A seal is a promise
you can inspect.
Sceau is the French word for the wax seal — the oldest technology for proving that a record is authentic and untouched. That is the whole idea of this company, applied to risk management.
Why we built it
Sceau Risk comes out of years spent on the practitioner side of the table: CISSP- and CRISC-certified security and risk work for Belgian financial institutions, national infrastructure and public bodies, alongside building data platforms that had to survive real audits. From that seat, the pattern in enterprise GRC tooling became impossible to unsee: the more expensive the platform, the more of its intelligence lived in the brochure.
Coverage percentages that anyone could declare. Heat maps that translated to no number a CFO could budget against. "Predictive risk" that was a dashboard filter. Audit logs sitting in ordinary tables, editable by whoever held the keys. Meanwhile the actual regulatory ground — NIS2, DORA, the AI Act, AMLR, CSRD — kept hardening, and mid-sized European institutions were asked to meet it with either a spreadsheet or a seven-figure implementation project.
So we built the platform we kept wishing existed, around three rules that every feature must pass:
Derived, never declared.
Explainable, never oracular.
Sealed, never editable.
Framework coverage is computed from tested control effectiveness — it cannot be ticked into existence. Every score, forecast and recommendation decomposes into visible factors and stated assumptions. And the record itself is cryptographically chained, so "who changed what, when" is a mathematical question with a mathematical answer.
Who we are
Galactic Automation BV
An independent Belgian software company (KBO 0768.244.354) based in Zottegem, East Flanders, specialising in IT, AI and cybersecurity. We build and operate a family of EU-sovereign compliance products — including Sceau, our anti-money-laundering platform for obliged entities under AMLR 2027 — all on the same principles: European infrastructure, database-enforced isolation, and mechanisms a supervisor can inspect.
Founder
Stijn Van Hijfte — security and risk practitioner (CISSP, CRISC, IAPP Data Protection), data engineer, and published author on distributed-ledger technology. Fifteen-plus years across banking, rail, government and industry in Belgium, on both sides of the audit: building the systems and defending them to the second and third line.
How we work
Small, senior, product-led. We ship in verified increments — every release note in our changelog corresponds to behaviour we demonstrated end-to-end before writing the note. Founding customers talk to the people who wrote the code, and roadmap arguments are settled by evidence, not seniority.
What we refuse
No customer data outside the EU — ever; and EU-owned infrastructure end-to-end (Hetzner) for those who require it. No third-party trackers — on the product or on this website. No dark-pattern renewals. No AI features that act without review or answer without citations. No feature that fails the three rules, however good the demo would look.
Contact
Galactic Automation BV
Wijnhuizestraat 44, 9620 Zottegem, Belgium
Enterprise number (KBO/BCE): 0768.244.354
General & sales: hello@sceau.eu
Privacy: privacy@sceau.eu ·
Security reports: security@sceau.eu
We answer security disclosures within two business days and won't take legal action against good-faith research conducted responsibly.