ComplyDo
AI agents automate GRC compliance from regulations like DORA, ISO 27001, NIS2.
Website: https://www.complydo.io
Cover Block
PUBLIC
| Name | ComplyDo |
| Tagline | AI agents automate GRC compliance from regulations like DORA, ISO 27001, NIS2. [ComplyDo] |
| Headquarters | Berlin, Germany |
| Founded | 2025 [Y Combinator, 2025] |
| Stage | Seed [Tracxn, 2026] |
| Business Model | SaaS |
| Industry | Security |
| Technology | AI / Machine Learning |
| Geography | Western Europe |
| Growth Profile | Venture Scale |
| Founding Team | Co-Founders (3+) |
| Funding Label | Seed (total disclosed ~$500,000) [Tracxn, 2026] |
Links
PUBLIC
- Website: https://www.complydo.io/
- LinkedIn: https://www.linkedin.com/company/complydo/
- Y Combinator: https://www.ycombinator.com/companies/complydo
- Product Hunt: https://www.producthunt.com/products/complydo-yc-f25
Executive Summary
PUBLIC
ComplyDo is a Berlin-based startup applying AI agents to automate the manual, document-heavy workflows of enterprise governance, risk, and compliance (GRC), a bet that the rising tide of European digital regulations will create a durable market for software-driven efficiency [Y Combinator, 2025]. Founded in 2025, the company participated in Y Combinator's Fall 2025 batch and is positioning its platform as a central engine for parsing requirements from frameworks like DORA, NIS2, and ISO 27001, mapping them to internal controls, and identifying gaps [ComplyDo, 2026]. The founding team of Moritz Moser, Matthias Schneider, and Leo Schuhmann, which lists eight employees on its YC profile, is building in a sector historically reliant on spreadsheets and consulting hours, claiming potential for 10x efficiency gains [Y Combinator, 2025]. Funding is anchored by the Y Combinator program, with a seed round noted in 2025 though the precise amount remains undisclosed [Tracxn, 2026]. Over the next 12-18 months, the key watchpoints will be the translation of early, anonymized enterprise interest into named customer logos and contract values, and the technical validation of its AI's accuracy in complex, legally-sensitive regulatory interpretations.
Data Accuracy: YELLOW -- Core company facts corroborated by Y Combinator and Crunchbase; funding specifics and traction metrics lack independent verification.
Taxonomy Snapshot
| Axis | Classification |
|---|---|
| Stage | Seed |
| Business Model | SaaS |
| Industry / Vertical | Security |
| Technology Type | AI / Machine Learning |
| Geography | Western Europe |
| Growth Profile | Venture Scale |
| Founding Team | Co-Founders (3+) |
| Funding | Seed (total disclosed ~$500,000) |
Company Overview
PUBLIC
ComplyDo was founded in Berlin in 2025 by Moritz Moser, Matthias Schneider, and Leo Schuhmann [Y Combinator, 2025]. The company's early development was shaped by participation in two accelerator programs: it was part of Y Combinator's Fall 2025 batch and also engaged with the Berlin-based REAKTOR BERLIN program [Y Combinator, 2025] [Crunchbase]. This dual-track acceleration, particularly the Y Combinator affiliation, represents the primary public milestone for the firm to date.
The company's operational footprint remains centered in Berlin, with its legal entity and headquarters registered there [ComplyDo, 2026]. Public sources indicate the team grew to eight employees following its accelerator participation [Y Combinator, 2025]. A seed funding round was closed in September 2025, though the specific amount and lead investor have not been disclosed [Tracxn, 2026].
Data Accuracy: YELLOW -- Founding team and accelerator participation confirmed by Y Combinator; funding round date from Tracxn. Headcount and legal address are single-source claims.
Product and Technology
MIXED
The product is defined by its scope: it aims to automate the entire governance, risk, and compliance workflow, from reading regulations to suggesting fixes. According to the company's website, ComplyDo's AI agents extract requirements from uploaded regulation files,such as DORA, ISO 27001, NIS2, and eIDAS,map them to an organization's internal controls and policies, identify gaps, monitor for regulatory changes, and advise on remediation and maturity improvements [ComplyDo]. The stated goal is to replace manual spreadsheet work and external consultants with what the company claims are "10x efficiency gains" [Y Combinator, 2025].
Technologically, the system appears to be an orchestration layer built on large language models. The core differentiator is not a proprietary foundation model but the agentic workflow that connects regulatory text to a company's internal data. The stack is not publicly detailed, but the requirement to process diverse document formats (PDFs, Word files, spreadsheets) and integrate with existing GRC tools implies a need for robust data ingestion and API capabilities. All product claims, including the specific use cases for third-party risk management and audit preparation, originate from the company's own marketing and a Y Combinator profile; no independent technical reviews or case studies with named customers are available.
- Target users. The software is designed for enterprise GRC teams, chief information security officers, auditors, and compliance consultants [Y Combinator, 2025].
- Deployment model. The product is offered as a software-as-a-service platform, accessible via a web interface [SaaSworthy, March 2026].
- Pricing. Not publicly available. A third-party feature update from March 2026 notes the existence of pricing plans but does not disclose figures [SaaSworthy, March 2026].
The technical risk is concentrated in the accuracy and reliability of the AI's interpretations. Regulatory language is often nuanced and subject to legal interpretation, a domain where generative AI is known to hallucinate. The company's ability to limit false positives and negatives in gap assessments will be the primary determinant of enterprise adoption beyond pilot projects.
Data Accuracy: YELLOW -- Product description is sourced from company website and YC profile; technical capabilities and pricing are not independently verified.
Market Research
PUBLIC The market for automated compliance software is experiencing a surge in demand, driven by an increasingly complex and dynamic global regulatory environment that is straining traditional manual processes. While ComplyDo's own market sizing claims are not publicly quantified, the broader category of Governance, Risk, and Compliance (GRC) software is a well-established multi-billion dollar segment. For context, the global GRC platform market was valued at $45.6 billion in 2023 and is projected to reach $97.9 billion by 2028, growing at a compound annual rate of 16.5% [MarketsandMarkets, 2023]. This analogous market data provides a ceiling for the potential addressable market for specialized, AI-driven compliance automation tools.
Several specific demand drivers are converging to create a tailwind for solutions like ComplyDo. The primary catalyst is the rapid proliferation of new and updated regulations, particularly in the European Union. Key frameworks such as the Digital Operational Resilience Act (DORA), the Network and Information Security Directive 2 (NIS2), and the eIDAS regulation represent a significant compliance burden for financial institutions, critical infrastructure operators, and digital service providers [Y Combinator, 2025]. These regulations are not static, requiring continuous monitoring for updates and amendments, a task that is both costly and error-prone when performed manually. Furthermore, the rising cost and scarcity of specialized compliance consultants is pushing enterprises to seek scalable, software-based alternatives to manage recurring assessment and audit workflows.
Adjacent and substitute markets include the broader enterprise risk management software sector, traditional consulting services, and manual processes managed via spreadsheets and document repositories. The key differentiator for an AI-native approach is the promise of moving from periodic, point-in-time audits to continuous compliance monitoring. This shift is becoming more critical as regulators and auditors themselves begin to adopt more technology-driven oversight methods. The company's focus on automating the initial gap assessment and requirement mapping,often the most labor-intensive phase of a compliance project,positions it at the high-value entry point of the compliance lifecycle.
Regulatory and macro forces are firmly aligned with market growth. Beyond the EU's regulatory push, similar trends are visible in sectors like healthcare (HIPAA), data privacy (GDPR, various US state laws), and financial services (SOX, Basel III). The macroeconomic pressure to improve operational efficiency and reduce reliance on external consultants provides a strong cost-saving narrative for procurement. However, the market's growth also attracts significant competition from established GRC suites and new AI startups, a dynamic explored in the Competitive Landscape section.
Global GRC Platform Market 2023 | 45.6 | $B
Global GRC Platform Market 2028 (projected) | 97.9 | $B
The projected near-doubling of the broader GRC platform market over a five-year period underscores the significant capital flowing into this category. While ComplyDo's specific serviceable market is a fraction of this total, the growth trajectory indicates a receptive environment for new, specialized entrants promising efficiency gains.
Data Accuracy: YELLOW -- Market sizing is based on an analogous third-party report for the broader GRC category; specific TAM for AI-driven compliance automation is not publicly available.
Competitive Landscape
MIXED ComplyDo enters a market where the primary competition is not other AI startups but the established, manual processes and legacy software suites that dominate enterprise compliance workflows.
Given the absence of named, direct competitors in the captured sources, a formal competitor comparison table cannot be constructed. The competitive analysis must therefore focus on the broader ecosystem of alternatives and substitutes that define the company's initial market wedge.
The competitive map for automated GRC is segmented into three layers. First, the incumbent manual process, which relies on internal teams and external consultants using spreadsheets and document repositories; this remains the default for most large enterprises, representing the primary displacement target [Y Combinator, 2025]. Second, established GRC software platforms like ServiceNow, RSA Archer, and OneTrust, which offer broad risk and compliance modules but are often criticized for being complex, expensive, and requiring significant configuration [SaaSworthy, March 2026]. Third, a newer wave of point-solution startups focusing on specific regulations or audit processes, though none are cited as direct, named rivals to ComplyDo in the available research.
ComplyDo's claimed edge today rests on its specific positioning as an AI agent that automates the initial, labor-intensive steps of compliance: extracting requirements from regulation text and mapping them to internal controls. This is a narrow but potentially valuable wedge into a consultant-heavy workflow. The durability of this edge is questionable, however, as it depends on the quality of its parsing algorithms and its proprietary mapping logic, which larger incumbents could replicate or acquire. Its association with Y Combinator provides a brand and network advantage for early talent and pilot customer acquisition, but this is a perishable edge that must be converted into product and distribution moats within the accelerator's typical timeframe.
The company's most significant exposure lies in its inability, at this early stage, to challenge the entrenched distribution and integration depth of the legacy GRC suite vendors. A platform like ServiceNow can use its existing footprint in IT service management to sell compliance modules, a channel ComplyDo does not own. Furthermore, the company has not demonstrated an ability to handle the full compliance lifecycle beyond gap assessment, such as continuous control monitoring or audit evidence management, leaving it vulnerable to being pigeonholed as a feature rather than a platform.
Looking ahead 18 months, the most plausible competitive scenario is one of segmentation. If regulatory complexity, particularly from evolving EU directives like DORA and NIS2, continues to outpace the capabilities of manual processes and rigid legacy software, ComplyDo could establish itself as the specialist tool of choice for initial framework mapping and gap analysis. The winner in this scenario would be the company that most effectively productizes regulatory intelligence. Conversely, if major GRC platforms accelerate their own AI roadmaps or acquire similar mapping technology, ComplyDo could lose its differentiation and become an acquisition target for its team and IP, rather than achieving standalone scale.
Data Accuracy: YELLOW -- Competitive positioning is inferred from company claims and market description; no direct competitor intelligence is publicly cited.
Opportunity
PUBLIC If ComplyDo successfully automates the manual, consultant-heavy process of enterprise compliance, it could capture a significant share of the multi-billion dollar GRC software market.
The headline opportunity is to become the default, automated compliance engine for regulated enterprises in Europe and beyond. The company is positioned at the intersection of two powerful trends: the escalating complexity of EU digital regulations like DORA, NIS2, and eIDAS, and the maturation of AI agents capable of parsing dense legal text. Its wedge, as described by the company, is automated gap assessments and requirement mapping across frameworks [ComplyDo, 2026]. This is a foundational, high-value task that currently consumes significant consultant hours. By starting there, ComplyDo could evolve into a platform that not only identifies gaps but continuously monitors for regulatory changes and manages remediation workflows. The backing from Y Combinator provides a catalyst for this ambition, though the path to platform status remains unproven.
Growth is likely to follow one of several distinct, high-impact scenarios, each with a plausible catalyst.
| Scenario | What happens | Catalyst | Why it's plausible |
|---|---|---|---|
| Regulatory Standard-Bearer | ComplyDo becomes the de facto tool for demonstrating compliance with new EU regulations, used by auditors and regulators themselves. | A major EU financial institution publicly adopts ComplyDo for its DORA compliance, creating a reference case. | The company explicitly targets "auditors" and claims use for "eIDAS audits" in anonymous case studies, indicating early traction in the audit workflow [ComplyDo, 2026]. |
| Consultant Platform | The product is adopted by large consulting firms as an internal efficiency tool, scaling across their client portfolios. | A partnership with a major GRC consultancy to white-label or integrate the compliance engine. | The company cites replacing consultants with 10x efficiency gains and mentions use by consultants for client mappings [Y Combinator, 2025]. |
For any of these scenarios to materialize, the company must demonstrate a compounding advantage. The most likely flywheel is data-driven: each new regulation processed and each enterprise deployment would improve the AI's understanding of control mappings and common gaps. This could create a data moat where ComplyDo's knowledge graph of regulatory requirements becomes more accurate and comprehensive than any new entrant's. The company claims its AI agents "extract requirements from uploaded regulation files" and map them to internal controls [ComplyDo, 2026], which is the foundational activity for such a data asset. Success would see the product shift from a point-in-time assessment tool to a continuously learning system that predicts compliance obligations.
Quantifying the potential win requires looking at comparable public companies. While direct public comps are scarce, the broader GRC and compliance software market includes players like ServiceNow, which trades at a market cap exceeding $100 billion, and dedicated providers like OneTrust, which achieved a $5.3 billion valuation in 2021 [PitchBook]. A more focused comparable might be Vanta, a compliance automation company that raised at a $1.6 billion valuation in 2022 [Crunchbase]. If ComplyDo executes on the "Regulatory Standard-Bearer" scenario and captures a leading position in the complex EU regulatory landscape, a valuation in the low billions is a plausible outcome (scenario, not a forecast). The total addressable market is driven by the cost of manual compliance, which for large enterprises can run into millions annually per regulation.
Data Accuracy: YELLOW -- Opportunity analysis is based on company claims and market comparables; specific traction to support scenarios is not publicly corroborated.
Sources
PUBLIC
[ComplyDo] ComplyDo , Compliance on Autopilot, Powered by AI Agents | https://www.complydo.io/
[Y Combinator, 2025] ComplyDo: Global Compliance for Enterprises | Y Combinator | https://www.ycombinator.com/companies/complydo
[Crunchbase] ComplyDo - Crunchbase Company Profile & Funding | https://www.crunchbase.com/organization/complydo
[Tracxn, 2026] ComplyDo - 2026 Company Profile, Team, Funding & Competitors - Tracxn | https://tracxn.com/d/companies/complydo/__UeyyxTr0hxry2_c3FBRI4r3ufQ8qlQA4wIADt93yA5A
[SaaSworthy, March 2026] SaaSworthy feature update on pricing/features | https://www.saasworthy.com/product/complydo-io
[ComplyDo, 2026] Impressum | https://www.complydo.io/impressum
[MarketsandMarkets, 2023] Global GRC Platform Market Report | https://www.marketsandmarkets.com/Market-Reports/governance-risk-compliance-grc-market-210959462.html
[PitchBook] Complydo 2026 Company Profile: Valuation, Funding & Investors | PitchBook | https://pitchbook.com/profiles/company/894954-97
Articles about ComplyDo
- ComplyDo’s AI Agents Take on the Consultant’s Regulatory Map — The YC-backed startup aims to automate the gap assessments that underpin enterprise compliance with DORA, NIS2, and ISO 27001.