ROOTKey, a cyber resilience platform, plans to establish its presence in Germany and the United States in 2026 and expand further into highly regulated sectors, targeting a 200% customer base increase across SMEs and large enterprises.
“The year 2025 was marked by solid product development, sector expansion, and stronger market validation,” Gonçalo Gil, co-founder and CEO of the Lisbon-based startup, told Portugal Startup News.
According to him, the company expanded ROOTKey Platform – built on blockchain technology – across energy, telecom, supply chain, and professional services, with active use cases in auditability and data integrity, among others.
“We are now moving into the defense and financial sectors,” Gil noted, adding that ROOTKey has processed more than four million validated and certified requests in production environments this year.
As for the company’s other 2025 milestones, he highlighted ROOTKey’s recognition across several national and international programs.
These included the Youth Startup Award from Unicorn Factory Lisboa, third place in the Santander X Portugal Awards – startup category, top 15 placements at Unicorn Factory Lisboa’s Portfolio Day and the Startup World Cup Portugal, a top six ranking in the NTT DATA Foundation eAwards, and finalist status in the Global Panda Competition in China.
The rising importance of cyber resilience
Growing cybersecurity risks are reinforcing the need for verifiable and tamper-proof data systems across all sectors. As threats evolve, cyber resilience – the ability to withstand, recover from, and adapt to security incidents – is becoming a fundamental requirement.
The World Economic Forum’s Global Cybersecurity Outlook 2025 highlights the increasing complexity of this landscape and its implications for organizations and governments worldwide.
This complexity is shaped by several converging factors: escalating geopolitical tensions, deepening reliance on opaque and interconnected supply chains, rapid adoption of emerging technologies that introduce new vulnerabilities, expanding regulatory requirements, and a persistent global cybersecurity skills gap that limits the capacity to manage risk effectively.
Artificial intelligence is further amplifying these challenges. Gartner predicts that by 2027, 17% of all cyberattacks will involve generative AI, accelerating both the speed and sophistication of malicious activity.
What ROOTKey provides
Gil described ROOTKey as “a cyber resilience platform that ensures the integrity, authenticity, and validity of information before and after a cyberattack, using blockchain as a trust layer and integrating seamlessly with existing systems.”
He explained that the platform provides immutable recovery points, automated certification of documents and transactions, and real-time verification that supports operational, regulatory, and audit requirements.
The company’s CEO emphasized the adaptability of their system, noting, “Our model is flexible, allowing SMEs to onboard quickly while enabling large enterprises to integrate through APIs, custom modules, or partner implementations, ensuring continuity even in high-risk or high-compliance environments.”
Priorities for 2026
In outlining the company’s next steps, Gil said their strategy for 2026 focuses on scale, compliance adoption, and internationalization.
He added that ROOTKey intends to “expand enterprise integrations in sectors where resilience and regulatory demands under frameworks such as DORA and NIS2 are becoming critical.”
Gil was referring to the Digital Operational Resilience Act (DORA), which sets strict ICT resilience requirements for financial institutions, and the NIS2 Directive, the EU’s updated cybersecurity framework that expands security obligations across critical sectors and requires stronger incident reporting and risk management practices.
In addition, he noted that the company aims to “establish presence in Germany and the United States” and “grow our customer base by 200% through enterprise deployments and SME onboarding.”
SMEs face rising exposure
Small and medium-sized enterprises account for about 90% of businesses and more than half of global employment, according to the World Bank. They are also major drivers of job creation and economic growth, particularly in developing economies.
Despite their economic weight, SMEs remain highly exposed to cyber risk. The World Economic Forum’s Global Cybersecurity Outlook 2025 reports that the increasing complexity of cyberspace is widening the gap between large and small organizations, creating what it describes as “cyber inequity.”
The report also notes that 35% of small organizations now believe their cyber resilience is inadequate – a figure that has increased more than sevenfold since 2022.
ROOTKey says it is addressing this gap by offering SMEs accessible verification and data integrity tools designed to support operational continuity and digital trust.
Platform architecture and capabilities
According to the company, ROOTKey Platform serves as a unified verification layer powered by immutable cryptographic proofs. ROOTKey Developers offers SDKs, APIs, and open documentation for building verifiable data pipelines and integrating the verification engine into existing infrastructure.
ROOTKey Enterprise supports organizations that require private environments, advanced monitoring, and full end-to-end traceability for compliance. The dashboard provides real-time visibility into audit trails, validation flows, system health, and breach recovery analytics.
The expertise shaping ROOTKey’s mission
Founded in 2022 by Gil and CTO Luís Costa, ROOTKey brings together expertise in cybersecurity, operations, and product scaling.
Gil is recognized as one of the top ethical hackers globally and in Portugal, and holds degrees in cybersecurity and management, while Costa has a background in blockchain, cryptography, and AI, with a particular focus on data integrity and zero-knowledge proofs.
ROOTKey states that its mission is to reshape how organizations interact with technology by providing secure, scalable, and resilient tools for environments where data integrity is central to operational continuity.
Featured image: Gonçalo Gil, co-founder and CEO of ROOTKey (Photo courtesy of ROOTKey)
Portugal Startup News 