Author Profile

Malte Wagenbach

Founder & CEO of Matproof. Writes on practical European compliance — what actually works vs what regulators say should work. Germany · 797+ articles published.

Malte Wagenbach, Founder of Matproof

Malte Wagenbach

Founder & CEO, Matproof

Building the European compliance platform I needed as a founder.

Malte Wagenbach is the founder and CEO of Matproof, a European compliance automation platform headquartered in Germany. He started Matproof after years of watching European SaaS and mid-market enterprises struggle with fragmented compliance tooling that assumed US hosting, US regulatory priorities, and US enterprise sales motions.

Matproof covers 11 frameworks in a single EU-hosted platform — NIS2, DORA, ISO 27001:2022, SOC 2 (Type 1 + Type 2), GDPR, EU AI Act, CSRD, TISAX, BSI C5, CRA, and DSGVO. The platform dual-maps controls across frameworks so a single evidence pipeline satisfies multiple regulatory regimes simultaneously — and is designed from the ground up for European data residency, DORA third-party obligations, and NIS2 supply-chain management.

Malte writes about practical European compliance — what actually works vs what regulators say should work, how NIS2 interacts with DORA, how European SaaS can achieve SOC 2 without moving to US tooling, and how mid-market organizations can run credible pentests, risk management, and AI governance programs without enterprise-scale budgets.

Before Matproof, Malte built and operated technology businesses across energy, robotics, AI infrastructure, and compliance. He is based in Germany and works primarily with DACH and broader European enterprises.

Expertise

Areas of deep practice.

EU Regulatory Frameworks

  • NIS2 Directive and the German NIS2UmsuCG
  • DORA (Digital Operational Resilience Act) and BaFin supervision
  • EU AI Act — classification, Art. 4 KI-Kompetenz, Art. 26 deployer obligations, GPAI
  • GDPR / DSGVO — Art. 30 RoP, Art. 32 technical measures, Art. 33/34 breach notifications, LIA
  • Cyber Resilience Act (CRA) and product cybersecurity

International Standards

  • ISO 27001:2022 ISMS and Annex A 93 controls
  • SOC 2 Trust Services Criteria — Security, Availability, Processing Integrity, Confidentiality, Privacy
  • TISAX Information Security Assessment (VDA ISA)
  • BSI IT-Grundschutz and B3S Krankenhaus
  • ISO/IEC 42001 AI Management Systems and NIST AI RMF

Technical Practice

  • Penetration testing — manual, automated, continuous PTaaS
  • TLPT (Threat-Led Penetration Testing) under DORA and TIBER-EU
  • Vulnerability management programs — EPSS + KEV prioritization, SLAs, evidence
  • Cloud security posture (AWS, Azure, GCP) and CSPM integration
  • Active Directory, API, web application, and mobile pentesting

Selected Articles

A sample across frameworks.

Full archive at /blog.

Matproof — EU compliance in one platform.

NIS2, DORA, ISO 27001, SOC 2, GDPR, EU AI Act, TISAX and more — in a single EU-hosted system. Built by a German team for European enterprises.

Book a demoVisit matproof.com →