Sovereign data and agent infrastructure, built in the European Union

Introduction

The sovereign data foundation Europe was always supposed to have. And the agents that finally make it useful.

We design, build, and operate sovereign data infrastructure and AI agents for organisations that demand transparency, data sovereignty, security, and uncompromising performance — public administrations, regulated industries, critical-infrastructure operators, and enterprises that share their standards. On EU infrastructure, on the customer's own hardware. Never anywhere else.

Talk to us

Why now

Three forces are converging in the same eighteen months.

Europe is entering the most concentrated regulatory, sovereignty, and funding alignment for artificial intelligence the Union has ever seen. Every organisation operating here is going to feel its gravity. The window to build the right answer to it is now.

01Regulation

The AI Act becomes enforceable.

From 2 August 2026, EU Regulation 2024/1689 applies to high-risk AI systems, including almost every meaningful public-sector use case under Annex III: access to public services and benefits, justice, law enforcement, migration, education, employment, critical infrastructure. Risk management, data governance, technical documentation, logging, oversight, accuracy, cybersecurity, EU database registration, fundamental-rights impact assessment. Every public administration — and every regulated organisation that interacts with one — will need a vendor that can deliver against this standard.

02Sovereignty

Data sovereignty is now a procurement criterion.

The European Commission was formally found in infringement of GDPR for its own use of Microsoft 365. France's Ministry of Education has instructed schools to stop using US productivity suites. Germany's Federal Ministry of the Interior has confirmed in a legal opinion that US authorities can lawfully access EU-stored cloud data under the CLOUD Act. The Commission's own €180M sovereign-cloud framework was awarded to four EU-headquartered consortia under a new SEAL classification (Sovereignty Effectiveness Assurance Levels). The buyer has changed.

03Capital

Europe is paying for the sovereign alternative.

The Digital Europe Programme is deploying approximately €1.3B in 2026 across AI, data, cloud, cybersecurity, and skills, including a dedicated Generative AI for Public Administrations call. Horizon Europe Cluster 4 has committed €307M in 2026 calls. The GenAI4EU initiative is approaching €700M across instruments. EuroHPC has selected nineteen AI Factory sites with €1.5B in initial investment. The InvestAI Facility will deploy €20B for up to five AI Gigafactories.

The platform

A data foundation, then the agents. In that order.

Most institutional AI projects fail the same way. They start at the agent and discover, six months in, that there was never a data foundation underneath. We start at the foundation and build upward, deliberately. The agents come last, because the agents are only as useful as the structured data and well-curated corpora they reason over.

01Foundation

Data warehouse and ETL strategies

We build the structured data substrate every other layer depends on.

Integration of public registers, line-of-business systems, document repositories, geospatial data, and EU open-data feeds.
Open-source warehousing and pipeline tooling: auditable, portable, no proprietary lock-in.
Master-data alignment across institutional silos, with stable identifiers and lineage tracking.
Designed for re-use under the EU Data Governance Act and Data Act frameworks.

02Insight

Data mining and visualisation

We surface what the data already contains, before any model is asked to opine.

Pattern, anomaly, and trend detection over operational data: financial, demographic, procurement, service-delivery.
Self-service dashboards for non-technical staff and decision-makers.
Geospatial and time-series visualisation as first-class outputs, not add-ons.
Continuous monitoring with alerting on data-quality regressions.

03Models

AI and machine learning

Open-weights models, fine-tuned for the institution's data and language.

Open-weights LLMs (Mistral, Llama, Gemma, EU-trained language models, and others across the ecosystem), never frontier-API-dependent.
Classical ML for forecasting, classification, and anomaly detection where it outperforms LLMs.
Fine-tuning and adapter training pipelines that run on EU cloud or customer hardware.
Continuous evaluation with RAGAS-class metrics.

04Rigour

Data analysis and testing

Rigorously tested data is the only kind that should drive a public decision.

Schema validation, referential-integrity testing, and statistical drift monitoring as code.
Independent audit trails for every transformation.
Bias and exclusion-rate measurement for any system that touches a citizen-facing decision.
Pre-deployment data-protection and fundamental-rights impact assessments as a standard deliverable.

05Operations

Operational efficiency

Less paperwork, faster decisions, fewer errors. We measure all of it.

Intake and triage automation for citizen requests, applications, and complaints.
Document classification, redaction, and routing.
Operational analytics that make administrative bottlenecks visible.
Outcome metrics defined up-front and reported transparently to leadership and to the public where appropriate.

06Agents

Document agents

Multiple agents, each scoped to a single corpus.

Retrieval-augmented agents: hybrid retrieval with reranking, agentic planning, GraphRAG over knowledge-rich corpora.
One agent per institutional corpus and access scope: legal, HR, policy, procurement, citizen-facing, internal staff.
Each agent has its own ranking model, its own evaluation harness, its own audit log.
When reasoning depends on numbers, dates, or registers, agents pull the values from structured-data tools.

How we build

Sovereign at every layer, by default.

We commit to sovereignty across the full stack, in writing, in every contract.

Layer

What it means

What it is, here

L01Compute

The physical hardware that runs the workload.

EU-headquartered cloud (OVH, Scaleway, IONOS, StackIT and successor SEAL-3 providers) or customer-owned on-premises hardware (NVIDIA H100-class accelerators, or successor open architectures). Hybrid if data classification demands it.

L02Models

The language and analytical models that produce inference.

Open-weights only: Mistral, Llama, Gemma, EU-trained language models, and others across the ecosystem. We never call frontier APIs from outside the EU jurisdiction.

L03Data

The institutional corpora and registers the platform reasons over.

Stays in the customer's environment. Never transferred outside the EU/EEA. Never used to train external models.

L04Code

The platform itself.

Open-source by default. Customer-controlled fork on customer infrastructure when required. No proprietary lock-in.

L05Control plane

The orchestration and governance layer.

Open-standard, cloud-portable orchestration. Runs identically on EU cloud, customer hardware, or hybrid. The customer is never trapped on one provider.

Model A

EU Cloud

For administrations that prefer a managed footprint. Deployed on a SEAL-3-equivalent EU-headquartered provider. Infrastructure-as-Code, CI/CD, monitoring, and compliance automation included.

Model B

On-premises

For administrations with classified data, latency-critical workloads, or strategic sovereignty mandates. Customer-owned hardware (typically NVIDIA H100 or successor open accelerators), fully air-gappable. We supply the architecture, deployment, runbooks, and training.

Model C

Hybrid

For most real customers. Sensitive workloads on-premises, elastic and bulk inference on EU cloud, single control plane across both. Unified monitoring, unified governance, unified audit.

Use cases

Concrete workloads. Measured outcomes. Deployed.

Each of the deployments below combines structured-data work with retrieval-augmented agents. They are drawn from public-administration deployments, where the standard is set by law, but the same patterns translate directly to regulated private-sector operations: financial services, healthcare, energy and utilities, telecoms, defence-adjacent industry, and any enterprise running on a transparency-and-audit footing.

Inbound request triage

The pain: Inbound complaints, requests, and inquiries arrive across web forms, email, phone, and walk-in counters. Routing them to the correct internal owner is manual, slow, and error-prone.
The data: Historical request records, routing rules and SLAs, citizen-facing service catalogue, incoming free-text requests.
What we deploy: A triage agent with hybrid retrieval over the service catalogue and historical routing decisions, calling a structured-data tool for SLA lookup. Every decision logged. Human review on the long tail.

Median time-to-first-response · share resolved within SLA · citizen satisfaction.

Procurement document handling

The pain: Tender documentation is dense, repetitive, and structured by template. Drafting compliant supplier responses is a slow specialist activity. Evaluating bids against criteria is similarly slow on the buyer side.
The data: Published procurement specifications, historical award decisions, supplier bid templates, applicable national and EU procurement law.
What we deploy: Two agents — one buyer-side scoring bids consistently against published criteria, one supplier-side drafting clean specifications. Both grounded in structured procurement-law indexing.

Evaluation cycle time · bid-clarification rounds · audit trail completeness.

Building and urban-planning permits

The pain: Permit applications come with heavy attached documentation that has to be checked against zoning regulations and historical decisions of the same authority. The evaluator pool is small and overworked.
The data: Zoning regulations, master plans, historical permit decisions (often scanned), submitted applications, geospatial data on the parcel.
What we deploy: A permits agent with GraphRAG over historical decisions and zoning rules, structured tool calls for parcel-level geospatial lookups, strict human-in-the-loop for the final decision.

Time-to-decision · decision-consistency against precedent · citizen complaint rate.

Legislative & regulatory transposition

The pain: Transposing EU directives into national or municipal regulation is high-stakes legal drafting work. Cross-referencing existing national law to find conflicts is laborious.
The data: EU directives, existing national legislation, regulatory commentary, prior transposition acts.
What we deploy: A drafting-assistant agent with hybrid retrieval over the national legal corpus, citation-grounded outputs (every claim traceable to a statute), explicit refusal to draft beyond the corpus.

Drafting cycle time · conflict-detection rate · peer-review acceptance rate.

Internal staff knowledge agents

The pain: Staff in HR, IT, legal, and policy roles spend significant time looking up internal documents, policies, and prior decisions. Onboarding is slow.
The data: Internal policies, intranet content, ticket histories, mailing-list archives, training materials.
What we deploy: A set of role-scoped agents — one per function — each with retrieval bounded to documents the asking staff member is authorised to see. No cross-contamination between scopes.

Mean resolution time · ticket deflection rate · onboarding ramp-up time.

Regulated declarations and anomaly detection

The pain: Tax returns, customs declarations, insurance claims, and financial transactions share one pattern: submitters cannot answer their own procedural questions, anomaly detection is brittle, flagged cases outpace human review.
The data: Published guidance (tax codes, policy schedules, regulator publications, watch-lists), structured submission data, historical adjudication cases.
What we deploy: A submitter-facing Q&A agent grounded only in published guidance, paired with a classical-ML anomaly layer on the submission data. Flagged cases routed for human review with supporting evidence. One architecture: tax authorities, customs agencies, insurance carriers, financial-services compliance teams.

First-call resolution · false-positive rate on flags · recovered exposure or revenue per investigator-hour.

Healthcare administration

The pain: Public-hospital administration spends substantial effort on coding, billing, and patient-pathway tracking. Medical staff spend time hunting through scattered medical literature.
The data: Hospital information systems, claims data, medical literature, internal protocols, anonymised patient pathways.
What we deploy: A claims-side analytics layer for billing and pathway optimisation, plus a medical-literature retrieval agent strictly bounded to verified sources, surfaced only to authorised clinical staff.

Coding accuracy · pathway adherence · time-to-evidence on clinical queries.

Master data and entity harmonisation

The pain: Registers across an institution refer to the same entities (citizens, businesses, parcels, vehicles) under different identifiers, with different schemas. Cross-register reporting is unreliable.
The data: All institutional registers and their lineage.
What we deploy: A foundational entity-resolution and master-data layer with auditable lineage. The unsexiest deployment, and the one every other deployment depends on.

Cross-register reconciliation rate · manual reconciliation effort eliminated · downstream agent accuracy.

Compliance

Designed from day one for the European regulatory regime.

We build compliance into the architecture. Every customer engagement is scoped, designed, and operated to meet — at minimum — the obligations below.

2024/1689

EU AI Act

We design every customer engagement to Annex III high-risk standards from day one: risk management, data governance, technical documentation, automatic logging, human oversight, accuracy and cybersecurity, EU database registration support, Fundamental Rights Impact Assessment support.

GDPR · EUDPR

Data protection

Data-protection impact assessment as a standard project deliverable. No transfers outside the EU/EEA. No US-cloud reliance. EUDPR-compliant operation when the customer is an EU institution.

2022/2555

NIS2

Incident-reporting workflows, board-accountability documentation, supply-chain security commitments. Designed to harden the customer's compliance posture.

eIDAS 2.0

EUDI Wallet

EU Digital Identity Wallet as the default citizen-facing authentication mechanism, ahead of the December 2026 member-state deadline.

DGA · DA · ODD

Data governance

Native support for re-use frameworks, data-intermediation interoperability, and machine-readable High-Value Dataset ingestion under Implementing Regulation 2023/138.

EUCS · SEAL-3

European cloud sovereignty

Deployment-partner selection aligned with the SEAL-3 tier of the European Cloud Sovereignty Framework. We do not deploy on providers below SEAL-3 for production workloads where sovereignty matters. For our customers, that is all of them.

Who we are

Built by people who have built data and AI at European scale.

Public Agents is founded on two engineering competences that any sovereign, audit-grade AI deployment requires, and that very few vendors can credibly assemble in one place.

Years of designing and operating data-intensive applications at production scale: the engineering substrate beneath warehousing, ETL, master data, and analytics.

Years of AI engineering at European scale, including the design of cloud-portable, production-grade AI-as-a-Service architectures: the pattern this entire platform runs on, identical across every deployment target we ship to.

Founded · Sofia, BG

The founder is based in Bulgaria. The mission is European.

From this beachhead we scale across the Union, building inside the funding rails Europe is laying down, deploying inside the open AI infrastructure Europe is putting in place, answerable to the institutions and the people we serve.

Why we build this

Powerful capability, used for the public good.

The technology that lets us build extraordinary AI products is, for the first time, available without compromise inside European jurisdiction. Open-source platforms run on European hardware. Open-weights models trained at European scale. Sovereign clouds at SEAL-3. The whole stack, end-to-end, on the Union's own terms.

We believe Europe's institutions — public and private — should own that capability, run it, audit it, and put it to work for the people they serve, not rent it from outside the Union.

That is what Public Agents is for.

Questions

Direct answers to the questions we are asked most.

Every customer engagement is scoped to the AI Act's high-risk obligations under Annex III from day one: risk management, data governance, technical documentation, logging, human oversight, accuracy and cybersecurity, registration support, Fundamental Rights Impact Assessment. We treat conformity as the design baseline.

EU-headquartered cloud (OVH, Scaleway, IONOS, StackIT, and successor SEAL-3 providers) or customer-owned hardware. Hybrid where the customer's data classification requires it. Never on US-headquartered hyperscalers, regardless of region. This is contractual.

Open-weights only: Mistral, Llama 3 / 4, Gemma, EU-trained language models, and others across the ecosystem, selected per workload and locale. We never call frontier APIs hosted outside the EU jurisdiction from a customer deployment. Customer fine-tuning runs on the customer's infrastructure.

No. We are a product company. Every engagement deploys software we own and support, against a shared product roadmap. Where on-the-ground integration work is required we partner with local system integrators rather than expanding into consultancy ourselves.

No. Document agents are a part of what we deliver, but only on top of a properly designed data foundation. We respectfully decline engagements that want only the agent surface without the structured-data work underneath, because they fail predictably.

Yes, when their priorities run on the same axes as ours. The platform is built around sovereignty, transparency, auditability, and uncompromising performance: the same standards public administrations must meet under EU law. Regulated industries, critical-infrastructure operators, financial institutions, healthcare providers, defence-adjacent contractors, and any enterprise that takes data sovereignty seriously are exactly the kind of customer this platform is for. Public-sector work is where the standard is set; the platform applies wherever that standard matters.

We do not run a public sandbox. Every deployment is scoped to the customer's data and corpora. A scoping conversation is the right first step, and we are direct about whether a project is a fit.

Contact

Tell us what your data and document workload actually looks like.

Public Agents takes a small number of engagements seriously. If you are scoping a deployment, a consortium, or a funding application that takes sovereignty and auditability seriously, write. We answer credible messages personally and quickly.

Office

Sofia, Bulgaria · Operating across the EU