Connect with us

NEWS

Auxilius Bags €1.3M Pre-Seed to Run Compliance as Code

Munich AI startup Auxilius raised about €1.3M pre-seed led by HTGF with Techstars joining to convert enterprise compliance policies into executable code.

Published

on

Auxilius, a Munich-based startup turning enterprise compliance policies into executable code, has closed a pre-seed round of around €1.3 million to scale its AI-native governance, risk and compliance (GRC) platform. High-Tech Gründerfonds (HTGF) led the investment, with Techstars and several industry-focused business angels participating, per the investor’s pre-seed funding announcement page. Founded in late 2025 by Christian Hoppe and James Barnes, the company already counts European banks and industrial groups among its first paying customers.

Around 80% of enterprise controls are still executed manually, according to the lead investor, with auditors pulling samples, second-line teams chasing spreadsheets a quarter after the risk has hit, and control owners collecting screenshots as evidence. Auxilius converts policies, risk-and-control matrices and regulatory text into deterministic code that runs the control on the full population of data rather than a selected sample. When a rule changes, the code changes with it. The company pitches that shift as moving internal audit from once-an-audit sampling toward continuous assurance.

Auxilius Targets the 80% Manual Compliance Gap

Manual evidence gathering is the dominant cost in enterprise compliance, and it is what Auxilius has raised €1.3 million to attack. Around 80% of enterprise controls still run by hand, per the announcement. Auditors pull samples, second-line teams chase spreadsheets, and control owners screenshot evidence after the fact. The pattern leaves traceable evidence thin, the announcement argues, even as compliance spending climbs year after year. The sample-based model also means most risks are detected only after they have already landed.

Auxilius’s response is to remove the manual layer. Policies, risk-and-control matrices and regulatory text are translated into deterministic, executable code that assesses risk coverage and runs the control. The control runs on the full population of data, not on a sample, so coverage stops being a function of how many rows an auditor has time to inspect. When a regulation shifts or a process changes, the code shifts with it, which the company describes as internal audit moving from once-an-audit sampling toward continuous assurance. Internal control moves from periodic attestation toward continuous monitoring.

The framing is a deliberate inversion of how compliance work has been sold for two decades. Older GRC platforms digitised the manual process: tick the boxes in a workflow tool, store the screenshots in a repository, run a sample-based test at quarter end. Auxilius skips the workflow layer and goes straight to code that produces the evidence as a side effect of running. That distinction is what the founders pitch as a new model for assurance, and what the round is funding.

  • Round size: around €1.3 million in pre-seed funding
  • Manual control share: around 80% of enterprise controls
  • CEO tenure in GRC: 15 years of GRC and SaaS experience
  • Founded: late 2025
  • Current headcount: 4 AI and Tech engineers

From Policy Text to Deterministic Code

The platform’s logic runs in three connected layers. At the front, the system ingests policies, risk-and-control matrices and regulatory text, the kinds of documents a second-line team would normally translate into a test script by hand. A middle layer, called the Control Intelligence knowledge graph, models the relationships between risks, controls, regulatory requirements and the business objectives they protect. At the back, agents generate deterministic, version-controlled code that runs the control, surfaces the risk impact, and ties the result back to the objective, per the company’s platform and product overview.

Deterministic is the operative word. The scripts are written to be re-runnable, version-controlled and defensible to an auditor, with no black-box inference in the loop. That property matters because the evidence an internal auditor signs off on is no longer a screenshot from a workflow tool. It is a script that produces a result from raw data, alongside a record of which version of the rule was applied. When a threshold or a regulation changes, the agents refactor the script, re-test it, and redeploy it across every process that uses it. Auxilius says hundreds of controls can be updated in hours rather than months.

The Auxilius product page describes agents that write and maintain the control code for the user, adapting each control to the specific process, edge case, and local entity in scope. A non-technical auditor is meant to operate thousands of continuous controls without writing code. The product is positioned as a decision-support system rather than a dashboard, with every run producing a chain from objective to decision, risk, control, and evidence.

The company’s framing leans on a distinction between hindsight and foresight. Sample-based audits describe what already happened, after the risk landed. Continuous controls surface decisions on track to land outside policy, with the result produced alongside the data. Auxilius calls this shift moving from record to action on its product page, and ties it to faster time-to-value and broader control coverage.

The Two Founders Behind Auxilius

Auxilius was founded in late 2025 by Christian Hoppe, its chief executive, and James Barnes, its chief technology officer. Hoppe is a former EY Equity Partner with 15 years of experience advising Fortune 500 clients on governance, risk and compliance and SaaS, per the investor’s announcement. Barnes was previously a Software Architect at Sopra Steria CSS, with a background in enterprise AI, ERP integration and cloud architecture.

The combination matters because GRC is a domain where buyers discount vendors without senior operator credibility. Hoppe spent more than a decade running GRC engagements inside one of the Big Four, the kind of résumé that opens doors at European banks. Barnes brings the engineering depth that the deterministic-code model demands, with prior work on enterprise-scale systems and AI deployment. The pitch to investors is that the two halves of the problem, regulatory depth and enterprise-grade engineering, sit in the same founding team.

The company is based in Unterföhring, near Munich, and currently employs a team of four AI and Tech engineers. The company page describes an early-stage team rather than a finished platform, with a deliberately narrow headcount. The funds raised this round are explicitly earmarked for growing that engineering and domain bench.

Christian Hoppe James Barnes
Role CEO and Co-Founder CTO and Co-Founder
Background Former EY Equity Partner Former Software Architect at Sopra Steria CSS
Domain depth 15 years in GRC and SaaS Enterprise AI, ERP integration, cloud architecture

Why HTGF and Techstars Wrote the Check

The round is led by High-Tech Gründerfonds (HTGF), one of Germany’s most active early-stage backers, with Techstars and several industry-focused business angels joining. The fund’s investment manager on the deal is Hanna Sasse, who has now publicly backed the company alongside her colleagues at the Bonn-based fund.

Sasse’s framing in the announcement makes the bet unusually legible for a pre-seed. She places Auxilius past the filter where most pre-seed enterprise-software tools get stuck on procurement and audit scrutiny from regulated buyers. The fund is underwriting a team, not a workflow tool that digitises the manual process.

Techstars’ role comes through the Future of Finance Accelerator 2025, which Auxilius joined before this pre-seed. The accelerator places founders inside a regulated-banking buyer network and matches them with mentors who have shipped compliance products in production. That placement gives Auxilius an unusual distribution channel for a German pre-seed. Most enterprise GRC sales cycles do not start with European banks as design partners, but Auxilius now has that relationship in place.

The angel investors named in the announcement come from industry and enterprise software backgrounds, per the fund. Hoppe’s own pitch in the announcement leans on the same gap, describing Auxilius as building a new model for assurance that is continuous, auditable, and aligned with C-level decisions under regulatory pressure. The phrase he uses to close the loop is that a control should stop documenting compliance and start informing the decision, a reframe the company is asking its investors to underwrite.

What convinced us very early on was Chris and James’ rare domain depth in GRC paired with enterprise-grade engineering and their big vision: making audit-ready evidence a byproduct of day-to-day operations, as regulatory and operational change accelerates.

Hanna Sasse, investment manager at HTGF, in the fund’s announcement of the round.

First Pilots and the Production Rollout

Auxilius already supports its first paying enterprise customers, including European banks and industrial groups, per the announcement. The company describes these pilots as demonstrating faster time-to-value and expanding control coverage while reducing manual effort, though it does not name specific customers. Banking is the vertical where the deterministic-code model lands hardest, since SOX-style controls and prudential reporting rules demand reproducible evidence on full populations, not samples. Industrial groups face a parallel problem under environmental, health, and safety regimes that require continuous monitoring of operating data. The same AI-for-compliance logic is showing up in adjacent verticals, as one recent medtech compliance funding round illustrates.

The Control Intelligence knowledge graph is the layer that lets one automated control travel across multiple business processes. The graph models the relationship between risks, controls, regulatory requirements, and the business objectives each control is designed to protect, so a single control design can be rolled out wherever the same risk profile exists. When a regulation changes, the agents re-test and redeploy the affected controls across every process that uses them. Auxilius says the funding will be used specifically to expand this graph, alongside the engineering and domain teams that build it.

As the founder of Thunder Tiger Europe Media, Dr. Elias Thornwood brings over 25 years of experience in international journalism, having reported from conflict zones in the Middle East, Asia, and Africa for outlets like BBC World and Reuters. With a PhD in International Relations from Oxford University, his expertise lies in geopolitical analysis and global diplomacy. Elias has authored two bestselling books on European foreign policy and received the Pulitzer Prize for International Reporting in 2015, establishing his authoritativeness in the field. Committed to trustworthiness, he enforces rigorous fact-checking protocols at Thunder Tiger, ensuring unbiased, evidence-based coverage of worldwide news to empower informed global audiences.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending