A senior-led compliance practice.
Advisors on GDPR, NIS2, EU AI Act, DORA and AML. The team includes privacy lawyers, certified compliance officers, ex-regulators and security architects. Direct delivery in eleven European jurisdictions. Every engagement is led by a partner.
Six years. One discipline.
We started narrow on purpose. Compliance is the only practice we cover. It is the only thing we have to be the best at.
Founded
Two years post-GDPR, with NIS2 in draft. Founding partners came from in-house compliance leadership roles across pharma, banking and telecommunications. The firm was set up as a senior-only practice from day one.
Healthcare, then finance
First engagements in regulated sectors with supervisory consequences and fines. Stood up the outsourced DPO and CISO offerings clients still rely on today.
Cross-border practice
Began advising on NIS2 transposition across CEE and DACH. Coverage extended to all eleven jurisdictions where we now hold direct delivery.
AI Act readiness
Stood up the AI governance practice ahead of phasing. Ran the first conformity assessments for foundation-model providers and high-risk Annex III deployments before the deadlines existed.
Today
Senior-led across privacy, cybersecurity, AI and financial regulation. Twenty-two practitioners, named DPO for clients in eleven jurisdictions, growing only at the pace partners can lead the work.
What we hold to.
Six commitments that shape how we scope, staff and run an engagement. They are also the questions we wish more clients asked us before signing.
Senior-led, by default.
Every engagement is named to a partner. The person who scopes the work is the person who delivers it. Headcount stays below the work, never above.
Evidence-based recommendations.
We work to the regulator's evidence standard. Every recommendation traces to a citation. Every control traces to a test.
Operational programme delivery.
Compliance programmes require day-to-day execution. We run the obligations through to handover, when the in-house function can operate independently.
Independent of the toolchain.
No software resale. No platform partnerships paying commission back to us. Controls are selected based on regulatory requirements.
Confidentiality from day one.
Compliance work touches everything sensitive. We sign the NDA before the scoping call. Internally we are ISO 27001 certified for client-data handling.
Measured growth.
We hire only when a partner is ready to lead a new practice line. Growth is paced by senior capacity.
Where we hold standing.
Memberships, certifications and registrations. The ones supervisors check before they take a call from us.
We hire when we can lead the work.
Senior practitioners only. Privacy, cybersecurity, AI governance, financial compliance. If you have led a programme in-house and want to do that for clients without a leverage pyramid above you, talk to us.
See open roles3 OPENFree initial meeting, 30 minutes
We assess your current state, identify your biggest risks, and deliver a roadmap with 90-day priorities. We respond within 24 hours.