Locations · Brussels, Belgium
Senior nearshore engineering pods for Brussels GovTech, RegTech, EU-institution contractors, and Belgian enterprise. CET workday, GDPR-aligned, contracted through our German GmbH. We deliver EU AI Act conformity packs, DSA/DMA tooling, DORA platforms, and integrations with EU Login, eTrustEx, and the European Interoperability Framework. Dedicated teams from 12,000 EUR/month, MVPs from 25,000 EUR, fractional CTO from 4,500 EUR/month.
Brussels is the regulatory capital of the digital world in 2026. The EU AI Act is now in active enforcement: prohibitions applied from February 2025, general-purpose AI obligations from August 2025, and high-risk system obligations from August 2026, all coordinated by the AI Office inside DG CONNECT. The Digital Services Act has been in full effect for VLOPs since 2024 with transparency reporting and risk-assessment obligations escalating year-on-year. The Digital Markets Act is reshaping platform behaviour for gatekeepers. DORA financial-services resilience rules came into force in January 2025 and are policed by EBA/ESMA/EIOPA, all with strong Brussels presence. NIS2 transposition deadlines have passed and enforcement is biting. Add the European Commission’s 200+ billion EUR multiannual digital programme, ENISA cybersecurity contracts, and the long bench of Belgian enterprises (KBC, Solvay, Proximus, Engie’s Belgian operations, UCB) running major digital programmes — Brussels is the centre of gravity for any company whose roadmap touches EU compliance. A senior nearshore partner with regulatory fluency makes that roadmap move.
A senior backend engineer in Brussels in 2026 costs 65,000 to 95,000 EUR base, plus 13th and 14th month and meal vouchers, plus roughly 27 percent ONSS employer charges. Loaded cost per FTE: 110,000 to 155,000 EUR/year. A YuSMP nearshore senior is 115,000 to 150,000 EUR fully loaded with zero overhead.
Belgian employment law uses formula-based notice periods that grow with tenure — senior hires routinely have 4 to 6 months of contractual notice. Six months from req to first commit is normal. We ramp a pod in three weeks.
No need to open a Belgian SA/NV or SRL/BV just to hire, no ONSS filings, no Dimona declarations, no Belgian severance liability. One EUR invoice from our German GmbH, Belgian BTW/TVA reverse-charged.
Risk-tier classification, Annex IV technical documentation packs, conformity assessment support, post-market monitoring telemetry, GPAI model documentation, AI Office liaison patterns.
VLOP transparency reporting, DSA risk-assessment data pipelines, DMA compliance reporting for gatekeepers, NIS2 incident-reporting and asset-inventory platforms.
DORA ICT third-party risk registers, operational-resilience test orchestration, threat-led penetration test workflows, NBB and FSMA reporting alignment.
eTrustEx, EU Login, TESTA-ng connectivity, European Interoperability Framework patterns, Peppol BIS, reuse-policy aligned components for EU contractors.
2-to-9 engineer pods of senior full-stack, mobile, data, and DevOps, embedded in your Jira and Slack, delivery lead reporting to your VP of Engineering or programme director.
2 to 8 days per month of senior CTO judgement: hiring plans, architecture review, vendor selection, board reporting, technical due diligence for Brussels scale-ups and contractors.
Very-large online platform needs an automated DSA transparency-report pipeline (content moderation actions, automated tooling stats, ad repository feed). We build the ingestion, aggregation, and report-generation stack in 14 weeks ahead of the next reporting cycle.
Healthcare AI vendor classified as high-risk under Annex III needs full conformity assessment, Annex IV technical documentation, and post-market monitoring infrastructure ahead of August 2026 enforcement. We deliver the pack and the telemetry in two quarters.
Prime contractor delivering a citizen-facing GovTech portal to a DG — we embed a 5-person pod for the EU Login integration, eTrustEx flows, EIF-aligned interoperability layer, and accessibility (EN 301 549 / WCAG 2.2 AA) certification.
CET workday (09:00–18:00 Europe/Brussels) with full overlap with your Brussels offices, EU institutions, and the wider EU regulator network. Four hours of daily overlap with East-Coast US (09:00–13:00 ET) for US-headquartered VLOPs or DMA gatekeepers. Engineers default to business English; delivery leads can run meetings and write specs in French, Dutch, or German when needed. Quarterly on-site visits to Brussels for embedded teams are included in the retainer; rail and air make ad-hoc visits a 4-hour journey for any institution or programme meeting.
All Brussels engagements are contracted through our German GmbH, invoiced in EUR with Belgian BTW/TVA reverse-charged under EU intra-Community VAT rules. Mutual NDA, master services agreement, and a DPA aligned to GDPR + Belgian APD/GBA standard clauses are signed before kickoff. For EU institution work we sign confidentiality undertakings aligned to Regulation 2018/1725 (the EDPS regime) and accept the Commission’s standard reuse-policy clauses. IP assignment is unconditional on payment. We are GDPR-aligned, ISO 27001 ready, SOC 2 Type II in progress, HIPAA-capable, and CCPA-acknowledged. We work to EU AI Act, DSA, DMA, NIS2, and DORA frameworks as a matter of routine.
From 12,000 EUR/month for a 2-person pod. A typical 4-person squad lands at 28,000 to 36,000 EUR/month. Three-month minimum, then month-to-month with 30 days notice.
From 25,000 EUR for a 3-month MVP build with discovery, design, engineering, and one production deployment. Milestone-based invoicing in EUR. Peppol BIS Billing 3.0 supported.
From 4,500 EUR/month for 2 days of senior CTO advisory per month. Active and Embedded tiers at 8,000 and 14,000 EUR/month.
Within 48 hours of inbound. 45 minutes with a senior engineer and commercial lead, NDA on request, no slide-deck pitch.
Written proposal in 5 to 7 business days with team profile, ramp plan, and price. Optional on-site visit to your Brussels office or institution premises for stakeholder alignment.
MSA + DPA signed, pod onboarded into your Jira, Slack, and git in week one. First production-quality PRs in week three or four.
Weekly delivery review, bi-weekly sprint demo, monthly written status, quarterly on-site for embedded teams. Scale up or down with 30 days notice.
Yes. We work with prime contractors and integrators delivering to the European Commission (DG CONNECT, DG DIGIT, DG FISMA), the European Parliament, the Council of the EU, ENISA, EUIPO, eu-LISA, and the European Central Bank. We are familiar with eTrustEx, the European Interoperability Framework (EIF), TESTA-ng, EU Login, and the EC's reuse policy for software. We sign confidentiality undertakings aligned to EU classified-information rules where applicable and have shipped GovTech components used in production by EU agencies.
Yes — this is the Brussels-specific specialty. The EU AI Act entered into force in August 2024, with prohibitions applying from February 2025, GPAI rules from August 2025, and high-risk obligations from August 2026. The AI Office sits within DG CONNECT in Brussels. We classify systems by risk tier, build the technical documentation pack required by Annex IV, support conformity assessment routines, and design post-market monitoring telemetry. We also work on DSA and DMA reporting tooling for VLOPs and gatekeepers, and on DORA tooling for financial entities.
Dedicated team retainers start at 12,000 EUR per month for a 2-person pod and scale to 45,000 to 80,000 EUR per month for a 6 to 9 engineer squad. Fixed-scope MVPs from 25,000 EUR. Fractional CTO from 4,500 EUR per month. All invoicing in EUR from our German GmbH, with Belgian BTW/TVA reverse-charged under EU intra-Community VAT rules. Three-month minimum, then month-to-month with 30 days notice. For EU framework contracts we adapt invoicing terms (NET 30 / NET 60) and accept eInvoicing via Peppol BIS Billing 3.0.
Yes. For Belgian private-sector clients we work to GDPR plus the Belgian DPA's (APD/GBA) guidance. For EU-institution work we work to Regulation 2018/1725 (the GDPR for EU institutions) supervised by the European Data Protection Supervisor (EDPS), and we sign confidentiality and data-handling clauses aligned to EU institutional standards. For financial entities we work to DORA, supervised in Belgium by the NBB and FSMA. We are GDPR-aligned, ISO 27001 ready, SOC 2 Type II in progress.
Discovery call within 48 hours of inbound. Proposal in 5 to 7 business days. Kickoff in 2 to 3 weeks after signature, including a first on-site visit to your Brussels office or the relevant institution premises for architecture alignment. Quarterly on-site visits for embedded teams are included in the retainer. Brussels is 80 minutes by train from our European hubs and a direct flight from any major EU capital, so ad-hoc visits for institution meetings, board demos, or vendor selections are a same-day trip.
