Compliance is the tax every growing company pays for success. The moment you land an enterprise customer, sign a European contract, or eye expansion into regulated markets, someone asks for your ISO certification. Your SOC 2 report. Your EU AI Act documentation. And suddenly a team of engineers is spending 30% of its time filling out spreadsheets instead of building product.

Stockholm-based Noru wants to end that cycle. The six-month-old startup just raised EUR 560,000 (SEK 6 million) in a pre-seed round led by Ampli Ventures to build what it calls an 'agentic compliance' platform, one where AI agents handle the monitoring, documentation, and workflow management that currently eats engineering hours alive.

A pre-seed round with Andreessen Horowitz's Scout Fund on the cap table. For a compliance startup. In Stockholm. That's a signal worth paying attention to.

Noru wasn't built by compliance consultants. It was built by founders who've felt the pain firsthand. Bip Thelin co-founded Kivra, the Swedish digital mailbox platform used by millions. Therese Ruth founded Hemma. Both built companies that scaled into regulated environments and ran headlong into the compliance bottleneck.

"Compliance should be an enabler, not a barrier," Thelin said. That's not a tagline. It's a diagnosis. When compliance is manual, it becomes a gatekeeper that slows down every business decision. When it's automated and embedded in development workflows, it becomes invisible. And invisible compliance is the kind enterprises will pay for.

The founding team's experience shows in the product design. Noru doesn't bolt compliance on top of existing processes. It embeds regulatory management directly into workflows via APIs, running continuous monitoring rather than periodic audits.

Ampli Ventures led the round. But look at who else is in. Andreessen Horowitz Scout Fund. SSE Business Lab. The DHS angel network. Mark Strande, CISO at Miro, who joins as an angel investor and advisor.

Having a CISO from a global SaaS company as an early advisor isn't decoration. It's market validation. Strande knows exactly what enterprise buyers demand in compliance documentation, and he's betting that Noru can deliver it.

The Andreessen Horowitz Scout Fund participation is notable for a pre-seed in Stockholm. A16z's scouts typically invest in founders they believe are building for global markets. The compliance automation space is crowded in the U.S. but relatively thin in Europe, especially for platforms that understand EU-specific regulatory frameworks.

Noru has onboarded roughly 20 paying customers during its pilot phase, helping them achieve multiple security certifications. For a company that's six months old and just closed its pre-seed, that's an unusually fast commercial traction signal.

The product-market fit indicators are strong for this stage. Enterprise compliance isn't a nice-to-have. Companies don't shop for it. They need it. And they need it on a timeline dictated by their customers' procurement processes, not their own product roadmap. When a Fortune 500 company tells a startup 'show us your SOC 2 or we walk,' the startup doesn't deliberate. It pays.

That urgency is Noru's distribution channel.

Here's what makes the timing interesting. The EU AI Act, which entered into force in 2024, is creating an entirely new category of compliance obligations that most companies haven't begun to address. Any business deploying AI systems in the EU will need to document risk assessments, establish human oversight mechanisms, and maintain ongoing compliance records.

Most existing compliance platforms were built for financial regulation or healthcare. They don't understand AI-specific requirements. A platform that natively handles ISO, SOC, and EU AI Act compliance from day one has a structural advantage over incumbents that need to bolt on new modules.

Noru's 'agentic' approach, where AI agents continuously monitor and update compliance status rather than running periodic manual audits, is particularly suited to AI Act requirements. The regulation demands ongoing compliance, not point-in-time certification. A manual process can't keep up.

The compliance automation space has attracted significant venture investment globally. Drata, Vanta, Secureframe, and others have raised hundreds of millions targeting U.S. enterprises. But Europe's regulatory landscape is different enough that American platforms often feel like they're wearing someone else's suit.

GDPR, the Digital Services Act, the AI Act, and country-specific regulations create a compliance matrix that no single U.S.-built platform handles well. A Stockholm-based team building for European regulatory reality from day one has an advantage that's hard to replicate from San Francisco.

The EUR 560K will fund team expansion across engineering and marketing. It's a small round. But for a company with 20 paying customers and a founding team that's built and scaled Swedish tech companies before, the next round won't be small. The question isn't whether Noru can raise more. It's whether it can hire fast enough to keep up with demand that compliance deadlines are already creating.