with citations in every finding.

How is this different from a SandboxAQ AQtive Guard subscription? +

SandboxAQ is a continuous monitoring product. We are a one-shot, fixed-fee audit producing an examiner-ready PDF. Many clients run both: AQtive for posture, us for the regulatory audit deliverable.

Why do you offer a money-back guarantee? +

Because if a fintech in 2026 has fewer than three actionable PQC findings, your environment is genuinely ready and you should not have paid us in the first place.

Can the deliverable be in Polish or German? +

Yes. Executive summary and technical body are available in English, Polish, German and Russian. Both versions are signed and dated. Default is English; specify another language in the intake form.