M&A Secure Landing Zone for Automated Unstructured Data Migration (NO, FI, SE, DK)

1. Summary

This initiative establishes a secure, automated Landing Zone to manage ingestion, scanning, validation, documentation, and controlled transfer of unstructured data from OneDrives, file shares, and external or legacy sources. The Landing Zone enforces Group Security requirements for malware scanning, file-type controls, encryption, access management, retention, and governance.

This capability is mandatory for all upcoming M&A activities where data migration is involved. Acquired companies frequently deliver large amounts of unstructured data, and without a standardized landing process, the risk of transferring malicious, non-compliant, or irrelevant data into Ahlsell’s environment is significant. As highlighted in internal communication, if security requirements are not met, the associated risks must be formally understood, accepted, and approved by the appropriate risk owner — potentially Group-level leadership.

2. Business Purpose

Unstructured data represents one of the largest security and compliance risks during migrations and M&A onboarding. This initiative ensures that Ahlsell Group:

• Maintains control over incoming data from acquired entities

• Eliminates the risk of importing malicious files

• Ensures all data adheres to GDPR, NIS2, and internal Group Security requirements

• Minimizes manual handling and human error

• Supports scalable onboarding of future acquisitions

Structured data (such as ERP exports, system tables, databases) is generally considered safe, due to controlled schema, consistent export logic, and lower security exposure. The Landing Zone is optimized specifically for unstructured data, where file unpredictability creates high risk.