Lithuanian Cybersecurity Startup Copla Secures €6M to Boost Compliance Automation

Vilnius-based Copla, a Lithuanian cybersecurity company building real-time compliance infrastructure for regulated financial services, has closed a €6 million Series A funding round led by Iron Wolf Capital. The raise positions the regtech firm to scale its platform across Europe and beyond as financial institutions grapple with an unprecedented wave of regulatory obligations spanning digital resilience, artificial intelligence governance and operational security.

The round drew participation from US-based Operator Stack, which entered as a new backer, alongside returning investors Specialist VC, SuperHero Capital, FirstPick, NGL Ventures and Loggerhead Partners. A group of angel investors also contributed to the raise. The fresh capital will be directed toward product development, team expansion and international growth, with the German market identified as a priority target for commercial execution.

Copla was founded in 2023 by Aurimas Bakas, who serves as chief executive, Andrius Minkevičius, the company’s chief technology officer, and Nojus Bendoraitis, its chief legal officer. Bakas and Minkevičius previously built Paysolut, a core banking platform acquired by fintech unicorn SumUp in 2021. That operational experience in highly regulated financial environments informed the creation of Copla, which now serves more than 100 regulated customers across Europe and has reached seven-figure annual recurring revenue.

The Lithuanian cybersecurity sector has become a focal point for investors as the regulatory landscape in Europe tightens considerably. The Digital Operational Resilience Act, known as DORA, is already in force. Key obligations under the EU AI Act are scheduled to take effect in August 2026, and the Cyber Resilience Act will apply from December 2027. For regulated financial service providers, the convergence of these frameworks creates an urgent need for tools that can translate complex legislative texts into actionable, auditable workflows. It is precisely this gap that Copla aims to fill.

Rather than treating compliance as a periodic reporting exercise conducted through spreadsheets and manual documentation, Copla’s platform converts regulatory frameworks into structured, guided workflows. The system breaks down requirements into concrete tasks, assigns them to relevant teams, tracks implementation progress on a continuous basis and stores supporting evidence automatically. Registries covering assets, vendors, risks and controls are updated in real time as businesses scale and regulations evolve. The result, according to the company, is that governance, risk, security and operations teams remain audit-ready at all times with significantly reduced manual effort.

“Regulatory requirements are becoming increasingly comprehensive, but most compliance processes are still stuck in spreadsheets,” Bakas said. “This round gives us the momentum to make Copla the first port of call for regulated financial service providers in Europe and beyond.”

The investment thesis behind the round reflects a broader conviction among Lithuanian cybersecurity investors that operational resilience is becoming a non-negotiable component of financial services infrastructure. Viktoras Jucikas, founding partner of Iron Wolf Capital, framed the opportunity in stark terms. “Cybersecurity is defence,” Jucikas said. “The threat landscape hasn’t changed. It has already moved on. Copla turns compliance from theatre into operations.”

The urgency of the problem Copla addresses is underscored by data from the European Union Agency for Cybersecurity. According to ENISA, ransomware attacks in the European financial sector have disproportionately affected smaller and less-established service providers, which accounted for 29% of all incidents. The disclosure and sale of sensitive data were identified as the most common consequences. For regulated institutions, the fallout from cyber incidents and compliance gaps can extend well beyond data loss, carrying the risk of financial penalties, reputational damage and, in extreme cases, the revocation of operating licenses.

Copla’s roadmap includes the rollout of Copla Bridge, a new platform tier designed for partners, consultants and multi-entity organizations. Bridge will enable users to manage compliance across multiple companies from a single, unified view, targeting the growing segment of advisory firms and group structures that need to oversee regulatory adherence across several entities simultaneously.

The company’s trajectory reflects the broader momentum in the Lithuanian cybersecurity and startup ecosystem. Lithuania’s startup sector reached a total enterprise value of €16.4 billion in 2025, according to a Dealroom report commissioned by Startup Lithuania, representing a 5.9-fold increase since 2020. Venture capital investment in Lithuanian startups rose from €131 million in 2024 to €220 million in 2025, and the country now ranks second in Central and Eastern Europe for venture capital attracted per capita. Vilnius, where Copla is headquartered, was recognized by Dealroom as the fastest-growing tech city in the European Union in 2025.

The Lithuanian cybersecurity landscape in particular has produced notable successes. Nord Security, the company behind NordVPN, achieved unicorn status in 2022 and is valued at approximately $3 billion. Tracxn data indicates there are roughly 45 cybersecurity startups operating in the country, with the sector benefiting from strong university partnerships, government incentives and a culture of international expansion from inception. A small domestic market has historically pushed founders to think globally from day one, with the majority of revenue generated abroad in the US, UK and broader EU markets.

Copla’s funding also arrives at a time when Baltic tech startups collectively raised a record €607 million in venture capital in 2025, a 20% increase over the prior year. Defence, resilience and regulatory technology attracted growing attention alongside AI-related ventures from both regional and international investors.

The competitive dynamics of the European regtech market are intensifying. While legacy governance, risk and compliance platforms have long served large financial institutions, the emerging wave of regulation has created demand for solutions tailored to mid-market and growth-stage providers that lack the resources for large compliance teams. Copla’s approach of embedding compliance expertise directly into software, enabling automated evidence collection and continuous monitoring, positions the company to capture this expanding segment.

For the founding team, the Series A represents validation of a thesis they first tested during the Paysolut era: that infrastructure built for regulated environments must prioritize operational rigour over superficial box-ticking. As regulatory complexity accelerates and the Lithuanian cybersecurity ecosystem continues to mature, Copla is betting that the companies which treat compliance as a living, integrated function rather than a back-office burden will be the ones that scale sustainably across borders.

The capital from this round will determine whether that bet pays off in a market where the cost of non-compliance is rising faster than most institutions can adapt.