macc /
EN FR
Book a meeting
COMPLIANCE

Compliance posture.

As a cyber consultancy, MACC is itself attentive to EU regulations. Here is our current situation, with no claim beyond what we actually hold.

LAST UPDATED
03 May 2026
01 · BELGIAN FRAMEWORK

Belgian-law company

MACC is a company incorporated in Belgium, subject to Belgian law and applicable European law.

Regular bookkeeping, quarterly VAT filing, annual accounts filed with the National Bank of Belgium.

02 · GDPR

Regulation (EU) 2016/679

Documented processing policy (see Privacy).

Hosting and processing exclusively in the European Union.

No third-party trackers, no analytics resold. By-design posture.

Breach notification deadline < 72 h in case of risk to data subjects (Art. 33 GDPR).

03 · NIS2

Directive (EU) 2022/2555

MACC is not an essential or important entity within the meaning of NIS2 (size and sector). The directive does not directly apply to our company.

However, MACC helps clients subject to NIS2 reach compliance (audit, action plan, implementation follow-up). See the Cyber risk & compliance pillar.

04 · DORA

Regulation (EU) 2022/2554

DORA applies to financial entities and their critical ICT providers. MACC does not hold the status of critical ICT provider under DORA.

For engagements with DORA-subject clients, MACC can sign an adapted contractual framework (continuity clauses, audit, exit) on request.

05 · AI ACT

Regulation (EU) 2024/1689

The AI Act does not apply to MACC as a consultancy (we neither provide nor deploy a high-risk AI system for our own commercial use).

The AI Act does, however, apply to several of our clients. MACC supports them on impact assessment, AI system mapping, technical documentation, and LLM governance.

06 · CERTIFICATIONS

What we DO NOT (yet) have

MACC does not, to date, hold an ISO 27001, ISO 27701, SOC 2 Type 2 or equivalent certification. We will not display a badge we are not entitled to.

Our operational security posture (hardened workstations, MFA, centralised access logs, standard NDA, encrypted comm) is publicly documented on the Trust page and contractually auditable on request from a procurement team.

Pursuing a certification is on the roadmap for 2027, depending on portfolio evolution.

07 · VAT & PAYMENT

Commercial framework

Belgian VAT applies under standard rules. Intra-EU reverse-charge for B2B engagements outside Belgium upon presentation of a valid VAT number.

Payment terms defined in the engagement contract (written scoping, fixed quote). No uncapped time-and-materials billing.

A question about this page?

Any request relating to our policies goes by email.

Contact MACC