Services
Sovereign, quantum-safe engineering services
Advisory and architecture services that move organizations toward post-quantum-ready, sovereign and industrial-grade systems — from first assessment to full industrialization.
Proven sovereignty
EU data residency, legal control, European encryption and HSMs, documented subcontracting chains.
Compliance by design
Evidence packs, ICT registers (DORA), exit plans (Data Act), identity and trust (eIDAS / EUDI).
Measurable execution
SLA/SLO commitments, KPI/OKR tracking, contractual reversibility, open formats and APIs.
Strategic offerings
Each offering pairs a clear deliverable with its business value and its intended client focus.
Quantum-Safe Architecture Assessment
Evaluate cryptographic exposure, TLS, identity and key management against post-quantum threat models.
- Value
- A clear, prioritized view of quantum risk before it becomes an exposure.
- For
- Banks, insurers, critical infrastructure and regulated enterprises.
Post-Quantum Migration Roadmap
A phased, standards-aligned plan to migrate systems toward hybrid and post-quantum-ready cryptography.
- Value
- A defensible, auditable transition path with controlled cost and risk.
- For
- CISOs, regulators-facing organizations and public operators.
Sovereign AI Architecture
Design and deploy AI systems with European data residency, governance, traceability and guardrails.
- Value
- Trusted AI capability without losing control over data and models.
- For
- Institutions, industrials and deeptech scale-ups.
Robotics & Autonomous Systems Architecture
Architect robotics and fleet platforms on ROS 2, edge AI and secure, resilient communications.
- Value
- Industrial autonomy built on a secure, maintainable foundation.
- For
- Industrial, logistics, defense-adjacent and energy operators.
Quantum-Inspired Optimization Consulting
Apply classical and quantum-inspired solvers to routing, scheduling and allocation problems.
- Value
- Measurable efficiency gains today, without unproven quantum claims.
- For
- Operations, supply chain and industrial engineering teams.
Private Cloud & Secure Infrastructure
Build sovereign landing zones, hardened on-prem and hybrid platforms with DevSecOps and observability.
- Value
- A reversible, compliant base for sensitive and critical workloads.
- For
- Public sector, finance and industrial organizations.
AI Research Copilot Development
Develop research assistants that read literature, extract concepts and generate experiments and notebooks.
- Value
- Faster, better-documented research and engineering cycles.
- For
- R&D labs, deeptech founders and innovation programs.
Enterprise Architecture Refactoring
Modernize, secure and document legacy enterprise architectures around clear, governed standards.
- Value
- Reduced technical debt and a credible path to industrialization.
- For
- Large enterprises, integrators and platform operators.
Service Catalogue & Indicative Pricing (EUR, ex‑VAT)
| Code | Service | Description | Key Deliverables | Scope (w) | Price Range |
|---|---|---|---|---|---|
| AUDIT | Sovereignty & Compliance Fast-Track Audit (GDPR + NIS2) | Accelerated, end-to-end assessment of sovereignty and compliance posture. We map data, assets, and flows; analyze gaps against key requirements (GDPR: lawful bases, records of processing, DPIA, data subject rights; NIS2: risk governance, logging, incident response, continuity, supply chain); evaluate technical/organizational controls; and verify data residency and resilience. Includes stakeholder workshops, document review, and technical sampling (IAM, encryption, logs, backups). Executive and operational readout: prioritized risk register, 30/60/90-day quick wins, remediation backlog, RACI, tracking KPIs, and a compliance trajectory. Option: pre-built evidence pack for third-party audits. | Gap analysis, risk register, 90-day plan | 3–5 | 25k–60k |
| SLZ | Sovereign Landing Zone. EU qualified cloud | Design and deploy a sovereign EU Landing Zone (accounts/projects, networking, security, identity) using Infrastructure as Code. Scope: network segmentation (VPC/VNet, private links), policies and guardrails, EU KMS/HSM-managed encryption, identity and access (SSO, RBAC, PAM), key/secret management, centralized logging with SIEM integration, backups, bastions, tagging/FinOps. Aligned to GDPR/NIS2 (data residency, timestamped logs, separation of duties). Knowledge transfer and documentation (runbooks, diagrams, ADRs). Option: CI/CD pipelines for environments and ready-to-use workload blueprints (Kubernetes/VM/Serverless). | LZ design, IaC, identity, logging | 5–7 | 60k–120k |
| MCP | MCP Server + EU LLM PoC | Stand up a secure enterprise assistant based on MCP (Model Context Protocol) and EU-hosted/processed LLMs. Define use cases, connect data sources (RAG, internal search), implement MCP tooling (tools, policies), guardrails (PII filtering, action limits, audit logs), and select/benchmark models (open-source or EU providers). Deploy to hardened VPC/on-prem (private networking, strong auth, key isolation). Evaluation report covering quality/recall, hallucination rate, latency/cost, security, compliance, and industrialization recommendations. Option: admin portal, telemetry, and prompt traceability. | Secure assistant, guardrails, eval report | 6–16 | 120k–260k |
| MIG | 2–3 App Migrations to qualified cloud / hardened on-prem | Migration program for 2–3 critical applications to an EU-qualified cloud or hardened on-prem platform. Steps: discovery and mapping (dependencies, data, SLAs), target strategy (rehost/refactor/re-platform), Landing Zone preparation, security hardening (IAM, zero-trust networking, secrets), CI/CD pipelines, performance/security testing, DR/backup. Detailed cut-over plan (windows, rollback, communications) and operating runbooks. Risk management (vendor contracts, licensing, compatibility), change management and handover. Outcome: minimized downtime, improved security, observability, and cost control. | Target arch, runbooks, cut-over | 9–17 | 180k–420k |
| OBS | Observability & Data Quality foundation | Establish the foundations of observability (logs/metrics/traces) and data quality. Tooling architecture (OpenTelemetry/agents, data catalog/lineage), logging standards, SLO/SLA metrics and error budgets, trace–log correlation, symptom-based alerting. On the data side: define dimensions (completeness, freshness, uniqueness, etc.), executable DQ rules in pipelines, controls at critical points, dashboards, and data contracts between producers/consumers. Integrate with incident/problem management, runbooks, and a maturity review. Result: end-to-end visibility, reduced MTTR, and higher trust in datasets. | DQ rules, SLAs, metrics, dashboards | 5–10 | 70k–160k |
| DORA | DORA/TLPT readiness audit & remediation plan | Readiness assessment for DORA and TLPT (Threat-Led Penetration Testing) for financial entities. Scope definition and critical functions, ICT asset register, risk governance, operational controls (logging, backups, incident response), third-party dependencies and continuity. Build an evidence pack, article-by-article gap mapping, prioritized remediation plan with owners and deadlines. Pre-design a TLPT program: adversary-led scenarios, threat-intel objectives, legal prerequisites, and third-party coordination. Executive readout and a compliance/resilience roadmap. | Evidence pack, TIC register, scenarios | 4–8 | 85k–190k |
| EUDI | eIDAS 2.0 / EUDI wallet integration blueprint | Integration blueprint for the European Digital Identity Wallet (EUDI) under eIDAS 2.0. Design the trust architecture (issuers, holders, verifiers), verifiable credentials & identity flows, QTSP integration and trusted lists, protocol choices and UX for journeys (onboarding, consent, selective disclosure, QES). Security: secure storage, proof-of-possession, replay protection, logging. Pilot use cases (KYC, qualified e-signature, application access), KPIs (conversion, latency, fraud prevented), and governance (attribute lifecycle, revocation). Compliance dossier and industrialization plan. | Trust architecture, pilots, KPIs | 8–16 | 220k–480k |
| RUN | Managed Sovereign Ops — NOC/SOC/FinOps | Sovereign managed operations with NOC/SOC/FinOps. 24/7 monitoring, detection and response, change and vulnerability management, patching, backups/DR tests, compliant log retention. SOC: use cases, correlations, threat hunting, reporting, and post-incident guidance. FinOps: tag-based allocation, resource optimization, budget alerts, and monthly reviews. SLA-backed commitments (response times, availability), tailored runbooks, and monthly/quarterly steering committees. Integrates with the client's tooling or a Eurathos-managed stack. | 24/7 monitoring, incident mgmt, reports | — | 12k–45k / month |
| CIO | CIO/CISO Advisory Retainer | CIO/CISO advisory on retainer. Strategic guidance and decision support (make/buy, sovereign cloud, data/AI), program framing, steering committees, board preparation, and compliance oversight (GDPR/NIS2/DORA/eIDAS). Architecture and security reviews, vendor due diligence, RFP/RFI support, and team coaching. Includes a defined number of days per month, a priority channel, and themed sessions (cyber crises, continuity, responsible AI). Recurring deliverables: executive briefs, roadmaps, and actionable recommendations. | Board briefs, steering, reviews | — | 6k–20k / month |
Resultats a 90 jours
- Audit de conformite pret pour le regulateur (rapports et preuves).
- PoC MCP + LLM EU operationnel pour un cas d'usage concret.
- Landing zone souveraine deployee et plan de reversibilite signe.
References & Ecosysteme
- Cloud & labels : ecosystemes qualifies europeens (SecNumCloud / ENS / C5).
- IA : Mistral, Aleph Alpha (deploiements prives dans l'UE).
- Services de confiance : QTSP, signatures qualifiees, EUDI Wallet.
- Marches publics : TED/eForms et codes CPV pertinents.
SLAs & SLOs
- Reponse : P1 sous 30 min (24/7), P2 sous 4h (heures ouvrables), P3 sous 2 jours.
- Disponibilite : 99.9% mensuel pour les services manages.
- Reporting : tableau de bord KPI/OKR mensuel, revue executive trimestrielle.
Conditions
- Prix hors TVA, licences, consommation cloud et deplacements.
- Acces aux parties prenantes, systemes et documentation garanti par le client.
- Habilitations securite possibles (impact sur delais et tarifs).
- Modifications via Change Requests dans le projet Jira SVC-PORTFOLIO.