Nexo doubles down on security: grabs two ISO certifications

Crypto lender Nexo AG has secured additional security certifications, receiving the ISO 27017 and ISO 27018, alongside its existing ISO 27001 standard. Granted by multinational certification agency RINA, these certifications highlight Nexo’s efforts in enhancing its security and privacy protocols, with a greater focus on cloud-based services.


Established in 2018, Nexo provides a range of crypto services, including trading, custody, loans, and interest-earning products.

This development comes at a time when the digital asset sector is grappling with cruical security concerns. Despite a reported 50% reduction in losses from security incidents in 2023, the industry still faced heavy losses, totaling around $1.7 billion.

Nexo’s move to acquire these certifications signals its response to the evolving security needs in the industry. The ISO 27017 certification is particularly relevant as it focuses on security in cloud environments, which has become a critical area in the crypto ecosystem. As such, this step shows Nexo’s proactive approach to addressing potential cloud computing threats.

Furthermore, the ISO 27018 certification strengthens the protection of personally identifiable information (PII) in cloud settings.

“Nexo’s integration of ISO standards for information security and privacy signifies a major step forward in our journey to set new benchmarks in digital finance,” said Nexo’s Chief Security Officer Milan Velev. “We are not just complying with international standards; we are leading by example, prioritizing our clients’ security and privacy in every aspect of our operations.”

“We are pleased to certify Nexo with the ISO 27017 and ISO 27018 standards. This partnership underlines RINA commitment to promoting advanced security measures and data protection in the innovative financial technology sector,” said Kalin Panev, Country Manager of RINA.

The acquisition of these ISO standards by Nexo comes as part of the broader industry’s efforts to protect digital asset platforms from increasing security threats and to maintain user trust in a rapidly growing market.

These certifications, along with Nexo’s completion of the SOC 2 Type 2 audit and CSA Security, Trust & Assurance Registry (STAR) Level 1 Certification, are crucial in the company’s bid to promote security and transparency in the digital assets space.

Nexo made headlines last week after filing an arbitration claim worth over $3 billion against Bulgaria. The action follows the conclusion of a Bulgarian investigation into Nexo’s activities, which involved a raid on its office and the charging of four individuals.

Represented by the US law firm Pillsbury Winthrop Shaw Pittman LLP, Nexo said that the investigation was politically motivated, leading to lost business opportunities and harm to its brand reputation.