Secapp is an independent European platform for critical communications

In this article

1. Executive summary for management
2. Why digital sovereignty is now a business continuity issue
3. Digital sovereignty as a design principle at Secapp
4. Controlled use, traceability and security
5. Secapp Chat and the voice and video conferencing platform Meet as communication channels that support continuity
6. Secapp’s European foundation and data location options
7. Certified information security management and NIS2 compliance
8. What this means for decision-makers

The world has become more uncertain. Political instability, extreme weather events and wars are all part of today’s reality. These developments also affect telecommunications, and we can no longer assume that connectivity will function as it once did.

Data centres have also become targets. Disrupting their operations can undermine trust and, in the worst case, interrupt the flow of information. Restricting or damaging international telecommunications links, such as subsea data cables, can be used to control, limit or slow down the operations of an entire continent.

At the same time, the line between public and private organizations has become increasingly blurred. Even large companies may be forced to yield under political pressure in order to protect their continued existence. In practice, this may mean being required to hand over customer data to authorities. In such a case, a European organization’s data could end up in the hands of a foreign state.¹ In Europe, there is also growing concern that American companies could be required by authorities to suspend services for certain customers or countries, and many authorities have already taken steps to reduce or prohibit the use of cloud services from outside the EU.²

All of this creates uncertainty for European organizations and introduces risks to operational continuity. These risks can, however, be mitigated. By choosing reliable European service providers whose infrastructure and continuity arrangements have been properly secured, many of these risks can be reduced.

This is particularly important in critical communications. Organizations need to be prepared for disruption so that their ability to communicate and operate is preserved. Critical communications cannot depend on a single technology, a single channel or a single environment. That is the principle behind Secapp’s design.

Secapp’s security and reliability do not rely on any single feature. They are based on an architectural principle we call layered preparedness.

At its core, this is about digital sovereignty: an organization’s ability to retain decision-making power, operational capability and control of its data even when external platforms, supply chains or legal frameworks change. Strong digital sovereignty also supports digital autonomy and digital resilience by reducing critical dependencies. Critical communications must not become locked into a single technology or ecosystem. When sovereignty is strong, disruption does not break communication. That gives leadership greater confidence that the organization can continue operating even in exceptional circumstances.

Many communication systems perform well under normal conditions. The challenge comes when the environment is no longer normal: a large-scale disruption, problems in cloud infrastructure, congestion in mobile networks or the partial shutdown of an organization’s own systems.

That is why Secapp has been built to support operating models in which critical communications do not depend on just one channel, one end-user device, one connectivity technology or one server environment. This supports continuity even in exceptional circumstances.

In practice, this means:

• Alerts are delivered through multiple channels: mobile app, SMS, automated voice call, email, browser, as well as TETRA (SDS/call out) and versatile integrations with external systems and devices. Messages can also be delivered without the app or a user account.
• Secapp works across different end-user devices: phones, smart devices, browsers and computers, as well as dedicated devices where needed.
• Multiple commercial connectivity technologies are supported: recipients can be reached by text message and automated voice call over the mobile network without a data connection. Meanwhile, the mobile and browser applications work over any internet connection, including mobile and Wi-Fi networks as well as fixed and satellite connections.
• Secapp also works in dedicated and private networks. The solution has been used, for example, in the TETRA network and in Telia’s virtual and physical private mobile network solutions.
• Multiple delivery models and server environments are available: SaaS Europe, SaaS Canada, and where needed on-premise / self-hosted in the customer’s own environment.

Secapp is not only for alerting and situational awareness. We also provide a reliable channel for real-time communication. Secapp Chat and Secapp Meet provide organizations with a secure European fallback channel in situations where, for example, Microsoft Teams or Google Meet are disrupted.

Secapp Chat can also be used to replace instant messaging conversations in services such as WhatsApp, Signal or Telegram, which are primarily designed for consumer use and may introduce risks for organizations from the perspective of governance, data location and legislation.

Organizations are increasingly assessing the risks of critical systems not only from a technical perspective, but also from the standpoint of suppliers and legislation: where the data is located and which legal framework governs the service.

This message is also supported by Member of Finnish Parliament Jarno Limnell in a blog post published on Uusi Suomi: “The discussion about transferring critical data to cloud environments outside national borders is not just a technical issue. It is a question of security of supply, strategic dependency and trust.”

In many countries, authorities have the right to monitor communications traffic for reasons such as criminal investigations and national security. For example, the U.S. Communications Assistance for Law Enforcement Act (CALEA) requires U.S. communications service providers to enable lawful access to communications, and the Cloud Act requires cloud providers connected to the United States to hand over user data to authorities regardless of where the data is physically stored. Many European organizations do not want foreign authorities to gain access to their communications, even in exceptional circumstances.

Secapp is European-owned and operates as a European provider. We therefore comply with GDPR requirements, as well as applicable European laws and regulatory guidance. In addition, critical personnel involved in delivering the Secapp service are subject to appropriate background checks and security vetting. Secapp’s core technology has been developed and is maintained by our own personnel in Finland. We offer customers several options for data and service location: SaaS Europe, SaaS Canada, or on-premise / self-hosted in the customer’s own environment.

Secapp is not dependent on data centre environments owned by U.S. companies such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, Oracle Cloud or IBM Cloud. Key functions have also been designed so that, even where the use of U.S. companies cannot be fully avoided in mobile app support services or operating system-level functions, all core functionality can still be delivered in exceptional circumstances without them. For example, if a customer wants automated user management integration with Azure (Entra ID), the Secapp system also enables sign-in through an alternative method in exceptional situations.

Secapp’s SaaS Europe service is delivered through a European service provider in Finland, within a secure data centre environment. Data centre security includes 24/7 monitoring, UPS backup power and diesel generators, as well as redundant data connections. In addition, system backups are stored at the facilities of another service provider in Finland. All maintenance for SaaS Europe is carried out from Finland, and there are no maintenance connections to the servers from outside the EU.

Secapp can also be delivered in the customer’s on-premise environment, in which case the data remains fully under the customer’s control. On-premise is a strong option for organizations that want to keep their critical communications environment and data under their own control while minimizing dependencies on external platforms and supplier chains.

Secapp’s infrastructure and application layer are designed to withstand fault situations through redundancy, load balancing, automatic failover functions and backups stored in a separate recovery environment.

Operational reliability also depends on how information security is managed in day-to-day practice. The information security management system (ISMS) for Secapp’s SaaS platform and support services complies with ISO/IEC 27001:2022 and is certified by Into Certification Oy.

In addition, Secapp has registered as a service provider within the scope of NIS2 and follows an incident reporting model aligned with NIS2 requirements.

People and process security are also part of the overall model. We provide regular information security and data protection training for our personnel, and we require confidentiality commitments as well as broader background and security checks for those responsible for maintaining systems that contain customer data.

We also participate regularly in national exercises such as the Taisto exercise.

Read the article: Cyber threats and how to manage them – How Secapp Supports Preparedness, Response and Continuity

When evaluating a communication system from the perspective of critical operations, ask whether it supports operational continuity when normal conditions no longer apply.

Secapp’s answer to continuity assurance is:

• Multi-channel message delivery and alternative operating models
• Fast personnel reachability: Secapp bypasses silent mode settings and helps you reach the right people in seconds
• European deployment options and controlled data location (Europe / Canada / on-premise)
• Consideration of legislative and data disclosure risks (foreign lawful interception / CALEA / Cloud Act)
• ISO/IEC 27001:2022-certified information security management and an operating model aligned with NIS2
• Role-based access control, traceability (audit trail / logs) and strong security practices
• Continuity assurance through redundancy, recovery environments, backups and restoration capability

Secapp is a critical communications system designed to strengthen an organization’s operational reliability, including in disruption scenarios. The solution is based on layered preparedness: communication does not depend on a single channel, end-user device or network connection, but instead alternative operating models are defined for critical functions. Secapp helps organizations reach the right people in seconds, even when devices are on silent mode. Alerts can be delivered through multiple channels (app, SMS, automated voice call, email, TETRA and integrations), and the same solution also supports incident management through acknowledgements, coordination, chat and remote meetings.

Secapp is European-owned, and the service can be delivered from servers in Europe. In addition, critical personnel involved in delivering the Secapp service are subject to appropriate background checks and security vetting. Secapp’s core technology has been developed and is maintained by our own personnel in Finland. Data location options include SaaS in Europe, SaaS in Canada, or deployment in the customer’s own environment (on-premise / self-hosted). Information security is managed through an ISO/IEC 27001:2022-certified security management system, and operating practices are supported by an incident reporting model aligned with NIS2 requirements. Use is controlled through roles and integrations with user management, information belongs to the organization rather than to individual user accounts, events are traceable through audit trail and logging, and both connections and data are protected through appropriate security measures.

In summary, Secapp reduces dependencies, strengthens continuity and gives management multiple ways to ensure that critical communications and incident management continue to function even when conventional channels do not.

Critical communications: management checklist

• Continuity during disruption: does the system work when normal conditions no longer apply, and can messages be delivered through multiple channels?
• Fast reachability of people: does the solution reach the right people in seconds, even when devices are on silent mode?
• Control and ownership: who owns the data, and can the organization control usage through roles, integrations and access restrictions?
• Traceability: does every action leave verifiable evidence through audit trail, logging and reporting?
• Legislation and disclosure risks: where is the data located, and under which legal framework does the service operate?
• Protection and recovery: are security, backups and recovery properly in place, and does the delivery model (SaaS / on-premise) support continuity requirements?

Sources

1. Yle News. 2026. (In Finnish) Finland could descend into chaos if a U.S. giant fails to honour its agreements. Published 20 February 2026. https://yle.fi/a/74-20210924
2. MTV3 News. 2026. (In Finnish) Finnish MEP: The United States could shut down credit cards and cloud services – “Finland would be on its knees within hours.” Published 11 February 2026. https://www.mtvuutiset.fi/artikkeli/suomalaismeppi-yhdysvallat-voisi-sulkea-luottokortit-ja-pilvipalvelut-suomi-on-polvillaan-tunneissa/9295368
3. Limnell, Jarno. 2026. (In Finnish) Where should Finland’s critical data be located? Puheenvuoro / Uusi Suomi. Published 26 February 2026. Available at: https://puheenvuoro.uusisuomi.fi/jarno-limnell/missa-suomen-kriittisen-datan-tulisi-olla/

Web sources referenced in the article

https://www.secapp.fi/fi/kayttotavat/pikaviestinta/
https://www.secapp.fi/use-cases/secapp-meet/
https://www.secapp.fi/secapp-maintains-the-iso-27001-certificate/
https://www.kyberturvallisuuskeskus.fi/en/our-activities/regulation-and-supervision/nis2-european-union-cybersecurity-directive/important
https://dvv.fi/taisto
https://www.secapp.fi/cyber-threats-and-their-management-how-secapp-supports-preparedness-response-and-continuity/