Methodology Domains Experts Stages Services Risk Register FAQ
Talk to an Expert
Technical Due Diligence for VC & Corporates

We separate the Science

from the Science Fiction.

Until you open the box, deep tech is a black box. Groundbreaking science and sophisticated science fiction look identical — and a single technical oversight can wipe out an entire investment.

Request a Due Diligence See how it works
Expert backgrounds
ETH Zürich EPFL Imperial College London Google IBM World Economic Forum Unit 8200
0
tech due diligences & reviews combined experience
0
Deep tech domains
0
Investment stages covered
0
Evaluation dimensions
The Problem

Deep tech is a black box — until it isn't.

Groundbreaking science and sophisticated science fiction look remarkably similar from the outside. Traditional due diligence tools each miss critical dimensions of the picture.

  • A patent can be legally valid but technically unenforceable
  • Code can match the pitch but fail under real-world conditions
  • Key technical staff may have already left the company
  • A single technical oversight can wipe out an entire investment
The Solution

Like an X-ray machine, we see the details that matter.

We give you the technical clarity to act with confidence — whether you are making an investment decision, strengthening a portfolio company, or preparing your team.

  • 360° assessments: Technology, Business, and People
  • Every audit led by a PhD-level, domain-specific expert
  • Adapted to your stage — Pre-seed through M&A
  • Deliverables you can act on, not just academic reports
Our 360° Methodology

Technology, Business, and People

A technical due diligence that only looks at code misses the full picture. We evaluate all three dimensions that determine whether a deep tech startup will actually succeed.

Dimension 01

Technology

What the methods, code, data, and results actually mean. Is the approach defensible? Is the architecture scalable? Do the claims hold up under independent scrutiny?

Dimension 02

Business

How the technology can solve real problems and create commercial value. Does it address the stated use case? Could it be applied elsewhere or sold as separate products?

Dimension 03

People

Skillset, team cohesion, and transparency. Have key people left? Is the team capable of executing the roadmap? Are they being straight with you?

We evaluate
Defensibility
How difficult is it to replicate? Is there a real moat, or is this an off-the-shelf approach with a good story?
We evaluate
Scalability
How well will the technology follow growth? Will the architecture hold under production load?
We evaluate
Claims
Do experiments reflect real-world performance? Does the code match what was presented? Are benchmarks rigorous?
We collaborate with
Legal & Financial
We work alongside your legal and financial due diligence teams for complete, integrated coverage.
Positioning

The Technical Assurance Matrix

Other approaches either lack technical rigour or lack commercial context. We sit at the intersection of both — which is exactly where deep tech investment decisions live.

→ High technical rigour Low technical rigour ←
Purely Academic
University / Research Labs
Focus: Scientific feasibility and proof of concept. Limitation: Verifies science is possible but ignores commercial applicability, scalability, and technical debt.
★ Where we operate
Applied Deep Tech
Focus: Commercial viability, IP defensibility, code-level risk, exit readiness. Value: Fuses fundamental science with business targets.
Deep Tech Experts
Generalist Overlap
IT Consultants
Focus: Unstructured general IT reviews. Limitation: Irrelevant for complex deep tech — lacks scientific rigour and commercial direction.
Procedural Compliance
Big 4 / In-House M&A
Focus: Legal, financial, and organisational audits. Limitation: Checks the process, not the code. Fails to identify tech fraud or assess IP value.
← Low commercial context High commercial context →
Adapted to Your Stage

From Pre-seed to M&A

Every stage demands different depth. We calibrate our approach, timeline, and deliverables to match where you are in the investment lifecycle.

Stage 01
Pre-Seed
Same-day turnaround
  • Call with the startup team
  • Debrief after each call
  • Go / no-go with clear rationale
  • You may attend all calls
Stage 02
Seed — Series A
Typically 2 weeks
  • Structured interview series
  • Debrief after each call
  • Full SWOT report
  • You may attend all calls
Stage 03
Growth
Typically 3 weeks
  • Deep-dive technical assessment
  • Architecture and scalability review
  • IP and defensibility analysis
  • Debrief after each call
  • You may attend all calls
  • Full SWOT report
  • Actionable findings report
Stage 04
M&A
Timeline on request
  • Full technical audit
  • Exit readiness assessment
  • Integration risk analysis
  • Debrief after each call
  • You may attend all calls
  • Full SWOT report
  • Actionable findings report
  • Coordination with legal/financial
Expertise Domains

Eight deep tech specialisms

Every audit is led by a domain-specific expert — someone who has published in, built in, or led teams within the exact technology being assessed.

Find your expert
Artificial Intelligence
Deep LearningComputer VisionLLMs
Cybersecurity
PentestingCryptographyZero Trust
Quantum Computing
AlgorithmsHardwarePhotonics
Encryption
CryptographyPost-Quantum
Aerospace
GNC
Robotics
PerceptionControlAutonomy
Systems Architecture
Cloud NativeScalabilityDatabases
Semiconductors
Chip DesignPhotonics
The People Behind It

Domain experts, not generalists

Every audit is led by someone with direct, hands-on experience in the specific technology — people who have published the papers, built the systems, or led the teams.

Dr. Julien Weissenberg
Artificial Intelligence · Founder
Dr. Julien Weissenberg
CEO & Principal Expert — AI

Built the first AI system to facilitate navigation, invented a new optimisation approach for hard combinatorial problems, created and evaluated AI solutions from agriculture to insurance. Led dozens of technical due diligences for leading European VC funds.

PhD ETH ZürichMSc Imperial CollegeWEF Global ShaperInnosuisse Expert
16+ years experience
Prof. Dr. Clément Javerzac-Galy
Quantum Computing & Photonics
Prof. Dr. Clément Javerzac-Galy
Professor FHNW · Co-founder, Miraex

Professor of Applied Quantum Computing at FHNW and co-founder of Miraex, building photonic and quantum solutions for next-generation sensing, networking, and computing in industrial and defence applications.

PhD EPFLMSc EPFLMiraex co-founder
14+ years experience
Johann Romefort
Software Engineering & Tech Due Diligence
Johann Romefort
Technical Due Diligence Expert · Former CTO

Seasoned technology leader and angel investor. Former Managing Director and CTO-in-Residence at Techstars, co-founder and CTO of Seesmic (acquired by Hootsuite), and Tech Evangelist at Stylight.

CTO-in-Residence, TechstarsSeesmic CTO (→ Hootsuite)Angel Investor
25+ years experience
Avi Wolicki
Cybersecurity
Avi Wolicki
Founder & Cybersecurity Expert, BenchLabs

Founder of BenchLabs and serial cybersecurity entrepreneur. Co-founded ProfileIntel, Cryptofighters, and Cywareness.io. Former Senior Researcher at Fingerprint and Head of Cyber Security Technologies at BSW Group. OSCP certified. Intelligence service background.

OSCP CertifiedBenchLabs FounderIntelligence Background
11+ years experience
Dr. Jean-Philippe Aumasson
Cryptography & Cybersecurity
Dr. Jean-Philippe Aumasson
Co-founder & CSO, Taurus

Author of the reference books Serious Cryptography and Crypto Dictionary. Designer of the BLAKE2 and SipHash algorithms. Speaker at Black Hat, DEF CON, and Real World Crypto.

PhD EPFLBLAKE2 & SipHash designerBlack Hat speaker
20+ years experience
Full Expert Network

Our network spans every domain we cover, drawing from ETH Zürich, EPFL, Imperial College, Google, IBM Research, and elite intelligence units. When you brief us, we match the right expert to your specific technology.

Brief us now
What clients say

Words from the people we have worked with

Incredibly useful in helping quantify the risks involved in proceeding with an investment.
Alexander Kuznetsov
Managing Partner
Kodori Ventures
We were very satisfied with the cooperation and with the results of the report. Both our impression and that of the founding team confirmed the expert's competence in computer vision and AI.
Dominik Lohle
Senior Investment Manager
High-Tech Gründerfonds
Deep professional experience, and it shows. His material was very thorough and useful for current business needs. Focused, knowledgeable, and excellent to work with.
Madli Lillemägi
Senior Manager, Digital Comms EMEA
PwC
World Economic Forum

"Outstanding performance."

Minji Sung — Strategic Intelligence, World Economic Forum
Trusted by
Beyond Due Diligence

A full suite of deep tech services

Technical due diligence is our core offering — but our experts cover a wider range of needs for investors, corporates, and technology teams.

Workshops & Masterclasses

Expert-led sessions that give investment teams, boards, and executives genuine working knowledge of deep tech — so they can ask sharper questions and make better decisions.

Workshop
Quantum Computing Landscape
What quantum actually is today, where the hype ends, which hardware approaches are viable, and how to evaluate quantum startups. For investors and corporate strategy teams.
Workshop
AI Landscape for Investors
Cutting through the noise: foundation models, applied AI, edge cases, and failure modes. How to distinguish real AI capability from engineering theatre in a pitch.
Workshop
Cybersecurity for Executives
From threat modelling to secure architecture. Designed for executives and boards who need to govern cyber risk — not just delegate it.
Specialised Audits

Targeted assessments for specific technical risks that go beyond a standard due diligence — for when you need depth in one dimension, not breadth across three.

AI Safety
AI Safety & Red Teaming
Jailbreaking assessments, adversarial prompt testing, bias audits, and EU AI Act compliance reviews for AI systems entering regulated or high-stakes environments.
EU AI Act
Cybersecurity
Penetration Testing
Black-box and grey-box penetration tests of web applications, APIs, infrastructure, and cryptographic implementations. Reports include prioritised remediation roadmaps.
Deep Tech
Patent Portfolio Assessment
Is the IP actually defensible? We assess whether patents cover what they claim, whether the claims hold up technically, and whether competitors can engineer around them.
Vertical Specialisms

Domain-specific assessments for sectors where regulatory complexity, clinical validity, and technical risk intersect in ways that general technology due diligence cannot fully address.

HealthTech · AI
HealthTech AI Review
Clinical AI validation, regulatory pathway assessment (CE mark, FDA SaMD), dataset quality, model interpretability, and bias audits for medical AI systems.
MDR · SaMD
Advisory
Advisory & Ongoing Insights
Retained advisory for VC funds and corporate innovation teams — ongoing access to domain experts for deal-by-deal questions, portfolio monitoring, and technology horizon scanning.
Technical Audit
Technical Audit for Startups
The same 360° assessment as a due diligence — but commissioned by the startup itself to strengthen defensibility, fix architecture risks, and prepare for investor scrutiny.
Investor's Field Guide

The risk register — what to watch for

Eight domain clusters. The specific, named risks that appear most often in deep tech deals — and that standard financial due diligence consistently misses. This is what our experts are trained to find.

Artificial Intelligence
Regulatory exposure & technical safety gaps
EU AI Act classification — system misclassified as limited-risk when it meets high-risk criteria under Annex III; triggers full conformity assessment obligations
Explainability gaps — Article 13 transparency requirements not met; black-box models in regulated sectors (credit, hiring, healthcare) face immediate compliance blocks
Training data provenance — undisclosed use of scraped or licensed data; GDPR and copyright liability unquantified
Jailbreak surface — LLM-based products with no adversarial testing; prompt injection, goal hijacking, and output manipulation not evaluated
Model drift — no monitoring pipeline in production; accuracy degradation post-deployment undetected
Critical when present · Very high frequency in AI deals
Cybersecurity
Vulnerabilities that invalidate the valuation
No penetration test on record — or last test >18 months ago; unvetted attack surface in a product handling customer data
Hardcoded credentials — API keys, passwords, and tokens committed to version control history; often retrievable even after deletion
CVE backlog — known critical vulnerabilities in production dependencies unpatched; CVSS ≥7.0 items unaddressed for >90 days
No incident response plan — GDPR Article 33 requires 72-hour breach notification; no documented procedure means regulatory penalty is near-certain post-incident
Single-factor admin access — cloud consoles, CI/CD pipelines, and production databases accessible without MFA
Critical · Unpatched vulnerabilities can void cyber insurance and trigger GDPR breach liability
Open Source & IP
Licence contamination and ownership gaps
GPL / AGPL contamination — copyleft licence embedded in proprietary codebase via transitive dependency; can force open-sourcing of the entire product
Untracked dependency tree — no software composition analysis (SCA) tooling; licence obligations for hundreds of libraries unknown
Prior employer IP leakage — founding team carried code, algorithms, or trade secrets from previous employer; acquisition could trigger injunction
Patent claims on prior art — granted patents citing work that was publicly known before filing date; invalidation risk not disclosed
Contributor agreements missing — external contributors (contractors, academics) without signed IP assignment; ownership of core modules disputed
High frequency · Often undisclosed until legal discovery
Aerospace & Hardware
Safety, certification, and supply chain exposure
DO-178C / DO-254 DAL mismatch — software or hardware design assurance level not aligned with actual failure consequence; re-certification cost can exceed development cost
EMC / EMI not tested — electromagnetic compatibility testing not completed; product cannot legally operate in most jurisdictions
Single-point-of-failure in safety path — no redundancy architecture for critical functions; fails airworthiness standards for commercial operation
ITAR / EAR export control — technology with defence application not classified under US export control regulations; international sales blocked, investor returns constrained
Fab concentration risk — sole-sourced from single foundry (commonly TSMC N5/N3); no second-source strategy; lead time >52 weeks with no mitigation
Critical · Certification gaps can halt commercialisation entirely
Quantum Computing
TRL inflation and roadmap dependencies
TRL inflation — lab demonstration at 5–10 qubits marketed as a scalable product; coherence times and gate fidelities not disclosed at operating scale
Error correction overhead not modelled — logical qubit counts assume perfect hardware; fault-tolerant qubit cost (1000:1 physical-to-logical ratio) not in financial projections
Hardware supplier dependency — algorithm layer dependent on specific hardware vendor (IBM, IonQ, etc.) with no commercial SLA for qubit access at scale
Quantum advantage unproven — claimed speedup not demonstrated against best classical algorithm on problem-relevant input sizes
High frequency · TRL gap is the defining risk in quantum deals
Cryptography & Encryption
Deprecated standards and post-quantum exposure
Deprecated algorithms in production — MD5, SHA-1, RSA-1024, or 3DES still active in authentication or data-at-rest; known-broken and no migration plan
Post-quantum migration not scoped — NIST PQC standards (ML-KEM, ML-DSA) finalised 2024; no assessment of cryptographic asset inventory or migration timeline
Key management gaps — symmetric keys hardcoded or stored in environment variables; no HSM or secrets manager in use; rotation policy absent
FIPS 140-2/3 compliance gap — US government and financial sector customers require FIPS validation; non-compliant modules block enterprise sales
Medium frequency · Critical severity when present in regulated sectors
Systems & Scalability
Architecture debt and operational fragility
No load testing evidence — claimed capacity figures not validated under simulated peak load; architecture untested beyond current user base
Vendor lock-in — proprietary database, single-cloud dependencies, or third-party APIs with no abstraction layer; switching cost not disclosed in financials
No disaster recovery plan — RTO and RPO not defined; backup strategy untested; single-region deployment for multi-tenant SaaS
Technical debt ratio — estimated remediation cost >20% of codebase undisclosed; post-acquisition refactor cost materially affects returns
Missing observability — no structured logging, distributed tracing, or alerting in production; incidents discovered by customers, not engineering
High frequency · Scalability gaps amplify with growth
Robotics & Autonomy
Safety certification and real-world performance gaps
Sim-to-real gap undisclosed — performance benchmarks from simulation not replicated in uncontrolled real-world environments; deployment readiness overstated
Functional safety not certified — ISO 26262 (automotive), IEC 61508, or ISO 13849 compliance not achieved; product cannot operate in target sector
Edge case coverage — perception and decision systems not stress-tested on distribution-shift inputs; long-tail failure modes uncharacterised
Liability framework absent — no insurance, no product liability structure, no incident reporting procedure; one adverse event can terminate operations
Critical · Safety gaps are binary go/no-go blockers
Our approach to findings

For each risk identified, we assess its severity in the context of the specific deal — distinguishing a hard red flag that warrants walking away from a manageable issue that can be mitigated with targeted fixes, contractual protections, or post-investment remediation. Every finding comes with a clear recommendation: block, negotiate, or remedy.

Identifying these risks is exactly our job. Tell us about your deal and we will tell you what to look for.

Brief Us on Your Deal
Common Questions

Everything you need to know

Still unsure? Reach out directly — we are happy to scope your engagement before you commit to anything.

Send an email →
What is technical due diligence and why does it matter for VC?

Technical due diligence is a structured expert assessment of a startup's technology — covering IP defensibility, architecture, scalability, team capability, and the validity of technical claims. For deep tech investments it is essential: groundbreaking science and sophisticated science fiction look deceptively similar, and a single oversight can wipe out an investment.

How long does a typical engagement take?

Pre-seed engagements can be completed same-day. Seed to Series A typically take two weeks. Growth-stage assessments run three weeks. M&A engagements are scoped individually. If you have a hard deadline, tell us — we accommodate urgent timelines.

What does the deliverable look like?

You receive a structured SWOT report covering defensibility, scalability, and claims verification, plus a competitive benchmark. For technical audits, the report adds a prioritised action roadmap. We also debrief you after each call. You are welcome to attend all calls with the startup team.

How do you match the right expert to our deal?

When you brief us, we review the technology and identify an expert with direct hands-on experience in that specific field — not adjacent knowledge. For deals spanning multiple domains, we deploy a multi-expert team.

Can you work with the startup itself, not just investors?

Yes. Our Technical Audit service is designed for startups and their investors who want a concrete roadmap to make the technology more defensible and scalable. It delivers the same SWOT analysis as a due diligence, plus specific action points.

Do you handle NDAs and confidentiality?

Absolutely. All engagements are governed by an NDA before any information is shared. Our domain experts are bound by the same confidentiality obligations. We have extensive experience operating within strict VC confidentiality requirements.

What are the Masterclasses?

We offer expert-led masterclasses on AI, Cybersecurity, and Quantum Computing to help investment teams, boards, and LP audiences build genuine working knowledge of deep tech. If you need your team to ask smarter questions of founders, a masterclass with one of our domain experts is the most efficient path.

Who We Are
Dr. Julien Weissenberg
Dr. Julien Weissenberg
Founder & CEO · AI Expert

Julien is founder and CEO of Deep Tech Experts. He has built the first AI approach to facilitate navigation, invented a new optimisation approach to crack hard combinatorial problems, and created and evaluated AI solutions across industries from agriculture to insurance.

He has led technical due diligences for some of Europe's most active technology investors, and has spoken at PwC, World Economic Forum events, and leading innovation conferences.

PhD from ETH Zürich
MSc from Imperial College London
Named a Global Shaper by the World Economic Forum
Expert with Innosuisse — Swiss Federal Agency for Innovation
Expert for the World Economic Forum

Tell us about your deal

Fill in the form below and we will respond within one business day with a proposal and timeline. No commitment required.

Request a Due Diligence
Get Started

Start a conversation

Fill in the form and we will respond within one business day. No commitment required.

Email
[email protected]
Location
Birchstrasse 11, 8057 Zurich
Switzerland
Typical timeline
Initial responseWithin 24h
Expert matchedDay 1–2
Seed–A report~2 weeks
Growth report~3 weeks

We respond within one business day. All information is treated with strict confidentiality under NDA.