On-Premise · Enterprise

Bank-grade document validation, on your infrastructure

The full Sealium engine deployed inside your network. Docker-based, works with your existing identity provider, zero external document transmission.

Your infrastructure

Your IdP

Azure AD · Okta · any OIDC provider

JWT

Sealium · Docker

engine:8081

backend:8080

FTP serverwatch-dir

S3 / MinIO

API callREST

batch source

No external connections · documents never leave your network

Full control. Full compliance.

Data sovereignty

Your documents are processed and validated entirely within your infrastructure. Nothing leaves your network.

Regulatory compliance

Meet strict data handling requirements for banking, insurance and public sector. GDPR-compliant by architecture.

Integration

Works with your existing identity provider. Azure AD, Okta, PingFederate — configure in one environment variable. No additional identity infrastructure required.

Built on proven EU technology

EU DSS 6.4

Powered by the European Commission's reference implementation for electronic signature validation. The same engine used by national supervisory bodies across the EU.

TLv6 compliant — mandatory from April 2026

EU List of Trusted Lists

Validates against the official EU List of Trusted Lists — 31 member state trusted lists, refreshed daily.

QES designation only for certificates from EU-listed QTSPs.

Hungarian specialisation

First-class support for KRX containers, DÁP qualified signatures, Microsec e-Szigno and NMHH certificates. AVDH-authenticated documents validate out of the box as standard PAdES/ASiC. The only platform with native multi-document KRX validation.

Deploy in minutes

One docker compose up and you're running.

docker-compose.onprem.yml

# docker-compose.onprem.ymlservices:  engine:    image: registry.sealium.eu/engine:latest  backend:    image: registry.sealium.eu/backend-onprem:latest    environment:      LICENSE_KEY: ${LICENSE_KEY}      ENGINE_URL: http://engine:8081      DATABASE_URL: ${DATABASE_URL}      OIDC_ISSUER_URI: ${OIDC_ISSUER_URI}      OIDC_AUDIENCE: ${OIDC_AUDIENCE}      STORAGE_TYPE: ${STORAGE_TYPE}      # S3 vars:      S3_ENDPOINT: ${S3_ENDPOINT:-}      S3_BUCKET: ${S3_BUCKET:-}      S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}      S3_SECRET_KEY: ${S3_SECRET_KEY:-}      # FTP vars:      FTP_HOST: ${FTP_HOST:-}      FTP_PORT: ${FTP_PORT:-21}      FTP_USER: ${FTP_USER:-}      FTP_PASSWORD: ${FTP_PASSWORD:-}      FTP_WATCH_DIR: ${FTP_WATCH_DIR:-/incoming}      FTP_PROCESSED_DIR: ${FTP_PROCESSED_DIR:-/processed}      # Webhook (optional):      WEBHOOK_URL: ${WEBHOOK_URL:-}      WEBHOOK_SECRET: ${WEBHOOK_SECRET:-}  ui:    image: registry.sealium.eu/ui-onprem:latest  postgres:    image: postgres:16   # reports + job queue — no Redis needed

License key issued after contract signing. Docker images pulled from our private registry.

Azure AD, Okta & any OIDC provider

FTP watch-dir batch

S3 / MinIO integration

Webhook callbacks

Full audit logging

Auto license renewal

Network isolated

eIDAS compliant

SaaS vs On-Premise

Feature	SaaS API	On-Premise
Document validation
All eIDAS formats
KRX multi-document
DÁP qualified signatures
QES detection
Report storage (JSONB)
Search & filter	PRO+
Batch processing	BUSINESS+
Webhooks	BUSINESS+
FTP source polling
S3 source polling
OIDC SSO (Azure AD, Okta)
Data stays on-premise
Custom SLA	ENTERPRISE
Air-gapped deployment

What's coming

Q2 2026Now
- SaaS API platform live
- KRX, QES, all eIDAS formats
Q3 2026
- On-premise v1 release
- Docker package, OIDC SSO, FTP batch
Q4 2026
- S3/MinIO source adapter
- Webhook delivery, compliance export
Q1 2027
- ISO 27001 certification started
- CEE market expansion
Q2 2027
- ISO 27001 complete
- eIDAS 2.0 / EU Digital Identity Wallet

Request full roadmap

Talk to our team

We'll get back to you within one business day.