SECaaS2 is Belgium’s next‑generation, cloud‑first federal cybersecurity program. Launched with FOD FIN, it delivers 75 NIS2‑aligned managed security services from a sovereign Belgian SOC, protecting citizen‑critical digital services and mission‑critical government operations.
Algemene beschrijving (incl. samenvatting van onderstaande vier punten, deze beschrijving wordt gepubliceerd)
SECaaS2 is Belgium’s next‑generation federal cybersecurity blueprint, launched in 2025 by Proximus NXT in partnership with the Federal Public Service Finance (FOD FIN). The programme delivers a cloud‑first, NIS2‑aligned catalogue of 75 managed security services, operated from a sovereign Belgian Security Operations Center and supported by a best‑of‑breed vendor ecosystem. SECaaS2 replaces fragmented, on‑premise security tooling with a unified, scalable architecture designed to protect citizen‑critical digital services and secure mission‑critical government operations, such as national tax platforms.
The project addresses one of the most complex and sensitive environments in the Belgian state, requiring a zero‑downtime transition to a fully integrated defence model while complying with strict regulatory and governance frameworks. Beyond technology, SECaaS2 introduces a new federal operating model that streamlines compliance, enables predictable budgeting and significantly strengthens cyber resilience. With FOD FIN as the first onboarding and reference blueprint, SECaaS2 sets a new national standard for how government secures its digital foundations today and for the decade ahead.
Beschrijf de complexiteit en/of risico's in/van het ict-project
The complexity of SECaaS2 stems directly from the strategic importance of FOD FIN within the Belgian state and the sensitivity of the systems under its responsibility. FOD FIN operates some of the country’s most mission critical digital platforms such as tax applications, authentication environments and treasury operations, all of which contain highly confidential data and must remain continuously available.. Transforming such an environment required a full migration from anlegacy, fragmented on premise security stack to a cloud first, fully integrated defence architecture, executed under strict zero downtime conditions to avoid disruption of essential public services.
This transition demanded the convergence of multiple technological domains, including endpoint protection, identity governance, cloud workload defence, network controls and XDR based threat detection. These domains span several leading vendors, such as Microsoft, Palo Alto Networks and F5, whose technologies needed to be orchestrated seamlessly into one cohesive operational model. Additional layers of complexity arose from the requirement to comply with Belgium’s NIS2 legislation and the CyFun® framework from day one, necessitating real time auditing, uplifted governance processes and secure, fully traceable migration patterns.
To mitigate the risks involved, Proximus NXT established a dedicated delivery and governance organisation with proven federal expertise. A phased ten month transition plan was designed to manage system interdependencies, ensure continuity of financial operations and de risk each step of the cut over. The successful onboarding of FOD FIN, without interruptions, demonstrates not only the precision and maturity required for a transformation of this magnitude, but also the operational excellence needed to modernise the cybersecurity backbone of one of Belgium’s most critical public institutions.
Beschrijf de toegevoegde waarde voor de interne of externe klant
SECaaS2 delivers significant operational, strategic and societal value for FOD FIN, fundamentally strengthening the security and reliability of one of Belgium’s most critical public institutions. Operationally, the programme transforms a fragmented and outdated security landscape into a harmonised, cloud first model supported by a sovereign, highly certified Belgian SOC. This ensures continuous monitoring, real time detection of threats and rapid incident response, providing FOD FIN with the cyber resilience required to safeguard highly sensitive financial platforms. By replacing legacy tools with an integrated set of 75 managed security services, FOD FIN gains greater visibility, faster remediation cycles and a consistent security posture across its entire environment.
Strategically, SECaaS2 embeds full alignment with the NIS2 legislation and the CyFun® framework from the start, allowing FOD FIN to streamline governance processes, simplify audits and automate compliance reporting. The purchasing model, first introduced under SECaaS1 and enhanced in SECaaS2, adds further value by offering transparent and predictable budgeting through scalable, usage based parameters such as number of users and network traffic volume. This creates long term financial stability while ensuring access to advanced security capabilities.
The societal impact of SECaaS2 is equally significant. By strengthening the cybersecurity foundation of FOD FIN, the programme directly protects millions of citizens and businesses that rely on uninterrupted access to essential digital public services, including tax platforms and financial systems. This is not a minor enhancement but a structural transformation of the digital infrastructure that underpins Belgium’s fiscal stability. SECaaS2 enhances trust in government digital services, reduces systemic cyber risk and contributes to a more resilient digital society, making its added value both far reaching and sustainable.
Beschrijf de originaliteit en/of innovatieve kracht van/in het ict-project
SECaaS2 delivers unprecedented innovation to Belgium's public sector. It is the first large scale, cloud first federal cybersecurity architecture in Belgium, replacing fragmented, infrastructure heavy security with a modern, service driven and outcome based model. Its catalogue of 75 modular managed security services is unparalleled in breadth and design, covering identity, endpoint, edge security, cloud workload protection, XDR, AI assisted analytics and an entirely new set of governance focused offerings such as Third Party Risk Management as a Service and GRC as a Service. This combination dramatically elevates the maturity of federal cybersecurity far beyond traditional tool based models.
A key innovation lies in the FOD FIN blueprint, the first end to end implementation in one of Belgium’s most complex and mission critical federal environments. This blueprint not only validates the operational model but creates a repeatable, lower risk onboarding pattern for all other Federal Public Services. It packages migration workflows, governance structures, audit mappings and operational baselines into a reproducible federal standard , extending innovation beyond technology into methodology, governance and large scale federal delivery.
This architecture is reinforced by an orchestrated ecosystem of leading security technologies (Microsoft, Palo Alto Networks, F5), integrated into one coherent security fabric and operated through a sovereign Belgian SOC. The result is a future proof security model combining sovereignty, automation, modularity and scalability.
In essence, SECaaS2 does not simply modernise federal security, it redefines it, setting a new benchmark for adaptability, compliance automation and delivery speed in the Belgian public sector. It establishes a forward looking cybersecurity architecture capable of supporting the federal government’s digital ambitions for the next decade, making it a true standout innovation for the Computable Awards.
Beschrijf de kracht van de interne of externe leverancier
The strength of Proximus NXT as the prime contractor lies in its unique combination of federal sector heritage, sovereign operational capability and multi vendor integration expertise, an execution power unmatched in the Belgian public sector. Building on more than seven years of proven delivery under SECaaS1, Proximus NXT brings deep institutional knowledge of federal environments, having supported ten federal institutions with managed security services. This legacy ensures credibility, stability and continuity. The same core experts who shaped the SECaaS2 bid remained engaged throughout design, migration and operationalisation, guaranteeing consistent leadership, accountability and an unbroken chain of expertise across all project phases.
Operationally, SECaaS2 is anchored in a Belgium based Security Operations Center, ensuring full sovereignty, rapid response and trusted handling of sensitive federal data. This sovereign SOC forms the backbone of 24/7 monitoring, incident response and governance, offering assurance that security operations remain fully within national jurisdiction, an essential factor for a programme of this criticality.
Another defining strength is Proximus NXT’s ability to orchestrate a curated ecosystem of global market leaders, including Microsoft, Palo Alto Networks, F5 and others, into one coherent, end to end security fabric. Instead of delivering isolated tools, Proximus NXT integrates these technologies into a unified operational model, ensuring consistency, interoperability and streamlined governance across the entire security landscape.
What truly differentiates the supplier, however, is its mature governance model and local presence. With a long standing footprint in the Belgian public sector, Proximus NXT provides strong programme governance, transparent reporting, federal grade change management and close collaboration with stakeholders. This combination of federal experience, sovereign operations, multi vendor mastery and disciplined execution makes Proximus NXT uniquely positioned to deliver a cybersecurity transformation of this national scale and critical importance.