The Challenge
In 2024, Ireland’s National Transport Authority (NTA) was appointed as the National Competent Authority (NCA) for implementing the NIS2 directive across the road sector.
At the time of nomination, the NTA faced a blank slate:
- No established team
- No budget allocation
- No finalised legislation
With critical infrastructure—including roads, tunnels, bridges, and digital traffic systems—under its remit, the NTA needed to move fast and build both capability and credibility from the ground up.
Client Overview
The National Transport Authority (NTA) oversees Ireland’s public transport systems and road infrastructure. In 2024, it assumed responsibility for NIS2 implementation across:
- 31 local authorities
- A range of tolling and ITS providers
- Road operators and traffic management bodies
The authority is expected to define and enforce cybersecurity standards across a decentralised, high-risk national network.
Solution
Org’s team supported the NTA in rapidly establishing a fit-for-purpose NIS2 Competent Authority. Key actions included:
- Strategic Foundations:
A one-page plan was created to define objectives and secure FY-25 budget approval within weeks.
- Model Design:
A nine-function operating model was visualised in a single slide, now serving as a inspiration for other Irish regulators.
- Scope Clarity:
A data-backed tiering matrix identified Tier-1 entities representing 80%+ of national impact, enabling prioritised outreach.
- Governance and Resourcing:
A NIS2-specific RACI matrix defined roles clearly, while job profiles were aligned precisely with delivery needs.
- Communication and Engagement:
The CA positioned itself as a collaborator rather than enforcer—engaging early with trusted sector voices to build buy-in.
The Impact
- Fully operational Competent Authority within 12 months
- Regulatory model adopted as a blueprint by other public sector bodies
- Budget certainty secured for the next phase of implementation
- Sector-wide clarity on who’s in scope, and what’s expected
- Roadmap to 2026 audits prepared, including draft self-assessment tools
“Org played a central role in helping us stand up a fully operational NIS2 Competent Authority in less than a year – starting from a blank slate. Their ability for turning complexity into clarity, from a one-page strategic plan to a sector-wide tiering model, gave us the momentum and credibility we needed. Working alongside us in national forums and NCSC-led workstreams, Org’s input helped shape early thinking around sector-specific implementation challenges. Their presence ensured the road sector’s unique needs were well represented, and that our emerging model was both credible and collaborative. Their approach has set a new benchmark for transformation across the sector.”
– Declan Sheehan, Chief Information Officer at National Transport Authority
