Paris, France Jan 26, 2026 (Issuewire.com) - Regulatory overlap affecting European financial institutions with a structured methodology for unified compliance
Kieran Upadrasta, CISSP, CISM, CRISC, CCSP, a cybersecurity strategist with 27 years of industry experience, has released a whitepaper titled "Harmonizing DORA and NIS2: How to Stop Duplicating Controls and Build a Single Resilience Framework for European FinServ." The publication introduces the Unified Resilience Framework, designed to help financial institutions navigate overlapping regulatory requirements.
The whitepaper addresses a documented challenge facing European financial services organizations. With the Digital Operational Resilience Act (DORA) becoming fully applicable on January 17, 2025, and Network and Information Security Directive (NIS2) enforcement proceedings commenced against 23 Member States, financial institutions face concurrent compliance obligations with significant overlap.
Research conducted across 47 European financial institutions demonstrates 75-95% control overlap between DORA and NIS2 requirements. The analysis indicates that unified framework implementation can reduce distinct control instances by 83%, from 1,847 to 312 controls in documented case studies.
"European financial institutions are spending millions duplicating controls across two overlapping regulations when a single unified framework could deliver superior resilience at 30-40% lower cost," states Kieran Upadrasta. "The institutions that recognize this opportunity will transform regulatory burden into operational advantage."
The Unified Resilience Framework
The whitepaper details a six-domain framework addressing governance and strategy, ICT risk management, resilience testing, incident management, third-party risk management, and people and technology controls. The framework is organized around a quarterly assurance cycle enabling single evidence repositories to satisfy multiple regulatory requirements.
Key components include control mapping analysis demonstrating which DORA provisions supersede NIS2 equivalents under the lex specialis principle, unified evidence artefacts satisfying both regulatory streams, and implementation roadmaps with documented cost-benefit analysis.
Regulatory and Technical Coverage
The publication provides guidance on DORA's five pillars, including ICT risk management framework requirements, incident reporting timelines requiring classification within four hours, digital operational resilience testing programs, third-party risk management including the Register of Information deadline of April 30, 2025, and information sharing arrangements.
Additional coverage addresses NIS2 gap controls where DORA provisions are silent, including HR security requirements, multi-factor authentication mandates, and encryption policy specifications.
About Kieran Upadrasta
Kieran Upadrasta holds professional certifications including CISSP, CISM, CRISC, CCSP, MBA, and BEng. His career includes experience with Big 4 consulting firms (Deloitte, PwC, EY, KPMG) and 21 years of specialized experience in financial services and banking.
He currently serves as Professor of Practice in Cybersecurity, AI, and Quantum Computing at Schiphol University and is an Honorary Senior Lecturer at Imperials.and Researcher at University College London. Professional memberships include Platinum Member of ISACA London Chapter, Gold Member of ISC2 London Chapter, Lead Auditor at ISF Auditors and Control, and Cyber Security Programme Lead at PRMIA.
His regulatory expertise spans OCC, SOX, GLBA, HIPAA, ISO 27001, NIST, PCI DSS, SAS70, DORA, and NIS2 frameworks. He holds dual British and Irish/EU citizenship.
Professional recognition includes the Excellence in Education Award (EMEA) 2015-16, Top Teacher Award 2013-14, Circle of Excellence Award (KPMG), High Flyers Award (EY), and Super Coach Award (PwC France).
Availability
The whitepaper "Harmonizing DORA and NIS2" is available at
https://www.universityofschiphol.com/post/cybersecurity-expert-professor-kieran-upadrasta-releases-framework-for-harmonizing-dora-and-nis2-com
www.kieranupadrasta.com.
Primary Keywords: DORA compliance, NIS2 directive, unified resilience framework, European financial services, regulatory compliance
Secondary Keywords: ICT risk management, cybersecurity governance, digital operational resilience, third-party risk, board reporting
Long-tail Keywords: DORA NIS2 harmonization, financial services cybersecurity, regulatory compliance framework
Legal Disclaimer
The opinions expressed in this article are those of the author and do not necessarily reflect the views or positions of Issuewire.com or its partners. This content is provided for informational purposes only and should not be construed as legal, financial, or professional advice. Issuewire.com makes no representations as to the accuracy, completeness, correctness, suitability, or validity of any information in this article and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.
Media Contact
Kelly Jones info@SchipholUniversity.com https://www.universityofschiphol.com/post/cybersecurity-expert-professor-kieran-upadrasta-releases-framework-for-harmonizing-dora-and-nis2-com
