Halve Europe's NIS2 bill.
The €31 billion problem, and our plan to fix it.
The €31 billion problem
NIS2 will cost European businesses €31.2 billion every year (Frontier Economics, 2023). That is 0.31% of every regulated company's revenue. Forever.
Most of that is not security. It is friction. Translation, interpretation, paperwork, audit prep - work that has to happen at every company because nobody made it once for everybody.
Source: Frontier Economics, Assessing the Economic Impact of EU Initiatives on Cybersecurity, July 2023.
How we will halve it
We do not cut hardware. We do not cut security tools. Those are real and necessary.
We cut the friction. The translation work, the interpretation work, the paperwork - done once, structured, free, shared with everyone.
How each cut actually works
Most NIS2 cost is not security work - it is coordination work that gets duplicated at every company. We do that work once, with one strict standard, and share the result. Each card below names the cost that disappears, not the feature that does the work.
- No per-country consulting fees. We use IT-Grundschutz and CIR 2024/2690 as the default - the strictest standard in the EU. Meet ours, meet every member state. No separate engagement for German BSIG, French transposition, Italian implementation.
- No per-sector premium. We do not maintain 13 sector variants. One strict standard already covers every sector's controls - simpler for us, cheaper for the buyer.
- No 'what does this article mean' billable hours. The interpretation work that consultants charge for is done once on the platform, in plain language, for every BSIG requirement.
- No paying for opinion-of-law behind a paywall. The open NIS2/BSIG dataset (in development) lets any auditor verify the interpretation directly - no vendor opacity to pay around.
- No interpretation phase. Companies currently spend internal staff time figuring out what NIS2 requires of them. The platform delivers the requirements pre-structured.
- No copy-paste between systems. Compliance data is currently maintained in spreadsheets, policies, and supplier registers separately. The platform captures each fact once and surfaces it where it is needed.
- No separate documentation pass. Compliance work and the documentation of it are currently two passes. On the platform, the audit trail records work as it happens.
- No manual deadline scheduler. The BSIG cascade (24h/72h/1m incident reports, registration renewals, training cycles) currently requires manual tracking. The platform tracks it automatically.
- No 10 questionnaires per supplier. A supplier serving 10 NIS2 customers currently fills 10 different security questionnaires. With the NIS2 Supplier Profile - an open standard, GRC-platform-agnostic - they fill one. The biggest single saving in this bucket.
- No incident report drafting under deadline pressure. The 24h/72h/1m reports follow BSI-format-ready templates instead of being written from scratch when the clock is running.
- No separate audit prep cycle. Audit-ready evidence is generated continuously as work happens, not assembled in a panic the month before.
- No over-engineering markup. Consultants over-scope to bill more hours. The platform constrains to 'appropriate and proportionate' (§30(1) BSIG) - companies do not pay for unnecessary controls.
- No NIS2 module fees on enterprise GRC suites. Companies using ServiceNow GRC, Archer, or MetricStream currently pay for the NIS2 portion. We replace that slice. The rest of those tools stays where it is.
- No NIS2 add-on on US compliance platforms. Vanta, Drata, and Secureframe charge for their NIS2 framework module. Replaced for NIS2 specifically. Their SOC 2 and ISO 27001 modules are unaffected.
- Hardware, SIEM, EDR, encryption, and firewalls stay. Those are operational security and necessary. The platform does not replace them and does not pretend to.
What we provide
The core platform is free today and we intend to keep it that way. Some advanced features may eventually carry a cost - the principle is that NIS2 compliance should be significantly cheaper than the consultant-driven status quo, not zero on every line item. And we do not lock you in: open dataset, exportable evidence, GRC-platform-agnostic supplier profile.
- The core NIS2 compliance platform covering every BSIG requirement
- Plain-language guidance for every requirement
- The NIS2 Supplier Profile - open standard, GRC-platform-agnostic
- Video tutorials for each NIS2 entity category
- NIS2 Management Training portal — structured course with dictionary, quizzes, and progress tracking
- Cybersecurity awareness training videos
- Incident reporting templates and 24h / 72h / 1 month workflows
- Audit-ready evidence trails, generated as you work
- Notifications and deadline tracking for the BSIG cascade
- The open NIS2 / BSIG requirements dataset (in development)
- No lock-in: open dataset, exportable evidence, no proprietary formats
Training courses for management and staff. Guided consultancy for company-specific decisions — risk treatment trade-offs, supplier negotiations, complex incident response. Premium features as they develop. Self-host licensing for entities that need to run the platform internally.
The core compliance platform stays free. The open dataset stays open. The principle is that the bill should be cut, not shifted to us.