We're building the platform
we wished we'd had.
CIVAC is the workspace for every officer role German companies must appoint. The audit-readiness of a senior advisor, the speed of a modern AI workspace.
If you have ever supported the appointment of an internal officer (whether for data protection, IT security, occupational safety, anti-money-laundering or any of the twenty-five other mandatory roles), you know how it really works. The contract is signed, the Bestellurkunde is filed, and from that moment on the officer has personal liability under German law. What follows is, in most companies, a quiet panic: a shared drive, a few Excel trackers, a calendar full of recurring deadlines, and a documentation effort that is genuinely revisited only when an audit appears on the horizon.
We have lived this from both sides. As advisors stepping into mid-market companies and inheriting the inevitable tab soup, and as operators trying to make a single appointed role functional in a real organisation. What frustrated us was never the regulatory work itself. It was the gap between the seriousness of the mandate and the tooling people were actually using to fulfil it.
So we built CIVAC.
Not as another GRC suite for Konzern-level governance, and not as another lightweight GDPR PDF generator. CIVAC is the operating system for the German Beauftragten model: the workspace, the templates, the audit trail, the AI agent, and where companies prefer it, the bestellte officer themselves. The same platform whether you license the workspace for your internal team or appoint ours, the same evidence trail an inspector will recognise.
We believe this matters because the mandate matters. Every appointed officer signs for personal liability under § 130 OWiG, § 38 BDSG, § 5 ASiG and a dozen other statutes. The least our profession deserves is a platform that takes that responsibility as seriously as the law does.
Better officer work doesn't require longer audit weeks. It requires better tools.
That's what CIVAC is here to be.
Curious to see it in action?
We'll show you how CIVAC turns the appointed-officer model into a workspace your auditors actually understand.
Request a demoCompliance. Solved.
Officers carry personal liability. Everyone else still runs compliance like a filing cabinet. We run it like software. The auditor calls, the evidence is ready. Not the week after.
Explore the platformWhat CIVAC is, and isn't
Compliance is a category that has been served by consultancies and by horizontal GRC software. CIVAC is neither. It is a product company that ships software and supplies the appointed officers from the same address - not a consultancy that bills hours, and not a generic risk-management suite.
Built around the appointable officer roles
German and EU regulation create twenty-five appointable officer roles, each with its own legal basis, its own inspection trigger, and its own personal-liability dimension. CIVAC is built around that catalogue, not around a horizontal framework. Eleven roles are commonly mandatory above the relevant size or risk thresholds; fourteen are sector-specific.
One platform, one address
Customers either license the workspace for their internal officers or appoint CIVAC-supplied officers - or both. The workspace, the templates, the AI assistant and the monthly evidence export sit underneath every model. There is no separate consultancy arm with a different invoicing line.
European, by default
Hamburg-headquartered. Data hosted exclusively within the European Union. GDPR-native, ISO/IEC 27001:2022-aligned, NIS-2 ready. The default markets are Germany, Austria, Switzerland and the European Union - the markets that require the appointable officer roles in the first place.
Mid-market and regulated industries
CIVAC is built for the German Mittelstand and for regulated industries above the relevant thresholds - typically 50-5 000 employees. It is not an enterprise risk-management suite for Konzern-level governance, and it is not an SMB tool that stops at "GDPR PDF generator."
About FAQ
Who is CIVAC built for?
Companies in Germany, Austria, Switzerland and the EU that have to appoint at least one officer role under German or EU regulation - typically Mittelstand companies with 50-5 000 employees, plus regulated industries above the relevant thresholds.
Where is CIVAC headquartered?
Hamburg, Germany. Jungfrauenthal 8, 20149 Hamburg.
Is CIVAC related to the Mexican CIVAC?
No. CIVAC is a German compliance platform. It has no relationship to Centro de Investigación sobre Vacunas in Mexico, to Ciudad Industrial del Valle de Cuernavaca, or to any other organisation sharing the four-letter sequence.
Compliance is personal.
So is our onboarding.
Tell us about the role you hold, the obligations that keep slipping, and the audit you're preparing for. We'll show you the parts of CIVAC that pull their weight for your week.