NIS2-aligned data control
for critical services.
ASTIS helps essential and important entities separate infrastructure access from plaintext access — across suppliers, cloud, AI, workloads, and operational workflows.
Designed to support NIS2-aligned cybersecurity risk-management and supplier-risk controls.
Why NIS2 changes the plaintext problem
NIS2 pushes risk management down the supply chain. The more suppliers, cloud, and ICT providers touch your data, the more places plaintext can leak. ASTIS keeps it from being there to leak.
Plaintext stays on your side
Operational data is encrypted before it reaches suppliers, cloud, or ICT services. They route and store ciphertext, never plaintext.
Supplier risk, reduced by construction
A compromised vendor, backup, or cloud tenant exposes sealed artifacts — not usable operational data.
You hold the keys
With HYOK CVS the key vault runs in your own infrastructure. Decryption authority and residency stay under your control — in the region you choose.
How ASTIS maps to NIS2 risk-management measures
Article 21(2) measures and the ASTIS capability that supports each. ASTIS is designed to support these controls — it is not a NIS2 certification and does not replace your own risk-management program.
Suppliers process ciphertext, not data
Art. 21(2)(d) · supply-chain security
Sub-processors, ICT providers, and supply-chain partners receive sealed artifacts — not readable operational data. Customer-controlled key custody limits third-party plaintext exposure.
Encryption by default
Art. 21(2)(h) · cryptography & encryption
Business data is encrypted client-side; only protected artifacts cross the boundary. ASTIS provides the cryptographic controls behind your policy on the use of cryptography and encryption.
Access that doesn’t leak plaintext
Art. 21(2)(i) · access control
Scoped keys gate every operation; with HYOK CVS, decryption authority stays on your infrastructure. Operating a system never means reading its data.
Evidence for reporting & response
Art. 21(2)(b) · incident handling
A tamper-evident, hash-chained audit trail of cryptographic and key operations — exportable for supervisory reporting and incident investigation.
Secured executive & incident comms
Art. 21(2)(j) · secured communications
Protected communication for executives, crisis teams, and suppliers — sensitive messages don’t become ordinary vendor plaintext.
Where it fits in critical operations
Supplier & ICT third-party exposure
Share operational data with vendors and ICT providers as ciphertext; they run the pipeline without reading it.
Workload secrets for critical systems
Deliver secrets to Kubernetes workloads after attestation — infrastructure access doesn’t become secret access.
Signed evidence & audit trails
Tamper-evident records and hash-based signatures for operational integrity and supervisory evidence.
Executive, incident & supplier comms
Confidential communication across crisis response, board, and supply-chain coordination.
Across NIS2 sectors
NIS2 covers essential and important entities across critical and important sectors, including:
Honest boundary
- • ASTIS is designed to support NIS2-aligned cybersecurity risk-management and supplier-risk controls. It is not a NIS2 certification and does not replace your organization’s risk-management program.
- • NIS2 obligations apply to your entity as an essential or important entity. ASTIS provides cryptographic controls for several Article 21(2) measures — not the full set of administrative, governance, and operational requirements.
- • Verifiable today via internal dogfood and independently verifiable artifacts; SOC 2 Type II is in progress (CASA Tier 2 complete). EU/EEA data plane; HYOK CVS for residency on your own infrastructure.
Operating critical systems shouldn’t mean reading their data.
Let’s scope a deployment for your suppliers, workloads, and supervisory-evidence needs.
Talk to ASTIS