Contributed to both EU-SEC (European Security Certification Framework) and MEDINA, both of which target systematic EU-level certification of digital and cloud services.
NIXU AB
Nordic cybersecurity firm specializing in EU cloud security certification frameworks, continuous auditing, and Cybersecurity Act compliance.
Their core work
NIXU AB is a Nordic cybersecurity company that provides security consulting, auditing, and certification services to enterprises and public bodies across Europe. In EU research projects, they contribute practitioner expertise to the design of security certification frameworks — translating regulatory requirements such as the EU Cybersecurity Act into operational auditing methodologies. Their project track record centers on continuous certification: the idea that cloud services and digital infrastructure should be validated not once at deployment but on an ongoing basis. They bring the commercial operator's perspective into academic and policy-driven consortia, bridging the gap between regulatory intent and real-world implementation.
What they specialise in
MEDINA explicitly targets continuous audit-based certification, with NIXU's keywords including 'continuous auditing' and 'continuous certification'.
MEDINA keywords include 'cloud certification scheme', indicating NIXU's applied expertise in certifying cloud service providers against EU standards.
MEDINA contribution lists 'smart contracts' and 'certification language' as keywords, pointing to automated and machine-readable certification mechanisms.
How they've shifted over time
In their first H2020 engagement (EU-SEC, 2017–2019), NIXU contributed to building the foundational European security certification framework — a largely structural and policy-oriented effort with no recorded technical keywords, suggesting a governance and advisory role. By their second project (MEDINA, 2020–2023), the focus had shifted decisively toward technical automation: continuous auditing pipelines, smart contracts as certification carriers, and a formal certification language. This progression mirrors the broader EU policy shift from defining what certification means (the Cybersecurity Act, enacted 2019) to operationalizing how it works at scale.
NIXU is moving toward machine-driven, continuous certification systems — a direction that will become increasingly relevant as ENISA rolls out certification schemes under the EU Cybersecurity Act across cloud, 5G, and IoT domains.
How they like to work
NIXU participates exclusively as a third party in EU projects — not as a formal consortium member or coordinator — which is consistent with a commercial cybersecurity firm that contributes expertise and real-world testing capacity on a subcontracted basis. This means they are unlikely to lead a research consortium, but they are a valuable specialist anchor for any consortium needing practitioner credibility in security certification. With 19 distinct partners across 2 projects, the consortia they join are large and well-networked, suggesting NIXU is sought out by established research groups rather than being the organizing force.
NIXU connects to 19 unique consortium partners across 10 countries from just 2 projects, indicating they join broad, multi-country research consortia rather than bilateral arrangements. Their European reach spans the full ENISA/EU cybersecurity policy geography, with likely ties to national cybersecurity agencies and cloud infrastructure operators.
What sets them apart
NIXU AB is one of the few commercial, non-SME cybersecurity operators in the Nordic region with a documented track record in EU research on security certification frameworks — most participants in this space are universities or public research institutes. Their value to a consortium is the practitioner voice: they can validate that a proposed certification scheme is actually implementable in a real enterprise context, not just theoretically sound. For any consortium responding to EU calls on cloud security, ENISA certification schemes, or Cybersecurity Act implementation, NIXU fills a credibility gap that academic partners cannot.
Highlights from their portfolio
- EU-SECOne of the first EU-funded projects to systematically design a European-wide security certification framework, predating the Cybersecurity Act and helping shape the policy groundwork that followed.
- MEDINATackles continuous audit-based cloud certification with smart contracts — a technically ambitious approach that positions certification as a live, automated process rather than a periodic compliance snapshot.