Thales Blog

Thales & LuxTrust: A Partnership for Data Sovereignty and Compliance

May 21, 2024

Romain Deslorieux Romain Deslorieux | Director, Strategic Partnerships | Thales More About This Author >

With the recent publication of Regulatory Technical Standards (RTS) under Digital Operational Resilience Act (DORA) by the European Supervisory Authorities (ESAs), the critical role of robust cryptography management in mitigating ICT risk has been firmly established. Businesses must prioritize this area, particularly when collaborating with third-party providers, ensuring compliance and maintaining a secure digital landscape.

Many organizations are strategically partnering with specialized Managed Security Service Providers (MSSPs) as they recognize the complexity of managing cryptographic keys and encryption processes. As a leading technology provider in the security domain, Thales is delighted to work with MSSPs like LuxTrust to deliver cutting-edge solutions that address these critical needs.

LuxTrust, a trusted provider of certified identity and digital signature services in Luxembourg, is at the forefront of this movement. Their new sovereign key management service empowers organizations to manage cryptography in a regionally-focused manner, ensuring full control and data sovereignty.

Pierre Grasset, Chief Commercial Officer at LuxTrust, and I discussed this partnership in more detail. Let's dive in!

Q: What is LuxTrust, and what services do you offer?

LuxTrust is a leading digital identity and trust service provider based in Luxembourg. We are dedicated to creating a secure and efficient digital landscape. Here's a breakdown of our core offerings:

  • Digital Identity: We empower nearly one million users in Luxembourg and across borders with secure digital identities, facilitating seamless online interactions.
  • Trust Services: In compliance with the eIDAS Regulation, we provide essential trust services, including electronic signatures, electronic seals, timestamping, electronic registered delivery services, and validation of electronic signatures and seals.
  • Software Solutions: Our comprehensive suite of software solutions includes:
    • An electronic signature platform for streamlined contract and document signing.
    • A collaborative platform promoting secure teamwork.
    • An archiving platform ensuring long-term data preservation and protection.
    • A data management platform for efficient data organization and governance.
    • A consent management platform prioritizing user privacy and control.

Since our founding in 2005, our team has grown to over 120 employees, and in 2023, we achieved a significant milestone of 25 million euros in revenue. We've seen exceptional growth over the past four years, adding 10 million euros to our revenue.

Our solutions are designed with two primary goals: seamless document lifecycle management and robust data sovereignty to empower users and organzations in the digital world.

Q: How would you define LuxTrust's strategic positioning in the market?

Our strategic positioning centers on reinforcing our credentials as an EU Qualified Trust Service Provider and a systemic operator within Luxembourg. We leverage our profound expertise in managing public key infrastructure as a core competitive advantage.

We believe our control over the chain of trust, coupled with our specialized knowledge, are fundamental success factors for businesses seeking robust cybersecurity. Our partnerships with Thales, a global security leader, and POST, a dominant force in Luxembourg's ICT market, provide the essential elements for delivering best-in-class solutions and managed services.

Q: Why did LuxTrust partner with Thales and POST Luxembourg on providing a solution which solves needs around Data Sovereignty and Cloud Key Management?

Our decision to partner with Thales and their Key Management Solution called CipherTrust and POST Luxembourg was based on several compelling factors:

  • Strong Foundations: Both Thales and POST Luxembourg are our trusted, long-standing partners. LuxTrust's core assets rely on Thales technologies, and POST is our primary shareholder.
  • Technology Leadership: We see Thales as a security innovator, and CipherTrust Manager promises to be a hub for future advancements in the critical field of data sovereignty and protection.
  • Market Expertise: POST is highly regarded in Luxembourg for its expertise in ICT services and its leadership in the security domain.
  • Strategic Alignment: This partnership complements our existing solutions and strengthens our focus on data sovereignty.
  • Shared Values: The fact that Thales and POST are 100% European companies aligns with our priorities and provides a key differentiator in the market.

This collaboration underscores our commitment to providing our clients with cutting-edge security solutions powered by trusted industry leaders.

Q: What key problems does the partnership with Thales help LuxTrust address?

Our partnership with Thales empowers us to tackle several critical challenges faced by our clients:

  • Regulatory Compliance: The partnership ensures robust alignment with evolving EU regulations like DORA and its accompanying Regulatory Technical Standards (RTS), NIS2, and GDPR. Additionally, it supports compliance with the CSSF (Commission de Surveillance du Secteur Financier) circular in Luxembourg, which emphasizes encryption.
  • Enhanced Data Protection: Thales' CipherTrust Data Security Platform gives our clients greater control and visibility over the life cycle of their sensitive data and encryption keys across hybrid IT and multi-clouds, maximizing data protection, cyber resilience and digital sovereignty. This capability is often referred to as Bring Your Own Key Management System (BYO-KMS or BYOK).
  • Expertise and Outsourcing: The partnership allows LuxTrust to offer a managed service model, providing clients access to specialized expertise in encryption and key management. This enables them to outsource these complex tasks and focus on their core business operations.

Q: What makes LuxTrust stand out in the competitive cybersecurity landscape?

We offer a unique combination of advantages that set us apart:

  • Regulatory Credentials: We are an EU Qualified Trust Service Provider (, adhering to the rigorous standards of the eIDAS regulation. Our presence on the EU Trusted List underscores the legitimacy of our services.
  • Proven Track Record: Our status as a systemic operator in Luxembourg demonstrates our capacity to handle a massive volume of transactions (over 200 million annually), a testament to our scalability and reliability.
  • Cryptographic Expertise: We possess expert knowledge and experience managing Public Key Infrastructure (eIDAS certified PKI), the backbone of secure online transactions.
  • EU-Centric Identity: As a 100% European Union company, we offer solutions that prioritize our EU clients’ data protection and sovereignty concerns.
  • Foundation of Trust: Our core values of security, trust, confidentiality, and conformity are deeply embedded in our company's DNA.
  • Comprehensive Service: We go beyond simply offering a solution. Our fully managed services model provides ongoing expert support and peace of mind for clients.

More information and further reading