Reglyze gives managed service providers and cybersecurity consultancies a single multi-tenant console to run NIS2 across a portfolio of client organizations — scoping, gap assessments, remediation tracking, training registers, and authority-ready incident reports — with MSP pricing at €1,499/year base (ten organizations included) plus €80/year per additional managed org.
Generic GRC tooling was built for one organization at a time. NIS2 puts MSPs and consultancies in a different position: every client has its own scope, its own management body, its own incident clock, and its own national authority — and you carry all of them at once. Three patterns surface in every conversation we have with MSP teams.
Each NIS2 client needs its own Annex I / Annex II classification, its own headcount and turnover thresholds, and its own essential-vs-important determination. Doing this by hand in a spreadsheet for a portfolio of 10–50 clients eats hours of senior consultant time every quarter — and the scoping logic is where new clients typically disqualify or upgrade themselves. MSPs that price a fixed-fee NIS2 retainer cannot afford to re-derive scope manually each renewal.
Article 21(2) lists ten cybersecurity risk-management measures. Every client must evidence all of them. MSPs deliver several of those measures themselves — incident handling, supply-chain risk, patch management, MFA — but the artifact lives at the client. Without a per-client evidence register, the MSP's audit-readiness depends on whichever consultant happens to know which client has which document. National authorities (ANSSI, BSI, ACN, CNCS, APDC) are now asking MSPs to produce per-client evidence on demand.
Article 20 makes each client's management body personally accountable for cybersecurity oversight. The MSP cannot inherit that liability — but the MSP is on the hook to give the board the dashboards, attestations, and quarterly reports that prove oversight happened. Doing this with PowerPoint and email across a portfolio is unsustainable, and it is exactly where MSPs lose deals to clients who have already built the evidence chain themselves.
Reglyze ships with a multi-tenant MSP console designed around the way NIS2 work actually happens at MSPs: one master account, many client tenants, shared training content, isolated client data, and a single quarterly view across the portfolio.
Add a managed organization in two clicks: the MSP sees a portfolio view with each client's compliance score, overdue tasks, open incidents, supplier risk, and Article 20 training coverage. Switch into a client tenant with one click for hands-on work, switch back without losing context. Each managed org is a fully isolated PostgreSQL tenant — no cross-client data leakage. The portfolio dashboard is the page MSPs leave open on their second monitor all day.
Every client tenant gets the same scoping wizard (Annex I/II + headcount + turnover + member-state classification) and gap-assessment workspace (Article 21(2) controls a–j plus Article 20 board duties). Maturity scoring is per-client; the MSP's senior consultant can fill in cells on behalf of the client. Auto-generated remediation tasks land in the per-client remediation register with severity, due date, and ownership.
Documents, training records, supplier assessments, incident timelines, and effectiveness KPIs are all per-client. Bulk export per client is one button; portfolio-level analytics (which clients have overdue training, which clients are below 60% maturity on Article 21(2)(c), which clients have unresolved supplier risk) is the default view. CSV and XLSX exports include the MSP's own master cover sheet so the artifact is audit-ready out of the box.
When a client takes a significant incident, the on-duty MSP analyst opens the client tenant, fills the standardized fields, and downloads an ANSSI-native (France) or ACN-native (Italy) report in the authority's own language — copy-paste straight into the official portal. The 24-hour / 72-hour / 1-month timer is computed per client. The MSP is the one who runs the clock; the client is the one who signs.
Every managed organization gets the full Reglyze training catalog (board / IT / general staff / sector packs) included in the MSP plan. The MSP issues attestations from a single console; per-client validity tracking; auto-reminder before expiry. The MSP's own consultants can also take the curriculum for internal upskilling — the same content the client board sees, so the consultant frames the conversation correctly.
MSPs that resell under their own brand can configure a per-MSP logo and accent color that applies across all managed organizations and any client-facing artifact (PDF cover pages, board dashboards, training attestations). The Reglyze name does not appear on client-facing outputs unless you want it to. Branding is opt-in and reversible.
Reglyze's MSP plan is designed around slot-count economics: pay a single annual base fee for the first ten managed client organizations, then €80/year per additional managed org up to fifty. Use the live calculator on the pricing page to set your slot count; portfolios beyond fifty client organizations route through our sales team for a custom plan.
Includes 10 managed organizations
Starter pack for boutique MSPs and consultancies onboarding their first NIS2 client portfolio. Up to ten managed organizations included; full Professional feature set per managed org; multi-tenant MSP console; white-label optional; NIS2 training bundled per managed org; priority MSP support.
Up to 50 managed organizations self-serve
Add additional managed organizations on top of the base at €80/year per slot. A portfolio of 30 client orgs costs the base €1,499 plus 20 × €80 = €3,099/year all-in. The /pricing page calculator surfaces the exact annual total live as you adjust the slot count.
Custom plan
Portfolios beyond fifty managed organizations route through our MSP sales team for a custom plan with sector-pack bundles, dedicated onboarding support, and an annual contract reviewed by a named account manager. Talk to us at [email protected] or click the Contact MSP team button at the top of this page.
The headline is the annual portfolio fee, not a per-seat charge. Add or remove managed organizations within your slot count any time. Slot release on a client churn is super-admin-audited so we keep your portfolio economics honest.
Reserved for a verified MSP testimonial — see Reglyze's review policy: only paying customers can leave a review, and reviews are surfaced on the trust page once moderated.
Quote pending — published once Stefano writes it.
Most of the MSPs we speak to settle into the same rhythm within 90 days. The cadence below is illustrative; the platform supports every variation we have seen, including monthly versus quarterly board reporting and per-client incident-response retainers.
Spin up one managed organization per client. Run the scoping wizard on each (10–15 minutes per client). For clients with prior compliance work, upload the existing ISO 27001 SoA or DORA self-assessment and let Reglyze crosswalk to NIS2 Article 21(2). Each client lands on the MSP portfolio dashboard with a starting compliance score and a list of overdue or missing artifacts.
Auto-generated remediation tasks are filtered per client by severity. The MSP works through the [CRITICAL] items first — usually MFA coverage gaps, missing incident-response plans, untrained boards — and assigns each task to the right consultant. The MSP's senior consultant can re-score on behalf of a client once the evidence is uploaded; the client signs off in their own login.
Every client's management body completes the Reglyze board-track training and the MSP issues per-director attestations. The MSP exports a quarterly board pack (compliance score, top-5 risk, overdue tasks, training coverage) and presents it at each client's board meeting. The platform retains a versioned copy so the next audit can pull it.
When a significant incident hits a client, the on-duty MSP analyst declares it from the portfolio view, fills the standardized fields, and downloads the ANSSI- or ACN-native report. The 24h / 72h / 1m clock runs in the platform. Quarterly reviews are scheduled per client; the MSP closes annual cycles by exporting a per-client compliance pack for the client's own retention.
Yes. White-label branding (logo + accent color) is included in every MSP plan and applies across the client-facing surfaces — PDF cover pages, board dashboards, training attestations. The Reglyze name does not appear on client-facing artifacts unless you want it to. Branding is opt-in and reversible per managed organization.
Each managed organization holds its own gap assessment with maturity scoring on Article 21(2) controls (a–j) plus Article 20 board duties. The overall compliance score is the average of implementation and documentation maturity across all controls, weighted by sub-control count. The portfolio view aggregates these into a single MSP-wide chart and surfaces the bottom-quartile clients for prioritized attention.
Slot release is a super-admin-audited action. The MSP admin requests a release with a written reason; a Reglyze super-admin reviews and applies it; an immutable audit log entry is written. This keeps the portfolio economics honest — slots can be reused after a churn, but the process is logged so you can defend your retainer math to your own finance team.
Native templates ship for France (ANSSI) and Italy (ACN) today, in the authority's own language. English fallback templates work for the rest of the EU. Direct portal submission to ACN / ANSSI is on the 2026 roadmap.
Priority MSP support is included in every MSP plan: same-business-day response on business-hours channels, escalation paths for active incidents, and direct access to the Reglyze product team for feature requests tied to a real client retainer. Above fifty managed organizations, a named account manager is included.
The training bundle every managed organization gets — board, IT, general staff, sector packs.
NIS2 training catalogThe single most common audit failure. Board training is bundled in every MSP plan.
NIS2 Article 20 — board dutiesIf a client already has an ISMS, Reglyze crosswalks to the NIS2 delta.
NIS2 vs ISO 27001How Reglyze sits next to the rest of the EU NIS2 GRC market.
NIS2 compliance software comparedGet started on the MSP base plan in under an hour: spin up your first ten managed organizations, run the scoping wizard, and have your first client portfolio dashboard live the same day. Add additional slots at €80/year per org up to fifty; talk to us if your portfolio is larger than fifty client organizations.