01
Digital public infrastructure
Identity wallets, base registries, document signing and secure messaging buses — the foundational layer beneath citizen-facing services.
EU-domiciled software studio · Malta
Sovereign software for the systems that run public life.
Lattica designs, builds and operates critical systems for ministries, agencies and pan-European institutions. GDPR-native by construction, open-source by default, and hosted entirely within the EU.
Currently accepting engagements for Q3 2026
Studio at a glance
EST. 2019
- Practice
- Public-sector software
- Specialists
- 32 across the EU
- Offices
- Valletta · Brussels
- Licensing
- EUPL-1.2 · full source
- Hosting
- EU / Malta only
Compliance posture
GDPR-native
eIDAS 2.0
WCAG 2.2 AA
ISO/IEC 27001
NIS2-ready
EU-hosted
Capabilities
Four fields of practice.
The load-bearing software beneath citizen-facing services — designed for long horizons, full source, and the scrutiny the public sector deserves.
02
Data exchange & interoperability
Cross-border data spaces, once-only flows and schema governance — plumbing that respects the boundary between agencies.
03
Citizen interfaces
Front-ends for millions of users that still feel like one product — accessibility-first, multilingual by default, measured against design-system law.
04
Quiet modernisation
Strangling mainframes and rewriting decades-old code into auditable services — without an outage, and without a press release.
Who we serve
Built for the institutions that carry public trust.
S.01
Ministries
National departments & directorates
S.02
Agencies
Operational & regulatory bodies
S.03
Pan-European
EU institutions & programmes
How we work
The way the public sector deserves to be worked with.
Small teams. Long contracts. Documentation as a first-class deliverable. We deliver code, not slideware — and we stay to operate it.
P.01
Built in the open
Everything we ship lives on a code forge you can audit, EUPL-1.2 by default. Vendor lock-in is not on offer.
P.02
Small teams, long horizons
Senior people who stay across the whole engagement, building critical systems slowly and to last.
P.03
Documentation as a deliverable
SOPs, data models and runbooks are first-class outputs — so the system outlives any one team or administration.
P.04
We operate what we ship
Managed hosting, security and support under a fixed service agreement, with defined response targets.
Data sovereignty
EU-domiciled. EU-staffed. EU-hosted.
No case or citizen data leaves the continent unless your mandate says it should. Data protection is the way we build, not a feature added at the end.
GDPR by design
Lawful-basis, retention and erasure tooling built in; data-protection by default.
Full audit trail
Every create, edit and decision recorded immutably for accountability.
Role-based access
Granular, least-privilege permissions enforced in software, not policy alone.
Sovereign hosting
Encrypted in transit and at rest, in Malta / the EU, with managed backups.