Nanitor earns Cybersecurity Made in Europe label

Some questions come up again and again in cybersecurity procurement. Where is the vendor headquartered? Where is the data hosted? Whose laws apply? In the past few years, those questions have moved from a footnote in security questionnaires to a leading position on the agenda.

Today we are pleased to share that Nanitor has been awarded the Cybersecurity Made in Europe label by the European Cyber Security Organisation (ECSO). For our partners and customers, the label is the answer to all three of those questions, given by an independent body rather than by us. 

What the Cybersecurity Made in Europe label is

The Cybersecurity Made in Europe label is issued by ECSO, a non-profit organisation representing more than 300 European cybersecurity companies, research centres, universities, end-users, and public bodies. ECSO created the label as the only industry-led mark recognising vendors that are genuinely European in origin, ownership, and operation, and that develop their business on trusted European values. 

For buyers, the label is a marker of three things: 

• The vendor is European in origin and operation.
• The vendor builds its business on European values: privacy, transparency, and customer sovereignty.
• The vendor contributes to Europe's strategic digital autonomy and to the resilience of the European cybersecurity ecosystem.

 

Why this matters now

European organisations, especially in regulated sectors, are taking a sharper look at where their cybersecurity stack comes from. Data sovereignty rules are getting stricter. NIS2 is in force across the Union. Boards are asking pointed questions about supply chain risk and extraterritorial law. 

The question of whether a vendor is genuinely European in ownership and operation is no longer a soft preference. It is an active decision criterion in procurement, and increasingly a board-level topic. 

We have heard this directly. Several partners and customers have asked us, in recent months, to confirm in writing that we are European-based and Iceland-headquartered. Until now, the best we could offer was a letter from our CEO. The Cybersecurity Made in Europe label gives them, and us, something stronger: independent validation from the European cybersecurity industry's own representative body. 

What it says about Nanitor

Nanitor was founded in Iceland in 2014 and has always been a European company. Our platform is built, supported, and operated from within Europe. We hold ISO/IEC 27001 certification with the full 2022 control set, no exclusions. We offer regional data hosting so customers can keep their information within their required jurisdiction. We provide a standard, GDPR-aligned Data Processing Agreement to all clients. 

The Cybersecurity Made in Europe label does not change any of that. What it does is confirm, on an independent basis, that we are who we have always said we are: a European cybersecurity vendor, accountable to European customers, operating under European values. 

Where to find it

The label is now visible in the footer of nanitor.com and is part of the Nanitor Trust Centre, alongside our ISO/IEC 27001 certificate, our Information Security Policy, our GDPR commitments, and our secure development lifecycle documentation. 

If you are a partner or customer who needs the badge artwork or supporting documentation for a procurement file, security review, or RFP response, please reach out to your account contact at Nanitor and we will send it across. 

To our customers and partners across Europe and beyond, thank you. The trust you place in us is the reason a label like this matters in the first place.