Both EU-SEC and MEDINA involve third-party certification roles, with MEDINA explicitly targeting continuous audit-based certification for cloud services.
NIXU CERTIFICATION OY
Finnish cybersecurity certification authority specializing in continuous cloud certification and EU Cybersecurity Act compliance assessment.
Their core work
Nixu Certification Oy is a Finnish cybersecurity certification and auditing company that provides independent third-party assessment services for ICT security systems, frameworks, and cloud environments. In EU research projects they serve as a trusted certification authority — validating that security frameworks built by research consortia meet real-world standards and emerging EU regulatory requirements. Their practical contribution is translating research outputs into certifiable, auditable security products, particularly in cloud and continuous-certification contexts. The "Certification" in their name is not incidental: they occupy the specific niche of being the body that signs off on security claims, which is a role distinct from the researchers who build the tools.
What they specialise in
MEDINA (2020–2023) centers on continuous auditing and continuous certification, including use of smart contracts to automate certification logic.
MEDINA keywords explicitly name the Cybersecurity Act as the regulatory framework, indicating Nixu Certification contributes compliance assessment expertise.
MEDINA targets cloud certification schemes, positioning Nixu Certification in the emerging EUCS (European Union Cloud Certification Scheme) space.
EU-SEC (2017–2019) is explicitly about developing the European Security Certification Framework, where Nixu contributed as a third-party expert.
How they've shifted over time
In the 2017–2019 period, Nixu Certification's involvement was in foundational policy-level work — helping shape the overarching European Security Certification Framework (EU-SEC) without a detailed recorded technical keyword signature, suggesting a strategic or evaluative advisory role. By 2020–2023, their focus sharpened decisively toward operational, technically specific territory: continuous auditing, cloud certification schemes, smart contracts as certification mechanisms, and compliance with the Cybersecurity Act. The trajectory is clearly from framework design toward automated, cloud-native certification execution — reflecting how the EU cybersecurity regulatory landscape matured from frameworks to enforceable schemes during that period.
Nixu Certification is moving toward automated and continuous certification pipelines for cloud environments, directly aligned with the ENISA EUCS scheme and the Cybersecurity Act — making them a natural partner for any consortium that needs a credible compliance and certification authority as those regulations come into force.
How they like to work
Nixu Certification participates exclusively as a third party across both projects — never as coordinator or funded participant — which strongly suggests they are brought in specifically as an independent certification authority whose credibility depends on not being a primary funded consortium member. Despite this limited formal role, they appear in projects with 19 distinct partners across 11 countries, indicating they are embedded in large, internationally diverse consortia. For potential partners, this means Nixu is most useful as a validation or certification endpoint rather than a co-developer of research outputs.
With 19 unique consortium partners across 11 countries from only 2 projects, Nixu Certification is consistently embedded in large, pan-European consortia — typical of major H2020 ICT security initiatives that draw on expertise from multiple member states. Their network is European in scope, concentrated in the ICT security and digital policy communities.
What sets them apart
Nixu Certification occupies a specific and rare niche: they are not a security research lab or a tooling vendor, but an independent certification body — the organization that validates others' security claims. This independence is precisely what makes them valuable; a consortium building a security framework needs a credible third party to attest its conformity, and that role cannot be played by the researchers who built it. Their dual presence in both the foundational EU-SEC framework project and the technically advanced MEDINA project shows continuity and depth in the EU cybersecurity certification policy space that few Finnish private companies can match.
Highlights from their portfolio
- MEDINAThe most technically rich project in their portfolio — combining cloud certification schemes, smart contracts for certification automation, and Cybersecurity Act compliance in a single framework, representing the frontier of EU cloud security regulation.
- EU-SECParticipation in the foundational European Security Certification Framework project positioned Nixu Certification early in the EU cybersecurity policy process, establishing their credibility in the space before the Cybersecurity Act was finalized.