Cynomi Expands EU NIS 2, AI Governance for MSPs

Cynomi is expanding its regulatory governance capabilities across the UK and European Union, adding new NIS 2 support for Croatia and Belgium while positioning its platform to help MSPs scale fractional CISO and AI governance services amid tightening compliance mandates.

Regulatory pressure drives demand for fractional CISO services

As regulatory pressure intensifies across critical infrastructure and regulated sectors, customers are demanding continuous oversight, third-party risk management, and executive-level reporting delivered as ongoing managed services.

“There’s a pretty common theme we see a lot, where leaders have this nagging doubt in the back of their minds around whether they’re doing enough,” said Phil Bindley, Field CISO at Intercity Technology Ltd., a UK-based provider offering fractional CISO and IT services.

“With SMBs especially, they likely need a CISO at least some of the time, but can’t afford one. Then, they might not necessarily have enough work for them to do to justify a full-time hire even if they could afford someone,” Bindley continued. “The fractional CISO hits the sweet spot for them, and they need a services provider who can guide them through their needs.”

Cynomi expands NIS 2 support to Croatia and Belgium

As EU member states continue transposing the NIS 2 Directive into national law, Cynomi has expanded its country-specific support to include Croatia and Belgium.

The update enables partners to align governance programs with local NIS 2 requirements, including national-level interpretations of risk management, reporting obligations, and supply-chain oversight. 

The company also supports frameworks widely used in the UK, EU, and other global markets, including the NCSC Cyber Assessment Framework (CAF), DORA, GDPR, ISO 27001, ISO 42001, NIST CSF, and the CIS Controls. 

By mapping across these standards, Cynomi aims to help partners streamline compliance delivery for customers operating in multiple jurisdictions.

“We try to be very attuned to what our partners need, and we listen constantly to feedback to build the modules our partners say they want as they adjust to client demand,” Roy Azoulay, COO and Co-Founder of Cynomi, told Channel Insider.

To Bindley, the platform’s largest strength is in its ability to automate what used to be tedious and manual work in data collection and client onboarding.

“We can get within a day now what used to take us a week in terms of understanding a new client and mapping their current reality to what their goals are,” Bindley said. “Our customers ultimately save money, since they pay us for the time we’re taking to get them started, and we can get to the work of actually building their governance journey so much faster.”

AI governance becomes a new revenue opportunity for MSPs

Beyond NIS 2, Cynomi is emphasizing AI governance as the next near-term revenue opportunity for service providers, particularly as the EU AI Act reshapes compliance expectations.

“AI governance is really starting to become key for a few reasons,” Bindley said. “First, companies know AI is in use, and they know it needs to be secured, whether there’s a framework or not. But regulation, especially in the UK and EU and even some US states, is starting to catch up as well.”

“This is something that we know boards are talking about, and there’s this sense that while it may feel a bit like the ‘wild west of AI’ right now, that won’t last forever, and businesses want to be prepared,” Bindley continued.

2026 outlook: fractional CISO and advisory services gain momentum

Azoulay and Bindley agree that this year will see an ongoing demand for fractional CISO and broader IT services, driven by regulation and also the push to adopt emerging technologies like AI. 

Bindley says he sees this demand as an opportunity to bring SMBs, in particular, the level of security expertise they need, without the often expensive price tag they can’t afford.

To Azoulay, this opens new opportunities for MSPs and MSSPs to evolve into not just managed services but more in-depth advising and consulting offerings as well.

“I think this will allow service providers to evolve from being the security cop to being an enabler of secure technology adoption,” Azoulay said. “Providers can go from working mostly with IT to now having a place in board-level conversations with their clients, showing their value in a more strategic way and getting sticker with those customers as a result.”

As NIS 2 implementation advances and AI oversight shifts from emerging concern to board-level priority, both Azoulay and Bindley see sustained growth in compliance-led advisory services. 

For MSPs and MSSPs, the opportunity extends beyond technical management to strategic governance, helping clients navigate regulatory complexity while building long-term, recurring security programs.