Luxembourg-based · Compliance, security, AI

Your legal obligations, fully handled.

External DPO and CISO mandates in Luxembourg. One team for GDPR, the AI Act, NIS 2 and DORA, lawyers, cyber engineers and developers under one roof.

Build my quote →
Trusted by:
Core offer

Two legal mandates that cover your obligations.

You officially appoint us, we take operational responsibility. We cover strategy, implementation and the regulator relationship.

External DPO mandate

GDPR + AI Act compliance

Certified Data Protection Officer registered with the CNPD. Maintains records, runs impact assessments (DPIAs + AI Act), handles data subject requests, manages breaches, liaises with the CNPD.

  • GDPR, records, DPIAs, data subject rights, training
  • AI Act, AI systems inventory, risk classification, transparency
DPO mandate details →

External CISO mandate

NIS 2 + DORA compliance

External Chief Information Security Officer. Security policy, ICT risk management, ISO 27001 governance, incident handling, regulator reporting.

  • NIS 2, governance, supply chain, 24h reporting
  • DORA, ICT risks, critical third parties, resilience testing (financial sector)
CISO mandate details →
Our edge

Three teams, under one roof.

A legal duty always blends law and tech. We have both, plus a development team for custom tools.

Lawyers

GDPR, AI Act, NIS 2, DORA, labour law. Draft your policies, contracts, processor clauses, and represent you before regulators.

Cybersecurity engineers

ISO 27001, audits, pentests, BCP, Dark Web monitoring, incident handling. They run day-to-day CISO operations.

Developers

Build AI agents that automate your heavy workloads (KYC, monitoring, log analysis, file cleansing) and our custom GDPR-compliant business applications.

Meet our teams →
Free scan · 60 seconds

Is your company already exposed on the Dark Web?

Enter a corporate email or your domain name. We query our sources live (clandestine forums, marketplaces, stealer logs, breach archives). No full passwords are shown, you get a preview, and we send a detailed report within 48 hours.

Personal Gmail/Yahoo/Outlook mailboxes are not scanned, Luxgap focuses on corporate domains.

Trusted by

A few organisations that have engaged us for DPO, CISO, BCP, audit or counter-espionage work.

See our case studies →

Want a priced quote, fast?

Configure your areas of interest online, Julien Winkin gets back to you within one business day with a tailored proposal. No sign-up, no spam.

Build my quote →
or via the contact page