PropellerAds Renews ISO Security Certification Amidst AdTech Scrutiny

LIMASSOL, Cyprus – March 16, 2026 – In an industry facing heightened regulatory pressure and growing user distrust, global advertising platform PropellerAds has successfully passed its ISO 27001:2022 surveillance audit, reinforcing its commitment to robust information security. The achievement, announced by parent company AdTech Holding, confirms that the platform's Information Security Management System (ISMS) continues to align with rigorous international standards.

While press releases announcing certifications are common, this successful audit arrives at a critical juncture for the digital advertising world. It serves as a significant statement in a market where data governance is no longer a background process but a central pillar of a company's reputation and viability. For a platform that handles billions of daily impressions for its 200,000 partners, demonstrating verifiable security is a crucial differentiator.

"Passing the surveillance audit is a testament to the dedication and professionalism of our teams," stated Farukh Rakhimov, Head of Financial Operations and Compliance Group at AdTech Holding. "Information security is an ongoing commitment, and this result demonstrates our continued progress in strengthening our security posture and maintaining the trust of our partners and stakeholders."

Beyond the Badge: The Rigor of Continuous Compliance

For industry outsiders, the term 'surveillance audit' may not carry the weight of an initial certification, but for security professionals, it is a more telling indicator of a company's true security culture. An initial ISO 27001 certification is a comprehensive, resource-intensive process to establish a compliant ISMS. A surveillance audit, conducted annually or bi-annually, verifies that the system is not just a theoretical framework but is actively maintained, effective in daily operations, and continuously improving.

PropellerAds' audit was against the latest version of the standard, ISO 27001:2022, which was updated to address the modern threat landscape. This new version places a stronger emphasis on cybersecurity and privacy, restructuring its security controls into four key areas: Organizational, People, Physical, and Technological. It introduced 11 new controls specifically designed for contemporary challenges, including threat intelligence, information security for cloud services, data masking, and secure coding. By passing an audit against this updated standard, PropellerAds demonstrates that its security practices are aligned not just with established principles but with the evolving nature of digital risks.

This continuous validation process requires substantial internal effort, involving cross-departmental collaboration to address findings from previous audits, implement corrective actions, and strengthen processes. It signals a shift from a 'set-it-and-forget-it' compliance mindset to one of perpetual vigilance and operational excellence.

A Bulwark in a Storm of Regulatory Fines

The importance of PropellerAds' achievement is thrown into sharp relief by the recent turmoil within the ad tech sector. The past year has been marked by significant regulatory enforcement and costly penalties for some of the industry's biggest names. Just this month, France's highest administrative court upheld a staggering €40 million GDPR fine against ad tech firm Criteo for failing to obtain proper user consent for data processing.

This is not an isolated incident. In February 2026, Disney agreed to a $2.75 million settlement with the California Attorney General over violations of the California Consumer Privacy Act (CCPA), specifically for failing to honor user opt-out requests across all devices and services. The California Privacy Protection Agency also recently fined PlayOn Sports $1.10 million for requiring students to agree to ad tracking without a compliant opt-out mechanism. Even giants like Meta and Google have faced billion-dollar settlements and fines related to user tracking and consent.

These events underscore a clear message from regulators and consumers: lax data handling practices will no longer be tolerated. In this environment, a verifiable, internationally recognized security certification like ISO 27001:2022 acts as a crucial bulwark, providing a framework that helps companies like PropellerAds navigate the complex web of global privacy laws.

Setting a Benchmark for Industry Trust

As data privacy becomes a primary concern for advertisers and publishers, the competitive landscape is being reshaped. Companies are increasingly evaluated not just on performance metrics but on their security and compliance posture. By maintaining its ISO 27001:2022 certification, PropellerAds places itself alongside other security-conscious platforms like Taboola, which also holds the certification, helping to establish a higher benchmark for the industry.

The tangible benefits for PropellerAds' partners are significant. Adherence to the ISO 27001 framework provides a structured approach to fulfilling the "appropriate technical and organizational measures" required by regulations like GDPR. This means that advertisers and publishers working with PropellerAds gain assurance that their partner in the supply chain is proactively managing information security risks. This reduces their own compliance burden and mitigates the risk of being associated with a data breach.

Beyond regulatory alignment, the certification offers practical assurances. It confirms the existence of robust processes for access control, incident response, business continuity, and supplier security management. For an advertiser entrusting a platform with campaign data and budget, or a publisher integrating code into their website, this level of verified security provides a foundation of trust that is difficult to quantify but essential for long-term partnership.

In the end, as the ad tech industry continues to mature under the watchful eye of regulators and a privacy-aware public, actions speak louder than words. Pursuing and maintaining rigorous, third-party-validated security standards is becoming a non-negotiable element of corporate responsibility. PropellerAds' successful audit is more than an internal milestone; it is a clear signal to the market that in the new era of digital advertising, trust must be earned and continually verified.