Digital security was long conceived as a defensive layer added to information systems: antivirus software, firewalls, and intrusion detection systems. While this model remains essential, it is increasingly showing its limits as software architectures become more distributed and data volumes continue to grow.
Cloud computing, artificial intelligence, process automation, and the proliferation of APIs have profoundly transformed information flows. Data now circulates continuously between applications, cloud infrastructures, partners, and third-party services. In such an environment, security can no longer be limited to protecting IT perimeters; it must be embedded directly within system architectures.
It is in this context that a new generation of European startups is emerging with the ambition of building the technological building blocks of what some describe as the digital trust infrastructure. Their approach is no longer limited to defending systems against attacks, but rather to designing architectures in which sensitive data remains protected by default, often through cryptographic mechanisms embedded directly into software.
Several technological domains converge in this transformation: advanced encryption, digital identity management, the protection of critical communications, and the securing of cloud infrastructures and endpoints. Together, these technologies are gradually forming a new layer of the digital stack.
Among the companies illustrating this shift are Evervault, Zama, Evertrust, Quantum Industries, Mirror Security, Soverli or XFA. Although they operate across different segments of cybersecurity, they all contribute to building a digital architecture in which trust relies less on external control mechanisms and more on the technical properties of the systems themselves.
Evervault: embedding encryption into application architectures
Founded between Dublin and New York, Evervault develops a developer-focused platform that enables the encryption and orchestration of sensitive data directly within applications. The company provides tools to collect, process, and transmit critical data without it ever appearing in plain text within corporate infrastructures.
This approach is based on a simple idea: minimizing the situations in which sensitive data travels in readable form within information systems. According to Shane Curran, founder and CEO of the company: “Most compliance frameworks assume that sensitive data will exist somewhere in plaintext. But in an environment where data moves automatically and at high speed, that becomes a vulnerability.”
Evervault positions itself as an infrastructure layer enabling companies to handle sensitive data—particularly in payments—while limiting exposure to security and compliance risks.
The startup recently announced a €21 million Series B funding round led by Ribbit Capital, with participation from Sequoia Capital and Index Ventures. This financing brings the company’s total funding to €39 million.
The funds will be used to expand its encryption infrastructure, accelerate product development, and grow its engineering teams.
The company initially focused on payments, one of the most highly regulated environments in the digital economy. Its platform combines encryption, 3D-Secure authentication, tokenization, and card data enrichment within a single integration.
Evervault reports already processing several billions of euros in transactions and generating more than 100 million encrypted tokens each month, while allowing its customers to significantly reduce their PCI compliance costs.
For Shane Curran, the ambition goes beyond application-level security: “We are building infrastructure that allows companies to never handle sensitive data in plaintext, starting with card payments and gradually extending encryption to digital wallets, identity, and healthcare.”
Zama: computing without ever decrypting data
In Paris, the startup Zama is working on a particularly ambitious cryptographic technology: Fully Homomorphic Encryption (FHE).
This technique makes it possible to perform computations directly on encrypted data without ever decrypting it during the process.
Although this approach remains computationally demanding, it opens the possibility of running operations on confidential data while preserving full confidentiality. Potential applications include finance, cloud infrastructure, artificial intelligence, and blockchain systems.
Founded by Rand Hindi and cryptographer Pascal Paillier, Zama builds on decades of academic research in advanced cryptography. The company develops tools designed to integrate these technologies into industrial environments, particularly in the ecosystem of smart contracts and decentralized applications.
Evertrust: industrializing digital identity management
The security of digital infrastructures also relies on a largely invisible element: the digital certificates that authenticate systems and secure communications.
The French startup Evertrust specializes in the management of public key infrastructures (PKI) and the lifecycle of digital certificates. Its platform enables organizations to automate the creation, renewal, and governance of their cryptographic certificates.
Within large IT infrastructures, these certificates can number in the tens of thousands. Managing them has become a significant operational challenge for enterprises, particularly in cloud and DevOps environments.
Evertrust therefore develops tools that centralize and automate certificate management in order to reduce the risks associated with expired or misconfigured certificates, which remain among the most common causes of security incidents.
Quantum Industries: securing communications in the quantum era
Some European startups are focusing on a more distant technological horizon, such as securing communications in the face of emerging quantum computing.
The Austrian company Quantum Industries develops quantum-secure communication technologies designed for critical infrastructure. These systems rely in particular on techniques such as quantum key distribution, which can detect any attempt to intercept a communication.
The objective is to create networks capable of securing exchanges between data centers, energy infrastructures, or government systems against future cryptographic threats.
Mirror Security: protecting AI data pipelines
The Irish startup Mirror Security focuses on the protection of artificial intelligence systems.
AI models now process large volumes of data coming from multiple sources: document repositories, customer datasets, operational streams, or user-generated content. Securing these pipelines is becoming a major challenge for organizations.
Mirror Security develops encryption and data-flow protection technologies designed to secure these environments while still allowing them to be used by AI models.
Soverli: securing smartphones beyond the operating system
The Swiss startup Soverli works on another critical link in digital security: mobile devices.
The company develops a security layer designed to protect communications and sensitive data on smartphones, even when the operating system itself has been compromised.
This approach is particularly aimed at government, diplomatic, or industrial environments where the compromise of a mobile device could expose sensitive information.
XFA: mapping the invisible devices within corporate networks
Finally, the Belgian startup XFA addresses a problem that has become common in modern digital environments: the presence of unidentified devices within corporate networks.
Remote work, cloud services, connected devices, and personal endpoints have multiplied the number of access points to IT systems. As a result, some devices may access infrastructures without being properly identified or secured.
The platform developed by XFA makes it possible to detect these devices, map potential attack surfaces, and improve security governance in hybrid environments.
A silent transformation of digital architecture
These companies do not operate on the same technologies. Some develop fundamental advances in cryptography, others build digital identity infrastructures or endpoint security solutions.
Yet all of them contribute to the emergence of a digital architecture in which trust becomes an intrinsic property of information systems.
As data volumes continue to grow and architectures become increasingly distributed, this technological layer could play a central role in the future organization of the digital ecosystem. The startups currently developing these technical building blocks are therefore helping to reshape the very foundations of global digital infrastructure.
