As Europe’s cybersecurity and AI regulatory landscape accelerates, security teams face the challenge of translating complex legal frameworks such as NIS2, CRA, and the EU AI Act into actionable technical outcomes. This talk unpacks how to operationalise compliance, from SBOMs to Zero Trust, in cloud-native environments. Drawing on real-world lessons from supporting Huawei Cloud’s EU compliance uplift, I’ll walk through practical approaches to risk scoring, mapping controls, and building scalable frameworks that serve both auditors and engineers. Whether you’re a blue teamer or governance lead, you’ll leave with tools and examples to take back to your own org.