Statement of Inclusions and Exclusions NCS 7516

NTA 7516 Criteria for Communication Service Providers

August 17, 2020 – Version 1.1

Group Criterion SecuMailer Value
Availability Minimum availability (6.1.2) Yes 99.95%
Maximum downtime duration (6.1.3) Yes 0
Maximum data loss (6.1.4) Yes 0
Integrity Origin verification (6.1.5) Yes eIDAS “Substantial” and “High”
Data integrity (6.1.6) Yes TLS / DANE
Non-repudiation of sender (6.1.7) Yes TLS / SPF / DKIM / DMARC
Sender authorization (6.1.8) Yes TLS / SPF / DKIM / DMARC
Confidentiality Data confidentiality (6.1.9) Yes AES256
Access confidentiality (6.1.10) Yes eIDAS “Substantial” and “High”
Communication confidentiality (6.1.11) Yes TLS / DANE
Legal basis for transmission (6.1.12) No Transmission basis is determined by the sender
International ad-hoc message traffic (6.1.13) Yes EU-based
Usability Continuity of ad-hoc messaging – replies (6.1.14) Yes ESMTP
Continuity of ad-hoc messaging – forwarding (6.1.15) Yes ESMTP
Security as convenience (6.1.16) Yes ESMTP
Readability (6.1.17) Yes ESMTP
Own copy (6.1.18) Yes ESMTP
Interoperability File integration (6.1.19) Partial An API is available
Multi-channel communication (7.2) Yes NTA 7516 Certified

REST API

Developer portal ›

SecuMailer has a REST API for sending secure emails. Both the GDPR and the NTA 7516 functionality are fully accessible via this API.

The API is documented with OpenAPI specification 3.0.1.

The REST API has webhook functionality, which means that the SecuMailer platform can communicate email events with an HTTPS endpoint of the sender.

SMTP API

The SMTP API is usually the simplest integration option for many backend applications because backend applications often have a provision for an SMTP client on board.

We have successfully integrated for customers with Salesforce, SAP and Centric. We have also successfully integrated with patient file systems such as Medisoft Dossier Manager.

GraphQL API

The SecuMailer platform offers insight into email events. This can be done on the basis of a (push) webhook call (see REST API above) and on the basis of a (pull) GraphQL endpoint.

Get a Demo

Name(Required)

Contact Sales

Your Name(Required)

Secure emailing without compromise

Your organization’s most valuable asset is its information. SecuMailer ensures every email is delivered securely, by default, not by decision.

Request a demo
Contact us

Always compliant with EU regulations

Every email meets GDPR, NTA 7516, eIDAS, NIS2 and DORA by default. Compliance is enforced automatically at the mail server not left to end users.

Full control over your data with data sovereignty

All data stays within the EU and under your control. Emails are removed from our servers after delivery only a delivery receipt is kept. What’s not there, can’t leak. That’s privacy by design.

Easy to use

Secure email without disruption: user can focus on their work, without being slowed down by email security. It just works invisibly, reliably, and without getting in the way.

You can't control every user desicion

You can’t control every user decision, but you’re still accountable for the outcome.

SecuMailer removes that responsibility from the user with security by default. No portals, no plugins, no extra steps, sending secure email feels exactly like sending regular email. It integrates seamlessly into your existing infrastructure, requires no user training, and has minimal impact on IT. All data is processed within the EU, fully aligned with European data protection laws. Thanks to full data sovereignty, your organization retains complete control over its own information. So that you can control the outcome, without relying on user decisions, without having tot compromise between safety, compliancy and ease of use.

No friction, no user steps, just safe and compliant delivery every time.

From send to secure in five seamless steps.
Step 1

You send your email, no extra steps

From Outlook, Microsoft 365, or Google Workspace, no plugins, no extra steps.

Step 2

SecuMailer encrypts

The email is encrypted automatically at the server level, using pre-set transport rules. No user action required, protection is applied instantly.

Step 3

The email is delivered straight to the inbox

When legal frameworks such as NTA 7516 require additional authentication, the recipient verifies their identity via a secure link and a one-time SMS code. This code remains valid for up to 90 days by default, although your organization can set a shorter period if needed. During that time, recipients experience secure email just like regular email, fully compliant, without added friction.

Step 4

The email is deleted after delivery

Just like a letter leaves the postman’s hands, the message disappears from our servers the moment it’s delivered. Only the delivery receipt is kept for logging and compliance purposes.

Step 5

Full compliance, zero friction

Your email was sent, delivered securely, and is no longer stored. All processing happens on EU-based servers, fully aligned with GDPR and NTA 7516. No complexity, no loose ends just secure communication, done right.

Want more technical detail?

Request Technical Demo

Product Features

SecuMailer

Email from your own email environment

You send emails as usual with Outlook, Gmail, or your server - no change. Secufolder ensures secure delivery in the background using patent-pending 25 step method securely via an alternative method - ensuring 100% safe delivery.

Discover

Delivery to the recipient's mailboxt

Optional 2FA for recipients. Delivery possible via SMS or MMS once every 90 days, after which they cannot access incoming emails with a direct download. Organization can adjust this verification period..

NTA-7516-who-what-where

Every email always secure

Security at the organization level. Encryption on transfer of all emails to send emails—everything is secured by default unless exceptions are made for common recipient errors and data leaks.

What-does-secure-mail-really-cost

Delivery without portal intermediaries

No portals, plug-ins, or download links. Automatic mail processing, scans, implying only a professional email setup. We handle the rest..

10-questions-about-NTA7516

No additional installation or extra software required

SecuMailer is a SaaS (Software as a Service) solution. It’s cloud-based, so there’s no need to install any software. It integrates seamlessly with your existing mail server.

NTA7516

Works with all email clients

YCompatible with all major email clients. SecuMailer connects effortlessly with Outlook, Google Workspace, and Microsoft 365 (including F3), making it ideal for online email platforms.

Dora

Works on all devices

Send secure emails from any device, anywhere. Whether you're using a desktop, smartphone, or tablet, your emails are always secure, no extra steps required. Work flexibly from any location on any device.

Integration with back-office systems possible

Integrates with various back-office systems. You can send emails directly from a file or case system, keeping all communication linked and documented in one place.

e-IDAS

Delivery receipt available

After delivery, the email content is deleted from our servers. We only retain the delivery receipt the legal proof that your email was successfully sent.

goverment

Functional / shared mailboxes possible

Shared mailboxes? No problem. Need to send secure emails from a shared inbox like ‘info@’? SecuMailer fully supports this.

Technical Information

Custom branding applicable

Maintain your branding. Since SecuMailer operates entirely in the background, your emails retain your original layout and branding.

Is-a-message-portal-secure

Standard attachment size up to 40MB

Send attachments up to 40MB by default. Need to send larger files? Add our Large File plug-in to send up to 5TB. Regularly exchanging large files with clients? Our WebApp SecuFiler might be a perfect fit.

Integration with any professional mail server

Integration with any professional mail server

Connect SecuMailer to the mail server of any professional email client, such as on-premises Exchange, Exchange Online, or Google Workspace.

Delivery to the recipient’s mailbox

Implementation based on existing features

No additional software is needed to connect with SecuMailer. We integrate using your email server's existing features..

Every email always secure

Security based on existing features

SecuMailer enhances your existing security measures to ensure 100% compliance with all laws and regulations applicable to your industry.

Delivery without portal intermediaries

Security based on transport rules

With mail flow rules, you maintain full control over your email security. As a result, emails are typically sent securely to every recipient. You can also create exceptions using the same rules, like sending Friday lunch orders to the local bakery..

No additional installation or extra software required

API integrations available

Various API integrations are available: REST API and SMTP API. A technical demo can explore the specific options for your organization.

Works with all email clients

(Audit) logging available

center>After we deliver the email to the recipient, its contents are removed from our server. However, we retain metadata, which is accessible through logging.

Works on all devices

Two-factor authentication via SMS

If delivery with 2FA is chosen, the email recipient must verify their identity via SMS using two-factor authentication. By default, this verification remains valid for 90 days, though this can be configured by your organization.

Integration with back-office systems possible

SAML / SSO available for the admin portal

Access to the SecuMailer admin portal can be secured with 2FA, and Single Sign-On (SSO) based on SAML is also available.

GDPR

GDPR

By using SecuMailer, you are guaranteed to comply with GDPR requirements. Questions? One of our privacy specialists will gladly help!

Data minimization

Data minimization

We specialize in data minimization, one of the core GDPR principles. Unlike portal solutions, emails disappear from our platform after delivery, meaning we do not store privacy-sensitive information. What isn’t there can’t be leaked.

ECSO certification

ECSO (European Cyber Security Organization)

We are proud to be the only recognized provider for Secure Emailing certified as a full European Cyber Security solution. The ECSO label distinguishes European cybersecurity companies that operate based on European values. On May 9, 2023, Security Delta (HSD) awarded this label to SecuMailer.

Is-a-message-portal-secure

ISO 27001

SecuMailer is ISO 27001 certified, the leading standard for information security. A copy of the certificate and statement of applicability is available upon request.

NEN 7510 certified

NEN 7510

SecuMailer is NEN 7510 certified, the standard for information security in healthcare. A copy of the certificate and statement of applicability is available upon request.

NTA 7516 compliant

NTA 7516

SecuMailer meets all requirements of the NTA 7516 and was certified until May 2023. This is the standard for secure emailing in healthcare and legal sectors.
View the NCS 7516 inclusion and exclusion statement

eIDAS certification

eIDAS

Since November 2023, SecuMailer has been fully certified for eIDAS REMS. As of July 1, 2024, SecuMailer is listed on the EU trusted list as a trusted provider of QREMS (Qualified Registered Email Service).

ISAE 3000 SOC 2 Type 2

ISAE 3000 SOC 2 Type 2

SecuMailer underwent an ISAE 3000 SOC 2 Type 2 audit with no findings or deficiencies. A copy of the certificate is available upon request. The audit report can be viewed in a joint session.

Personalized service

Personal service

It may not make us unique, but it defines us. We don’t work with customer numbers, but with company names and contact persons. Our dedicated team is always here for you, chances are, you’ll speak to the same person each time!

Easily reachable by phone

Easily reachable by phone

Have questions? We’re available by phone Monday to Friday from 09:00–17:00! Call us at +31 320 337 381.

Service commitment_ 99.95% uptime

Service commitment: uptime 99.95%

We guarantee 99.95% service availability annually, as outlined in our SLA.

Service and support from 9 to 5

Service and support from 9-17

We’re available for phone support on working days from 09:00 to 17:00. Prefer email? No problem, we respond quickly! Reach us at service@secumailer.com.

Self-service portal

Self-service portal

As a customer, you’ll have access to our self-service portal, where you’ll find: Frequently Asked Questions Release Notes SLA Reports User Guides

Monthly SLA reports

Monthly SLA reports

Our SLA includes promises to our customers. Each month, a report is available in the self-service portal showing how we’re meeting those commitments.

Made for organizations that handle sensitive data

Municipalities

Government & Municipalities

Communicate confidentially with citizens, departments, and partners, fully compliant with GDPR. Align with eIDAS requirements for legally registered digital delivery, with full traceability. SecuMailer delivers secure messages directly to the recipient’s inbox: a simple and secure way to share sensitive decisions, notifications, and documents. It’s secure, accessible communication without barriers.

Read More
Health-Care

Healthcare providers

Send patient records, referrals, and lab results securely and in full compliance with NTA 7516 and GDPR. SecuMailer integrates with your EHR system and enables secure email that meets healthcare standards ensuring interoperability across organizations. Need to reach a patient? Your message arrives directly in their inbox: no portals, no repeated logins, just secure and accessible communication.

Read More
Finance

Legal professionals

Communicate confidentially with clients, courts, and legal partners fully compliant with GDPR. Need legal proof of delivery? SecuMailer supports eIDAS-compliant registered email, ensuring full traceability and legal validity. For regular confidential messages: secure emails arrive directly in the inbox, with no portals or logins required. A flexible solution for both formal and everyday legal correspondence.

Read More
Legal

Financial institutions

Send sensitive documents like payslips, tax returns, or financial statements securely and GDPR-compliant. With SecuMailer, you reach clients directly in their inbox, without requiring a portal or login. Need legal proof of delivery? Our eIDAS-compliant registered mail gives you full traceability. It’s professional, secure communication made simple for both you and your clients.

Read More
business

Business Services

Whether you're sending contracts, proposals, reports, or personal data, SecuMailer ensures your emails are secure and fully GDPR-compliant. Messages are encrypted and delivered straight to the recipient’s inbox, without requiring portals, accounts, or logins. It’s a professional, accessible way to protect sensitive communication and strengthen trust with your clients.

Read More
Housing

Housing & Property Management

Send rent contracts, payment reminders, or tenant communications securely and in full compliance with GDPR. SecuMailer lets you reach tenants and partners directly in their inbox. Need legal proof of delivery? Use our eIDAS-compliant registered email with full traceability.

Read More

Compliance, built-in / Compliance & governance

Designed to align with GDPR principles: integrity/confidentiality, privacy by design/by default, data minimisation, accountability. Supports regulated contexts (NIS2; DORA for financial services). Evidence and reporting fit ISMS and audit requirements. EU data sovereignty is standard: hosted in European data centres operated by European providers, no dependence on hyperscalers. Certifications/attestations available (ISO 27001, SOC 2 Type 2, eIDAS; health flows align with NEN 7510/NTA 7516).

ISO_27001
ISO 27001 – International standard for information security management.
NEN 7510
NEN 7510 – Dutch standard for healthcare information security.
SOC2
ISAE 3000 / SOC 2 Type II – Assurance for security, availability, and privacy.
eIDAS
eIDAS (qERDS & qREMS) – EU qualified trust services, included in EU Trusted List.
ECSO Label: Recognising cybersecurity companies built entirely on European values and expertise.

More than 200 organizations rely on SecuMailer, every day

“With SecuMailer’s approach, all colleagues can safely send emails directly from their work account, regardless of whether they are using a work laptop, their phone, or a home PC.”
Blauw
Joost van der Borg
Privacy Officer van gemeente Pijnacker-Nootdorp

Ready to secure your email without disrupting your workflow?

SecuMailer makes secure emailing effortless. Whether you’re in healthcare, government, or finance, we help you meet the highest compliance standards with zero user friction, fast deployment, and proven reliability.

Want to see it in action?
Experience how easy secure email can be.

Prefer to talk first?
Let’s explore the best-fit solution for your organization.

Get a Demo
Contact us
CTA