-
Whether you're just getting started or scaling something bigger, we offer transparent pricing designed to meet your budget.
Our hourly rates start at €175 (no minimum, excluding VAT) or we can provide a custom quote if you prefer a monthly retainer arrangement.
-
Each client is different.
Some are more comfortable with 100% remote work delivery while other clients prefer on-site kick-offs or stakeholder interviews with the remainder of the project managed and completed virtually. We charge for travel expenses for longer-term assignments requiring overnight stays, when applicable.
-
If you require professional fluency in Dutch, French, German, Italian, Portuguese, or Spanish for your project, regrettably we aren’t a good fit for your company.
We work only in native speaker English for universal business fluency.
-
We closely partner with a Netherlands based agency with EU and US counterparts that serve multinationals, medium-sized and small businesses, private/public partnerships, NGOs, think tanks and nonprofits for all policy/journalism requests.
This includes services around news media, thought leader and subject matter expertise campaigns that support business development, fundraising, stakeholder engagement, employee retention and market competition.
-
We partner with an international organization if you’re seeking safety and cybersecurity tracking/gap analysis for certification for machines (robots), vehicles (airplanes, cars), and components (chips, sensors). Plus support for FuSa, security workflow, risk assessment, V&V and incident analysis.
Frequently Asked Questions
Cyber Resilience Act (CRA)
Does the CRA apply to my product?
1
CRA applies to any organization that manufactures, imports, distributes, or places products with digital elements on the EU market, including hardware vendors, IoT companies, embedded software teams, and digital product manufacturers.
Software-only products fall under the CRA if they have direct or indirect connectivity or are necessary for a product to operate securely, though cloud-only SaaS platforms are generally excluded unless they ship an installable or connectable component.
What if I’m not in the EU… but my customers are?
2
Even if your company is based outside the EU, the CRA applies if you sell or distribute products with digital elements to customers in the EU, including both finished products and embedded components.
When do I need to comply by?
3
The CRA entered into force on December 10, 2024, with vulnerability handling reporting obligations applying as September 11, 2026.
Main obligations apply from December 11, 2027.
If we use open source software (OSS) or components in our products, how does CRA impact us?
4
When manufacturers integrate open source components into a CRA regulated products, the responsibility shifts and the liability transfers to the manufacturer not the upstream developer.
Whenever open source software (OSS) becomes part of a commercial product or service, it is in scope for vulnerability handling, updates, and documentation just like first-party code.
Projects that are "openly shared and freely accessible, usable, modifiable and redistributable" and supplied free of charge without commercial activity remain exempt from CRA.
So, if you are contributing to others' open source software projects, or just publishing your open source code in your own repository and you are not trying to monetize it, you can breathe easier.