npass.io is the cloud-native evolution of a Network Access Control platform that has secured hundreds of thousands of users and devices at global enterprises for over a decade. We're bringing that engineering heritage to European teams — operated from Berlin, hosted in the EU, and compliant by design.
From a proven on-premise platform to a cloud-native SaaS.
npass.io began as NPass, a Network Access Control platform developed by Netcube, Inc., a network security company founded in Seoul with a decade of experience building 802.1X, RADIUS, and IP mobility solutions for large-scale enterprise networks.
Over the years, NPass became the quiet backbone of network access for some of Asia's most demanding IT environments — global conglomerates, flag-carrier airlines, and industrial research campuses where tens of thousands of employees, contractors, and devices depend on secure, uninterrupted connectivity every day.
In 2026, we spun NPass out of its legacy on-premise form and rebuilt it as npass.io: a cloud-native, identity-first NAC platform designed from the ground up for European enterprises. Same proven protocol engine. New architecture. EU-first operations.
Before we ever shipped a SaaS dashboard, the NPass engine was already running production workloads at the kind of organizations that can't afford network downtime.
Identity- and location-aware access lets employees move between offices, labs, and campuses with policy following them automatically — while a Self-Service Portal handles device onboarding for them.
The same identity- and location-aware access model, extended worldwide. Crew and staff roam between HQ, hub airports, and every branch without touching network configuration — while Self-Service Portal auto-provisioning keeps the global fleet running with a lean central team.
Three principles that shape every engineering decision.
802.1X, EAP-TLS, RADIUS, SAML, OIDC. No proprietary lock-in. If it isn't in an RFC, it isn't in our product.
NAC is infrastructure, not a product demo. We optimize for years of uninterrupted operation over shiny features.
Data in the EU. Support in the EU. Contracts under German/EU law. Digital sovereignty isn't a slogan for us.
One company, two engineering cultures. We're transparent about how we're structured — it's part of what makes us different.
Netcube, Inc.
3rd floor, Kurfürstendamm 195
10707 Berlin, Germany
Our European office handles customer relationships, onboarding, support, commercial contracts, and day-to-day operations of the npass.io service for EU customers. All EU customer data is hosted within the European Union.
Netcube HQ & R&D
Seoul, Republic of Korea
The core protocol and platform engineering team has been building enterprise NAC since well before "Zero Trust" was a marketing term. This is where a decade of hard-won experience with 802.1X, RADIUS, and IP mobility lives — and where it continues to evolve.
Sub-processor locations, data residency details, and our DPA are available on our Security & Sub-processors page and in our Data Processing Agreement.
European enterprises are under more network security pressure than ever. NIS2 has widened the scope of mandatory cybersecurity controls. BSI C5 expectations are cascading from critical infrastructure into the broader mid-market. GDPR and TDDDG continue to raise the bar for how personal data flows through access logs and authentication systems.
At the same time, most NAC options in Europe are either legacy on-premise appliances with multi-year refresh cycles, or US-origin SaaS products where data sovereignty questions never fully go away.
npass.io was built for exactly this gap: a cloud-native NAC with the protocol maturity of a decade-old engine, operated from the EU, aligned with European compliance frameworks, and priced for teams who want predictability without sales-cycle theater.
We believe in being direct about what's in place today and what's on our roadmap. No vague "enterprise-grade" claims.
Today. npass.io is fully compliant with the EU and German laws that apply to our service — GDPR, NIS2, and TDDDG — by design. Our Technical and Organizational Measures (TOMs), Data Processing Agreement (Art. 28 GDPR), privacy notices, and Impressum are all in place and available to early-access customers. All EU customer data is hosted within the European Union (AWS Frankfurt, eu-central-1).
Under way. We are actively implementing an Information Security Management System (ISMS) that covers both Berlin operations and Seoul R&D under a single certification scope. Our target for ISO/IEC 27001 Stage 2 certification is Q2 2027. We're pursuing this with a globally recognized accredited certification body so the resulting certificate is valid under IAF MLA across the EU.
Next. After ISO 27001, we plan to pursue BSI C5 Type 2 attestation (prioritized based on public-sector and regulated-customer demand) and SOC 2 Type II for customers with North American or global procurement requirements. Both are targeted for 2027–2028.
Early-access customers receive our current TOMs, DPA, and a binding written commitment to this certification timeline. We'd rather show you where we are than pretend we're somewhere we're not. For full details, see our Security & Sub-processors page.
We launch soon. Join the waitlist to be among the first European design-partner customers we onboard.
Join the Waitlist