Changelog

New Features

Dashboard

• Domain Health Row — three live status cards (Data Protection, Cybersecurity, Risk Management) appear above the dashboard tab switcher; clicking a card switches to the corresponding tab
• IAP KPI card — now shows the non-compliant member count, colour-coded (amber/red), with a direct link to IAP admin
• Needs Attention panel items deep-link directly to the individual task
• TIA “at risk” badge in the dashboard header — displays the count of non-authorised transfers or ”✓ All permitted”

Webhooks

• New Last delivery column in the webhooks table showing the most recent Svix attempt status and timestamp (success / pending / failed)

Enhancements

Design System

• Direction B design language applied across all modules — unified card shell, panel headers, table header typography, tab bar, and hover states (All Tasks, RPA, TIA, PIA, CSC, RM, IAP, Dashboard)
• Module Create buttons and empty-state CTAs migrated from DaisyUI to Shadcn <Button>
• ModuleBadge rewritten as a pure Tailwind component; rendered inline in All Tasks and the Dashboard task matrix
• Module page headings with record count pill added to RPA, TIA, PIA, RM, and IAP
• Comments redesign: single-column layout, hover-reveal edit/delete, Direction B typography
• IAP completion summary banner added above the course grid

Risk Management

• RM table header redesigned — replaced rotated VerticalHeader with a two-row grouped header (Raw Risk / Treatment / Target Risk / Current Risk) for improved readability

Cybersecurity Controls

• StatusesTable and SectionRail wrapped in a single Direction B card; SectionRail is hidden below the lg: breakpoint for better mobile usability

All Modules

• All table action columns standardised to icon-only buttons with aria-label (Tasks, RPA, TIA, PIA, RM, Members, Invitations, IAP admin, Webhooks)
• TIA country fields now display translated country names (previously rendered raw lowercase stored keys)
• AuditTimeline generic component wired to all modules (RPA, TIA, PIA, CSC, RM)

Accessibility (WCAG 2.1 AA)

• <html lang> attribute set from SSR locale on every page
• All Chart.js canvases wrapped in role="img" containers with descriptive aria-label
• Mobile sidebar (Drawer) rewritten as an accessible dialog: role="dialog", aria-modal, focus-on-open, Escape key, Tab focus trap, aria-hidden backdrop
• Dashboard tab bar wired with full ARIA tab pattern (tablist, tab, tabpanel)
• Notification bell aria-label is dynamic with unread count; badge carries aria-hidden
• Webhook form: events fieldset wrapped in <fieldset><legend>; inputs wired with aria-invalid, aria-describedby, and role="alert" error messages
• All icon-only buttons and interactive cards carry aria-label; active domain health cards carry aria-pressed
• External navigation links include a visually-hidden “(opens in new tab)” label
• Content text colour raised to meet 4.5
  contrast ratio across KPI strip, task analysis, risk analysis, and webhooks table

Billing

• Monthly / Annual billing toggle with a 20% discount on annual plans
  • Premium: €15.20/mo billed monthly · €182.40/yr billed annually
  • Ultimate: €39.20/mo billed monthly · €470.40/yr billed annually
• Annual billing stored on the subscription (isAnnual field); next invoice date advances 12 months instead of 1
• Payment card reflects the annual discount, shows “/yr” billing cycle and “Annual” badge
• Pricing page redesigned — “Most Popular” badge on Premium, plan descriptions, colour-coded feature checkmarks
• Post-request confirmation toast now shown in all 7 supported languages

Mobile & Responsive

• Teams table: overflow-x-auto inner wrapper added for horizontal scrolling on small screens
• Risk matrix chart: wrapped in overflow-x-auto to allow horizontal scrolling on mobile
• All Tasks toolbar: stacks vertically on mobile, aligns inline on lg:+
• Task filter dropdowns: flex-1 min-w-[150px] applied so selectors share width evenly on narrow viewports
• All remaining tables audited against the nested two-div overflow pattern

Translations & Internationalisation

• Italian, Japanese, and Portuguese added as fully supported locales — 880+ keys translated per language across all modules (Tasks, RPA, TIA, PIA, CSC, RM, IAP, Dashboard, Settings, Fleet, Auth)
• Language switcher added to Profile → Account settings; all 7 locales are now selectable in-app without touching the URL
• iap.json namespace created for all 7 locales; dashboard labels (“Your completion”, “Total”, “Completed”, “In progress”) now translate correctly
• Hardcoded English labels replaced with t() calls in CscStatusBadge, CompletionResultsChart, and StatusResultsChart
• Dashboard task matrix column headers migrated to i18n keys
• Domain health card tab-switch aria-labels fully translated across all 7 locales
• CSC bulk-action toast messages split into distinct keys with proper {{count}} / {{status}} interpolation

API

• PUT /api/teams/{slug}/csc (single control status update) added to OpenAPI spec — previously undocumented; public/openapi.json regenerated

Testing

• 62 Jest unit and API handler tests added: status-key regression guard, CSC helper invariants, dashboard counting logic, full CRUD coverage for /tasks and /tasks/[taskNumber], and both CSC endpoints
• 3 Playwright E2E test suites added: dashboard task matrix + tab switching, task list / kanban usability, CSC bulk status change and task assignment

Fixes

• TIA: Legal Analysis column was rendering DataExporter instead of LawImporterCountry
• PIA: First column header labelled with the wrong translation key
• CSC: Dark mode inactive tabs appeared selected due to unconditional dark:text-slate-200
• RM: Asset Owner column showed “Not found” due to invalid Map bracket access; fixed to .get()
• RM: Unstable row keys (key={idx}) changed to key={task.id}
• CSC: Bulk status change was updating only the last selected control — root cause was mutateStatuses() called after every individual write, causing SWR re-fetches to race with Prisma; fixed by writing all controls first, then mutating once
• CSC: Task assignment required a full page refresh to appear; fixed by await-ing mutateTasks
• Dashboard: Task matrix status counters showed 0 for In Progress and In Review — STATUS_COLS keys mismatched DB-stored values; fixed across dashboard, TeamTasksAnalysis, GlobalSearch, and TaskKanbanBoard

Improvements

Task

• Added task import templates that generate tasks from enabled CSC framework controls
• Added a dialog to set a CSC control status after linking a task to an unknown-status control
• Kanban tasks board
• Recurring tasks
• Import/Export for RoPA/TIA/PIA/RM

Enhancements

• Added bulk and per-control linking of tasks to mapped CSC controls across enabled frameworks, including status propagation from the source control
• Emojis for comments and reaction
• Prioritizations for tasks
• Import/Export supports OpenDocument standard
• Audit logs for tasks changes
• Notification team identifier
• PIA/RM links for dashboard matrix
• Links added for RoPA/TIA/PIA/RM steps

Fixes

• Task attachments visible only on overview tab
• Hide the CSC matrix mapping view from the task-level CSC issue panel

Improvements

User Registration

• Added Zod validation for user registration forms
• Improved input validation and error handling consistency

Fixes

SAML

• Fixed React version compatibility issue on the SAML page

Settings & Permissions

• Fixed OWNER role having incorrectly restricted permissions in Settings

Training

• Fixed Training start button label capitalization

API Documentation

• Fixed Notification API documentation specification inconsistencies

Audit Logs

• Fixed Audit Log service not working on both development and production servers
• Improved Audit Log service reliability and stability

New Features

Notifications

• In-app notification bell with real-time unread count
• Email and web push notification channels
• Per-user notification preferences
• Notification events (each configurable per channel — in-app, email, push):
  • Task due
  • Task created
  • Task updated
  • Task commented
  • Task deleted
  • File uploaded

REST API

• OpenAPI 3.0 specification (Swagger UI available at /api-docs)
• API Key Bearer Token authentication — generate keys in Team Settings
• Consistent JSON response envelope: { "data": ..., "error": null }
• Endpoints covering Tasks, Cybersecurity Controls (CSC), Risk Management, PIA, RPA, TIA, API Keys, and AI Chatbot

New Frameworks

• Added OWASP ASVS v5 — Application Security Verification Standard
• Added PCI DSS v4.0.1 — Payment Card Industry Data Security Standard
• Added ISO/IEC 42001 — AI Management System Standard

Tasks

• Added task.due_date webhook event — triggers when a due date is set or changed on a task

Security

• Bearer token verification: expiration checks and team-scoped access
• SBOM (Software Bill of Materials) generated and published
• Bearer SAST scan — vulnerabilities reviewed and resolved
• npm audit fix applied

Fixes

• Fixed Team Create button missing from Teams interface
• Fixed Billing modal: country (en) key returning object instead of string

New Features

Tasks

• Added export functionality for Tasks in HTML, PDF, Excel, and CSV formats.
• Added bulk import capability and task template support via Excel or CSV files.

Cybersecurity Management System

• Added export functionality for the Statement of Applicability (SoA) in HTML, PDF, and Excel formats.
• Introduced Controls Mapping across multiple frameworks and standards, including:
  • Visibility of the number of mapped controls
  • Detailed view of relationships between mapped controls
  • Display of Tasks linked to mapped controls
• Added Controls Mapping Matrix to visualize the mapping status between different frameworks and standards.

Security

• Updated Prisma and Next.js to their latest stable versions.

Fixes

• Fixed issues affecting Cybersecurity controls selection.
• Updated platform pricing display.
• Fixed issues in the Risk Management dashboard.

New Features

• Added localization support: The platform is now available in French, German, and Spanish alongside the default English. Check the status on the translation platform.
• Added theme toggle on login page
• Added copy action for API keys
• Added ENV variable for AI custom integration with different models and providers

Enhancements

• Improved chart labels and readability in localized views
• Improved responsiveness across key pages and forms
• Refreshed UI consistency in navigation, cards, and tables
• The minimum Risk value can be set to 0%
• Better behavior of multiselector
• Improved 404 page
• Updated features plan: AI Chatbot now available for Premium and Ultimate

Fixes

• Fixed visual issues in dark theme and legacy browser cases
• Fixed navigation and layout issues on mobile
• Fixed issues in selectors and filtering behavior
• Fixed description editor in Interactive Awareness Training module
• Fixed task comments behavior
• Library updates npm audit fix

Vulnerability fixed:

• HIGH: Unsanitized user input in HTTP response (XSS) CWE-79
• Unsanitized user input in dynamic HTML insertion (XSS) CWE-79

New Features

• Added SOC 2 compliance framework
• Added C5
  compliance framework
• Introduced multiple framework support for improved flexibility

Enhancements

• Improved permission schema for better access control management
• Added Markdown shortcuts for task comments and descriptions
• Introduced “Resend verification email” button for easier user onboarding
• Added “Copy” button for invitation links
• Enhanced chart readability
• Improved mobile view layouts for better responsiveness
• Docker hub repository for Unicis Platform

Access & Security

• Audit logs are now available exclusively for Ultimate plan users
• Improve security with introducing CI/CD pipeline by adding Bearer code security scanning tool (SAST) to discover, filter and prioritize security and privacy risk in Unicis Platform

Fixes/Bugs

• Email service reliability improvements with introducing Resend intergation for email delivery

Bug Fixes & Enhancements

• Dark theme display issues
• Improved chart color schemes
• Applied multiple UI style adjustments
• Layout and interaction issues in Dashboard views
• Functionality bugs in Interactive Awareness Training module
• Issues with task attachments handling and display

Security & Vulnerability Updates

Upgraded several key dependencies to their latest major versions, including:

• react-email
• next
• next-auth

Authentication Improvements

• Fixed and enhanced SSO SAML authentication flow

Security

• Security vulnerability fix: Improper Session Management - Lack of Request Validation

Dependency libraries

• Tailwind CSS upgrade from v3 to v4
• daisyUI ugrade from v4 to v5
• react-daisyui removed
• Atlaskit library removed
• Shadcn library introduced

New features and improvements

• New controls added: EU NIS2; GDPR; CIS
• Badges and filters introduced to the task list
• Logs list redesign
• Pagination redesign
• General dashboard graphical enhancements
• Dark theme improvement

Enhancements

• Record of Processing Activities creation new behavior - Depending on specific input, an automatic triggering of Transfer Impact Assessment and Privacy Impact Assessment creation
• Add titles to modal view
• Security vulnerability fix: Next.js middleware authorization bypass fix

Bug fixes

• Strong password improvement
• Firefox styles fixes
• Permissions scheme improvements
• Emails logo image fix

This is the biggest and more enhances GRC release of Unicis.

Highlights

Billing and Payment

• Easy payment with Wise and Credit Card

Supply chain

• Generate SBOM - regulatory requirements

AI Chat Bot

We introduced new AI Assistance Chat Bot module

• AI Chat Bot module

New modules

• Privacy Impact Assessment module
• Risk Management module
• Interactive Awareness Program module
• Added steps on modal

Bug fixes

• Responsive dashboard
• Dark mode
• Library updates npm audit fix
• Permission fix
• Prisma latest

Security fixed and patched vulnerabilities from pentest report per severity:

Severity

• High: API accessible without authentication
• Medium: No rate limit on forgot password request
• Medium: No account lockout implementation
• Low: When an unexpected input was supplied to the API
• Low: Cookie lacks HTTP-Secure attribute
• Low: Excessive info disclosure
• Low: Clickjacking on login page
• Low: HSTS header missing from response
• Low: Check for excessive information disclosure in API response (OWASP A01-Broken Access Control)

We’re excited to announce Unicis Platform Beta 2, our biggest release yet. This major update brings a completely redesigned compliance hub, new cybersecurity modules, and an open-core community edition that’s free forever.

Highlights

Tasks

• Add Breadcrumbs for better navigatio

Dashboard

Tasks

- Total number of tasks
- Pie chart per status

Record of processing activities:

- Total number of records
- Total number of enabled data transfer
- Total number per Country

Transfer Impact Assessment

- Total number of assessment
- Total number of assessments per country (only the listed countries)
- Number per authorizations: PERMITTED and NOT PERMITTED

Cybersecurity Controls (only for selected control)

- Total number of controls
- Pie chart
- Spider chart

Billing

• Add billing feature

Bug fix

npm audit fix

This release introduces first BETA 1 release of Unicis Platform

New Features

Task Management

• Comments
• Audit
• Attachment

Record of Processing Activities

• Bug fix and UI fix

Transfer Impact Assessment

• Bug fix and UI fix

Cybersecurity Controls

• ISO 27001
  and 27001
• NIST CSF 2.0

Enhancement and Bug fixes

• Bug fix
• Documentation link
• Feedback link
• Dark mode

Unicis Platform Alfa release.

Features

• Task Management — Create, Delete, Update
• Record of Processing Activitiess — Import Atlassian RoPA App into Unicis Platform
• Transfer Impact Assessment - Import Atlassian TIA App into Unicis Platform
• Cybersecurity Controls - Import Atlassian CSC App into Unicis Platform, and add MVSP framework
• API

Documentation

• Website documentation