EUSEC
Solution
The Problem & Solution How it works Rating Criteria Pricing Legal Assessment API
Testing Podcast About Us & Our Security Dashboard
Pricing

NIS2 supply-chain monitoring,
one price per supplier.
No tiers to game.

Every NIS2-regulated company faces the same § 30 obligation: assess and monitor your supply chain. EUSEC prices linearly per supplier — so classifying a supplier as A or C carries zero financial incentive. Your ABC tier drives monitoring intensity, not your invoice.

Exhibit 01 — Products

Subscribe our data feed.

Purchaser pay to subscribe data feeds. Suppliers pay to be found and reuse their compliance passport across every customer — once, not for each relationship.

For Subscribers · per supplier, annually

For Subscribers

Get ratings for your entire portfolio. Invite your supplier to do the inside self-assessment (if not already rated).

€149 / supplier
Regular outside rating across all 10 dimensions
Event-driven alerts on critical signals (breach, CVE, blacklist)
§ 30 compliance dashboard + documentation export
Discrepancy detection (outside vs. inside)
Cascade invitations — unlock fourth-party visibility
A-supplier: intensified weekly scan + real-time alert layer

for 1 year  ·  min. 15 suppliers
For suppliers

For Suppliers

Fill once. Share with every customer. Replace the per-buyer questionnaire grind with a single verified compliance passport.

€490 / year
Get detailed rating reports — all 10 dimensions visible
Inside Rating: do the self-assessment (7–15 questions)
Get an EUSEC® certificate of your rating result
Improvement — know before your buyer flags it
§ 30 evidence pack — ready for your own auditors
Secure your supply chain: invite your own suppliers
Add-On

API

Get automated ratings via our API.

+20%
Integration into your GRC
Integration into your procurement or TPRM platform
REST API
Exhibit 02 — Volume pricing

Linear pricing. No tier cliffs.

You pay per supplier. Volume discounts apply automatically. No locked plan levels that force you to overpay.

Monitor — buyer subscription
Suppliers
Annual per supplier
Monthly equiv.
15 – 50
Minimum: 15 suppliers = €2.235/yr
€149
€12.41
51 – 250
e.g. 80 suppliers = €10.320/yr
€129
€10.75
251 – 500
e.g. 300 suppliers = €32.700/yr
€109
€9.08
501+
Custom agreement, SLA, dedicated support
Custom
Annual cost for 50 suppliers — market comparison
Provider
BitSight
enterprise
≈ no public prices
SecurityScorecard
enterprise
≈ no public prices
UpGuard
list price
≈ €18.223,80
EUSEC
NIS2-native · EU-hosted
€8.940 (−51% vs UpGuard)
(incl. 20% for API)
Exhibit 03 — FAQ

Common questions.

Why is ABC classification not part of the price?
Per-tier pricing creates a direct financial incentive to mis-classify suppliers downward — exactly the behaviour you should never encourage in a risk management tool. EUSEC charges per supplier regardless of ABC tier. Your classification drives monitoring intensity and determines whether you add Verify for a specific supplier — but it never changes your invoice automatically. The only thing motivating accurate classification is your own § 30 risk posture.
A supplier has 10 domains — how is that priced?
EUSEC rates an organisation, not a domain count. Subdomains (mail.company.de, vpn.company.de) are discovered automatically via Certificate Transparency logs and DNS enumeration — one organisational scan covers all of them. For companies with multiple top-level domains (company.de, company.com), the primary domain registered in the Steckbrief anchors the scan, and related TLDs are discovered via CT attribution. Up to 3 registered TLDs are included in the standard price; additional separate TLDs available on request.
Do I need an NDA before a supplier fills in the inside assessment?
No. The EUSEC Platform Terms of Service create a three-party confidentiality framework: EUSEC commits to keeping supplier data confidential from any party the supplier has not authorised; buyers commit contractually to using inside data solely for their own § 30 compliance. No bilateral NDA required. A standard EUSEC NDA PDF is published for legal review if your supplier's counsel requires it.
What about CIR-covered suppliers (DNS, Cloud, MSP)?
Monitor and the standard inside assessment cover all 10 Art. 21 NIS2 measures — the screening layer. For suppliers subject to the EU Implementing Regulation 2024/2690 (DNS, TLD, Cloud, RZ, CDN, MSP, MSSP, trust service providers, online marketplaces), a platform flag indicates that the full ~159 CIR Annex controls require a separate audit. Verify (Tier 3) prepares the evidence scope for that audit — EUSEC does not claim to replace it.
Is the outside rating together with the inside rating defensible as § 30 evidence?
Yes. § 30 BSIG requires risk-based, proportionate supply chain measures — not a full audit of every supplier. An automated outside rating is a documented, repeatable, proportionate measure for C-tier suppliers, exactly as Creditreform's scoring is for commercial credit risk. EUSEC publishes its methodology, commits to the US Chamber of Commerce Principles for Fair and Accurate Security Ratings and provides exportable § 30 documentation packages for regulatory defensibility.
No credit card. No account.

Rate 10 suppliers for free.
Results to your inbox in hours.

See the outside rating engine at work before you commit to a single euro.