Merkur regularly highlights the growing dynamism of Luxembourg’s entrepreneurial landscape by featuring creative startups. Among the featured entrepreneurs is Leonhard Kossmann, founder and CEO of Fundvis. The startup has developed an artificial intelligence platform dedicated to third-party provider oversight for regulated financial institutions. With Fundvis, AI becomes a structuring lever for proactive, continuous and automated compliance, positioning Luxembourg as a key player in RegTech innovation in Europe. Interview with Leonhard Kossmann.
Fundvis is building the next generation of AI-powered operational resilience and third-party risk management.
Every organisation today depends on external providers, cloud services, software vendors, consultants and outsourcing partners. As regulations like NIS2, DORA and the AI Act continue to expand, companies are becoming responsible not only for their own operations but also for the resilience, security and governance of their entire supplier ecosystem.
Our AI-powered platform replaces fragmented spreadsheets, emails and manual processes with one intelligent system that automates supplier onboarding, due diligence, risk assessments, continuous monitoring, KPI tracking, incident management and regulatory reporting. Instead of treating compliance as an annual exercise, Fundvis enables organisations to continuously monitor their operational resilience while reducing manual effort through AI-driven automation.
The idea grew naturally from our daily work with banks, insurance companies, investment funds and many other regulated organisations across Europe. Over the years, we have worked alongside clients operating under the supervision of both national and European regulators, giving us a firsthand view of how organisations manage increasingly complex regulatory requirements.
What we observed was that the challenges were no longer unique to financial services. Regulations such as NIS2 clearly demonstrate that operational resilience and third-party oversight have become priorities for organisations across many industries. Whether you are a manufacturer, healthcare provider, energy company, technology firm or public authority, regulators increasingly expect organisations to understand, monitor and govern the risks introduced by their external providers.
Coming from one of the world’s most highly regulated industries, we realised that the best practices developed in financial services could be transferred to many other sectors. We combined this regulatory expertise with artificial intelligence to build a platform that automates third-party oversight, simplifies compliance and continuously monitors operational resilience.
Our mission is to make the governance standards and operational resilience practices that have been established in financial services accessible to every industry facing the same regulatory challenges.
Because regulations have been continuously growing in number and complexity since we started our company on 2022.
The recent implementation of NIS2 in Luxembourg is a perfect example. Thousands of organisations, not just banks or critical infrastructure operators, are now expected to understand the risks posed by their suppliers and service providers. Management itself has become directly responsible for operational resilience and cybersecurity governance.
At the same time, DORA, the AI Act, GDPR updates and other European regulations all point in the same direction: organisations must continuously demonstrate that they know who their critical providers are, monitor them, manage incidents and maintain evidence for regulators.
Companies simply cannot manage this complexity with spreadsheets anymore. AI makes it possible to automate much of the operational work while giving management a real-time view of risk.
Luxembourg combines three things that are difficult to find elsewhere.
First, it is one of Europe’s leading financial centres, where operational resilience and regulatory compliance are business-critical.
Second, Luxembourg is often among the first countries to implement European regulations, creating an ideal environment to develop practical solutions alongside regulated institutions and supervisory authorities.
Third, Luxembourg offers a unique innovation ecosystem where startups, regulators, financial institutions and technology companies collaborate closely. Building in Luxembourg allows us to validate our solutions in one of Europe’s most demanding regulatory environments before scaling internationally.
Our next step is to bring the expertise we have built in one of Europe’s most highly regulated industries to organisations facing similar challenges for the first time.
For years, we have helped banks, insurance companies and investment funds manage operational resilience, third-party risk and regulatory oversight. Today, regulations, such as NIS2, are extending these same expectations to thousands of organisations across sectors including healthcare, energy, manufacturing, telecommunications and the public sector.
We see this as a unique opportunity to support these organisations on their regulatory journey. Rather than asking them to reinvent the wheel, Fundvis enables them to benefit from proven best practices, modern governance processes and AI-powered automation that have already been established in financial services.
We are actively looking to collaborate with companies, industry associations and public institutions to help them address these emerging regulatory challenges together. Our ambition is to become the trusted AI partner for operational resilience and third-party governance across Europe, regardless of industry.
In ten years, we want Fundvis to become the trusted operating system for organisational resilience.
Whenever an organisation wants to onboard a supplier, assess operational risks, monitor service providers, manage incidents or demonstrate compliance, Fundvis should be the platform they naturally use.
Artificial intelligence will handle routine governance work automatically, continuously monitoring providers, analysing documentation, tracking KPIs and identifying risks long before they become business problems.
Ultimately, we envision a future where operational resilience is no longer reactive but predictive and where organisations across every regulated industry can manage complex regulatory requirements with confidence.
Every modern organisation depends on external providers. Those providers often operate critical IT systems, process sensitive information or support essential business functions. Their risks quickly become your risks.
Fundvis guides organisations through the complete lifecycle, from supplier onboarding and due diligence to risk classification, continuous monitoring, KPI analytics, incident management and regulatory reporting. AI continuously analyses supplier information, highlights missing evidence, identifies potential risks, automates stakeholder interactions and helps organisations maintain continuous oversight instead of performing annual reviews.
Although the platform was initially designed for financial institutions addressing regulations such as DORA, the same technology is now highly relevant for organizations affected by NIS2 and other resilience regulations.
In simple terms, we help organisations answer one fundamental question: » Can we trust the companies we depend on today, and tomorrow?«
Receiving the Luxembourg AI Excellence Award is an important milestone because it validates our belief that artificial intelligence should solve real business problems, not just automate existing processes. For us, AI is about helping organisations make better decisions by transforming complex regulatory requirements into simple, continuous workflows. It reduces manual work, improves transparency and allows management to focus on strategic decisions rather than administrative tasks.
The award also highlights Luxembourg’s role as a leading innovation hub for trustworthy AI and financial technology.
Most importantly, it motivates our team to continue building technology that helps organisations become more resilient, more transparent and better prepared for an increasingly interconnected and regulated world.

And the winner is...
The 2026 Luxembourg AI Excellence Awards ceremony was held as part of the Nexus Luxembourg Platform 2026 conference, attended by Elisabeth Margue, Minister Delegate to the Prime Minister for Media and Connectivity. The event brought together numerous representatives from the business, institutional, and innovation sectors, as well as the jury members and winners of the 2026 edition.
Launched in 2025 by FEDIL, in partnership with Luxinnovation and with the support of the Chamber of Commerce, the Luxembourg AI Excellence Awards aim to promote and highlight excellence in artificial intelligence in Luxembourg. They recognise innovative projects, concrete technological advances, and AI applications that generate a measurable impact on the economy, society, or the environment.
For this second edition, 47 applications were submitted by companies and organizations active across a wide range of sectors. Following a rigorous evaluation, the winning projects were selected by a jury composed of experts from the public and private sectors, based on criteria including the innovative nature of the solutions, the effective use of artificial intelligence technologies, their level of maturity, and their potential impact.
Fundvis wins the Luxembourg AI Excellence Aaward 2026 – Category « AI for Finance ».
As regulatory complexity increases and supervisory expectations intensify, many market players still rely on fragmented processes based on spreadsheets, email exchanges and manual data aggregation and analysis.
Fundvis places AI at the core of the compliance framework by structuring the entire third-party lifecycle – onboarding, due diligence, risk assessment, continuous monitoring and regulatory reporting – within a single, audit-ready environment. The platform relies on an AI agent architecture combining document analysis, natural language processing, automated workflow orchestration and rule-based validation aligned with regulatory frameworks, while maintaining a strict human-in-the-loop model.
Already commercialised and used by several financial sector players, the solution strengthens operational risk control, traceability and regulatory alignment.









