We build secure, accessible digital infrastructure for public sector clients — citizen platforms, internal ops systems, multi-lingual portals. Compliance-ready by default.
Stakeholder mapping, accessibility audit, security baseline. Define what "done" actually means.
WCAG 2.2 AA, ISO 27001, GDPR. Find every gap before a single line is shipped.
Versioned, documented, sovereign-hosted. Built so the next agency can read the codebase.
Long-term support contracts. Quarterly accessibility re-tests, security patches, real ownership.
Four articles — the conditions every system we ship for the public sector has to satisfy before it ships at all.
In-jurisdiction hosting on every engagement. Sovereign cloud where the mandate demands it. Encryption keys held by the agency, never by the vendor. The infrastructure answers to the constitution — not to a foreign earnings call.
§ eIDAS · BSI C5 · ENS
Append-only event sourcing on every privileged action. Hash-chained per day, signed at close. State change tied to an authenticated identity, an authorising role, and a documented mandate. The log is the evidence the regulator asks for — not a tab in a dashboard.
§ ISO 27001 · NIS2 Art. 21
Disaster recovery measured in minutes, not hours. Active-active multi-zone where the citizen-facing tier matters. RPO and RTO defined per service, not per system — because the citizen needing a death certificate does not care that the rest of the platform was up.
§ NIS2 Art. 21(2)(c) · ENS High
Accessibility above WCAG 2.2 AA, not at it. Multi-lingual without machine-translated tax language. Mobile-first because the citizen who needs you most is not reading on a 27-inch monitor. Forms that do not require a printer.
§ EAA · WCAG 2.2 AA
Public software outlasts the government that signs the contract. Build it accordingly.
eIDAS-aligned citizen identity, role-based access for civil servants, federation across agencies without data leakage.
Long-retention archives with cryptographic continuity. Disposal schedules enforced by the system, not by spreadsheet.
Single sign-on across services. Status visible. Documents pre-filled. Cases survivable across staff turnover.
Schema-validated APIs between departments. Provenance preserved. Permission boundaries enforced at the message layer.
NIS2, GDPR, ISO 27001, eIDAS — built into the platform’s control plane, not assembled in a spreadsheet at audit time.
Multi-zone replication. Failover drills run quarterly, not theorised in a runbook nobody opens.
“The auditor asked which civil servant approved a particular access escalation in May. The platform returned the ticket reference, the role mandate, and the hash-chained log entry — in 12 seconds, from the same dashboard the operator uses daily.”
— Federal accreditation review“Disposal schedule was meant to delete records after 7 years. The previous platform deleted them after 7 years on a calendar-day basis, ignoring legal holds. Ours respects the hold automatically. The auditor stopped reading after the third sample.”
— Justice ministry archive migration“A second agency requested a citizen’s record bundle. The exchange layer enforced field-level permissions, redacted what was outside the second agency’s mandate, and logged the redaction itself. No human review needed. No data leaked.”
— Cross-department pilot
Citizens don’t grade portals. They grade outcomes.
Auditors don’t read decks. They read logs.
Administrations don’t survive vendors. Systems do.
— INHOUSE Government
"Public sector software outlasts five governments. Build it accordingly."
— INHOUSE Civic