Eight months after its creation, Iskera — the European leader in GRC (Governance, Risk and Compliance) technology — is taking another decisive step in its consolidation strategy with the acquisition of Qualitadd, a French SaaS provider specializing in data governance, data quality and regulatory compliance.
With this new addition, Iskera now brings together 115 experts across France, Switzerland, Spain and Morocco, serving more than 420 clients — including nearly half of the CAC 40 companies, major public institutions, and leading European financial services organizations.
Expanding into Data Governance and Third-Party Management
Qualitadd, founded in 2016 by Badis Matallah, has built a recognized platform at the intersection of data governance and regulatory compliance. Its modular SaaS solution enables organizations to manage data quality, traceability and protection while meeting the requirements of an increasingly complex regulatory environment — from GDPR and the AI Act to Solvency II, BCBS 239 and DORA.
With approximately 40 employees and over 60 blue-chip clients, Qualitadd brings particularly strong capabilities in third-party management and outsourcing compliance — areas of growing importance for financial institutions subject to DORA requirements.
Badis Matallah, founder of Qualitadd, joins Iskera’s executive committee as Chief Sales Officer.
A Comprehensive, Sovereign GRC Platform
The integration of Qualitadd significantly expands Iskera’s functional coverage. The combined group now offers a unique breadth of capabilities across the full GRC spectrum, spanning risk management and internal controls, regulatory compliance and audit, ISO certifications and cybersecurity, and data governance and third-party management.
This comprehensive offering positions Iskera as a true one-stop shop for European organizations navigating an increasingly demanding regulatory landscape — from CSRD and DORA to anti-corruption frameworks and cybersecurity standards.
A European Alternative to US Giants
All of Iskera’s solutions are hosted exclusively in Europe, ensuring full data sovereignty — a critical requirement for organizations managing highly sensitive information, from cybersecurity frameworks and regulatory reporting to anti-money laundering and counter-terrorism compliance.
In a market historically dominated by American players such as OneTrust, ServiceNow and IBM, Iskera is building a credible, independent European alternative — one that combines deep regulatory expertise, technological innovation and a commitment to data sovereignty.
The global GRC technology market is growing by more than 20% annually and is expected to double by 2030, driven by digital transformation, expanding regulatory requirements and the exponential rise of cyber threats.
Continued Consolidation Ahead
Supported by majority shareholder Verto and reinforced by significant employee ownership, Iskera continues to pursue external growth opportunities to further strengthen its position across Europe.