The V/TO is the single source of truth for where Unicis is going and how we will get there. Every team member should read and understand this document. It is reviewed and updated at every Annual Planning session and checked at every Quarterly session.

← Back to Leadership

Core Values are not aspirational — they describe how Unicis already operates at its best. We hire, review, reward, and part ways with people based on these values.

💡 Using Core Values: When hiring, ask behavioural questions that surface each value. In performance reviews, assess each value explicitly. When something feels wrong culturally, trace it back to a Core Values violation.

To make compliance effortless, efficient, and transparent for every European SME — so that security, privacy, and risk teams can focus on real work instead of spreadsheet management.

Open-source GRC platform for EU SMEs navigating NIS2, GDPR, ISO 27001, DORA, and CRA.

“By 2035, Unicis is the default open-source GRC platform for EU SMEs — with 10,000+ active organisations on the platform, a self-sustaining open-source community, and recognised status as a trusted EU digital infrastructure provider.”

This target is ambitious but achievable. It requires consistent execution on product, community, and partnerships — not a step-change pivot.

What does Unicis look like on 1 January 2028?

• Revenue: €1M+ ARR from subscriptions and partner program
• Customers: 500+ active paid organisations on the platform
• Product: Full coverage of NIS2, GDPR, ISO 27001, DORA, and CRA in a single unified workflow; incident management module live; AI-assisted compliance recommendations in GA
• Team: 8–12 full-time Unicians across product, engineering, and GTM
• Community: 1,000+ GitHub stars; active contributor community; Weblate translations in 5+ EU languages
• Infrastructure: billing.unicis.tech live with full self-serve subscription management; Better Auth migration complete
• EU Projects: OSCRAT, VIC, CyberSec4OT, and SAFE SPORT completed; 1–2 new Horizon/NGI grants secured
• Partnerships: 20+ active reseller/integration partners in the EU partner program

What must be true by 31 December 2026 for us to be on track for the 3-Year Picture?

€150,000 ARR

• 50 paying organisations on the platform
• Partner program launched with 5 active partners
• billing.unicis.tech live and processing recurring subscriptions

1. Ship Better Auth migration — complete auth layer migration from NextAuth v4/BoxyHQ to Better Auth; self-hosted audit log in production
2. Launch billing.unicis.tech — unified subscription and licence management service live; Dolibarr integration for recurring invoicing
3. Incident Management module GA — port OSCRAT incident module to Unicis Platform; release as GA feature
4. NIS2/DORA/CRA compliance checklists — structured checklist flows for all three frameworks live in the platform
5. Partner program launched — programme structure, onboarding, and first 5 partners signed
6. EOS implemented at 60%+ — V/TO adopted, Accountability Chart live, weekly L10s running, Scorecard in use

1. Open-source and auditable — the only EU-focused GRC platform where the full codebase is public, self-hostable, and community-audited
2. EU regulatory depth — native support for NIS2, GDPR, ISO 27001, DORA, and CRA in a single platform, built by a team operating under EU law
3. SME-priced, enterprise-capable — open-core pricing that starts free and scales; no per-auditor or per-framework fees

“The Unicis Compliance Journey”

1. 1. Deploy — self-hosted or SaaS in under 30 minutes
2. 2. Map — import existing controls and assets; auto-map to relevant frameworks
3. 3. Assign — assign tasks, owners, and deadlines via the CSC workflow
4. 4. Evidence — collect and store compliance evidence in-platform
5. 5. Report — generate SoA, audit reports, and dashboards
6. 6. Maintain — recurring tasks, notifications, and API integrations keep compliance live

→ See the Scorecard | → See Rocks & Traction | → See Accountability Chart

Last reviewed: Q2 2026 — next review: Q3 2026 Quarterly Session

vision, vto, eos