Belgian NIS2 Deadline: 18 April 2026

NIS2 compliance with
cryptographic evidence.

The only system that proves compliance with hash-chained, tamper-proof evidence — not just dashboards and reports. 100% on-premise. Belgian. Patent pending.

21
Days
08
Hours
42
Minutes
15
Seconds
Request a Demo Download Guide (EN) Download Gids (NL)
Hash-Chained Audit
On-Premise Only
30+ Industrial Protocols
Made in Belgium
Patent Pending
NIS2 ARTICLE 21

Every Requirement.
Covered.

NIS2 Article 21 mandates 10 cybersecurity measures for essential entities. RX-OS covers them all — with cryptographic proof.

Risk Management
Continuous risk assessment with causal reasoning engine. Quantified in EUR, not abstract scores. Pearl do-calculus predicts incidents before they happen.
Art. 21(2)(a)
Incident Handling
24-hour early warning, 72-hour notification, 1-month final report. Automated incident detection, classification, and timeline generation.
Art. 21(2)(b)
Business Continuity
Kill switch with configurable thresholds. Autonomous response when causal risk exceeds limits. System continues operating during incidents.
Art. 21(2)(c)
Supply Chain Security
Every device on the network is discovered, identified, and monitored. Vendor firmware versions tracked. Unauthorized devices detected instantly.
Art. 21(2)(d)
Network Security
eBPF kernel-level cognitive firewall. AI writes its own firewall rules in real-time. Wire-speed packet inspection. Protocol-aware deep packet analysis.
Art. 21(2)(e)
Access Control
JWT token-based authentication. Role-based access (admin, operator, viewer). Account lockout protection. Session management with audit trail.
Art. 21(2)(f)
Cryptography & Encryption
Mutual TLS 1.2+ for all communications. Self-signed certificate generation and management. Hash-chained audit trail with PBKDF2 password hashing.
Art. 21(2)(g)
HR Security & Training
User management with role separation. Activity logging per user. Audit trail records every action, who did it, when, from which IP.
Art. 21(2)(h)
Asset Management
Autonomous device discovery. Every device classified with vendor, type, firmware, protocols, and risk score. Cognitive possession creates digital twins.
Art. 21(2)(i)
Vulnerability Management
Continuous port scanning. AR(2) anomaly detection with CUSUM change-point analysis. Isolation Forest for multivariate anomalies. Sense loop per sensor.
Art. 21(2)(j)
COMPARISON

Why RX-OS,
Not Another Dashboard

Traditional Tools
Nessus, Qualys, etc.
DetectionScheduled scans
OT ProtocolsNone
Data LocationCloud/On-prem
Audit TrailLogs only
AI ReasoningNone
Device TwinsNone
Kernel IntegrationNone
NIS2 EvidenceReports only
Cloud Platforms
Armis, Claroty, etc.
DetectionPassive traffic
OT ProtocolsClassify only
Data LocationUS/Israel cloud
Audit TrailVendor logs
AI ReasoningRisk scoring
Device TwinsNone
Kernel IntegrationNone
NIS2 EvidenceDashboards
RX-OS
Cognitive Security
DetectionKernel + AI fused
OT Protocols30+ native
Data LocationOn-premise only
Audit TrailHash-chained
AI ReasoningCausal engine
Device TwinsCognitive twins
Kernel IntegrationeBPF native
NIS2 EvidenceCryptographic proof
TAMPER-PROOF

Hash-Chained
Audit Trail

Every security event is cryptographically chained to the previous. One tampered entry breaks the entire chain. An auditor can verify integrity in seconds.

GENESIS
System Boot
00:00:00
Origin
a3f8c2d1...
Device Discovered
00:00:12
b7e1d9f4...
Anomaly Detected
00:03:44
c2a5b8e3...
Firewall Rule Written
00:03:45
d9f3c1a6...
NIS2 Report Generated
00:15:00
e4b7a2d8...
Compliance Verified
00:15:01
Latest

Each hash is computed from: SHA-256(timestamp + action + details + previous_hash)

See It Live
HEALTHCARE

Built for
Belgian Hospitals

Cloud platforms see your IT devices. RX-OS possesses your OT — medical equipment, building automation, access control, HVAC. Everything NIS2 demands you protect but nobody else can see.

Your patient data stays in your building. Your audit trail stays on your hardware. No cloud. No external dependency. No data leaving Belgian soil.

Talk to Us
30+
Industrial protocols
supported natively
Medical devices, building automation, cameras, access control, HVAC, elevators, generators, UPS systems — all visible, all monitored, all compliant.
Modbus TCP BACnet OPC UA S7comm SNMP v3 ONVIF DICOM HL7 SSH MQTT TLS EtherNet/IP Profinet
DEPLOYMENT

Three Steps.
Fifteen Minutes.

01
Plug In the Edge Appliance
Connect the RX-OS edge box to the customer network. No agents, no configuration, no disruption to operations.
02
It Discovers Everything
Within minutes, RX-OS maps every device — IT, OT, IoT, medical. Identifies vendor, firmware, protocols. Creates cognitive twins.
03
Brain Reasons. Reports. Protects.
The RX-OS brain analyzes causality, detects anomalies, writes firewall rules, generates NIS2 compliance reports. Automatically.
RISK QUANTIFICATION

Know Your Exposure
in Euros. Not Scores.

Abstract risk scores don't convince a board. Euros do. RX-OS calculates your annual cyber exposure based on real device data, threat probabilities, and downtime costs.

Annual Cyber Risk Exposure
EUR 0
Based on 47 discovered devices, 3 unpatched, 1 critical OT exposure
LowMediumHighCritical
Calculate Your Risk
COMPLIANCE

One Score.
One Click. One Report.

Your NIS2 compliance score updates in real-time as RX-OS monitors your infrastructure. Generate an auditor-ready PDF with one click.

0
NIS2 Compliance
See Your Score
GET STARTED

Give Your Network
a Brain.

We bring the edge appliance. We plug it in. In 15 minutes you see every device on your network, your NIS2 compliance score, and your risk in euros. No commitment. No cost.

Response time: Within 24 hours
Demo: On-site or remote, 30 minutes
Location: Aalst 9300, Belgium
Contact: info@rx-os.eu