Witik

French GRC platform (GDPR + Sapin II + AI Act). Whistleblowing lives inside the Sapin II module; Premium from €100/month.

Typical buyer

French organisations already deploying Witik for GDPR or Sapin II compliance who want the internal alert system in the same platform rather than a separate vendor.

Distinctive features

ISO 27001 and HDS (French healthcare data hosting) certified
Hosting exclusively in France
Public REST API plus a webhook engine (rare among module-based GRC platforms)
Covers GDPR, Sapin II, and the EU AI Act from one platform
3,000+ compliance teams across 7 languages (vendor claim)

Add-ons and conditions

Costs or terms not included in the headline price.

Whistleblowing is not a standalone product — bundled inside the Sapin II module
Premium plans require a 36-month commitment with annual payment
Sapin II Premium (€100/mo) and GDPR Premium (€240/mo) are separate subscriptions
Starter plans are free but feature-limited (e.g. 2 impact analyses, 10 rights requests per year)
Reporting-form EU language coverage not enumerated on public pages

Notable

Founded 2020; positions itself as a “100% French-made” GRC platform.
Modules: GDPR/RGPD, Sapin II (anti-corruption, including internal alerts), and EU AI Act compliance.
Sapin II module bundles four components: internal alerts (whistleblowing), anti-corruption controls, gifts & invitations, and conflicts of interest.
Whistleblowing features: ready-to-use alert form, anonymous reporting, automated deadline tracking, secure two-way communication.
Public API with webhook engine; integrations advertised via these hooks rather than a marketplace.
Certifications: ISO 27001, HDS (French health-data hosting accreditation), plus EcoVadis Bronze (sustainability rating, non-security).
Hosting: France exclusively, on a “cloud de confiance” (trusted cloud) per vendor copy; specific data centre not named.
Site UI available in 7 languages; the EU-language-coverage breakdown for the reporting form itself is not enumerated on public pages.
Starter (free) tier exists on both GDPR and Sapin II modules with sharp limits; Premium subscription is the production tier.
Fits the module-based pattern also represented in the directory by Clym (privacy suite) and osapiens (ESG suite).

Compare Witik with another platform

Direct side-by-side comparisons against other tools in this directory.

See alternatives to Witik →

Facts

Website: www.witik.io (opens in new tab)
Headquarters: France
Hosting: France ('100% french-made platform', vendor copy); no specific data centre published
Founded: 2020
Customers: 3,000+ compliance, risk, and legal teams worldwide (vendor claim)
Pricing: Sapin II (incl. internal alerts / whistleblowing): Starter free; Premium from €100/month ex-VAT for SMEs. GDPR: Starter free; Premium from €240/month ex-VAT.
Premium plans require 36-month commitment with annual payment. 14-day free trial advertised on Premium.
Languages on reporting form: 7
Capabilities: Anonymous reporting ✓
Case management ✓
Multi-channel intake —
Public API ✓
Free trial ✓
GDPR (vendor claim) ✓
EU Directive 2019/1937 (vendor claim) ✓
Certifications: ISO 27001
HDS (Hébergeurs de Données de Santé)
National laws referenced: France (Sapin II / Loi Waserman)
EU Directive 2019/1937
GDPR / RGPD
EU AI Act
Last verified: 17 April 2026
Sources: www.witik.io/en/ (opens in new tab)
www.witik.io/en/legislations/sapin-2-compliance/ (opens in new tab)
www.witik.io/en/features/sapin-2/internal-whistleblowing-system/ (opens in new tab)
www.witik.io/tarifs/rgpd/ (opens in new tab)