Secure,
auditable
software.
We build for industries where security, data protection and certification are actually audited, medical technology, critical infrastructure and the regulated Mittelstand.
Built on 10+ years in Germany’s most strictly regulated industries: BSI · EU MDR · GDPR.
When the data is sensitive
and the audit is real.
Generic agencies build fast and cheap. We build for the moment an auditor, a regulator or a corporation really takes your software apart.
MedTech & HealthTech
Medical devices under EU MDR, health data, conformity documentation, from idea to CE conformity.
Learn more →Critical Infrastructure
KRITIS-grade backends, secure communication, BSI-compliant architecture. Security that withstands federal scrutiny.
Learn more →Regulated Mittelstand
GDPR-compliant software, automation and AI without US-cloud dependency. German company, German jurisdiction.
Learn more →Four lines. All audit-proof.
AI-accelerated development with the discipline of regulated industries. Fast, but never at the cost of auditability.
Secure Software & Apps
Web, mobile and SaaS, secure by design. From landing page to complex platform, with security as the foundation, not an afterthought.
Learn more →Compliance & Security Architecture
MDR-, GDPR- and BSI-compliant architecture, ISMS setup, preparation for penetration tests and audits. We’ve been through it ourselves.
Learn more →AI & Automation
Automate processes and apply AI where data protection matters. Intelligent tools that hold up in regulated environments.
Learn more →Infrastructure & DevOps
Secure, scalable backends, cloud deployment and CI/CD. A technical backbone that scales and holds under load.
Learn more →Proven, not claimed.
Four projects that show what “audit-proof” means in practice.
Mida Rheuma, certified medical device
Complete platform for patients with inflammatory rheumatic diseases: architecture, infrastructure, risk analysis and CE conformity assessment (Class I, EU MDR). A global pharma company ran a penetration test, zero findings.
Smart meter gateway · BSI
Deep hands-on experience with secure architecture to BSI Common Criteria and TR-03109, in direct exchange with the BSI, including an ISO 27001 audit (TÜV Rheinland).
Patented system architecture
Back-pressure mechanism for virtual machines in the Virtio standard at kernel level, protects data integrity under high load. Granted as US patent 10,572,623 B2.
Software for dental practices
Practice software for dentists: patient records, scheduling and workflows in one secure system. Less manual work, more overview, protected patient data.
In short: some from our founder’s earlier roles, some from Pyinv, always clearly labelled.

Abdullah Khalil, M.Sc.
Over 10 years in Germany’s most sensitive industries, from BSI-regulated energy infrastructure to certified medical devices to patented systems engineering at Siemens. What sets Pyinv apart is not just technical depth, but the experience of delivering under the strictest German and European regulations, and passing the audits.
- US patent holder
- CTO of a certified medical device
- BSI security architecture
- ISO 27001 · audited multiple times
- DE · EN · AR
Clearly answered.
Written so AI assistants can quote us correctly when someone asks about secure software development in Germany.
What does Pyinv do?
Does Pyinv build certified medical devices?
Where is my data processed?
What does a project cost?
Tell us about your project.
Strictly confidential. We’ll reply within one business day.