Services citizens can actually use
A public digital service has a long life. Years of citizen requests, language updates, accessibility audits, and the next team picking up the work where the contract ended. We build the service so it holds up across all of that. Accessibility is tested while developers write the code, and the compliance documents are generated from the production code, instead of drifting away from reality in a folder of PDFs.
The problems we hear most
Accessibility audits arrive when fixing costs the most
The report lands two weeks before launch, with eighty findings, and half of them ask for a redesign nobody had scoped. WCAG 2.2 AA holds up as a working discipline through the whole project, instead of a stamp pressed on at the last meeting.
Procurement that prices out the modern stack
A five-year tender, a fixed scope, no room for the architecture to evolve over the contract. The vendor that wins promises what they will not deliver, while serious bidders skip the call. In both outcomes, the citizen pays.
Identity integration treated as a checkbox
National identity card, banking-backed eIDs, eIDAS, regional schemes. Each integration ends up as a separate flow, with its own session, its own log, its own interface. The person trying to sign in meets a different door every time, and the experience never recovers after the first attempt.
Vendor lock-in dressed up as "managed service"
The contract ends, the code lives on a proprietary platform, the next procurement starts from scratch. Public money pays twice for the same service.
What we deliver for this vertical
Accessibility ready for the inspection
Testing with assistive technology happens while developers write the code, not after launch. The accessibility statement is generated from the production code and refreshes on every release, so it never drifts away from what citizens actually see.
EU data residency by architecture, not by declaration
Hosting, database, file storage, queues, CDN: every component is configured in EU regions, with the provider bound by contract. The data flow lives in a diagram the data-protection officer signs without reservations.
National ID, eIDs and eIDAS in one session
A single authentication layer covers the national identity card, banking-backed eIDs, and cross-border eIDAS providers. The person signing in finds the same flow regardless of provider, and the agency reads in one log who did what and with which identity.
Multilingual support as an architectural choice
National language, regional languages, recognised minority languages, each one inside URL routing, with correct hreflang, plural-aware copy, and a localised accessibility statement. Translation lives inside the design phase, and not at the end of the project.
Audit log of every privileged action
Who changed what, when, from which IP, with which justification. The log is queryable, exportable, signed. On the day of the inspection, the answer is already ready.
A real handover at the end of contract
Source code in your repositories, infrastructure on your accounts, documentation generated from the code, design system delivered as a versioned package. The next procurement starts with materials in hand, and not with a clean slate.
A stack chosen for the long life of public service
Every technical decision is anchored to one fact. A public service runs for years, citizen requirements only grow over time, and the next team to read the code may not be us. We choose the stack with that second moment in mind, when the contract has ended and someone else opens the project.
The citizen-facing area and the operator console live inside one Next.js project. The service indexes in search engines, opens quickly on the first visit, and the team that publishes content works from the same place where applications are reviewed. One repository, one deploy, and the line between "the page citizens see" and "the system that processes their request" stops costing coordination time between departments.
Citizen data is isolated at the database layer, and not only inside application code. Every public-service inspection turns on this point, because the question is always the same: how is separation between departments, tenants, or sensitive groups actually guaranteed. With a managed Postgres and a rule that filters access row by row, the answer fits in one screen of code and lands directly in the technical documentation that ships with the service. The same database handles accounts, attachments, and realtime updates, hosted in an EU region by contract.
Authentication wires the national identity card, banking-backed eIDs, the eIDAS node, and regional schemes into one session layer. The person signing in meets the same flow regardless of provider. The audit log records which provider was used for every event, and when the accessibility review asks how a screen-reader user reaches the application form, the answer is the same flow as everyone else, with no shortcut written only for sighted users.
Documents requiring a qualified electronic signature go through a provider compatible with eIDAS. The signed PDF sits beside the application record, kept for the retention period the regulation requires. The receipt the citizen receives is generated from the same template the back-office operator works with, and the two versions never drift apart over time.
Infrastructure costs do not balloon as traffic grows. Abuse protection and rate limiting run through a managed distributed cache, located geographically close to the people sending requests, without provisioning a dedicated server. Attachments live in an object storage hosted in an EU region, without the surprise charges other providers carry on outbound data transfer. The whole codebase is type-checked at compile time by TypeScript, an unglamorous benefit that pays off later: when the contract ends and another team opens the project, breakage shows up before release, and the new person finds their bearings without a guided tour.
Questions founders ask
Can you work with our existing procurement framework?
Yes. We have worked inside fixed-scope tenders, framework agreements, and time-and-materials arrangements. We write the technical specification in the format your procurement office accepts, and we scope the work so the contract carries a verifiable definition of done.
How do you handle WCAG 2.2 AA and the EU Accessibility Act?
WCAG 2.2 AA is the floor, not the goal. Testing with assistive technology happens during the build, not at the end, and the accessibility statement is generated from the codebase, so it never drifts away from reality. The EU Accessibility Act 2025 covers most of the services we ship, and the same discipline covers it.
Can the service be hosted entirely in the EU?
Yes. Hosting, database, file storage, queues, and CDN are configured in EU regions with contractually bound providers. The data flow is documented so the data-protection officer can sign off without reservations.
What happens at the end of the contract?
A handover that another team can pick up and continue. Source code in your repositories, infrastructure on your accounts, documentation generated from the code rather than from a template, design system delivered as a versioned package. The next procurement starts with materials in hand, and not with a clean slate.
Can you support regional and minority languages?
Yes. URL routing, hreflang, plural-aware copy, and locale-specific accessibility statements are part of the build, and not an afterthought. We have shipped multilingual services from the first release, and the same pattern extends to the languages a national framework recognises.
Tell us about your service
A scoping call, and a concrete plan in the first reply. We respond to tenders within the deadline the call states.