As part of CIONET’s Trailblazers series - our deep dive conversations with pioneering leaders shaping the future of IT - we sat down with Laurence Mathieu, CEO of NRB, one of Belgium’s most influential and sovereign-driven IT service providers. Under her leadership since January 2024, NRB has sharpened its focus on digital sovereignty, AI innovation and mission-critical infrastructure.
We spoke with Laurence about why sovereignty is no longer optional, how NRB’s AI platform soph.ia offers a credible alternative to hyperscalers, and why real resilience begins with local control and trusted partnerships.
Laurence, you have taken the helm of NRB at a pivotal moment. How would you describe NRB’s strategic focus today?
NRB is a Belgian-rooted IT service provider, and our ambition is very clear: to be a trusted integration partner that brings value to clients through infrastructure, data, AI and tailored advisory. We employ over 3,600 people across Belgium, France, Greece, Romania and Italy, and our group includes key subsidiaries such as Zorgi, Civadis, Cevi & Logins, next to Computerland, Prodata Systems, Trigone, Ink Consulting , Trasys International and WIN.
We are not merely a supplier. We work side by side with our clients to assemble these bricks into exactly what they need. The goal is to drive genuine business impact, underpinned by strong technological foundations and strategic consulting that speaks the language of each sector, be it energy, defence, health or finance.
The term “digital sovereignty” is frequently used, but seldom defined. What does it really mean in NRB’s model?
For NRB, digital sovereignty is not theoretical. It’s a practical, operational reality. And in my view, it is an essential pillar of national resilience. That resilience - whether we are speaking of a public agency, a hospital, a regulator, or a utility provider - depends on data that is protected, systems that are controlled, and infrastructures that are inherently trusted.
Sovereignty begins with hosting. We host all our clients’ critical data within Belgium. But it goes far beyond geography. Legal jurisdiction must be European. The operational teams must be local. Compliance with regulations such as GDPR, DORA, NIS2 and the AI Act must be proactive, not reactive. And perhaps most importantly: governance must be transparent, with no decision-making power sitting across the Atlantic.
That is why our own shareholding structure matters. NRB is locally and publicly owned. We are not a satellite office of a global giant. When a CIO calls, our executive team is physically and culturally close. That proximity builds trust.
We also pay close attention to the provenance of the technology we use. While full European independence is still aspirational in some areas, we push for maximum control, partnering with trusted vendors like IBM and Dell, and building capabilities internally where necessary.
In the age of AI, how does sovereignty intersect with innovation?
That is a very timely question. Sovereignty and innovation are often wrongly seen as opposing forces. At NRB, we believe they can - and must - go hand in hand. That’s why we created soph.ia, a conversational AI and multi-agent platform that delivers the power of generative AI while keeping clients fully in control of their data and compliance obligations.
Soph.ia is not a single model; it’s a comprehensive platform that integrates models such as Mistral, Ollama or Deepseek, and allows organisations to use their own internal data sources to train and deploy AI. The entire framework is hosted on our private infrastructure, using our own GPU capacity, and is designed in line with the latest EU AI regulations.
One client described the difference aptly: “Google is a search engine. AI is an answer engine. But only if you control the source.” That is exactly what soph.ia enables. It combines performance - 96% response relevance in testing - with traceability, localisation, and above all, peace of mind.
What are the most common challenges organisations face when pursuing sovereign IT strategies?
The first challenge is technical. Organisations often operate hybrid environments: some workloads on mainframes, others on virtual machines, containers, or public clouds. Moving parts of that to a sovereign platform requires a deep understanding of performance trade-offs, dependencies, and integration points. We have seen examples where performance degradation occurred due to poorly orchestrated transitions. But with the right design - and we have clients who have moved entire environments to our data centres - we achieve or exceed their expectations.
The second challenge is cost. There's a persistent myth that sovereign infrastructure is more expensive. In reality, our pay-as-you-use models often prove more economical than public cloud, especially when you factor in egress fees and long-term flexibility. We offer embedded FinOps advisory, helping CIOs monitor and optimise resource usage in real-time.
Then there is the fear of vendor lock-in. That is something we actively address through contract clarity and exit planning. Reversibility must be built in, not just promised. Finally, and crucially, we see a need for early-stage strategic support. That’s why our advisory practice includes experts from finance, industry, defence and healthcare sectors, who co-design the roadmap with clients.
Cybersecurity and ransomware attacks continue to rise. How do you help clients protect their most sensitive data?
Cybersecurity cannot be reactive anymore. That is why we launched Stone Copy, our secure and immutable backup solution. It ensures data redundancy across diverse storage types, one of which is both off-site and offline. It is a true “digital vault”; air-gapped, AI-verified, and designed to allow rapid restoration in case of an attack.
We have seen ransomware hit hospitals and public institutions hard. With Stone Copy, even if the production environment is compromised, clients can recover mission-critical services within hours, not days. The vault is hosted in our three Data Centres that have full ISO 9001 and 27001 certification. It is not only about resilience, but also regulatory compliance with frameworks like DORA and NIS2.
For clients in healthcare, finance or the public sector, this isn’t optional; it is indispensable.
You mentioned your own infrastructure and GPUs. Is NRB also exploring quantum resilience?
Yes, we are working closely with IBM and others on post-quantum security, particularly for archiving and long-term data protection. Our Z16 mainframes already integrate certain post-quantum algorithms. The idea is to anticipate future decryption capabilities by hostile actors. As you know, even encrypted data today may be harvested and cracked tomorrow once quantum computing matures.
That is why we take a zero-trust approach across our architecture, combined with forward-looking encryption protocols. We view this as a collective responsibility, especially when handling critical public-sector data.
As AI adoption accelerates, how do you advise CIOs to stay pragmatic?
AI is not a silver bullet. It is a powerful tool, but one that must be deployed purposefully. We see too many cases where organisations rush in with unrealistic expectations, forgetting to consider data readiness, user adoption, or ethical safeguards.
Our approach is incremental. Start with business value in mind, identify high-impact use cases, and make sure your data is secure, relevant, and legally compliant. Then scale, if and when the organisation is ready. AI must not be used because it is fashionable; it must be used because it makes sense.
I like to say: don’t build a rocket ship unless you know your destination. The best CIOs today are those who balance ambition with realism and who understand that responsible innovation starts with asking the right questions.
Q: One final message for your fellow IT leaders across Europe?
The world is shifting fast, technologically, geopolitically, and economically. In this environment, control is power. Whether it’s cloud, AI, cybersecurity or compliance, organisations must regain control over their digital assets.
Sovereignty, when done right, is not about closing doors; it is about opening the right ones, on your own terms.
For more information about NRB’s sovereign infrastructure, AI platform soph.ia, or the Stone Copy solution, visit www.nrb.be or contact marketing@nrb.be.
--