European cybersecurity is at an inflection point.
We're built to capture it.
Three forces are converging — regulatory mandate (NIS2), geopolitical reality (Schrems II, CLOUD Act), and technological transition (post-quantum). Each alone would create a market. Together, they create a structural opportunity for a sovereign European cybersecurity provider with operational maturity. That's what identiqa was built to be.
Three structural catalysts.
All active simultaneously.
These aren't trends. They're regulatory and technological forcing-functions that European businesses cannot opt out of.
NIS2 expanded the addressable market by 10x.
The NIS2 directive (transposed into national law from late 2024 onwards) brings mid-market and critical-infrastructure businesses into mandatory cybersecurity scope. Companies that previously had no formal cybersecurity obligation now face fines up to €10M or 2% of global revenue for non-compliance. The buying decision is no longer "nice to have" — it's regulatory necessity.
Schrems II made hyperscaler dependency indefensible.
The Court of Justice of the EU invalidated the Privacy Shield framework, putting US-based cloud providers in a permanently uncertain legal position for European data. Every European enterprise running on AWS, Azure, or GCP is in some form of legal exposure that their DPOs and legal teams know is unsustainable. The market response — sovereign European alternatives — is in its early commercial phase.
Post-quantum migration is about to begin.
NIST ratified the first post-quantum cryptographic standards in 2024. Government and enterprise migration timelines are compressed: harvest-now-decrypt-later attacks make today's encrypted data tomorrow's intelligence. identiqa is one of few European cybersecurity providers with hybrid post-quantum encryption already deployed in production. Buyers asking "what's your PQC roadmap?" find very few answers.
Operational substance, not slideware.
identiqa is post-MVP, in-market, and operating across multiple European jurisdictions. Each of the four pillars below is real, deployed, and revenue-generating today.
Two product lines, diversified risk.
ProtectionGrid serves commercial buyers — enterprises and mid-market — with subscription cybersecurity. identiqa Intelligence serves government and law enforcement under engagement contracts. The two product lines have orthogonal demand cycles, different procurement timelines, and complementary revenue patterns — a structural risk hedge rare in cybersecurity portfolios.
- ProtectionGrid: 6 modules, transparent SaaS pricing from €179/month
- Intelligence: 6 capabilities, NDA engagements, multi-year contracts
Sovereign infrastructure, truly EU.
We own and operate data centres across Frankfurt, Dublin, Lisbon, and Nicosia — four EU jurisdictions, all under European law, none built on hyperscaler infrastructure. That sovereignty isn't marketing. It's the structural moat that distinguishes us from "European" competitors running on AWS Frankfurt or Azure West Europe.
- 4 EU regions live · BGP anycast peering at major exchanges
- Post-quantum encryption deployed in production today
Multi-jurisdiction structure, built for scale.
The corporate structure — Delaware parent → Irish holding → Cyprus IP holdco + Irish EU Ops + country GmbHs (DE/AT/CH) — is engineered for tax-efficient European operations, IP protection in a stable jurisdiction, and clean future internationalization. Every contract flows through a single Irish operating entity for legal predictability.
- 7 entities · Each with a defined operational role
- Cyprus IP Box (~2.5%) · Optimised IP holding
Geographic expansion, roadmapped.
Live in Germany. Active expansion to Austria and Switzerland within DACH (2026). Stage 2 markets Netherlands and UAE in preparation. Stage 3 markets — UK, France, US — explicitly roadmapped for 2027+. We don't enter markets we can't operationally serve. Each expansion follows the same playbook: local capacity before launch.
- 1 live market · 4 in expansion · 6+ on roadmap
- Same operational model replicated per market
Pick the path that fits your portfolio.
Different investors want different exposure to the European cybersecurity story. We offer two distinct paths — each structured for clarity, not opacity.
identiqa CyberBond
Fixed-income participation in a European cybersecurity build-out — 6% per annum, 4-year term.
A registered corporate bond providing fixed-income exposure to identiqa's European expansion. Interest paid annually, principal returned at maturity. Suitable for family offices, qualified private investors, and yield-seeking allocators looking for European cybersecurity exposure without equity volatility.
See terms & conditions →Strategic Equity
Direct equity participation for institutional and strategic investors with cybersecurity-market thesis alignment.
For investors with a thesis-aligned interest in European cybersecurity, particularly family offices with strategic introduction value, sector-specialised funds, or industrial groups exploring security-stack consolidation. Discussions are bilateral, NDA-bound, and follow standard institutional due-diligence patterns.
Initiate discussion →The CyberBond at a glance.
Final terms are governed by the bond prospectus. The summary below is for orientation — no statement here substitutes for the prospectus and your own legal advice.
Investments in corporate bonds carry risk, including total loss of capital invested. The CyberBond is a senior unsecured obligation of Identiqa Capital GmbH — no collateral, no third-party guarantee, no deposit-protection scheme applies.
Repayment of principal and payment of interest depend on the issuer's solvency and the underlying business performance of the identiqa group. Risk factors include but are not limited to: failure of European expansion, regulatory adverse events, technology obsolescence, competitive pressure from larger market participants, and macroeconomic downturns affecting cybersecurity spending.
This page does not constitute investment advice or an offer to subscribe. Subscription is only possible following review of the bond prospectus and on the basis of your own assessment, ideally in consultation with your investment advisor or legal counsel. Request the prospectus →
Founded by an operator with twenty years of European IT-infrastructure experience.
identiqa is led by Daniel Schönland — not an academic researcher, not a serial founder chasing trend lines, but an operator who has been building European internet infrastructure for over two decades.
That distinction matters for investors. Many cybersecurity startups are built around technical curiosity but founder away the operational complexity that separates revenue from research projects. Identiqa was built the other way around — operations first, with a deliberate product strategy that monetises the regulatory and geopolitical forcing-functions described above.
The team behind Daniel includes engineers in Cyprus, Lisbon, and Zurich, commercial operators across DACH, and infrastructure-operations staff supporting the four data-centre regions. We don't market team photos. We market the fact that customers ship.
Daniel Schönland
Transparent on the investor-relevant facts.
Our disclosure framework matches what European institutional investors expect. Below are the key reference points; full documentation follows under NDA on request.
Bond prospectus
The CyberBond prospectus contains the binding terms and full risk disclosure. Available on request via secure document delivery; no public download.
Group structure
Full corporate-structure documentation: Delaware parent, Irish holding, Cyprus IP holdco, Irish EU Ops, country GmbHs. See imprint.
Financial reporting
Audited annual accounts of the issuer entity. Bondholders receive annual reports with operational metrics and use-of-proceeds confirmation.
Investor verification
Subscriber eligibility verification per the prospectus framework. Anti-money-laundering checks (KYC/AML) per applicable EU regulations apply at subscription.
Risk disclosure
Total loss of capital is possible. Investments in corporate bonds carry issuer-credit risk. No deposit-protection scheme applies. See risk notice above.
Investor relations
Direct line to investor relations for prospectus requests, document inquiries, and substantive Q&A. 2 business days response standard.
Ready to take the next step?
Submit an inquiry from a verified institutional or qualified-investor address. We'll respond within two business days with the prospectus, the data-room access, and an introduction call with our investor-relations lead.
