How regulations, laws and compliance obligations are becoming a success factor – and an M&A opportunity.

Regulation has an image problem. It is often perceived as a brake on innovation – a pure cost factor that paralyzes companies. But this falls short. It is two things: an obligation and a potential.

On the one hand, it presents all companies with operational challenges – such as ESG reporting obligations or data protection. On the other hand, it creates completely new business models that specifically appeal to investors – particularly in the M&A environment.

Two perspectives, one lever

Firstly, regulation affects every company. Those who do not meet ESG standards may have a reputation issue. Those who do not use e-billing will lose public sector contracts from 2025. Those who disregard data protection risk fines and reputational damage.

Secondly, there are business models that thrive on regulation – digital solutions for compliance, audit obligations, risk assessments or reporting standards. These companies benefit from the “duty to comply” – and are therefore very popular with financial investors.

Regulatory pressure – using it entrepreneurially

New requirements such as the EU taxonomy and the expanded sustainability reporting “CSRD” are increasing the pressure to adapt. There is currently uncertainty surrounding the Supply Chain Act: although it has been in force since 2023, the new German government, as well as the EU Commission and EU Parliament, want to suspend it for the time being. Conclusion: scenario planning and technological flexibility are required.

One example of this is provided by remberg: the Munich-based start-up uses its cloud platform to digitalize service and inspection processes for industrial systems – including regulatory obligations such as maintenance cycles, verification documentation and compliance audits. The company has received 14 million euros in growth capital for this. Regulatory requirements become an SaaS opportunity.

Investing in compliance at an early stage brings multiple benefits:

• Fewer deal breakers: documented compliance makes due diligence easier.
• Value appreciation: Clean structures and ESG data bring valuation premiums.
• Access to capital: Investors and analysts prefer “clean targets” with regulatory resilience.

Business models based on regulation

Some companies are turning regulation itself into a business model – creating highly scalable platforms:

• Afileon (Partners Group): Development of a digitalized tax and legal platform for SMEs – with a focus on deadline control and compliance-as-a-service.
• BDO (EQT): The audit firm was acquired by EQT to become a pan-European platform for regulatory-driven audit and advisory services.
• cleversoft (LLCP): Automated regulatory reporting for financial service providers.
• IDnow (Corsair Capital): KYC and AML solutions as a SaaS model for banks & FinTechs.
• EQS Group (Thoma Bravo): Whistleblower protection, ESG documentation and digital corporate governance.

Why does private equity invest specifically in such models?

• Regulatory requirements create lasting, stable demand for digital compliance and reporting solutions.
• Higher market entry barriers – make the market more stable and attractive for specialized providers.
• Platform models can be rolled out regionally and scaled digitally.

According to PitchBook, compliance-related SaaS companies currently achieve revenue multiples of up to 10x — a figure that is significantly higher than that of traditional service providers.

Regulation affects industries differently – the vertical perspective

Not all sectors are affected to the same extent. The impact of regulation varies – from necessary adjustment costs to strategic growth drivers:

• PropTech: ESG reporting, energy efficiency and sustainability certifications have a positive impact on the valuation of real estate projects. Providers of smart metering or sustainability dashboards benefit.
• EnergyTech: CO₂ pricing, feed-in regulations and subsidy logics make compliance an entry ticket. Those who digitize regulatory processes (e.g. for emissions accounting) are in demand.
• HealthTech: Regulatory issues are particularly complex in this area – such as the electronic patient record (ePA), approval for digital health applications (DiGA) or data protection. Those who stand out through certifications become relevant for M&A.
• FinTech: digital operating license (DORA), or the planned EU regulation on the use of financial data (FIDA) are shaping the sector. Companies that digitally standardize regulatory requirements are systemically relevant for banks and investors alike.
• HRTech: New rules on working time recording, ESG requirements in employer reporting or anti-discrimination are driving the need for automated solutions – especially in multinational organizations.

Politics as a game changer – what’s next?

After the 2025 federal elections, regulatory issues will once again come into focus. What to expect:

• Mandatory e-invoicing from 2025 for the entire B2B sector
• Extension of ESG reporting obligations also for small capital market-oriented companies (from 2028)
• EU rules on AI, cybersecurity and data protection
• Stricter procurement guidelines for public contracts (due diligence obligations)

With the new EU CSRD directive on sustainability reporting, the number of companies required to report in Germany is growing massively: instead of around 500 as before, around 15,000 companies will be affected in future. This is according to a current assessment by the digital association Bitkom.

Those who prepare themselves technologically can not only report efficiently – but also develop new services from data.

Compliance readiness – the silent deal killer

According to the experience of our partner Alexander von Voss, “compliance readiness” is also increasingly being questioned in the M&A process:

✔ Complete ESG strategy
✔ API-enabled reports and digital audit trails
✔ Automated audit trails (audit trail)
✔ Data protection documentation in accordance with GDPR
✔ Contract & license overview for regulatory obligations

Those who convince here do not deliver risk – but trust and sustainable growth.

Conclusion: Although regulation means effort and is also a cost factor, it is also a strategic value driver.

Companies that ignore them risk provisions and reputational damage.
Companies that shape them create new business logics – and become the ideal target.

Regulation is not a showstopper for investors!