CIF-NL: Summaries of granted projects
The content of this page has been checked on 13 July 2026
On this page you will find summaries of the projects that have received funding from CIF-NL.
Funded projects under CIF-NL 2025
In December 2025, the CIF-NL 2025 scheme was opened to organisations developing innovative cybersecurity solutions, in the form of products and/or services. The 2025 funding round of CIF-NL focuses on two key sub-areas:
- Promoting crypto-agility
- Simplifying cybersecurity solutions and making them more cost-effective
Below you will find a breakdown of the scores and summaries of the approved projects.
Theme: Promoting crypto-agility
Overview of the points awarded to all submitted projects
Overview of the points awarded to all submitted projects
The table below shows the number of points awarded to all the projects submitted:
| Number of points | Number of projects |
| 18 | 1 |
| 17 | 3 |
| 16 | 2 |
| 15 | 1 |
| 14 | 1 |
| 13 | 2 |
| 12 | 3 |
| 11 | 4 |
| 10 | 1 |
| 9 | 2 |
| 8 | 2 |
| 6 | 1 |
Quantum Gateway Solutions B.V. - C.A.M. - 18 points
Quantum Gateway Solutions B.V. - C.A.M. - 18 points
C.A.M. (Crypto Agility Module) maps the PQC-readiness of organizations at the software, network, and platform levels. Through five components — a repository/SCA scanner, a crypto-agility database, a comprehensive JA4/JA4S network fingerprinting engine, a unique OS Age Database, and integration into Eoncore's Eon Insights platform — C.A.M. detects cryptographic dependencies, vulnerabilities, and migration paths to post-quantum alternatives. The OS Age Database is unique: it shows which OS versions are even capable of running PQC libraries, thereby closing the gap between what the code uses and where it runs. AI accelerates the generation of configurations and compatibility matrices, drastically reducing manual work.
Impierce Technologies B.V. - CAII: Crypto-Agile Identity Infrastructure for eIDAS 2.0 - 17 points
Impierce Technologies B.V. - CAII: Crypto-Agile Identity Infrastructure for eIDAS 2.0 - 17 points
The CAII project by Impierce Technologies develops a future-proof, quantum-resistant digital identity trust infrastructure. Focusing on the eIDAS 2.0 wallet ecosystem, CAII eliminates the vulnerability of static cryptographic keys against emerging quantum computing threats. The infrastructure integrates Post-Quantum Cryptography (PQC) algorithms directly into UniTrust, an EU Business Wallet, via an innovative hybrid dual-signing mechanism, and guarantees seamless compatibility with existing eIDAS wallets. Simultaneously, this enables zero-friction, toggle-activated post-quantum signature validation for organizations, ensuring long-term credential resilience without requiring future mass re-issuances or disruptive system overhauls.
Roseman Labs B.V. - Quantum resilience and crypto-agility with regard to MPC - 17 points
Roseman Labs B.V. - Quantum resilience and crypto-agility with regard to MPC - 17 points
Roseman Labs builds cryptographic software for collaboration on highly sensitive data, with a focus on the financial sector and national security. Given the rapid developments regarding quantum computing and quantum algorithms, 'crypto agility' is an important theme. In other words, the ability to easily switch to post-quantum-secure encryption schemes to withstand attacks in which the attacker eavesdrops on encrypted communication and attempts to break it at a later time ("Harvest Now, Decrypt Later", or HNDL for short). With support from CIF-NL, Roseman Labs is developing a post-quantum-secure protocol to efficiently encrypt data for multi-party computation. Additionally, we are working on extensions to our solution to make it suitable for data with higher classification levels.
Software Improvement Group B.V. - QUANTUM-CATS - 17 points
Software Improvement Group B.V. - QUANTUM-CATS - 17 points
Organisations know they must migrate to quantum-safe cryptography, but few can see where cryptography actually lives inside their applications. Software Improvement Group will change that. Through automated source-code analysis, SIG will detect exactly which cryptographic algorithms an application uses and where, then assess their post-quantum readiness and guide the migration to quantum-safe alternatives. This capability will be delivered within Sigrid, the leading platform for managing technical debt and software risk, giving organisations across critical Dutch sectors clear insight into their cryptographic exposure and a prioritised path to remediation.
Competa IT B.V. - Crypto-Agility Audit and Planning Tool for Public-Sector Software - 16 points
Competa IT B.V. - Crypto-Agility Audit and Planning Tool for Public-Sector Software - 16 points
Competa IT is developing a software intelligence tool for public-sector organisations preparing for the transition to post-quantum cryptography. Many organisations know they will need to review and renew cryptography, but do not yet have a clear view of where cryptography is used in their software, which dependencies may create migration risk, or what should be tackled first.
The tool supports Quantum-Vulnerability Diagnosis, Planning and Execution by helping organisations identify cryptographic exposure, assess migration risk and prioritise practical next steps, including remediation or safe, incremental refactoring where required. The focus is on clear, evidence-based outputs that can be used by managers, security officers and public-sector decision-makers responsible for planning and governance, as well as by the technical teams responsible for implementation.
WonderBit B.V. - Reliable information in unreliable circumstances - 16 points
WonderBit B.V. - Reliable information in unreliable circumstances - 16 points
Organizations increasingly rely on cryptography to protect sensitive information, yet adapting or replacing cryptographic mechanisms is often complex, costly, and disruptive. This project explores how organizations can make cryptographic security future-proof without redesigning applications or disrupting business processes. WonderBit will develop and validate a crypto-agile architecture in which encryption, key management, and digital signing technologies can be replaced or combined in a flexible manner. By applying a data-centric security approach, protection remains focused on the data itself, independent of the underlying infrastructure. The project will deliver a working demonstrator, practical insights, and architectural design principles that help organizations prepare for future developments, including post-quantum cryptography, to help strengthen digital resilience.
Keytalk B.V. - KeyTalk PKI Certificate and key pair automation & Lifecycle Management - 15 points
Keytalk B.V. - KeyTalk PKI Certificate and key pair automation & Lifecycle Management - 15 points
The KeyTalk "PKI Certificate and Key Pair Automation & Lifecycle Management" project is developing a multi-tenant Certificate Lifecycle Management (CLM) solution with an integrated private Certificate Authority (CA) for the automated issuance, management, renewal, and revocation of Public Key Infrastructure (PKI) certificates. The solution supports certificate use cases including HTTPS/TLS, S/MIME, VPN, and IEEE 802.1X, and is compatible with RSA, ECC, and Post-Quantum Cryptography (PQC) key algorithms. By supporting industry standards such as ACME, SCEP, EST, and CMP, as well as providing a REST API and integrations with cloud, on-premises, and existing CA environments, the platform enables secure and efficient certificate lifecycle management without requiring specialized PKI expertise.
Bitsiel B.V. – SPINNE - 14 points
Bitsiel B.V. – SPINNE - 14 points
Organisations secure their connections (HTTPS/TLS), yet message content becomes vulnerable once an attacker gains access to intermediate systems. In complex chains with multiple suppliers and cloud platforms, this risk is significant. At the same time, crypto agility is lacking: algorithms and keys are hard coded into applications, making migration such as responding to AI driven attacks or post quantum threats, slow, costly, and error prone. Our Spinne project develops message level security with replaceable cryptography and scalable key management. Each message is encrypted individually and remains protected even if systems are breached. Cryptographic suites can be replaced without rebuilding, enabling controlled migration to new algorithms. This strengthens national cybersecurity and makes future proof cryptography practically applicable in heterogeneous chains.
SecuMail B.V. - SecuMailer -Post Quantum Resilience Methodiek - 13 points
SecuMail B.V. - SecuMailer -Post Quantum Resilience Methodiek - 13 points
SecuMailer is developing a Post Quantum Resilience (PQR) methodology to make government organizations resilient against the threat of quantum computers, which are expected to be capable of breaking current encryption techniques between 2029 and 2035. The methodology systematically maps cryptographic assets, classifies risks based on urgency and sensitivity, and provides a migration scorecard for prioritization. Hybrid cryptographic solutions bridge the transition from classical to post-quantum algorithms. The methodology is validated on SecuMailer's own QTSP-certified SaaS platform as a living lab, refined through a sounding board of government clients, and subsequently made publicly available as a practical guide for organizations without in-depth cryptographic expertise.
Ver.iD - Attestation Provider for the Dutch EUDI Ecosysteem - 13 points
Ver.iD - Attestation Provider for the Dutch EUDI Ecosysteem - 13 points
Ver.iD is developing an infrastructure that enables organizations to securely issue and verify digital credentials (electronic attestations) within the European Digital Identity (EUDI) framework. The impetus is the new European eIDAS 2.0 regulation, which from late 2026 onwards will see hundreds of millions of Europeans receiving such credentials via digital wallets — issued largely by municipalities and private parties. The existing Public Key Infrastructure (PKI) is not sufficient for this purpose. The solution provides centralized key management, signing via secure hardware (HSM), automatic key renewal, credential revocation, and full auditability, exposed through standard interfaces and services. Validation is taking place with customers such as the Municipality of Nijmegen. The innovation lies in setting up this security in a flexible and future-proof manner (crypto-agility).
Nextarp B.V. – Post-Quantum Ready Immutable Transparency Log for Certificates (PQ-Transparency) - 12 points
Nextarp B.V. – Post-Quantum Ready Immutable Transparency Log for Certificates (PQ-Transparency) - 12 points
Nextarp B.V. is developing a post-quantum ready, immutable transparency log for digital certificates. The system combines Certificate Transparency principles, including Merkle trees, audit proofs and inclusion proofs, with post-quantum cryptography such as ML-KEM, ML-DSA and SLH-DSA. The project aims to enable early detection of mis-issued certificates, increase resilience against quantum threats and support compliance with eIDAS and ETSI standards. The solution will provide open APIs, verification tools and monitoring capabilities for certificate authorities, trust service providers and verifiers. The project contributes to a more secure, transparent and future-proof European PKI infrastructure.
Theme: Simplifying cybersecurity solutions and making them more cost-effective
Overview of the points awarded to all submitted projects
Overview of the points awarded to all submitted projects
The table below shows the number of points awarded to all the projects submitted:
| Number of points | Number of projects |
| 20 | 1 |
| 19 | 1 |
| 18 | 4 |
| 17 | 7 |
| 16 | 11 |
| 15 | 4 |
| 14 | 12 |
| 13 | 10 |
| 12 | 11 |
| 11 | 5 |
| 10 | 12 |
| 9 | 8 |
| 8 | 5 |
| 7 | 2 |
| 6 | 1 |
| 4 | 1 |
Hackify B.V. - Redactprompt - 20 points
Hackify B.V. - Redactprompt - 20 points
Nearly half of Dutch employees use generative AI, such as ChatGPT and Copilot, often without a clear framework for safe use. As a result, trade secrets, personal data and other confidential information may unintentionally end up in AI chatbots, with risks of storage, reuse or processing outside the intended environment. Hackify is developing RedactPrompt.com: a browser extension that detects sensitive data such as Dutch citizen service numbers, IBANs, passwords, API keys and business information locally in the browser and automatically masks it before it is sent. Unapproved AI tools, such as DeepSeek, and high-risk features, such as file uploads, can be blocked. A dashboard gives organisations insight into AI usage, without prompt content having to leave the device. This makes RedactPrompt an accessible, privacy-friendly solution for secure AI adoption, from individuals to organisations.
Indurex B.V. - ARISE: Autonomous Resilience for Industrial Safety & Engineering - 19 points
Indurex B.V. - ARISE: Autonomous Resilience for Industrial Safety & Engineering - 19 points
ARISE develops an innovative solution to strengthen the cybersecurity and operational resilience of Cyber-Physical Systems (CPS) across critical infrastructure sectors, including manufacturing, energy, and industrial process environments. ARISE focuses on the development of an AI-enabled platform that helps (SME) organizations gain insight into their operational environment and identify risks that may affect the safety, reliability, and continuity of operations. By intelligently aggregating relevant operational and cybersecurity information, ARISE supports detection, assessment, and response to potential risks. ARISE contributes to improved resilience, decision-making, and support for regulatory compliance. SMEs can benefit from cybersecurity capabilities in a practical, scalable & accessible manner.
ON2IT B.V. - Agentic SOC analist - 18 points
ON2IT B.V. - Agentic SOC analist - 18 points
Much of the workload a SOC analyst handles is time-consuming and routine, while the threats that genuinely need attention are often not easy to automate. ON2IT is developing an automated Agentic AI SOC analyst that takes over this time-consuming, routine SOC analysis work. This simplifies the work of the SOC analyst: cybersecurity events are handled more efficiently and quickly, leaving more time for the more complex security work that is not easy to automate. Depending on the type of event, the AI agents make autonomous real-time decisions on security measures, based on interaction (dialogue) with a SOC analyst regarding the necessary additional information and next steps. The technology runs on ON2IT's own, in-house developed AI and is processed entirely locally in ON2IT's own data centers, ensuring no dependency on cloud services, whether EU or non-EU.
mosa.cloud B.V. - 'Veiligheid Zonder Omwegen' - 18 points
mosa.cloud B.V. - 'Veiligheid Zonder Omwegen' - 18 points
Mosa.cloud developed an integrated security layer within a sovereign, open-source digital workplace, based on the French La Suite. At the core of the project is a local AI model that analyzes messages and attachments in real time for sensitive data (e.g. GDPR and medical data). As soon as the model detects something, the user is immediately given the choice within the trusted work environment between encrypted transmission with 2FA or aborting the action. This way, security becomes a seamless part of the workflow rather than an obstacle. With this, mosa.cloud tackles two problems at once: the human error that causes most data breaches, and the dependence on dominant big-tech providers. The solution has been validated in pilots at, and the full code has been made available as open source for further development by partners and the wider community.
MindYourPass B.V. - LOGIN – 'Laagdrempelige Organisatiebrede Inlogveiligheid' - 18 points
MindYourPass B.V. - LOGIN – 'Laagdrempelige Organisatiebrede Inlogveiligheid' - 18 points
Passwords are the primary key to accessing digital systems, yet at the same time the leading cause of cyber incidents. Organisations lack effective means to enforce secure password use, allowing existing risks to persist. Alternatives are insufficiently broad in applicability, meaning the importance of passwords will not diminish in the short term. As part of CIF-NL, MindYourPass develops an innovative solution based on a patented vaultless password management system. The solution combines continuous monitoring of password usage with an adaptive AI system that automatically guides employees in improving their passwords. At the same time, organisations gain insight into risks and tools to enforce privacy-friendly policies. The result: 100% secure passwords, without dependence on training or manual interventions.
Edufort V.O.F. - SectorShield - 18 points
Edufort V.O.F. - SectorShield - 18 points
SectorShield by Edufort develops an affordable cybersecurity solution for public and social-impact organisations that rely heavily on sector-specific SaaS applications, such as student information systems, housing association platforms and municipal systems. These environments often provide little or difficult visibility into their actual security configuration: roles, permissions, MFA, exports, integrations, logging and account management. As a result, organisations lack structured vulnerability management, even though these systems process large volumes of sensitive personal data. SectorShield automates configuration checks, vulnerability detection and behavioural analysis for these SaaS environments and combines this with sector-specific awareness training, making professional cybersecurity accessible to smaller organisations without dedicated security teams.
Invictus Incident Response B.V. - Development of a SaaS Exposure & Response (SER) Platform - 17 points
Invictus Incident Response B.V. - Development of a SaaS Exposure & Response (SER) Platform - 17 points
Invictus Incident Response is developing an innovative SaaS Exposure & Response (SER) platform that closes the security gap current tools leave in cloud applications. Where existing solutions only map static permissions, the SER platform analyses what connected SaaS applications actually do. Through a one-click integration with Microsoft Entra ID, it delivers a complete SaaS inventory with risk scoring, detects suspicious behaviour and Shadow SaaS, and enables organisations to intervene immediately during incidents. With a 'killswitch' and ready-to-use remediation scripts ('Remediation-as-Code'), the platform simplifies incident response in complex cloud environments, making advanced security accessible even for SMEs.
Oxot B.V. - OXOT Cyber Digital Twin voor OT security - 17 points
Oxot B.V. - OXOT Cyber Digital Twin voor OT security - 17 points
OXOT is developing a Cyber Digital Twin for organisations that depend on operational technology. Industrial and critical organisations face increasing cyber threats, geopolitical tensions and a growing dependency on digitally controlled production environments. At the same time, cyber maturity in OT environments remains limited, while organisations are understandably cautious about testing or making major changes directly in live, critical production environments. The Cyber Digital Twin combines technical data, architecture information and security insights into one digital model: a truthful copy of reality. This enables risks, dependencies and improvement measures to be safely analysed, tested and prioritised. OXOT is a Dutch cybersecurity company focused on increasing the cyber resilience and digital sovereignty of Dutch and European industry.
Watchmen B.V. – Origami - 17 points
Watchmen B.V. – Origami - 17 points
Origami works with the security tools an organisation already runs, rather than replacing them. It brings Zero Trust access under one point of control, so that protecting people, devices and applications becomes one consistent, accountable practice instead of a patchwork managed tool by tool. It is built to run at scale, serving many organisations at once while keeping each one cleanly separated and fully auditable. The result is security that is simpler to operate as it grows, and a credible route for European organisations to take more of their digital security into their own hands.
Attic B.V. – Attic for Google Workspace - 17 points
Attic B.V. – Attic for Google Workspace - 17 points
Attic for Google Workspace extends the Attic platform to Google Workspace. SMEs are increasingly targeted by cybercrime, yet often lack the knowledge and budget for an in-house security team. Attic makes cloud security accessible and affordable; for Microsoft 365 we already protect close to a thousand environments. This project develops that same automated protection for Google Workspace, built on four pillars: checks that find unsafe settings, one-click fixes, detection of suspicious activity, and direct response. The innovation lies in translating complex security into understandable actions, so entrepreneurs and their IT providers stay in control of their own digital security.
Trusted-ID B.V. - AI-driven Recommendation Engine voor IAM/IGA Cybersecurity in SMEs - 17 points
Trusted-ID B.V. - AI-driven Recommendation Engine voor IAM/IGA Cybersecurity in SMEs - 17 points
Trusted-ID develops an AI-driven recommendation engine that makes Identity & Access Management (IAM) and Identity Governance (IGA) accessible to small and medium-sized enterprises that rarely have specialised security expertise. The engine automatically analyses complex identity configurations using a canonical graph model and a library of 20+ validated risk patterns, such as orphaned accounts, over-privileged users and toxic role combinations. A locally running AI layer translates each finding into clear, prioritized improvement advice referencing NIST, ISO 27001 and CIS Controls. Since all AI models run locally, the pipeline stays on-premises and privacy-friendly, essential for handling sensitive identity data.
Connect the Future B.V. - Secure Edge Control Platform (SECP) voor legacy PLC-migratie - 17 points
Connect the Future B.V. - Secure Edge Control Platform (SECP) voor legacy PLC-migratie - 17 points
The Secure Edge Control Platform (SECP) project aims to develop a secure, scalable, and cost-effective platform for the modernization and protection of legacy Operational Technology (OT) systems, such as PLCs and industrial controllers used in critical infrastructure and industrial environments. Many of these systems were designed before cybersecurity became a major concern, while replacement is often financially and operationally impractical. SECP provides a secure edge layer that can safely replace or operate alongside existing PLC functionality, incorporating features such as secure boot, cryptographically signed updates, centralized management, and secure communications. The platform also integrates OT monitoring, AI-assisted threat detection, and human-in-the-loop validation. This approach improves the cybersecurity, manageability, and scalability of critical infrastructure environments without disrupting operational processes.
Funded projects under CIF-NL 2023
In October 2023, the CIF-NL 2023 grant scheme was opened to companies and research organisations based in the Netherlands. Through their cybersecurity innovation projects, they contributed to (one of) the following sub-areas:
1. Automation of cybersecurity solutions
2. Retention and development of staff
3. Proportionate, secure and privacy-protecting data sharing
4. Developing or scaling up small-scale cybersecurity solutions
These sub-areas formed an important part of the assessment of the applications. Read the summary of the projects awarded funding (in Dutch).
- Ministry of Economic Affairs
Featured

Project Database

Case Studies

Responsible Business Conduct
