In April 2024, we formalised a new kind of partnership with Luxgap. Not marketing co-branding: a shared operational brand, a shared pricing framework, a single point of contact for our clients. Two years on, the model has proved its worth.

How it began

Luxapps publishes platforms compliant by design. But our clients regularly faced a need we did not cover: making their organisation compliant — not just their tooling. ISO 27001, NIS 2, GDPR: these projects require a consultancy, not a software publisher.

Luxgap, a Luxembourg firm specialising in data privacy, faced the inverse: recognised regulatory expertise, but lower commercial visibility. The coming together happened naturally.

The model: one brand, two areas of expertise

We built an operational partnership, not a symbolic one. In practice:

  • A shared pricing framework, transparent to the client.
  • A shared methodological reference, audited each quarter.
  • A Luxapps contact for commercial matters, a Luxapps × Luxgap duo for delivery.
  • A joint brand on all deliverables (audit, action plan, accompanied certification).

For the client, it's one contract, one contact, two signatures.

"The client should not have to choose between a publisher and a consultancy. We owe them an integrated response, with a single point of entry."

Luxapps team

Two years in numbers

  • 30 engagements delivered under the joint brand.
  • 6 ISO 27001 certifications delivered, including four first-time certifications.
  • 18 NIS 2 audits conducted since the directive entered into force.
  • 92% of clients renew their annual support engagement.
  • 0 confidentiality incidents across the covered scope.

What's next?

Three major workstreams await us in 2026–2027. First, broadening the sectoral scope: we work today mainly with fiduciaries, payroll and the public sector. Health and energy are opening new NIS 2 needs we want to address.

Next, the automation of recurring controls — many reviews can be instrumented via connectors to our platforms. The partnership must benefit from our technical foundation.

Finally, a cyber-insurance offering, in cooperation with a partner to be announced in the coming months. Compliance does not cover everything — the residual risk must be insured.

Discover the joint offering Talk to a consultant →