Aegis Vetis home

THE CORE OFFER

Pricing

One platform. Modules à la carte. No surprises.

One clear offer, optional modules for your regulatory and operational needs. No free tier, no freemium, no hidden threshold. Sovereignty included by default. Annual minimum commitment, transparent prices in euros ex-VAT.

Aegis Vetis Platform

The sovereign Kubernetes security, governance and compliance platform.

EUR 8,000

ex-VAT / cluster / year

Request a quote

Volume-based pricing

  • 1 to 2 clusters EUR 8,000 ex-VAT / cluster / year
  • 3 to 9 clusters EUR 7,000 ex-VAT / cluster / year
  • 10 to 24 clusters EUR 6,000 ex-VAT / cluster / year
  • 25 clusters and more On request

Included in the Platform

  • Unlimited multi-cluster control plane
  • 30+ maintained Kyverno baseline policies
  • Admission control (audit + enforce)
  • Exception management with approval workflow
  • Compliance scoring on baseline frameworks
  • Signed PDF audit reports
  • 365-day in-line audit trail, customer-side S3 archival
  • Air-gap bundle, Helm install (k3s, rke2, vanilla)
  • Event export via HMAC-signed webhooks
  • OIDC (Keycloak, Entra, Okta, ADFS)
  • Email support — 1 business-day response — 9 a.m. to 7 p.m. CET, Monday to Friday
  • Security and feature updates included while the subscription is active

Commitment

  • 12 months prepaid

    minimum subscription

  • 24 months prepaid

    −8% on the total

  • 36 months prepaid

    −15% on the total

Optional modules

Activate only the modules you need. Each module is billed in addition, per cluster per year.

  • Compliance Premium

    +EUR 3,000 ex-VAT / cluster / year

    Advanced regulatory frameworks and customisation.

    • Additional frameworks on demand: PCI-DSS 4.0, HDS, DORA, EU AI Act (early support), French LPM OIV
    • Custom mappings on customer internal frameworks
    • Customised PDF report templates (customer logo, header)
    • Scoring engine customisation (per-control weighting)

  • Managed SIEM Connectors

    Available Q3 2026

    +EUR 2,000 ex-VAT / cluster / year

    Native, maintained, ready-to-use integrations.

    • Connectors: Graylog, Splunk, Microsoft Sentinel, Elastic, Wazuh
    • Native OCSF / CEF format
    • Guaranteed maintenance of version compatibility

    Before Q3 2026, SIEM export uses HMAC-signed webhooks included in the base platform.

  • Advanced Security

    +EUR 5,000 ex-VAT / cluster / year

    For strong regulatory requirements.

    • RFC 3161 timestamping on audit reports
    • eIDAS qualified signature (additional option, depends on TSA)
    • HSM signing (HSM configuration provided, hardware on customer side)
    • WORM storage configuration
    • Audit chain with hash chaining

  • Enhanced Sovereignty

    +EUR 4,000 ex-VAT / cluster / year

    Hardened multi-tenant and regulated-market compliance.

    • Hardened multi-tenant isolation (PostgreSQL schema or DB-per-tenant)
    • Fine-grained RBAC ABAC (per cluster, namespace, environment)
    • Documentation aligned with regulated-market requirements
    • Help with sovereign hosting setup (OVHcloud SecNumCloud, S3NS, qualified Outscale, on-premise)

  • Business Continuity

    +EUR 3,000 ex-VAT / cluster / year

    Continuity plan and disaster recovery.

    • Documented dedicated continuity plan
    • Multi-site DR configuration (Postgres + S3 + NATS)
    • Annual supervised drills (one session per year included)

Support tiers

Two levels of human engagement on top of the email support included with the platform. Pricing on request, based on your scope.

  • Extended Support

    On request

    Available from 5 platform clusters

    Engaged support, named point of contact.

    • Phone hotline during extended business hours (8 a.m.–8 p.m. CET)
    • < 4-hour response target on critical incidents (CVSS ≥ 9), best-effort commitment — on top of the 24/7 best-effort handling included for all customers
    • 1 named technical point of contact
    • 2 days/year of technical advisory included

  • Premium Support

    On request

    Available from 10 platform clusters

    24/7 on-call, on-site audit and source-code escrow.

    • 24/7 hotline
    • < 1-hour response target on critical incidents, best-effort commitment
    • 2 named points of contact (technical + commercial)
    • 5 days/year of technical advisory included
    • On-site audit under NDA, up to 5 days/year
    • Source-code escrow with a designated trusted third party

    Firm contractual SLA with penalties available via the Custom quote offer.

Custom quote

For needs that fall outside the standard frame.

Typical cases

  • More than 25 clusters with multi-control-plane federation
  • White-label / OEM (integrator reselling Aegis Vetis under its own brand)
  • Deep software customisation
  • Multi-site air-gap with controlled synchronisation
  • Sovereignty + classified (Diffusion Restreinte, Secret Défense)
  • Co-development of a feature with release commitment

Conditions

  • 36-month minimum commitment
  • Paid Discovery: EUR 5,000 ex-VAT, 50% credited towards the final order
Talk to sales

One-shot services

On-demand services billed alongside the platform.

  • Standard Onboarding

    Included first year

    Installation, initial training, first audit report.

  • Express Onboarding (5 business days)

    EUR 8,000

    Accelerated deployment, training and certifiable deliverable.

  • Hardening audit

    EUR 6,000

    Configuration review and recommendations.

  • Team training

    EUR 1,800 / day

    Technical sessions 1 to 5 days.

  • Existing policies migration

    EUR 4,000 – 12,000

    Import Kyverno / Gatekeeper policies.

  • Custom framework mapping

    EUR 6,000 / project

    Customer internal framework.

  • Custom SIEM connector

    EUR 12,000 / project

    SIEM outside the module list.

  • Technical advisory

    EUR 1,200 / day

    Beyond the module-included days.

Terms and commitment

Commitment and renewal

The Aegis Vetis Platform offer is subscribed with a minimum 12-month prepaid commitment. The subscription auto-renews for annual periods unless cancelled 90 days before the term end, by registered letter or electronically signed email to contracts@aegis-vetis.io. 24- or 36-month prepaid commitments enjoy a price reduction (8% and 15% respectively). Custom quote: 36-month minimum commitment, contractual terms negotiated case by case.

Billing

Aegis Vetis is an on-premise license, not a SaaS. Billing is annual prepaid by default. Specific payment terms (deposit, schedule, delay) are set on the quote. Semi-annual billing is available on request, with a 5% surcharge. Monthly payments are not offered, to align our support and update commitments with the long-term nature of your deployment. Payment methods: SEPA or SWIFT bank transfer. Quote valid 30 days. Counter-signed purchase order OR signed quote accepted (per your internal circuits). Support starts on the actual go-live date.

Indexation

Prices are indexed annually on the anniversary date according to the French Syntec index, capped: indexation = min(annual Syntec index, +3%). Notification sent 90 days before application. Existing customers keep their initial price grid for the duration of their current commitment.

Cancellation

If the subscription is not renewed, the customer keeps access to critical security updates for 6 additional months without support. After that, the product must be uninstalled or the subscription resumed. No refund of an in-progress subscription.

Critical incident handling

For critical vulnerabilities (CVSS ≥ 9) or major production incidents, a dedicated channel security-emergency@aegis-vetis.io is monitored on a best-effort basis, including outside business hours, for all customers. Contractual response commitments are defined by the Extended Support or Premium Support modules and aligned with ITIL P1-P4 levels (detailed in our Terms of Sale).

FAQ

Frequently asked questions

Why no free version?

A sovereign Kubernetes compliance platform operated long-term needs a vendor that's committed long-term. Freemium forces the vendor to monetise elsewhere (data, telemetry, lock-in) — exactly what our regulated customers want to avoid. We bill usage, not attention. We do offer a paid POC with partial credit (see below).

Why bill per cluster, not per node or per workload?

The cluster is Kubernetes' natural unit of governance: it's the level at which policies, scans and scoring run. Per-node billing punishes scalability; per-workload billing introduces detailed tracking our customers don't want. Per-cluster pricing is predictable, contractually simple, and aligned with business value (one cluster = one compliance domain).

Can I try Aegis Vetis for free before buying?

No free trial, but we offer a paid POC of EUR 5,000–10,000 ex-VAT over 4 to 6 weeks, partially credited (50%) if you then sign a Platform subscription. The POC includes installation on your infrastructure, initial training and a first audit report on a cluster of your environment.

Are major upgrades included?

Yes. As long as the Platform subscription is active, you get all updates: security patches, feature improvements, new baseline policies, support for new Kubernetes versions. The optional modules you've activated evolve at the same rhythm.

What's the difference between paid POC and paid Discovery?

These are two distinct mechanisms at different points in the sales cycle. The paid POC (EUR 5,000–10,000 ex-VAT) is for prospects who want to test the product before buying a standard Platform subscription — duration 4-6 weeks, 50% credited. The paid Discovery (EUR 5,000 ex-VAT) happens upstream of a Custom-quote engagement: it's a technical and contractual scoping study that produces a formal proposal — also 50% credited. If you're in a standard case (Platform + modules order), it's a POC. If you're in a custom case (white-label, federation 25+ clusters, classified), it's a Discovery.

How do I compose my offer for my context?

The base platform covers the needs of a mature Kubernetes security team. Beyond that: PCI-DSS, HDS, DORA or an internal framework → activate Compliance Premium. RFC 3161 timestamping, eIDAS qualified signature or HSM → activate Advanced Security. Multiple legal entities on the same deployment or strict isolation → activate Enhanced Sovereignty. PRA/PCA requiring multi-site DR → activate Business Continuity. Named point of contact and extended business hours → discuss Extended Support. Our sales team helps you size on request, no commitment.

How can I subscribe to the 24/7 Premium Support module?

The Premium Support module is available at engagement, from 10 platform clusters. It covers 24/7 on-call, a < 1-hour response target on critical incidents (best-effort commitment), two named points of contact (technical + commercial), 5 days/year of technical advisory, on-site audit under NDA up to 5 days/year, and source-code escrow with a designated trusted third party. A firm contractual SLA with penalties can be negotiated via the Custom quote offer. For deployments below 10 clusters, the Extended Support module (5-cluster minimum) covers extended business hours 8 a.m.–8 p.m. with a named contact. Pricing for both modules: on request, based on your scope.

Can I activate or deactivate modules during the year?

Yes. You can activate a new module mid-year, billed pro-rata of the time remaining until your anniversary date. Deactivating a module is only possible at the anniversary, with 60-day notice. This lets us guarantee the stability of your deployment and the quality of our support.