DACTS helps European organisations navigate the evolving landscape of cyber, privacy, and GRC regulation — from NIS2 to GDPR to the EU AI Act — with senior expertise and measurable outcomes.
From initial gap assessment through to Board-ready governance reporting, we deliver structured, practitioner-led programmes across three core disciplines.
Threat-led security programme design, maturity assessment, and control implementation aligned to leading frameworks. From NIS2 technical measures to NIST CSF 2.0 maturity modelling.
Operational GDPR compliance, privacy-by-design embedding, DPIA delivery, and cross-border data transfer structuring. Practical, audit-ready programmes.
Enterprise GRC framework design, risk appetite setting, and Audit Committee–ready reporting. Independent assurance and third-party risk management programmes.
EU AI Act readiness assessment, risk classification, and governance programme design. Helping organisations build compliant, trustworthy AI systems from the ground up.
DORA compliance programmes for financial entities, ICT risk management, incident reporting structures, and operational resilience testing frameworks.
Independent control testing, gap analysis reporting, and pre-audit readiness reviews. Structured deliverables aligned to regulatory inspection expectations.
Enforcement deadlines are here. We help organisations understand their obligations, close gaps, and demonstrate compliance with confidence.
Expanded scope covering Essential and Important Entities across 18 sectors. Mandates Article 21 technical and organisational security measures, incident reporting within 24/72 hours, and supply chain risk management.
The foundational EU privacy regulation. Ongoing compliance, evolving enforcement, and cross-border complexity require sustained operational programmes rather than one-time projects.
A risk-based framework classifying AI systems from prohibited to minimal risk. High-risk systems face conformity assessments, transparency obligations, and human oversight requirements.
Uniform ICT risk management requirements for financial entities and their critical third-party providers. Five pillars: ICT risk, incident management, resilience testing, third-party risk, and information sharing.
We begin with a focused scoping exercise to establish regulatory applicability, define the programme perimeter, and understand your current maturity baseline — quickly, without wasted effort.
Structured control interviews, documentation review, and technical assessment produce a prioritised gap register mapped directly to regulatory obligations and your organisation's risk appetite.
We translate gaps into a quantified maturity model — providing current-state and target-state scores, effort estimates, and a prioritised remediation roadmap with clear ownership.
Hands-on delivery of remediation: policy development, control design, process embedding, and technology guidance. We work alongside your team, not around them.
Board and Audit Committee–ready reporting, RAG dashboards, and evidence packs that demonstrate compliance posture to regulators, auditors, and senior stakeholders.
We are a specialist boutique — not a generalist firm. Every engagement is led by a certified senior consultant with deep regulatory knowledge and hands-on delivery experience.
Over two decades of senior consulting delivery across European financial services, technology, energy, and retail sectors. Deep practitioner knowledge, not theoretical frameworks.
CISA, CRISC, CDPSE, and ISO 27001 Lead Implementer — maintained and current, ensuring regulatory advice is grounded in recognised professional standards.
Based in The Hague with deep familiarity of the Dutch regulatory environment and the broader EU regulatory landscape. Local presence, European reach.
Every deliverable is structured to withstand regulatory inspection — gap registers, maturity models, evidence packs, and Board reports that auditors and supervisors expect to see.
We work inside your programme, not outside it. Control owner interviews, policy drafting, and cross-team coordination — hands-on delivery alongside your people.
Compliance is not a point-in-time exercise. We structure engagements to build internal capability and support continuous improvement beyond the initial programme.
Vikas Gupta is a senior cybersecurity, risk, and compliance leader with over two decades of end-to-end consulting and programme delivery experience. Throughout his career he has worked embedded within some of Europe's and the world's most complex organisations — navigating regulatory change, building security governance frameworks, and translating technical risk into language that resonates at Board and ExCo level.
Vikas spent more than 13 years at Accenture, one of the world's leading professional services firms, where he advised Fortune 500 clients and large European enterprises on cybersecurity strategy, IT risk, data privacy, and compliance transformation. Working across Accenture's global delivery model, he led cross-functional, multi-geography teams — coordinating between technology, legal, compliance, and business stakeholders to deliver programmes that were both technically rigorous and operationally practical.
His consulting career spans financial services, telecommunications, energy, retail, and e-commerce sectors across Europe, Asia, and beyond. He has led assessments and implementations across the full GRC lifecycle — from initial risk appetite definition through control design, independent assurance, and regulatory reporting. He brings particular depth in NIS2, GDPR, NIST CSF 2.0, ISO 27001, and EU AI Act readiness programmes.
Vikas founded DACTS Trust & Compliance B.V. to bring enterprise-grade expertise to organisations of all sizes — combining the rigour and methodology of large-firm consulting with the agility, accountability, and senior attention that only a specialist boutique can deliver.
DACTS draws on a network of senior practitioners and industry leaders who provide strategic guidance, domain expertise, and sector-specific insight to enhance our consulting programmes.
Whether you have an imminent regulatory deadline or are building a long-term compliance programme, we'd welcome a conversation about how DACTS can help.