When merchants sign a agreement with a payment processor, they conform to be issue to fines when they fail to take care of PCI DSS compliance. Your organization is service company primarily based outside the EU. It provides services to consumers exterior the EU. Its consumers can use its services https://www.nathanlabsadvisory.com/blog/tag/cyber-threats/