EU Regulatory Compliance Experts · The Hague, Netherlands

DACTS

Trust & Compliance B.V.
Navigating the Digital Regulatory Frontier — so your business doesn't have to.

DACTS helps European organisations navigate the evolving landscape of cyber, privacy, and GRC regulation — from NIS2 to GDPR to the EU AI Act — with senior expertise and measurable outcomes.

EU Regulatory Coverage

NIS2 GDPR EU AI Act DORA NIST CSF 2.0 ISO 27001 CIS Controls ENISA
20+
Years senior
consulting experience
4
Professional certifications
(CISA · CRISC · CDPSE · ISO 27001)
Trusted across
Financial Services
Technology & Telecoms
Energy & Utilities
Retail & FMCG
E-commerce & Digital

End-to-end compliance services

From initial gap assessment through to Board-ready governance reporting, we deliver structured, practitioner-led programmes across our core disciplines.

Cybersecurity

Threat-led security programme design, maturity assessment, and control implementation aligned to leading frameworks. From NIS2 technical measures to NIST CSF 2.0 maturity modelling.

NIS2 Article 21NIST CSF 2.0ISO 27001Maturity Assessment

Privacy & Data Protection

Operational GDPR compliance, privacy-by-design embedding, DPIA delivery, and cross-border data transfer structuring. Practical, audit-ready programmes.

GDPRDPIAPrivacy by DesignROPA

Governance, Risk & Compliance

Enterprise GRC framework design, risk appetite setting, and Audit Committee–ready reporting. Independent assurance and third-party risk management programmes.

Risk FrameworksBoard ReportingTPRMAudit Support

AI Governance

EU AI Act readiness assessment, risk classification, and governance programme design. Helping organisations build compliant, trustworthy AI systems.

EU AI ActRisk ClassificationAI GovernanceALTAI

Digital Resilience & DORA

ICT risk management, operational resilience testing, incident classification, and third-party ICT risk. Full-lifecycle DORA readiness for financial entities.

DORAICT RiskResilience TestingTIBER-EU

Compliance Assurance

Independent readiness assessments, control testing, evidence packs, and audit support. Regulator-ready deliverables for internal audit and supervisory review.

AssuranceControl TestingEvidence PacksAudit Support

Deep expertise across EU frameworks

We work with the regulations shaping European digital business today — with programme-level depth and hands-on delivery experience.

NIS2In force · Enforcement escalating

NIS2 Directive

Directive (EU) 2022/2555 · Network and Information Security

Cybersecurity risk management, incident reporting, and management body accountability across essential and important entities. National transposition variances handled — including Cyberbeveiligingswet (NL).

Article 21 measuresIncident reportingSupply chainManagement accountability
GDPRMature · Continuous compliance

GDPR

Regulation (EU) 2016/679 · General Data Protection Regulation

Operational privacy programmes: DPIAs, ROPA, transfer mechanisms, DPO advisory, data subject rights operations, and controller-processor relationships.

DPIAROPASCCs / TransferDSR operations
EU AI ActPhased application 2024–2027

EU AI Act

Regulation (EU) 2024/1689 · Artificial Intelligence Act

AI system inventory, risk classification, prohibited/high-risk analysis, conformity assessment readiness, and governance for GPAI models.

Risk classificationConformity assessmentGPAIAI governance
DORAIn force · January 2025

DORA

Regulation (EU) 2022/2554 · Digital Operational Resilience Act

ICT risk management framework, digital operational resilience testing, ICT third-party risk, and major incident reporting for financial entities.

ICT RiskDORA testingThird-party ICTIncident reporting

A structured, five-stage methodology

Every engagement follows a proven delivery approach — designed to move from assessment to embedded compliance with clarity at every step.

01

Scope & Assess

Regulatory scope confirmation, current-state gap assessment against target frameworks, and materiality-based prioritisation of findings.

02

Design

Target operating model, control library, policy framework, and roles & responsibilities aligned to your organisational structure.

03

Implement

Hands-on implementation working alongside your teams — control design, policy authoring, technical control specification, and process integration.

04

Assure

Independent testing, evidence pack preparation, internal audit interface, and readiness for supervisory or regulatory review.

05

Sustain

Ongoing governance rhythm, KRI/KPI dashboards, control monitoring cadence, and capability transfer for embedded internal ownership.

Professional certifications

CISA — Certified Information Systems Auditor
CRISC — Certified in Risk & Info Systems Control
CDPSE — Certified Data Privacy Solutions Engineer
ISO 27001 Lead Implementer

Industry coverage

Financial Services Technology Telecoms Energy Retail E-commerce FMCG

Senior expertise, delivered directly

DACTS was founded on a simple principle: senior compliance work should be delivered by senior practitioners — not junior consultants operating under distant partner oversight.

20+

Years of consulting experience

Two decades of end-to-end consulting delivery — from Board-level advisory to hands-on control implementation across complex, regulated organisations.

4

Active certifications

CISA, CRISC, CDPSE, and ISO 27001 Lead Implementer — maintained and current, ensuring regulatory advice is grounded in recognised professional standards.

EU

Netherlands-based, EU-focused

Based in The Hague with deep familiarity of the Dutch regulatory environment and the broader EU regulatory landscape. Local presence, European reach.

Regulator-ready deliverables

Every deliverable is structured to withstand regulatory inspection — gap registers, maturity models, evidence packs, and Board reports.

Embedded, not advisory-only

We work inside your programme, not outside it. Control owner interviews, policy drafting, and cross-team coordination — hands-on delivery alongside your people.

Ongoing relationship

Compliance is not a point-in-time exercise. We structure engagements to build internal capability and support continuous improvement.

Meet the Founder

Vikas Gupta
Vikas Gupta
Founder & Managing Director
CISA
CRISC
CDPSE
ISO 27001 Lead Implementer
BE Electronics & Communication
20+
Years of consulting & delivery experience
13+
Years at Accenture serving global clients
4
Active professional certifications
13+ years at Accenture — Senior Manager, Cyber & Risk Practice

Vikas Gupta is a senior cybersecurity, risk, and compliance leader with over two decades of end-to-end consulting and programme delivery experience across Europe and Asia. Throughout his career he has worked embedded within some of the world's most complex organisations — navigating regulatory change, building security governance frameworks, and translating technical risk into language that resonates at Board and ExCo level.

Vikas spent more than 13 years at Accenture, where he advised Fortune 500 clients and large European enterprises on cybersecurity strategy, IT risk, data privacy, and compliance transformation across financial services, telecoms, energy, retail, and technology.

He is currently engaged at Booking.com as NIS2 Programme Manager delivering a cross-country NIS2 and NIST CSF 2.0 maturity programme via Randstad Enterprise / Yacht.

Vikas founded DACTS Trust & Compliance B.V. to bring enterprise-grade expertise to organisations of all sizes — combining large-firm methodology with the agility and senior attention only a specialist boutique can deliver.

Senior consulting delivery at Accenture across Europe, Asia, and global engagements
Led cross-functional, multi-geography teams in complex programme environments
Deep expertise in NIS2, GDPR, EU AI Act, DORA, NIST CSF 2.0, and ISO 27001
Served Board, ExCo, Audit Committee, and regulatory audiences across sectors
Sector coverage: financial services, telecoms, energy, retail, e-commerce, technology
Based in The Hague — deep familiarity with Dutch and EU regulatory environment

Clients Served

Senior consulting engagements delivered across some of Europe's most complex regulated environments — spanning energy, technology, telecoms, FMCG, financial services, and e-commerce.

Shell
Energy & Chemicals
KPN
Telecoms
Booking.com
E-commerce & Travel
IKEA
Retail & Sustainability
BASF
Chemicals & Industry
Mars
FMCG & Consumer
Fontem Ventures
Consumer Products
ABB
Industrial Technology
AT&T
Telecoms & Technology
INGKA Group
Retail & Investments

Client engagements delivered by the DACTS founder over 20+ years of senior consulting — primarily through Accenture, and via subsequent independent and DACTS engagements. Client names are used with reference to engagement history and imply no ongoing endorsement.

Our Advisory Board

DACTS draws on a network of senior practitioners and industry leaders who provide strategic guidance, domain expertise, and sector-specific insight to enhance our consulting programmes.

Vikas Gupta
Vikas Gupta
Founder & Managing Director
20+ years of senior cybersecurity, risk and compliance consulting. 13+ years at Accenture advising global clients across Europe and Asia. CISA, CRISC, CDPSE, ISO 27001 Lead Implementer. Based in The Hague.
CISACRISCCDPSEISO 27001 LINIS2NIST CSF
Vivek Gakhar
Vivek Gakhar
Cybersecurity & Risk Governance
Senior Risk & Cybersecurity Governance Leader with 15+ years across EY, McKesson, and Booking.com. Currently Senior Manager, Risk Governance at Booking.com leading a 36-person cross-regional team. CISA, CIPP/E, CIPM certified. Based in Stuttgart.
CISACIPP/ECIPMNIST CSFNIS2 / DORAISO 27001
Kanan Dhru
Kanan Dhru
Legal Innovation & AI Governance
3x founder and legal innovation builder working at the intersection of law, design, and technology. Founder of Lawtoons and LawForMe. Researcher at The Hague University and Erasmus / TU Delft on AI regulation and public safety. Previously McKinsey, WHO, HiiL. Based in The Hague.
AI GovernanceLegalTechEU AI ActPublic PolicyInnovation

Ready to strengthen your compliance posture?

Whether you have an imminent regulatory deadline or are building a long-term compliance programme, we'd welcome a conversation about how DACTS can help.

Pijlkruidveld 2, 2492 LA Den Haag
vikas.gupta@dacts.nl
KvK: 42043063
DACTS Trust & Compliance B.V.