Operating Under Regulatory Pressure

 

A major social media platform operating at European scale was facing growing regulatory pressure around content enforcement timelines. With over 300 million monthly active users globally, the organisation was operating under intense scrutiny from EU and local regulators, with a clear trajectory toward stricter enforcement frameworks, including the Digital Services Act.

​

In this environment, service-level agreements were not an internal performance metric. They were a regulatory obligation. Even a single failure to act within mandated timelines carried the risk of multimillion-euro penalties, legal exposure, and reputational damage.

​

Despite this, delivery had begun to drift. SLA breaches were becoming more frequent, overtime spend was rising without a clear plan, and leadership lacked transparency into why failures were occurring or how to prevent them.

​

When Breaches Became a Warning Sign

 

Concern escalated rapidly as several issues converged:

• Increasing frequency of SLA breaches in sensitive enforcement workflows

• No clear visibility into root causes or ownership when breaches occurred

• Reactive and unplanned overtime spend masking structural capacity gaps

• Growing unease among senior stakeholders about regulatory and reputational risk

​

The client raised the alarm directly, and the engagement was initiated to stabilise delivery before regulatory exposure escalated further.

​

​

​

​

​

​

​​

​

 

​

Conflicting Explanations, No Clarity

 

Early assessments revealed a fractured understanding of the problem.

​

From the client’s perspective, the issue appeared to be poor operational management and inconsistent performance. Delivery teams felt they were operating without clear expectations or stable instructions. Leadership within the delivery organisation attributed failures to individual and team underperformance.

 

None of these explanations were sufficient on their own.

​

What was missing was a shared, objective framework for understanding demand, capacity, and accountability.

​

​

The Structural Causes Behind the Breaches

 

A detailed diagnostic revealed systemic weaknesses:

• No reliable framework for assessing demand against available capacity

• Forecasting that was incomplete or inaccurate, particularly for specialist workflows

• No structured backfilling process when capacity gaps emerged

• Ambiguous or poorly defined SLAs across specialised enforcement areas

• No formal process for SLA monitoring, attribution, or retrospective analysis

 

In short, delivery outcomes were being judged without the systems required to control them. Teams were reacting to incidents rather than operating within a predictable, governed model.

 

A Mandate Focused on Prevention

 

We were brought in as a fixer. The immediate expectation was to stop the breaches.

​

However, it was clear that short-term firefighting would not be sufficient. Preventing SLA failures in a regulated environment required structural change, not just urgency.

​

Our mandate evolved into three clear objectives:

• Prevent SLA breaches before they occurred

• Create transparency into how delivery actually functioned

• Build predictability so risks could be identified and addressed in advance

• ​

We operated with strong client-facing credibility and close alignment with leadership, allowing us to influence both delivery design and governance without formal authority over all components.

​

​

Rebuilding Control Around SLAs

 

The intervention focused on rebuilding control from first principles.

​

We began by redesigning staffing coverage and capacity calculations across workflows, introducing a forecasting model that reflected real demand rather than historical assumptions.

​

Organisational structures were adjusted to ensure accountability for specialist enforcement areas, with clear ownership assigned to SLA-critical paths. Ambiguous SLAs were clarified and standardised to remove interpretation gaps.

​

We deliberately stopped several practices that had been masking risk:

• Estimating demand without a defined process

• Reactive staffing driven by escalation rather than forecast

• Shared or unclear ownership across enforcement steps

• Operating without structured incident retrospectives

​

In their place, we introduced:

• Skills-based staffing and training models

• Continuous monitoring of capacity and demand

• Explicit ownership for SLA compliance

• A connected system that allowed issues to surface early and be addressed deliberately

​

​