SciTransfer
Organization

NIXU CERTIFICATION OY

Finnish cybersecurity certification authority specializing in continuous cloud certification and EU Cybersecurity Act compliance assessment.

Certification & Testing BodysecurityFINo active H2020 projectsThin data (2/5)
H2020 projects
2
As coordinator
0
Total EC funding
Unique partners
19
What they do

Their core work

Nixu Certification Oy is a Finnish cybersecurity certification and auditing company that provides independent third-party assessment services for ICT security systems, frameworks, and cloud environments. In EU research projects they serve as a trusted certification authority — validating that security frameworks built by research consortia meet real-world standards and emerging EU regulatory requirements. Their practical contribution is translating research outputs into certifiable, auditable security products, particularly in cloud and continuous-certification contexts. The "Certification" in their name is not incidental: they occupy the specific niche of being the body that signs off on security claims, which is a role distinct from the researchers who build the tools.

Core expertise

What they specialise in

Cybersecurity certification and auditingprimary
2 projects

Both EU-SEC and MEDINA involve third-party certification roles, with MEDINA explicitly targeting continuous audit-based certification for cloud services.

Continuous and automated certificationprimary
1 project

MEDINA (2020–2023) centers on continuous auditing and continuous certification, including use of smart contracts to automate certification logic.

1 project

MEDINA keywords explicitly name the Cybersecurity Act as the regulatory framework, indicating Nixu Certification contributes compliance assessment expertise.

Cloud security certification schemesprimary
1 project

MEDINA targets cloud certification schemes, positioning Nixu Certification in the emerging EUCS (European Union Cloud Certification Scheme) space.

European security certification frameworkssecondary
1 project

EU-SEC (2017–2019) is explicitly about developing the European Security Certification Framework, where Nixu contributed as a third-party expert.

Evolution & trajectory

How they've shifted over time

Early focus
European security certification frameworks
Recent focus
Continuous cloud certification, Cybersecurity Act

In the 2017–2019 period, Nixu Certification's involvement was in foundational policy-level work — helping shape the overarching European Security Certification Framework (EU-SEC) without a detailed recorded technical keyword signature, suggesting a strategic or evaluative advisory role. By 2020–2023, their focus sharpened decisively toward operational, technically specific territory: continuous auditing, cloud certification schemes, smart contracts as certification mechanisms, and compliance with the Cybersecurity Act. The trajectory is clearly from framework design toward automated, cloud-native certification execution — reflecting how the EU cybersecurity regulatory landscape matured from frameworks to enforceable schemes during that period.

Nixu Certification is moving toward automated and continuous certification pipelines for cloud environments, directly aligned with the ENISA EUCS scheme and the Cybersecurity Act — making them a natural partner for any consortium that needs a credible compliance and certification authority as those regulations come into force.

Collaboration profile

How they like to work

Role: third_party_expertReach: European11 countries collaborated

Nixu Certification participates exclusively as a third party across both projects — never as coordinator or funded participant — which strongly suggests they are brought in specifically as an independent certification authority whose credibility depends on not being a primary funded consortium member. Despite this limited formal role, they appear in projects with 19 distinct partners across 11 countries, indicating they are embedded in large, internationally diverse consortia. For potential partners, this means Nixu is most useful as a validation or certification endpoint rather than a co-developer of research outputs.

With 19 unique consortium partners across 11 countries from only 2 projects, Nixu Certification is consistently embedded in large, pan-European consortia — typical of major H2020 ICT security initiatives that draw on expertise from multiple member states. Their network is European in scope, concentrated in the ICT security and digital policy communities.

Why partner with them

What sets them apart

Nixu Certification occupies a specific and rare niche: they are not a security research lab or a tooling vendor, but an independent certification body — the organization that validates others' security claims. This independence is precisely what makes them valuable; a consortium building a security framework needs a credible third party to attest its conformity, and that role cannot be played by the researchers who built it. Their dual presence in both the foundational EU-SEC framework project and the technically advanced MEDINA project shows continuity and depth in the EU cybersecurity certification policy space that few Finnish private companies can match.

Notable projects

Highlights from their portfolio

  • MEDINA
    The most technically rich project in their portfolio — combining cloud certification schemes, smart contracts for certification automation, and Cybersecurity Act compliance in a single framework, representing the frontier of EU cloud security regulation.
  • EU-SEC
    Participation in the foundational European Security Certification Framework project positioned Nixu Certification early in the EU cybersecurity policy process, establishing their credibility in the space before the Cybersecurity Act was finalized.
Cross-sector capabilities
cloud computing and digital infrastructureregulatory compliance and governancefintech and smart contract applicationspublic sector ICT security procurement
Analysis note: Only 2 projects, both as third party with no direct EC funding recorded — this limits depth significantly. EU-SEC carries no keywords in the dataset, so early-period analysis relies on the project title alone. The profile is coherent and internally consistent, but a richer dataset (funded participation, more projects, coordinator roles) would substantially improve confidence. The organization's identity as a certification body is strongly implied by its name and project keywords, but has not been independently verified from the project data.