Last week one of my teams got an email from a customer. The customer flagged that they and others may start requiring NIS2 compliance from their vendors. NIS2 is a European cybersecurity directive. It is real, it is coming fast, and if you sell into Europe you need to care about it.
My team's response? "Jane is on vacation for two weeks. We will wait for her to get back."
Jane is our compliance expert. She is great at what she does. And she was on a beach somewhere sipping margaritas. She was not thinking about compliance. She should not have been thinking about compliance. That is what vacation is for.
But here is what kills me. The entire team was about to sit on their hands for two weeks because they decided that compliance lives in one person's head and nobody else is allowed to touch it.
That is a silo and a problem that can be fixed today!. I know because I just fixed it with my team. And I am sharing this story because I am challenging you to fix it too.
Nobody Needed Permission. They Needed a License.
My team was not incapable of researching NIS2. They have the same internet I do. They have access to the same AI products I use every day. They had our SOC 2 report sitting in a shared drive. Everything they needed to get a jumpstart was right in front of them.
They did not lack the ability. They lacked the license to step outside their lane. Nobody had ever told them it was okay to pick up a problem that did not have their name on it and run with it.
That is on me. And if your team operates the same way, it is on you.
So I wrote back:
Jane is on vacation for two weeks. Why would we wait for a human when we can start with AI?
Every legal question, every compliance question, every governance question should start with AI. Do the work, get the answer, learn from it, and then take it to the expert and say "do you see any problems here?" I do this all the time with legal matters. It saves a ton of time and I learn something every single time.
We have to stop thinking in silos. Yes, Jane is our compliance expert. But you, armed with AI, can cover across multiple domains and at least get a jumpstart. Then you take that jumpstart to the expert for final approval.
The SOC 2 report is attached if you do not already have it. Everything needed is in there. Run it through Claude. Do the heavy lifting. When Jane is back she reviews and confirms.
I want you to have license to learn and operate across domains. Do not stay stuck in your silo of knowledge. That is not how an AI-first company works.
Kathy
That last line is the one I want you to sit with. Do not stay stuck in your silo of knowledge.
Give your people that license. Tell them out loud. Because if you have not said it, they do not believe they have it.
Figure It Out Moment
Stop waiting. Start wrong.
I am not asking anyone to become a compliance expert overnight. I am asking them to stop treating every unfamiliar question like it is somebody else's problem.
Your first draft will not be perfect. It does not need to be. It needs to exist.
Here is the pattern:
You hit a question outside your domain.
You open AI. You feed it the documents you already have. You do the work.
You learn something. You always do. That is the part nobody talks about.
You take your work to the expert and say: "Here is what I found. What am I missing?"
The expert reviews in 20 minutes instead of starting from scratch over 2 days.