The ambition was to establish a structured, well-governed, and well-funded NIS2 compliance programme that proactively positioned the organization ahead of regulatory requirements. The goal was to secure executive buy-in, build a unified compliance framework across key markets, and ensure early action on critical risk areas to strengthen the company’s overall cybersecurity and address non-compliance.​

The NIS2 compliance journey followed a three-phase approach, building strategic alignment, governance, and operational readiness; from securing executive commitment to establishing compliance oversight and executing targeted remediation initiatives.​

1. Secured executive approval and funding to ensure strategic commitment and regulatory alignment.​
2. Established a 2nd line programme to interpret NIS2 requirements, provide assurance, and oversee compliance across five key markets.​
3. Launched a 1st line remediation programme with eight projects to close major compliance gaps towards NIS2 compliance.​

The programme successfully secured executive commitment and funding, establishing strong organizational backing for NIS2 compliance with the following:​

• A multi-market compliance framework was implemented across five key markets, providing clarity on regulatory expectations and assurance processes.
• Through eight targeted remediation projects, the company achieved significant risk reduction, closed key compliance gaps, and strengthened operational readiness for the NIS2 directive.
• Anchored a structured process for translating future cybersecurity legislation into ISMS requirements enabling a cost-efficient, scalable, and sustainable approach to future regulatory compliance.​