Most enterprise IT operating models were designed for a world of stable infrastructure, waterfall delivery, and centralised technology ownership. That world no longer exists, and the operating models designed for it are actively obstructing the organisations that still use them.
NIS2 compliance reduces to four operational requirements. This article translates each from regulatory language into specific operational requirements, technology capabilities, and organisational changes that make compliance real rather than documentary.
Cloud strategy has lived in IT for a decade. In 2024 it moves to the board, driven by the convergence of AI capability, regulatory pressure, cost scrutiny, and geopolitical risk that together make cloud a business strategy decision, not a technology one.
Sovereign cloud has moved from a theoretical positioning concept to an urgent enterprise procurement reality. Three forces are converging to make data sovereignty a non-negotiable requirement for increasing numbers of European organisations.
The December 2023 political agreement on the EU AI Act sets the regulatory trajectory for AI deployment across European enterprises. The compliance timeline and the implications for AI investment deserve immediate attention.
The single most strategically significant element of NIS2 is its personal accountability provisions. Management bodies must approve cybersecurity risk management measures and can be held personally liable for infringements.
Security risk quantification is one of the most valuable and most underused capabilities in enterprise security programmes. This is the framework that makes cloud security risk legible to CFOs and boards.
NIS2 does not exist in isolation. EMEA enterprise technology leaders must navigate an overlapping system of directives and regulations with different scopes, different enforcement mechanisms, and different relationships to each other.
One year after ChatGPT’s launch, the enterprise AI landscape has changed dramatically in some dimensions and barely at all in others. The honest assessment that boards need is not the one most technology leaders are giving them.
Board-level security conversations now routinely include shift-left security. The operational reality is that security practice has moved marginally left in most enterprises without the process and cultural change that genuine shift-left requires.