FRAMEWORK .legal | D-Seal Framework

Book a Demo
Screenshot from the .legal platform showing the D-seal structure
+400 companies use .legal
Region Sjælland
Aarhus Universitet
aj_vaccines_logo
Realdania
Right People
IO Gates
PLO
Finans Danmark
geia-food
Vestforbrænding
Evida
Klasselotteriet
NRGI1
BLUE WATER SHIPPING
Karnov
Ingvard Christensen
VP Securities
AH Industries
Lægeforeningen
InMobile
AK Nygart
ARP Hansen
DEIF
DMJX
Axel logo
qUINT Logo
KAUFMANN (1)
SMILfonden-logo
kurhotel_skodsborg
nemlig.com
Molecule Consultancy
Novicell
Illustration showing the D-seal framework in the .legal platform

D-SEAL FRAMEWORK A complete framework for IT security and responsible data use

D-Seal (D-mærket) is Denmark's certification scheme for IT security and responsible data use – the first of its kind in the world to combine both disciplines in a single certification. We have mapped all eight criteria into a clear, action-oriented framework with automated compliance tracking and integration with your existing security standards.

  • Complete D-Seal framework covering all 8 certification criteria
  • Tailored to your company group (I–IV) – only see the requirements that apply to you
  • Real-time compliance tracking shows exactly where you stand with D-Seal
  • Reuses existing ISO 27001, NIS2 and GDPR tasks – avoid duplicate work

D-Seal Framework D-Seal's Eight Criteria:

Our D-Seal Framework covers the full certification, structured around eight criteria – four mandatory for all companies, and four conditional based on your business activities.

  • Hvid ISMS

    1. Management Governance & Leadership Anchoring (Mandatory)

    Ensure IT security and responsible data use are anchored at management level with clear policies, roles, responsibilities and risk management processes.

  • Hvid ISMS

    2. Security Awareness & Safe Behaviour (Mandatory)

    Establish a culture of security awareness through training, guidelines and ongoing employee engagement to reduce human-factor risks.

  • Hvid ISMS

    3. Technical IT Security (Mandatory)

    Implement appropriate technical security measures including access control, network security, encryption, logging, patch management and incident response.
  • Hvid ISMS

    4. Data Transparency & Control (Mandatory)

    Ensure transparency about data collection, processing and sharing. Provide individuals with control over their personal data in line with GDPR and beyond.
  • Hvid ISMS

    5. Vendor IT Security Requirements (Conditional)

    If you use vendors for personal or business-critical data processing, ensure they meet adequate IT security and responsible data use standards.
  • Hvid ISMS

    6. Privacy & Security by Design and Default (Conditional)

    If you develop software, build privacy and security into the development lifecycle from the outset – not as an afterthought.
  • Hvid ISMS

    7. Reliable Algorithms & AI (Conditional)

    If you develop or use algorithms or AI, ensure they are transparent, fair, explainable and subject to appropriate human oversight.
  • Hvid ISMS

    8. Data Ethics (Conditional)

    Establish and communicate a data ethics policy addressing responsible data use beyond legal requirements – primarily applicable to Groups II–IV.
DORA covered financial entities including banks, insurance companies, investment firms, payment institutions, crypto-asset service providers and ICT third-party providers

D-SEAL FRAMEWORK Tailor your D-Seal compliance strategy

D-Seal is available to any Danish company with a CVR number, but requirements are proportionate to your size and complexity. The certification groups your company into one of four categories:

How to design your D-Seal framework: 

  • Determine your company group (I–IV) based on employees and revenue
  • Identify which conditional criteria apply to your business activities
  • Focus on areas where you have gaps – leverage existing compliance work
  • Complete the self-assessment and prepare documentation for audit
D-maerket-logo-inkl.-byline

D-Seal Framework Who Can Get D-Seal Certified?

Any company with a Danish CVR number can pursue D-Seal certification, from small consultancies to large financial institutions. Companies are categorised into four groups based on size:

  • Group I: 0–9 employees, revenue up to DKK 7.9 million – small service and consulting firms

  • Group II: 10–49 employees, revenue DKK 8–155.9 million – small manufacturers, local utilities

  • Group III: 50–249 employees, revenue DKK 156–313 million – regional utilities, larger manufacturers

  • Group IV: 250–999 employees, revenue over DKK 313 million – national enterprises, financial institutions

Certification process: Self-assessment → Audit request → Auditor review → Certification → Annual renewal. Valid for one year.

DORA framework integration with ISO 27001, NIS2, GDPR and EBA guidelines showing overlapping compliance requirements

D-SEAL FRAMEWORK Leverage synergies with existing compliance frameworks

D-Seal is built on internationally recognised standards and aligns closely with frameworks you may already be working with. Leverage your existing compliance investments:

Framework Synergies:

  • Existing security controls satisfy multiple D-Seal criteria simultaneously
  • Documentation and processes can be reused across frameworks
  • D-Seal explicitly aligns with NIS2 requirements through a dedicated module
  • ISO 27001 certification simplifies the D-Seal self-assessment significantly
arrow-right-white Read more about Frameworks

Examples of overlapping frameworks:

  • ISO 27001

    Information security management and risk assessment processes map directly to D-Seal's management governance and technical IT security criteria. Existing ISO 27001 certification simplifies the self-assessment considerably.
    Go to framework

  • NIS2

    D-Seal offers a dedicated NIS2 module that adds seven additional requirement areas including incident management, cryptographic safeguards, network segmentation and resilience testing.
    Go to framework

  • GDPR

    D-Seal's data transparency and control criteria extend beyond GDPR into data ethics and responsible data use. Existing GDPR compliance provides a strong foundation for meeting D-Seal requirements.
    Go to framework

Our Customers

+400

companies

+10.000

users

+79.000

contracts

+14.000

processing activities

Bech Bruun

Bech-Bruun

Mikkel Friis Rossa (Partner)

.legal's team has consistently demonstrated a commitment to innovation while being responsive to the needs of our mutual clients.

Rasmus-boutrup-fenerum

Fenerum

Rasmus Boutrup (Financial Controller)

Case Study
With .legal, we've gained a simpler and more manageable solution that better suits our needs
Michael Berner 1

Lægeforeningen

Michael Berner (Lawyer)

.legal has been the right choice for us. .legal are professional and welcoming with skilled employees.
Nanna Rodian Christensen

Molecule Consultancy

Nanna Rodian Christensen (HR & Operational Manager)

Case Study
Firstly, it means that not all the work is in one place (me), and secondly, that the understanding of GDPR is implemented throughout the organisation.
Bech Bruun

Bech-Bruun

Mikkel Friis Rossa (Partner)

.legal's team has consistently demonstrated a commitment to innovation while being responsive to the needs of our mutual clients.

Rasmus-boutrup-fenerum

Fenerum

Rasmus Boutrup (Financial Controller)

Case Study
With .legal, we've gained a simpler and more manageable solution that better suits our needs
Michael Berner 1

Lægeforeningen

Michael Berner (Lawyer)

.legal has been the right choice for us. .legal are professional and welcoming with skilled employees.
Nanna Rodian Christensen

Molecule Consultancy

Nanna Rodian Christensen (HR & Operational Manager)

Case Study
Firstly, it means that not all the work is in one place (me), and secondly, that the understanding of GDPR is implemented throughout the organisation.
julie-oxenvad-novicell

Novicell

Julie Oxenvad (Legal Consultant)

Case Study
We are satisfied with the switch to .legal – it has strengthened our compliance work, made processes easier to manage and more transparent, and improved cross-team collaboration
Tinna Schultz

Min By Media

Tinna Schultz (HR Manager)

Case Study
It just works! It is so easy and user-friendly, and the overview of processing activities is brilliant.
ansat_Kaspar_Rochholz_005

DMJX

Kaspar Rochholz (GDPR Coordinator)

Case Study
.legal has really understood what it means to create a user-friendly and efficient solution. Privacy is an attractive product compared to price and functionality.
Profile-picture1

Axel Kaufmann ApS

Julie Lundkvist Andreasen (Lawyer and Head of Costumer Service)

Case Study
.legal continuously update the platform to ensure their customers always remain compliant. In our view, any other choice would be a downgrade.
julie-oxenvad-novicell

Novicell

Julie Oxenvad (Legal Consultant)

Case Study
We are satisfied with the switch to .legal – it has strengthened our compliance work, made processes easier to manage and more transparent, and improved cross-team collaboration
Tinna Schultz

Min By Media

Tinna Schultz (HR Manager)

Case Study
It just works! It is so easy and user-friendly, and the overview of processing activities is brilliant.
ansat_Kaspar_Rochholz_005

DMJX

Kaspar Rochholz (GDPR Coordinator)

Case Study
.legal has really understood what it means to create a user-friendly and efficient solution. Privacy is an attractive product compared to price and functionality.
Profile-picture1

Axel Kaufmann ApS

Julie Lundkvist Andreasen (Lawyer and Head of Costumer Service)

Case Study
.legal continuously update the platform to ensure their customers always remain compliant. In our view, any other choice would be a downgrade.

.legal Compliance Hub

Read all about .legals compliance on our compliance hub.

Frequently Asked Questions about D-Seal Certification

What is D-Seal (D-mærket)?

D-Seal is Denmark's certification scheme for IT security and responsible data use – the first of its kind in the world to combine both disciplines in a single certification. It is issued by an independent organisation backed by major Danish business associations including Dansk Erhverv, Dansk Industri and Forbrugerrådet Tænk.

Who can get D-Seal certified?

Any company with a Danish CVR number can pursue D-Seal certification, from small consultancies to large financial institutions. Companies are grouped into four categories (I–IV) based on number of employees and revenue, with proportionate requirements for each group.

What are the eight D-Seal criteria?

D-Seal has four mandatory criteria for all companies: (1) Management governance and leadership anchoring, (2) Security awareness and safe behaviour, (3) Technical IT security, and (4) Data transparency and control. Four conditional criteria apply based on business activities: (5) Vendor IT security requirements, (6) Privacy and Security by Design, (7) Reliable algorithms and AI, and (8) Data ethics.

How much does D-Seal certification cost?

Pricing depends on your company group: Group I (0–9 employees) costs DKK 5,000, Group II (10–49 employees) DKK 15,000, Group III (50–249 employees) DKK 37,000, and Group IV (250–999 employees) DKK 69,750. All prices exclude VAT. A NIS2 module is available for Groups III and IV at additional cost.

How does D-Seal relate to NIS2 and ISO 27001?

D-Seal aligns closely with both frameworks. It offers a dedicated NIS2 module adding seven additional requirement areas. Existing ISO 27001 certification significantly simplifies the D-Seal self-assessment process. D-Seal extends beyond these frameworks by also covering data ethics, AI reliability and responsible data use.

What is the D-Seal certification process?

The process has five steps: (1) Self-assessment to determine your group and applicable criteria, (2) Audit request with documentation submission, (3) Auditor review with dialogue-based assessment, (4) Certification and receipt of the D-Seal mark, and (5) Annual renewal. The certification is valid for one year.

+400 companies use .legal
Region Sjælland
Aarhus Universitet
aj_vaccines_logo
Realdania
Right People
IO Gates
PLO
Finans Danmark
geia-food
Vestforbrænding
Evida
Klasselotteriet
NRGI1
BLUE WATER SHIPPING
Karnov
Ingvard Christensen
VP Securities
AH Industries
Lægeforeningen
InMobile
AK Nygart
ARP Hansen
DEIF
DMJX
Axel logo
qUINT Logo
KAUFMANN (1)
SMILfonden-logo
kurhotel_skodsborg
nemlig.com
Molecule Consultancy
Novicell
Footer topswirl

Info

.legal A/S

hello@dotlegal.com
+45 7027 0127

VAT-no: DK40888888

Support

support@dotlegal.com
+45 7027 0127
Need help?

 

Office

Aarhus

Store Torv 14, 2.
8000 Aarhus C

We care about safety

Download our declarations

ISAE 3000

ISAE 3402

Modules

Let me help you get started

joa i blob
Reach out to me on phone
+45 7027 0127 and I'll get you started
arrow-right-white Get a demo

.legal is not a law firm and is therefore not under the supervision of the Bar Council.

Footer bottomswirl