Product Roadmap
Product direction for Nisium — what is available today and what we are building next.
Last updated: June 2, 2026 · Version 1.0
Priorities change as we learn from customers and regulators. Timelines are indicative — see Terms for contractual commitments.
This roadmap reflects our current direction for Nisium. Priorities and timelines may change — nothing here is a contractual commitment. See our Terms of Service for binding terms.
Available today
Capabilities in active development or production rollout:
| Area | Description |
|---|---|
| ------ | ------------- |
| Gap analysis | NIS2 control catalog, assessments, and remediation tracking |
| Incident center | Wizard workflows, reporting timelines, and exports |
| Evidence locker | Uploads, SHA-256 hashing, metadata, retention, legal hold |
| Vendor risk | Questionnaires, magic-link access, scoring, passport flows |
| Executive dashboard | Compliance posture widgets and role-based views |
| Identity | Cognito authentication with MFA; SAML for essential entities |
| EU hosting | Target production region AWS eu-central-1 |
In progress
Near-term focus areas:
| Area | Description |
|---|---|
| ------ | ------------- |
| Production hardening | Containerized deploy, CI/CD, and observability on AWS |
| Notifications | In-app and email reminders for deadlines and approvals |
| Audit packs | Export bundles for audits and regulatory submissions |
| CERT-BG workflows | Structured reporting artifacts and inbound email parsing |
On the horizon
Longer-term themes under consideration:
| Area | Description |
|---|---|
| ------ | ------------- |
| AI assistance | RAG-driven control guidance and incident narrative support (with PII masking) |
| Deeper integrations | SIEM and ticketing connectors (scope TBD) |
| Bulgarian UI polish | Expanded in-product Bulgarian coverage |
| Enterprise features | Advanced retention policies, subprocessor portal, assurance programs |
How we prioritize
- Security and tenant isolation — never compromised for convenience.
- Regulatory workflows — incident deadlines, evidence integrity, and auditability.
- Operator efficiency — dashboards, vendor portal, and clear RBAC.
- EU data residency — production data remains in the EU.
Share feedback
We build Nisium for essential and important entities in Bulgaria and the EU.
- Product feedback: support@nisium.com
- Privacy: privacy@expertallies.com
This document is effective as of June 2, 2026. Material changes will be posted on this page.