Malte Wagenbach
Founder & CEO — Matproof
Germany · Writes on EU compliance, cybersecurity, AI governance · 797+ articles published
About
Malte Wagenbach is the founder and CEO of Matproof, a European compliance automation platform headquartered in Germany. He started Matproof after years of watching European SaaS and mid-market enterprises struggle with fragmented compliance tooling that assumed US hosting, US regulatory priorities, and US enterprise sales motions.
Matproof covers 11 frameworks in a single EU-hosted platform — NIS2, DORA, ISO 27001:2022, SOC 2 (Type 1 + Type 2), GDPR, EU AI Act, CSRD, TISAX, BSI C5, CRA, and DSGVO. The platform dual-maps controls across frameworks so a single evidence pipeline satisfies multiple regulatory regimes simultaneously — and is designed from the ground up for European data residency, DORA third-party obligations, and NIS2 supply-chain management.
Malte writes about practical European compliance — what actually works vs what regulators say should work, how NIS2 interacts with DORA, how European SaaS can achieve SOC 2 without moving to US tooling, and how mid-market organizations can run credible pentests, risk management, and AI governance programs without enterprise-scale budgets.
Before Matproof, Malte built and operated technology businesses across energy, robotics, AI infrastructure, and compliance. He is based in Germany and works primarily with DACH and broader European enterprises.
Areas of expertise
EU Regulatory Frameworks
- NIS2 Directive and the German NIS2UmsuCG
- DORA (Digital Operational Resilience Act) and BaFin supervision
- EU AI Act — classification, Art. 4 KI-Kompetenz, Art. 26 deployer obligations, GPAI
- GDPR / DSGVO — Art. 30 RoP, Art. 32 technical measures, Art. 33/34 breach notifications, LIA
- Cyber Resilience Act (CRA) and product cybersecurity
International Standards
- ISO 27001:2022 ISMS and Annex A 93 controls
- SOC 2 Trust Services Criteria — Security, Availability, Processing Integrity, Confidentiality, Privacy
- TISAX Information Security Assessment (VDA ISA)
- BSI IT-Grundschutz and B3S Krankenhaus
- ISO/IEC 42001 AI Management Systems and NIST AI RMF
Technical Practice
- Penetration testing — manual, automated, continuous PTaaS
- TLPT (Threat-Led Penetration Testing) under DORA and TIBER-EU
- Vulnerability management programs — EPSS + KEV prioritization, SLAs, evidence
- Cloud security posture (AWS, Azure, GCP) and CSPM integration
- Active Directory, API, web application, and mobile pentesting
Selected articles
A sample across frameworks. Full archive at /blog.
- What is SOC 2 Compliance? The Complete GuideSOC 2
- EU AI Act / KI-Verordnung — AI Governance Framework 2026EU AI Act
- NIS2-Umsetzungsgesetz Deutschland 2026NIS2
- Red Teaming Leitfaden 2026Pentest
- Schwachstellenmanagement — der vollstaendige LeitfadenSecurity
- TLPT unter DORA — Threat-Led Penetration TestingDORA
Matproof — EU compliance in one platform
Matproof consolidates NIS2, DORA, ISO 27001, SOC 2, GDPR, EU AI Act, TISAX and more in a single EU-hosted system. Built by a German team for European enterprises.