NIS2-ready access control. Continuous trust. Zero compromise.
ION is a modular zero trust access platform under active development. It ensures the right user, on the right device, under the right conditions, gets access only to the right resource — with continuous validation every 90 seconds, full audit trails, and post-quantum cryptography built in from day one.
Compliance built in, not bolted on
Deny-by-default policy engine, continuous re-evaluation, full audit trail, and incident notification support — mapped directly to NIS2 Articles 21 and 23.
Pricing that reflects your infrastructure
Built for real-world environments where devices, workloads, and systems scale beyond headcount. You pay for what you actually secure — not just who logs in.
Help validate ION in real environments.
ION is not looking for passive waitlist signups. We are looking for design partners who want to test the platform free of charge, explore real implementation scenarios, and help prove demand before launch.
Use ION while it is being built
Design partners can test the tool free of charge during development and help shape practical implementation details.
Proof of business, not just proof of concept
Your feedback helps validate the business need, deployment model, and buying case around zero trust access control.
Planned lifetime launch discount
Early design partners are intended to receive a lifetime discount when ION is ready to sell, with final commercial terms confirmed before launch.
What ION does
Not another VPN with a dashboard. A complete zero trust platform with identity, device trust, policy, encrypted connectivity, and recovery — in one system.
Continuous session validation
Sessions re-evaluate every 90 seconds against identity, device posture, and policy. A denied evaluation terminates the tunnel immediately. Trust is active, never static.
Short-lived credentials
Session certificates live for 2 minutes. Device certificates rotate every 90 seconds. If a credential is compromised, the blast radius is measured in seconds, not months.
Encrypted WireGuard tunnels
Real point-to-point encrypted connectivity — not TLS proxying. Every connection between client and resource travels through a properly authenticated WireGuard tunnel.
Device posture enforcement
Continuous health checks: OS version, disk encryption, device status, security updates. Poor posture triggers re-authentication or quarantine — automatically.
Recovery and quarantine workflows
Compromise response is designed in, not improvised. Suspicious devices are isolated, sessions revoked in cascade, with a clear path from quarantine back to trusted status.
Post-quantum cryptography
Hybrid composite signatures (ECDSA P-384 + ML-DSA) and key exchange (X25519 + ML-KEM-768) from the start. FIPS 203, 204, and 205 compliant. Harvest-now-decrypt-later resistant.
Built for NIS2
NIS2 mandates risk-based security measures including access control, incident handling, supply chain security, and auditability. ION addresses these requirements architecturally — not through documentation alone.
Access control and risk management
Deny-by-default policy engine, explicit access decisions, continuous device posture evaluation, and role-based access control with tenant isolation at every layer.
Cryptography and encryption
Hybrid post-quantum by default. FIPS 203/204/205 algorithms for key exchange and signatures. All transport encrypted end-to-end via WireGuard.
Incident notification and audit
Every trust decision, policy evaluation, session grant, and revocation is logged with full context. 24-hour early-warning capability via structured event streams. 72-hour notification support via exportable audit logs.
EU-first, self-hosted by design
Managed EU deployment or fully on-premises. No US vendor lock-in. GDPR-aligned data handling. Your infrastructure, your jurisdiction, your data.
The ION portal
ION lives at ion.zero-trust.be — a dedicated, independently secured environment. This marketing site and the product platform are fully separated by design.
The sign-in experience is fully branded and supports multi-factor authentication with hardware key and biometric options, integrating with your existing identity provider.
Who ION is built for
Organisations where security is not optional and compliance is not a slide deck.
Healthcare
Device-heavy environments with thousands of endpoints, strict audit requirements, and patient-data sensitivity. NIS2 essential entity. Infrastructure-based pricing with healthcare discount.
Critical infrastructure
Energy, transport, water, digital infrastructure — sectors where NIS2 mandates real access control, incident response capability, and supply chain security.
Government and public sector
EU public administration, defence-adjacent agencies, and regulated entities that need sovereignty-friendly deployment with full audit trail and no foreign vendor dependency.