FOR MSP OWNERS
Turn NIS2 into recurring revenue. No new hires.
NIS2 is a new law that makes companies prove they're safe from hackers. For MSPs, that's €50–300 per client, per month, at 50–80% margin, using the access and trust you already have.
The demo is a shared sandbox refreshed every 6 hours — no signup needed.
Estimate by a senior CyFun consultant, based on real demos. · Real client (anonymized), ECP Audit Readiness view. Audit-ready means evidence a CAB auditor would accept, not a passed audit. The platform shows what to fix and drafts the documents; the securing (MFA, backups, firewalls) and the policy decisions stay human work, mostly done off it. See the measured data
NIS2 and CyFun: the new rules your clients don't know about yet
Since 2024, a Belgian law, NIS2, makes a lot of companies prove they're properly protected against hackers. It reaches your clients faster than they think:
- 4,000+ companies in Belgium already have to follow it, 160,000+ across Europe.
- Big companies are already asking their own suppliers about this, including the smaller companies they hire.
- If your client sits somewhere in that chain, that question lands on them, and so it lands on you.
Four words you'll see on this page, and what they mean:
- CyFun (short for CyberFundamentals): an official, free Belgian security checklist. Not the only path (ISO 27001 is another), but the one most Belgian SMEs take.
- Control: one safety step on that checklist.
- Audit-ready: enough controls are checked off.
- CAB auditor: the official inspector who checks everything and signs off.
You're their IT provider. They already trust you and you already have access to their systems. This isn't a new company they need to get to know, it's just the next thing you already do for them.
Not ready to talk yet? Grab the free MSP Launch Kit first .
No extra hires. No extra stress.
Not a new department, just what you already do for your clients, sold differently.
What it costs you, what you charge clients
Every month, you pay one fee per client, based on how big that client is. No extra monthly base cost, just a one-time €400 fee to get set up.
| Size | How big the client is | Rate | Price you can charge (est.) |
|---|---|---|---|
| XS | < 100 | €25 /client/mo | €50–€125 /mo |
| S | 100 – 999 | €75 /client/mo | €150–€375 /mo |
| M | 1,000 – 9,999 | €250 /client/mo | €500–€1,250 /mo |
| L | 10,000 – 99,999 | €825 /client/mo | €1,650–€4,125 /mo |
XS (< 100)
S (100 – 999)
M (1,000 – 9,999)
L (10,000 – 99,999)
Show larger client sizes (XL/XXL)
XL (100,000 – 999,999)
XXL (1,000,000+)
"Size" just counts things like devices, logins, and apps for that client, added up every few months.
"Price you can charge" is a suggested range based on the 50–80% margin above, not a fixed rule. What you actually charge depends on the work you add on top.
Try it with your own numbers
Most MSPs run a mix of client sizes ("size" = devices, logins, and apps added up per client). Enter your own:
| Size | You pay ECP | You charge clients | Your profit |
|---|---|---|---|
| s | - | - | - |
| m | - | - | - |
| l | - | - | - |
| Total | - | - | - |
S clients (-)
M clients (-)
L clients (-)
Total
The €400 is for you, once, not per client. It's a guided session where we walk through the platform together. You won't pay it again for every new client. After that, you just pay the per-client rates above, billed annually upfront. No monthly base.
Questions MSP owners ask
Do I need compliance expertise?
The platform doesn't replace your judgment — it removes the busywork around it. Control mapping, evidence intake, gap detection, and audit packs are automated. You apply judgment to scope, risk acceptance, and evidence quality. Solo CyFun consultants tell us this cuts roughly 40–50% of their per-client hours.
What do my clients see?
Your branding. Your logo on every report, every email, every page. They see you as the compliance expert.
Can I set my own price?
Yes. We charge you per client. What you charge your client is entirely up to you.
How do we get started?
Schedule a 20-minute call with Tom. He walks you through the platform, configures your first client together, and you go live the same week. No contract, no commitment.
What does "audit-ready" mean?
It means your client has documented evidence of security controls aligned with the CyFun framework. The actual audit is done by certified CAB auditors, not by us or you.
How does pricing work?
One fee per client, by size, shown in the table above, plus a one-time €400 onboarding for you. No monthly base fee. You set your own price for clients. Want a human involved too? Optional add-ons: human-in-the-loop support (€1,500/mo) or an online NIS2 consultant one day a week (€7,000/mo).
Are there subsidies available?
Yes — each Belgian region runs its own programme, scoped to where the end-client is established. Flanders: VLAIO kmo-portefeuille (cybersecurity-only since Feb 2026) covers up to 45% of advisory costs (45% small / 35% medium, cap €7,500/year), but only if you, the MSP, are registered as a VLAIO-approved advisor. Wallonia: Chèque cybersécurité via Wallonie Entreprendre covers up to 75% ex-VAT, same requirement (approved provider, 12-month window). Brussels-Capital: hub.brussels consultancy grant covers IT-security advice up to €10,000/year. Your client applies in their region; we provide pre-filled templates.
Turn NIS2 into recurring revenue. No new hires.
See it live in 20 minutes, or explore the demo yourself.
"I personally onboard every MSP partner to ensure we're the right fit."
Tom Janssens, Founder
20+ years across IT and innovation management — including Eurocontrol (the organisation behind European air traffic) and Belgian SMEs.