Secure compliance, Empower resilience
Trust-Buster helps you navigate evolving legal cyber risks, ensuring compliance with NIS2 and Cyber Resilience Act. Stay ahead of the cuve with our future-proof solutions designed for European sovereignty and critical infrastructure security.
The opportunity is simple: know which devices are present, identify associated users and prove their identity, and react locally — even when the network is down or servers are unreachable.
Navigating Regulatory Challenges with Ops-Devices Systems
Understanding the Macro-Economic and Regulatory Context
At Trust-Buster, based in Sophia-Antipolis, we recognize that the landscape for connected devices and cybersecurity is rapidly evolving due to emerging legal constraints. Our flagship product, Ops-Devices, is designed not merely to meet technical needs but to address critical regulatory requirements such as the NIS2 Directive and the Cyber Resilience Act (CRA). These regulations impose obligations like asset inventory, risk management for cyber and operational technology, and incident response planning, all backed by stringent penalties for non-compliance. Trust-Buster positions itself as a key partner for risk and security management departments seeking to navigate this complex environment.
Ops-Devices: Trust, anchored in hardware. At the physical boundary of your operations
The Ops-Devices solution relies on a Cube as a communication & sensors gateway on-the-field that secures any equipment that has never been secure before. It recognizes what and who is actually present, only authorizes actions from an approved set of rules, and acts on its own — on site, even when disconnected from any network. Any attempt at physical bypass is detected, the perimeter locks down, and the incident is logged.
Designed and manufactured in Europe. Sovereign by design.
Who Ops-Devices is for:
For industrial operators and critical infrastructure. Factories, energy, water, transport, sites subject to NIS2 and IEC 62443. You operate equipment that was not designed with cybersecurity in mind and cannot simply be replaced. Your supervision teams (SOC) need to extend their visibility and control all the way to the physical boundary — where software tools stop.
For field operators and defense environments. Sites without reliable connectivity, by constraint or by doctrine. You need a trust chain and an action capability that work autonomously, without relying on the cloud, and whose sovereignty is non-negotiable.
More broadly, for anyone who must control “who can activate or use which equipment, where, and when” — and know, without ambiguity, when someone attempts to bypass it.
Trust-Buster for Compliance and Cybersecurity
Why you need it
Because your existing installed base is an exposure surface. Industrial and connected equipment in service was rarely designed with strong identity. It is built to last ten or twenty years. You do not replace it — you need a trust layer that wraps around it without modifying it.
Because network dependence is a vulnerability. Security that relies on the cloud collapses when the link goes down. On a critical site or in operations, you cannot assume a permanent connection. The decision must be made locally, in milliseconds, whether the network is available or not.
Because presence does not prove identity. Being there, or claiming to be there, is not enough to authorize a sensitive action. You need proof — and certainty that this proof matches an activity that was actually planned.
Because physical bypass is the blind spot. Unplugging a device, rewiring it directly, resetting equipment, or inserting a power strip: most systems see nothing. You need a device that treats physical access as a threat in its own right.
Because compliance demands it. NIS2 and IEC 62443 require control, traceability, and incident evidence as close to the field as possible. A signed audit log is no longer optional.
Because sovereignty is a security criterion. For critical infrastructure or defense missions, depending on a non-European vendor or cloud is itself a risk.
Field and business constraints
“It must work without a network.” The Cube makes decisions locally. Cut off from the world, it continues to authorize, alert, and block according to the rules it has been given. Connectivity returning is only a synchronization event, never a condition.
“We cannot touch the existing equipment.” The Cube is non-intrusive. It requires no changes to existing machines: it observes, recognizes, and brings trust around them.
“Our data must not leave the site.” Everything is processed locally. Nothing passes through a third-party cloud. Data sovereignty is structural, not a contractual promise.
“We need evidence for audit.” Every authorization, every denial, every incident is time-stamped, justified, and signed. You get a forensic log that your supervision can use directly.
“The environment is hostile.” The Cube comes in multiple formats: DIN rail for electrical cabinets, a sealed enclosure for outdoor and harsh conditions, and an interactive version for checkpoints. Same core, deployment adapted to the field.
Our solution: Cubes
The Cube is a fixed applicance with communications and sensors, installed by room, building, or cabinet. It continuously perceives its wireless environment and derives three certainties before authorizing anything.
Presence. It knows which equipment and which enrolled people are actually nearby, based on the presence of their devices.
Identity. Presence is not enough. The Cube requires a strong identity proof, anchored in hardware and impossible to spoof with a simple imitation.
Authorization. The right person is not enough either. The Cube checks that this action — this equipment, in this place, at this time — is actually listed in the planned activity schedule. The right person, the planned equipment, at the planned time: otherwise, denied.
When these three conditions are met, they trigger a local action at three levels depending on your needs: observe and alert, control access, or cut power. You choose the level; the Cube executes it autonomously.
And because the real threat is often physical, the Cube detects bypass attempts: equipment unplugged, moved, rewired directly, or reset. It does not merely note an absence — it verifies that the power feeding your equipment still passes through the authorized points. At the slightest deviation, it locks the zone, triggers the alarm, logs the incident, and can restore the installation to compliance on its own.
a picture is worth a thousand words
Secure your future now!
Technical Moat
Our strengths
The combination no one else brings together. Taken individually, each of our ingredients exists elsewhere. Our difference is their intersection: contactless detection, hardware-rooted identity, local decision-making, autonomous blocking, network-off operation, European sovereignty, and purpose-built hardware formats. This coherent and inseparable set is what creates our value.
A trust anchored in hardware. Identity is based on a certified secure component at the highest level (Common Criteria EAL5+). This is not software security that can be bypassed by erasing memory.
Real autonomy. No cloud, no dependency, no remote point of failure. The Cube is built for sites where only what is physically present can be relied on.
Sovereign by design. Conceived and developed in Europe, with a controlled supply chain. A direct response to the needs of critical infrastructure and defense.
Detection is not enough — we respond. Where many stop at alerting, the Cube chains detection, response, remediation, and evidence. The perimeter protects itself.
An honest security posture. We do not promise the impossible. Physical access remains physical access. What we guarantee is stronger than a slogan: nothing goes unnoticed. Every attempt is detected, the perimeter locks down, and the incident is logged. That honesty is what builds trust with a security manager.
See it to believe it: demo on request
We will not describe our security to you. We will let you try to break it.
During a demonstration, you take the place of the intruder. Without a script, and without prior explanation, you try whatever you want: press the button on a socket, unplug it, move it, directly rewire a device, reset equipment, present yourself without valid identity, or request access that was not planned.
With each attempt, the system reacts before your eyes — cutoff, alert, lockdown — and then explains what it has just detected in your gesture. You leave with a signed audit log of your own attempts: your future incident report, written live by a willing attacker.
That is the most convincing demonstration we know for security: not an assertion, but an invitation to prove it wrong.
Request your demo session: contact@ops-devices.eu
Team

Pascal FLAMAND
Lead
CEO and founder @JANUA - Now Open-IAM - since 2004, a company specializing in IAM (security, access control, identity management) and Open Source.
CEO and Founder @Samarcande since 2023, holding, acting as an investor in real business projects.

Julien HOLTZER
Technical Advisor
Passionate about electronics, embedded devices, research and development, building new hardware and software disrupting solutions.
Frequently Asked Questions
Want more technical details about the product ?
Please visit our technical website :
How does Trust-Buster prepare businesses for the Cyber Resilience Act?
We provide architectural solutions and consulting that align your product development with CRA requirements, positioning your business ahead of regulatory changes.
What is the primary focus of Trust-Buster's services?
Trust-Buster focuses on helping organizations comply with emerging legal cybersecurity requirements and mitigating associated risks.
What is Trust-Buster and where is it based?
Trust-Buster is a services business specializing in cybersecurity and compliance solutions, based in Sophia-Antipolis.