Cynomi extends NIS 2 & AI governance tools for MSPs

Cynomi has expanded its UK and EU regulatory governance offering for managed service providers and managed security service providers, including new NIS 2 coverage for Croatia and Belgium.

The company said demand from regulated and critical-infrastructure organisations has increased as requirements tighten around NIS 2, DORA, GDPR, third-party vendor risk and AI governance linked to the EU AI Act. It said service providers now face greater expectations for ongoing oversight and reporting, rather than point-in-time assessments.

Provider demand

Cynomi positions its platform as a way for service providers and telecommunications providers to run compliance-driven security programmes across multiple customers. The company said it supports several UK and EU-aligned frameworks, including NCSC CAF, DORA, GDPR and the EU AI Act. It also listed ISO 27001, ISO 42001, NIST CSF and the CIS Controls.

"Compliance has become a catalyst for recurring security services," said Shane Deegan, Chief Revenue Officer, Cynomi. "Service providers are being asked to operationalise governance, manage third-party vendor and AI risk, and prove improvement over time. Cynomi helps partners do that efficiently turning compliance pressure into scalable services, better margins, and increased security revenue."

NIS 2 coverage

Cynomi said it has added support for Croatia and Belgium as the NIS 2 Directive moves into national law across EU member states. It described the update as focused on country-specific implementation requirements and partner demand.

The company said the additional coverage includes guidance aligned to national transposition, third-party and supply-chain risk oversight linked to NIS 2 requirements, and audit and regulator-ready reporting. It also said the approach aims to standardise programme execution for providers with customers operating across multiple countries.

Operational changes

Intercity Technology uses Cynomi in its security services work. The company's Field CISO described a change in internal effort required for early-stage customer work.

"Before Cynomi, getting a customer from kickoff to a usable security plan took a lot of manual work. With Cynomi, that initial onboarding and baseline assessment has gone from a full week to roughly a day. More importantly, it frees our team to focus on what actually matters - applying our expertise, guiding the customer, and building a meaningful, actionable cyber‐resilience improvement plan rather than getting buried in admin," said Phil Bindley.

AI governance

Cynomi also linked its regulatory governance push to rising customer expectations around AI usage and oversight. The company said it sees buyers asking service providers for ongoing operational AI oversight. It highlighted discovery, third-party risk, evidence and continuous reporting as areas of focus.

It said service providers could package AI governance work into managed and advisory services. Cynomi said it plans to discuss this approach in a live webinar titled: Turning AI Governance into Revenue: How Service Providers Build Scalable Offerings.

The company said the session will feature Roy Azoulay, COO & Co-Founder at Cynomi, alongside Bindley.