TL;DR: Four conversations dominate the SASE floor at Cybersec Europe 2026 in Brussels on 20-21 May. Sovereignty, tool sprawl, NIS2 audit readiness, and agentless devices. These are not vendor-chosen topics. They are the discussions European mid-market IT teams can no longer avoid. Jimber is at booth 05.A117 to be part of each.
Cybersec Europe 2026 lands at a different moment than last year. NIS2 enforcement is active. The Belgian CyberFundamentals (CyFun) deadline of 18 April 2026 has passed. Operational Technology gets its own theme and pavilion at the show for the first time. The sovereignty debate has moved from data residency into harder questions about jurisdiction.
Each of those shifts has changed which conversations matter. Four of them now dominate any serious SASE evaluation. They were not picked by vendors. They were forced by regulators, incidents, and structural shifts in the European mid-market.
Why these conversations, and why now
Jimber is a Belgian SASE platform built for European mid-market organisations of 50 to 400 users. Real SASE, made easy. We are at Cybersec Europe because Brussels is where the NIS2 conversation is most concrete, and because the show now reflects what the industry has been edging towards for two years: agentless devices belong in the same security architecture as everything else. The four conversations below come up in nearly every mid-market SASE evaluation we see across the Benelux. We are at booth 05.A117 to be part of each one.
Conversation 1: sovereignty has stopped meaning data residency
The CISO arriving on the floor with sovereignty questions is no longer satisfied with “we have EU PoPs” as an answer. The board has asked something harder. Not where is the data, but which legal entity controls it and under which jurisdiction.
The trigger is usually a procurement review, a supply chain assessment under NIS2 Article 21, or a customer questionnaire that asked about US CLOUD Act exposure and the existing SASE vendor could not answer cleanly. National sovereignty schemes in France, Italy and Poland have tightened the rules further. EU PoPs handle residency, but they do not answer the jurisdiction question, and that distinction now decides procurement outcomes.
A serious discussion covers which legal entity controls the infrastructure, which extraterritorial regimes apply, and what contractual remedies exist if a non-EU regulator demands disclosure. Jimber operates under EU jurisdiction by default. The legal entity is European, the infrastructure is European, and CLOUD Act exposure does not apply. Our SSE vs SASE decision framework covers the architectural choice in more depth.
Conversation 2: tool sprawl is now a compliance problem
The IT manager arriving with this conversation has spent two years adding tools and now has a stack their three-person team cannot operate, let alone audit. Six consoles. Eight vendors. Three contracts up for renewal in the same quarter.
Industry estimates put the average enterprise security stack at 45 different tools, and 62% of organisations were actively consolidating vendors in 2025. The shift in 2026 is that tool sprawl is no longer just operational. It is a NIS2 audit problem. Five separate logging systems mean five separate evidence reconstructions, and the 24-hour reporting clock starts long before any of those exports finish.
What consolidation actually delivers is the question. Jimber consolidates ZTNA, SWG, FWaaS, SD-WAN and NIAC into one console with one policy language. For a 200-user organisation across three sites, that means weeks to initial value and one audit log instead of six. It does not eliminate every tool. Identity, endpoint protection and email security still sit outside the SASE platform. Our SASE business case for mid-market teams covers the cost and operational dimensions in detail.
Conversation 3: NIS2 evidence is what audits now turn on
The compliance lead in this conversation has a deadline behind them, not in front. The CyFun verification window of 18 April 2026 has passed. The Belgian Centre for Cybersecurity (CCB) is now reviewing evidence packs from essential entities, and audits have moved from documentation reviews to evidence demonstrations.
The hard part of NIS2 is rarely the controls themselves. It is the audit trail. The Article 23 reporting cadence (24 hours, 72 hours, one month) only works if your platform correlates identity, posture and access events in one log stream. With five separate tools, the first six hours of any incident go on reconstructing timelines instead of reporting them.
What the audit now turns on is what evidence looks like when it comes from one console. Jimber’s centralised audit trail covers NIS2 incident reporting requirements, with CyFun control mapping built into the export. Our NIS2 compliance checklist for IT managers covers the full set of audit-ready controls.
Conversation 4: agentless devices are the gap regulators will not ignore
The OT manager has been told for years that the factory floor is “out of scope” and has stopped believing it. PLCs, HMIs, building management systems, medical devices, IP cameras: none run a security agent, and most run firmware that will never be patched. Under NIS2, the regulator no longer accepts that as an explanation. The dedicated OT pavilion at Cybersec Europe 2026 is the industry’s acknowledgement that this conversation has moved into mainstream procurement.
The AZ Monica ransomware incident on 13 January 2026 made the gap concrete. Forensic analysis pointed to traditional VPN access combined with a flat internal network as the path attackers used to reach clinical systems. Surgeries were cancelled on day one. ZTNA controls user access, but cannot reach a device that refuses an agent.
An honest answer requires more than ZTNA. Jimber’s NIAC hardware sits between agentless devices and the network, enforces per-device communication policies, and uses AI-driven fingerprinting. The same console that handles ZTNA, SWG, FWaaS and SD-WAN handles NIAC. Our IT-OT convergence guide walks through three concrete scenarios.
What else is happening at Cybersec Europe 2026
Beyond any vendor stand, the wider show offers two days of main stage sessions on digital sovereignty, NIS2 enforcement and critical infrastructure protection, plus a Tech Theater for deeper technical content and the Cybersec Europe Awards on day two. The dedicated OT pavilion is the most significant addition, signalling that agentless device security has moved into mainstream procurement.
How to find us
Jimber is at booth 05.A117 on 20 and 21 May. Walking up is enough. For a guaranteed slot, book a demo and we will reserve time on the floor or in your environment afterwards. Full event details on our Cybersec Europe 2026 page.
Frequently asked questions
I’m an MSP or service partner. Is there something for me?
Yes. Jimber’s partner-first model means our multi-tenant console is built for managed service delivery, not retrofitted. Come with the questions you would ask any platform vendor about white-labelling, per-client isolation and templated onboarding.
I’m not yet sure if I’m in scope for NIS2. Can we discuss that?
Yes. We do not give legal advice, but we can walk through size thresholds, sectoral classifications under the Belgian transposition, and the practical signs that your organisation is already a critical supplier under Article 21.2.d.
Will there be live demos at the booth?
Our team will discuss the platform with you on the floor and walk through specific scenarios. For a guaranteed live demo, the most reliable option is to book a follow-up session.
What if I cannot make it to Brussels?
These four conversations work just as well outside the show. Book a demo for the same conversation in your environment.
If your team is already having one of these four conversations, we want to be part of it. Stop by booth 05.A117 on 20 or 21 May.
