Why Does portier Vision Require a Server?

Background

portier Vision 4 has been officially unsupported since 1 January 2025. No further security updates, bug fixes, or support services are provided. We regularly receive enquiries about why continued use — even on private servers — is no longer compliant.

1. State of the Art — Legal Requirements

GDPR (Art. 32), KRITIS, DORA, NIS2

All relevant laws and standards require that IT systems and data processing conform to the current state of the art. This means in particular:

• Regular security updates

• Bug fixes and patch management

• Ongoing maintenance

Unsupported systems explicitly do NOT meet these requirements.

2. Specific Risks of Using End-of-Life Software

• Open security vulnerabilities: new vulnerabilities are no longer fixed. Even internal systems are potentially at risk (e.g. through network changes, insider threats, malware).

• No support guarantee: neither bug fixes nor assistance with operational issues are available.

• Audit risk: regulators and auditors can flag non-compliant systems as a finding with significant consequences.

• Liability: if a security incident occurs involving end-of-life software, the operator bears full liability.

3. Common Objections — and Why They Do Not Hold

"We run the software on our own servers, accessible only to internal IT."

This reduces the risk but does NOT replace the obligation to maintain current security measures. Regulations (GDPR, NIS2, DORA, KRITIS) apply to all systems regardless of the deployment model.

"The system is isolated."

Even isolated systems are not fully protected against threats (e.g. removable media, insiders, legacy interfaces, or future network openings).

"There have been no problems so far."

The absence of an incident is not proof of compliance. Legislators and regulators require proactive measures, not reactive justification.

4. Legal Sources & Standards

• GDPR Art. 32: state of the art, technical measures for data processing security

• KRITIS/BSIG § 8a: obligation to take appropriate precautions in line with the state of the art

• NIS2: obligation for risk management, ongoing maintenance, and auditability

• DORA (EU 2022/2554): strict ICT risk management requirements, including patch obligations

• ISO 27001: regular reviews and updates of implemented security controls

5. Recommendation

Migration to an actively maintained, supported, and auditable solution is mandatory to ensure compliance, operational security, and liability protection.

portier Vision 5 demonstrably meets these requirements (ISO 27001, regular updates, personal support, auditability).

Short Answer (for Management or IT Approval)

Using portier Vision 4 is no longer compliant with GDPR, KRITIS, DORA, and NIS2 from 2025 — even when operated entirely in-house. The risk and liability rest entirely with the operator. Migration to a current, supported version is urgently recommended.

If you have questions about audit, compliance, or migrating to Vision 5, our team is happy to assist.