Home MRCC & Trust Passport
πŸ“œ

MRCC & Trust Passport

The end goal of NexCyber - a Trust Passport you can share, and an MRCC Certificate signed by EU regulatory experts.
NexCyber Support
By NexCyber Support
β€’ 5 articles

What is an MRCC Certificate?

TL;DR πŸ“œ MRCC = Multi-Regulator Conformity Certificate. A single, structured artifact summarizing your readiness across multiple EU frameworks (CRA, NIS2, AI Act, RED, DORA). Signed by NexCyber's regulatory experts. Designed to be shared with auditors, customers, and partners. | βœ… What MRCC is | ❌ What MRCC is not | |---|---| | Structured readiness signal across frameworks | Not a notified body certification | | Issued after evidence reaches confidence threshold | Not your CE declaration | | Versioned, verifiable, shareable | Not a legal opinion | | Premium artifact of paid plans | Not a substitute for legal counsel | πŸ” What it includes - πŸ“‹ Scope statement β€” which estates, which frameworks - 🎯 Coverage map β€” obligations Γ— evidence Γ— confidence - πŸ›‘οΈ Trust Passport reference β€” your underlying readiness graph - ✍️ Expert sign-off β€” NexCyber regulatory team signature - πŸ”— Verify link β€” public verification endpoint (read-only proof) πŸ“ˆ When you get one MRCC is automatically issuable once your estate hits the required confidence level on the relevant decision modules β€” Cross-Reg Decision Engine, Trust Passport, etc. (paid plans only). 🀝 How to share - Direct URL with verify link (public proof) - PDF export (signed, watermarked) - Embed badge on your site (post-issuance) ➑️ Next - πŸ“Š Run an assessment to start - πŸ›‘οΈ Trust Passport vs MRCC β€” which one? - πŸš€ Fastest path to your first MRCC πŸ’¬ Need help? - Reach out via our live chat (bottom-right) β€” Captain AI replies instantly, human experts within business hours. - Email support@nexcyber.eu with [P1] for Command/Strategic priority issues. ℹ️ Disclaimer β€” RICE provides a readiness analysis, not legal advice. Final compliance may require legal review or notified body certification. Last reviewed: 2026-06-02 Β· NexCyber Help Center

Last updated on Jun 02, 2026

Trust Passport vs MRCC Certificate β€” which one do you need?

TL;DR πŸ›‘οΈ Trust Passport = your living readiness graph. MRCC Certificate = signed snapshot you share with auditors. | | πŸ›‘οΈ Trust Passport | πŸ“œ MRCC Certificate | |---|---|---| | Nature | Living, continuously updated | Snapshot, signed by experts | | Audience | Internal, prospects, partners | Auditors, regulators, key customers | | Issuance | Auto from your assessments | Issued at confidence threshold | | Shareable | Yes (link or embed) | Yes (PDF + verify URL) | | Plan | Starter+ | Launch+ | 🎯 Which one for which moment? | You want to… | Use | |---|---| | Show readiness on your website footer | πŸ›‘οΈ Trust Passport | | Reply to a vendor security questionnaire | πŸ›‘οΈ Trust Passport + πŸ“œ MRCC excerpt | | Pass an enterprise customer audit | πŸ“œ MRCC Certificate | | Demonstrate readiness to a notified body | πŸ“œ MRCC + your own technical file | | Track your own progress quarter over quarter | πŸ›‘οΈ Trust Passport (with trend) | πŸ”— Together You always own a Trust Passport first. Once your readiness crosses the threshold for one or more frameworks, you can request the MRCC to be issued as a signed snapshot. ➑️ Next - πŸ“‹ What is an MRCC Certificate? - πŸš€ Fastest path to your first MRCC πŸ’¬ Need help? - Reach out via our live chat (bottom-right) β€” Captain AI replies instantly, human experts within business hours. - Email support@nexcyber.eu with [P1] for Command/Strategic priority issues. ℹ️ Disclaimer β€” RICE provides a readiness analysis, not legal advice. Final compliance may require legal review or notified body certification. Last reviewed: 2026-06-02 Β· NexCyber Help Center

Last updated on Jun 02, 2026

How the MRCC process works step by step

TL;DR πŸ“œ Five steps from assessment to issued MRCC Certificate. πŸͺœ The 5 steps 1️⃣ Define your Product Estate One estate = one product / one codebase-SBOM lineage / one EU market exposure. πŸ‘‰ Add your first regulated product 2️⃣ Run your Scope Review RICE maps which EU frameworks apply (CRA, NIS2, AI Act, RED, DORA, combos). πŸ‘‰ How NexCyber decides which regulations apply 3️⃣ Close your Compliance Gap Upload evidence (SBOM, policies, test reports, supplier attestations). Confidence levels update automatically. πŸ‘‰ Build your evidence library 4️⃣ Reach the confidence threshold Each framework has a confidence threshold. When you cross it, your estate becomes MRCC-eligible. πŸ‘‰ Reading your assessment results 5️⃣ Request the MRCC - Open your estate - Click Request MRCC - Our regulatory team reviews and signs - You receive a signed PDF + a public verify URL ⏱️ Typical timeline | Plan | First MRCC turnaround | |---|---| | Launch | 5-10 business days | | Portfolio | 3-5 business days | | Command | 1-3 business days (priority queue) | | Strategic | Contractual SLA | ➑️ Next - πŸš€ Fastest path to your first MRCC - πŸ›‘οΈ Trust Passport vs MRCC - πŸ”— Share your Trust Passport πŸ’¬ Need help? - Reach out via our live chat (bottom-right) β€” Captain AI replies instantly, human experts within business hours. - Email support@nexcyber.eu with [P1] for Command/Strategic priority issues. ℹ️ Disclaimer β€” RICE provides a readiness analysis, not legal advice. Final compliance may require legal review or notified body certification. Last reviewed: 2026-06-02 Β· NexCyber Help Center

Last updated on Jun 02, 2026

Share your Trust Passport with customers and auditors

TL;DR πŸ›‘οΈ Three ways to share your Trust Passport β€” pick the right one for your audience. πŸ”— Sharing options | Method | Best for | What recipient sees | |---|---|---| | Public URL | Sales prospects, partners | Read-only readiness summary, no evidence files | | Embedded badge | Your website / footer | Live, auto-updated trust signal | | PDF export (signed) | Vendor questionnaires, RFPs | Static snapshot, watermarked | | MRCC excerpt | Auditors, enterprise customers | Cross-framework signed attestation | πŸ›‘οΈ What's exposed publicly - βœ… Frameworks in scope (CRA, NIS2, AI Act, RED, DORA) - βœ… Confidence band per framework (high / medium / preview) - βœ… Last updated date - βœ… Verifiable URL πŸ”’ What's never exposed - ❌ Your uploaded evidence files - ❌ Specific gap details - ❌ Internal scoring methodology - ❌ Sensitive contract or supplier info βš™οΈ How to share 1. Open your estate 2. Click Trust Passport β†’ Share 3. Choose your method (URL / badge / PDF) 4. Set audience (public / authenticated-only) ➑️ Next - πŸ“œ What is an MRCC Certificate? - πŸͺœ How the MRCC process works πŸ’¬ Need help? - Reach out via our live chat (bottom-right) β€” Captain AI replies instantly, human experts within business hours. - Email support@nexcyber.eu with [P1] for Command/Strategic priority issues. ℹ️ Disclaimer β€” RICE provides a readiness analysis, not legal advice. Final compliance may require legal review or notified body certification. Last reviewed: 2026-06-02 Β· NexCyber Help Center

Last updated on Jun 02, 2026

Fastest path to your first MRCC Certificate

TL;DR πŸš€ The most direct route from signup to a signed MRCC, optimised by NexCyber experts. ⚑ Express path (Launch plan or above) Week 1 β€” Foundation - βœ… Create your account Β· invite your compliance lead - βœ… Add your Regulated Product Estate (start with your flagship product) - βœ… Run the Scope Review β†’ see which frameworks apply Week 2 β€” Evidence ingestion - βœ… Upload your SBOM (CycloneDX 1.4+ / SPDX 2.3+) - βœ… Map existing policies (security, vuln handling, incident response) - βœ… Add supplier attestations for tier-1 dependencies Week 3 β€” Close the gap - βœ… Address top 3 gap priorities surfaced by RICE - βœ… Re-upload refreshed evidence as needed - βœ… Reach confidence threshold on at least 1 framework Week 4 β€” Request MRCC - βœ… Click Request MRCC on your estate - βœ… Regulatory expert review + sign-off - βœ… Receive signed PDF + public verify URL 🚦 Confidence thresholds (functional view) | Framework | What you need at minimum | |---|---| | πŸ›‘οΈ CRA | SBOM + vuln-handling policy + tech-doc skeleton | | 🌐 NIS2 | 10 minimum measures mapped + supplier register | | πŸ€– AI Act | Risk tier classification + technical documentation | | πŸ“‘ RED Cyber | 3.3.d/e/f sub-requirements evidence | | 🏦 DORA | ICT third-party register + incident classification template | Specific scoring methodology is part of our private model. Public-facing confidence is summarised in bands (preview / computed / evidence-backed / externally-linked). πŸ’‘ Pro tips - 🎯 Start with one framework, not all five - πŸ“Š Aim for evidence-backed band before requesting MRCC - 🀝 Loop in your auditor early β€” share Trust Passport URL ➑️ Next - πŸͺœ How the MRCC process works - πŸ“œ What is an MRCC Certificate? - πŸ”— Share your Trust Passport πŸ’¬ Need help? - Reach out via our live chat (bottom-right) β€” Captain AI replies instantly, human experts within business hours. - Email support@nexcyber.eu with [P1] for Command/Strategic priority issues. ℹ️ Disclaimer β€” RICE provides a readiness analysis, not legal advice. Final compliance may require legal review or notified body certification. Last reviewed: 2026-06-02 Β· NexCyber Help Center

Last updated on Jun 02, 2026