Statement of Inclusions and Exclusions NCS 7516

NTA 7516 Criteria for Communication Service Providers

August 17, 2020 – Version 1.1

Group Criterion SecuMailer Value
Availability Minimum availability (6.1.2) Yes 99.95%
Maximum downtime duration (6.1.3) Yes 0
Maximum data loss (6.1.4) Yes 0
Integrity Origin verification (6.1.5) Yes eIDAS “Substantial” and “High”
Data integrity (6.1.6) Yes TLS / DANE
Non-repudiation of sender (6.1.7) Yes TLS / SPF / DKIM / DMARC
Sender authorization (6.1.8) Yes TLS / SPF / DKIM / DMARC
Confidentiality Data confidentiality (6.1.9) Yes AES256
Access confidentiality (6.1.10) Yes eIDAS “Substantial” and “High”
Communication confidentiality (6.1.11) Yes TLS / DANE
Legal basis for transmission (6.1.12) No Transmission basis is determined by the sender
International ad-hoc message traffic (6.1.13) Yes EU-based
Usability Continuity of ad-hoc messaging – replies (6.1.14) Yes ESMTP
Continuity of ad-hoc messaging – forwarding (6.1.15) Yes ESMTP
Security as convenience (6.1.16) Yes ESMTP
Readability (6.1.17) Yes ESMTP
Own copy (6.1.18) Yes ESMTP
Interoperability File integration (6.1.19) Partial An API is available
Multi-channel communication (7.2) Yes NTA 7516 Certified

REST API

Developer portal ›

SecuMailer has a REST API for sending secure emails. Both the GDPR and the NTA 7516 functionality are fully accessible via this API.

The API is documented with OpenAPI specification 3.0.1.

The REST API has webhook functionality, which means that the SecuMailer platform can communicate email events with an HTTPS endpoint of the sender.

SMTP API

The SMTP API is usually the simplest integration option for many backend applications because backend applications often have a provision for an SMTP client on board.

We have successfully integrated for customers with Salesforce, SAP and Centric. We have also successfully integrated with patient file systems such as Medisoft Dossier Manager.

GraphQL API

The SecuMailer platform offers insight into email events. This can be done on the basis of a (push) webhook call (see REST API above) and on the basis of a (pull) GraphQL endpoint.

Get a Demo

Name(Required)

Contact Sales

Your Name(Required)

Protect the case. We secure the correspondence.

Enable secure, provable, compliant email for legal organisations while preserving workflows. SecuMailer safeguards sensitive client communications, ensuring every email is protected, traceable, and meets strict regulatory standards without disrupting daily work.

Integration with existing tools means legal teams can continue using familiar email platforms while maintaining full accountability and oversight. With SecuMailer, law firms and legal departments can focus on their cases, confident that every message is secure, verifiable, and compliant.

Get a Demo
Contact Sales
business

Legal Need

  • Claims, pleadings, settlement drafts, NDAs, HR/KYC files, board papers.

  • Must be fast, confidential, legally provable.

  • GDPR, eIDAS, NIS2 compliance required.

The SecuMailer Approach

  • Runs behind existing mail environment.

  • Users send as usual; encryption, policy, recipient assurance applied automatically.

  • Step-up verification when needed.

  • Delivery logged for audit/legal proof.

  • Content removed after delivery.

What This Enables

With SecuMailer, legal teams can share pleadings, exhibits, and sensitive documents securely without slowing matters. Communications stay confidential, legally provable, and effortless for both case teams and clients.

Pleadings/exhibits encrypted by default.

HR/KYC documents securely shared.

eIDAS-registered email for notice-critical flows.

Secure large bundles (expiry, recall).

Interoperability, not silos

Exchange securely with counterparties and courts using other certified secure-mail solutions. Operate one platform internally while collaborating safely across the wider legal ecosystem.

Exchange securely with courts/counterparties using certified solutions.

Compliance, built-in / Compliance & governance

Designed to align with GDPR principles: integrity/confidentiality, privacy by design/by default, data minimisation, accountability. Supports regulated contexts (NIS2; DORA for financial services). Evidence and reporting fit ISMS and audit requirements. EU data sovereignty is standard: hosted in European data centres operated by European providers, no dependence on hyperscalers. Certifications/attestations available (ISO 27001, SOC 2 Type 2, eIDAS; health flows align with NEN 7510/NTA 7516).

ISO 27001

SecuMailer is ISO 27001 certified, the international standard for information security management systems. This certification demonstrates that we apply rigorous controls to protect sensitive information, continuously assess risks, and follow best practices to keep data secure and compliant.

NEN 7510

NEN 7510

SecuMailer is certified to NEN 7510, the Dutch standard for information security in healthcare. This certification ensures that medical and patient information is handled according to strict national requirements, giving healthcare organizations confidence in secure digital communication.

ISAE 3000

ISAE 3000

SecuMailer has successfully completed ISAE 3000 / SOC 2 Type II assurance, an independent audit that verifies the design and effectiveness of our internal controls. This provides our customers with proof that we meet strict criteria for security, availability, and privacy on an ongoing basis.

eIDAS

eIDAS (EU Trusted service provider)

SecuMailer is listed under the European eIDAS regulation as a qualified Electronic Registered Delivery Service (qERDS) and qualified Registered Electronic Mail Service (qREMS). This recognition confirms that our service meets the highest EU standards for trusted electronic communication and is included in the official EU Trusted List.

Cybersecurity

ECSO Label of Trustworthiness

SecuMailer is recognized with the ECSO Label of Trustworthiness, issued by the European Cyber Security Organisation (ECSO). This label distinguishes European-owned cybersecurity companies that are fully based in Europe, compliant with GDPR, and aligned with ENISA’s baseline security requirements. It confirms our commitment to European values of privacy and data sovereignty, and strengthens our visibility among partners and customers as a trusted European provider of secure email.

For IT and Security

IT guy

  • Lightweight integration (SMTP/MTA, APIs, SAML/SSO).

  • End-to-end protections (TLS, SPF, DKIM, DMARC, DANE, DNSSEC).

    Technical implementation was completed in just one day.

  • Intelligent DLP with policy enforcement.

    Only five minor incidents in the first week, all resolved immediately.

  • Comprehensive, audit-ready logging.

    Meets all Dutch and EU standards for secure mailing with natural persons.

Outcomes

With SecuMailer, legal organisations achieve full email accountability and regulatory compliance without disrupting workflows. Sensitive client communications are automatically protected and provable, reducing risk, supporting audits, and strengthening trust with clients. Teams maintain productivity while IT and compliance departments gain clear visibility and control over all email traffic.

Less friction for case teams/clients.

Lower incident risk.

Audit-ready evidence.

Secure, compliant email that maintains legal velocity.

Your data. Your rules. Your next step.

Discover how SecuMailer helps you achieve your goals for secure, simple and compliant email without compromise. Whether you’re comparing, exploring or just curious, we’re happy to help.

See pricing
Contact Sales