Lithuanian Regtech Copla Bags €6 Million to Scale Compliance Infrastructure Beyond the EU

Vilnius-based regtech Copla has secured €6 million in a Series A round led by Iron Wolf Capital, with participation from US-based Operator Stack and existing backers Specialist VC, Superhero Capital, FIRSTPICK, NGL Ventures, Loggerhead Partners, and a group of angel investors. The company builds real-time ICT compliance infrastructure that translates complex frameworks such as DORA, the EU AI Act, and the Cyber Resilience Act into continuous, evidence-based workflows for regulated financial institutions. Copla will use the fresh capital to expand its product suite — including the rollout of its multi-entity management layer Copla Bridge — grow its team, strengthen commercial execution, and scale beyond the EU as regulatory pressure intensifies across financial services.

Founded in 2023, Copla is led by a team that combines extensive fintech operating experience with regulatory expertise: CEO Aurimas Bakas and CTO Andrius Minkevičius previously co-founded core banking platform Paysolut, which was acquired by European fintech unicorn SumUp in 2021. Chief Legal Officer (CLO) and Director of Regulatory Compliance Solutions, Nojus Bendoraitis, brings specialist legal experience in compliance and cybersecurity.

The company’s Information and Communication Technology (ICT) compliance platform translates complex regulatory frameworks – including the Digital Operational Resilience Act (DORA) and both the EU AI and Cyber Resilience Acts – into guided, evidence-based workflows. Instead of treating compliance as a periodic documentation exercise, Copla breaks requirements into concrete tasks, tracks execution continuously, and stores relevant evidence automatically. As a result, governance, risk, security, and operations teams stay audit-ready and operationally resilient at all times, while significantly reducing manual work and the risk of non-compliance.

By replacing static spreadsheets and registers, the platform keeps records of assets, vendors, risks and controls up-to-date in real-time as the business grows and regulation evolves. Where automation reaches its limits, Copla complements its software with both in-house and fractional CISO expertise, as well as a network of partner providers across Europe, offering hands-on support for audits, risk decisions, and regulatory interactions.

“Regulation is getting sharper, but most compliance is still stuck in spreadsheets. We built Copla so compliance stays current by default, and so companies can grow with confidence instead of audit anxiety. This round gives us the momentum to make Copla the default compliance execution layer for regulated finance in Europe and beyond,” said Aurimas Bakas, Co-founder & CEO, Copla.

Within just over a year of its seed round, Copla reached seven-figure annual recurring revenue and now serves more than 100 regulated European customers. The new funding will be deployed to bolster commercial execution and expand product capabilities, including the rollout of Copla Bridge – a new platform layer enabling partners, consultants, and multi-entity organisations to manage compliance across companies from a unified view.

“Cybersecurity is defence. The threat landscape hasn’t changed, it has already moved on. Copla turns compliance from theatre into operations. The founders have built and exited core banking infrastructure, and they know what it means to operate where failure isn’t an option. We’re backing the resilience layer that every regulated organisation will need,” explained Viktoras Jucikas, Founding Partner, Iron Wolf Capital.

Supervisory expectations for regulated institutions in Europe is only intensifying. DORA is now mandatory, key obligations under the EU AI Act take effect in August 2026, and the Cyber Resilience Act applies from December 2027. In parallel, AI-driven threats – from automated fraud to increasingly sophisticated social engineering – are raising the bar for operational resilience at a pace that traditional compliance approaches cannot maintain.

This shift exposes a structural challenge, particularly for fintechs and other regulated third-party providers, who are simultaneously scaling their businesses while establishing governance and risk functions within lean teams. According to the European Union Agency for Cybersecurity (ENISA), ransomware attacks in the European financial sector disproportionately targeted smaller and less-established service providers, accounting for 29% of incidents, with the exposure and sale of sensitive data cited as the most common impact.

For regulated financial services providers, gaps in cybersecurity and regulatory compliance can have consequences beyond data breaches, including penalties, reputational damage, or in severe cases, the loss of licences. Copla embeds compliance into daily operations, making it a byproduct of how regulated businesses operate.

Click to read more funding news.