Bureau Veritas Cybersecurity Europe B.V.

Their core work

Bureau Veritas Cybersecurity Europe is a Dutch SME specializing in cybersecurity assessment, testing, and validation services — the technical work of measuring and auditing how secure systems actually are, not just advising on policy. Their project portfolio shows a consistent focus on building and applying tools that evaluate security posture: from encrypted cloud platforms handling sensitive healthcare data, to automated analysis of firmware, open-source software dependencies, and 5G/IoT network exposure. The "Bureau Veritas" lineage signals an industrial testing-and-certification orientation, meaning their cybersecurity work leans toward structured, evidence-based assessment rather than pure research. In EU consortia they function as a specialist contributor: bringing security evaluation methodology and tooling to projects that need rigorous validation alongside more theoretical partners.

What they specialise in

How they've shifted over time

Their earliest H2020 project (ASCLEPIOS, starting 2018) left no searchable keywords in the CORDIS record, but its title points to secure cloud infrastructure specifically for healthcare — a vertically focused, platform-level security challenge. By 2020, with SANCUS, the focus had moved decisively toward automated, horizontal security assessment tools applicable across sectors: firmware analysis, open-source dependency scanning, and 5G/IoT network protection. The shift is from "build a secure platform for one domain" to "build tools that assess security across many systems and environments automatically." This suggests a strategic move toward scalable, repeatable security evaluation products rather than bespoke platform work.

They are moving toward automated, tool-driven security auditing that scales across IoT, 5G, and software supply chains — a direction aligned with growing regulatory demand for provable cybersecurity compliance in connected infrastructure.

How they like to work

Bureau Veritas Cybersecurity has participated in large, multi-country consortia — 25 unique partners across 12 countries across just two projects — but has never taken a coordinator role, consistently joining as a specialist contributor. This pattern is typical of organizations that offer a specific, well-defined capability (security testing and assessment) that consortia need to satisfy validation or evaluation work packages. For a potential partner, this means they are an experienced consortium participant, unlikely to want or need project leadership, but reliable as a domain expert who knows how to operate within large EU project structures.

With 25 unique partners across 12 countries in only two projects, they have been embedded in large, geographically diverse consortia spanning multiple EU member states and associated countries. Their network breadth is disproportionately large relative to project count, suggesting they were brought into well-resourced, multi-partner RIA projects as targeted specialists.

What sets them apart

What sets Bureau Veritas Cybersecurity apart from academic security research groups is their assessment and audit orientation — they measure and validate security rather than just study it, which is a distinct and commercially useful capability in consortia that need to demonstrate security compliance. Their parent brand (Bureau Veritas) carries industrial credibility in testing and certification, making them a credible validation partner when a project needs to show its security claims hold up under scrutiny. For consortium builders in health tech, IoT, or 5G, they fill the gap between researchers who build systems and auditors who certify them.

Highlights from their portfolio

• SANCUS
  Their highest-funded project and the richest source of technical keywords, covering automated firmware risk, open-source vulnerability scanning, 5G, and IoT security in a single scope — the clearest signal of where their capabilities currently sit.
• ASCLEPIOS
  Demonstrates cross-sector reach into health data security, showing their cybersecurity tooling can be applied in regulated, privacy-sensitive environments beyond generic IT infrastructure.