Dublin, Ireland Feb 18, 2026 (Issuewire.com) - A major new research report published today by Professor Kieran Upadrasta warns that the AI governance gap has become a fiduciary crisis — and introduces a groundbreaking framework to address it.
The white paper, titled "Architecting the AI Control Plane: From Perimeter to Portfolio — Enterprise Governance for the Agentic Era," reveals that while 79% of organizations are now deploying AI agents, fewer than 25% have implemented governance frameworks to manage them. The result, according to Professor Upadrasta, is unprecedented regulatory exposure under DORA, NIS2, and the EU AI Act.
The AI Control Plane: A Five-Layer Governance Architecture
At the heart of the report is the AI Control Plane — a five-layer reference architecture designed to provide deterministic, machine-speed governance that traditional models cannot deliver. The five layers are: Board and Executive Governance, the AI Control Plane interception layer, Agent Runtime classification, Identity and Trust Fabric, and Data and Infrastructure. The framework operates across three axes — Velocity, Visibility, and Defensibility — to give boards real-time oversight of AI risk.
Survey of 127 Enterprise CISOs
The report is backed by original research: a survey of 127 Chief Information Security Officers at organizations with over $500 million in annual revenue, conducted via ISACA London Chapter during Q4 2025. Key findings include: 78% of CISOs cite machine identity visibility as a critical governance gap; 89% rate the AI Control Plane approach as effective compared to just 12-23% for traditional governance models; and 54% of organizations are not ready for M&A due diligence on AI governance.
Regulatory Compliance: DORA, NIS2, and EU AI Act
Professor Upadrasta provides detailed guidance on navigating the convergence of DORA (now in effect since January 17, 2025), NIS2, and the EU AI Act — arguing that this regulatory convergence makes AI governance mandatory, not optional. The report includes a regulatory timeline spanning 2025-2027 and warns that organizations without an AI Control Plane face board-level personal liability.
Case Studies Demonstrate Measurable Outcomes
The white paper includes anonymized case studies demonstrating real-world results. A Global Tier 1 Bank with EUR 2.1 trillion in assets and 85,000 employees across 40 countries achieved DORA compliance for over 1,200 AI agents in just 11 months, resulting in zero DORA findings in regulatory examination, a 73% reduction in AI-related incidents, EUR 4.2 million in annual savings, and ISO 42001 certification.
The Point of No Return
The report concludes with a stark warning: by 2030, AI governance maturity will be as visible and as priced as financial controls. Organizations without an AI Control Plane will not merely fail audits — they will fail transactions. The report includes a 24-month implementation roadmap and a Board-Level AI Governance Scorecard for immediate organizational assessment.
Professor Kieran Upadrasta is a cybersecurity executive and advisor with 27 years of experience across enterprise security, risk management, and digital transformation. His career spans Big 4 consulting with Deloitte, PwC, EY, and KPMG, specializing in financial services and banking security. He holds CISSP, CISM, and CRISC certifications and maintains expertise in regulatory compliance frameworks including DORA, SOX, GLBA, HIPAA, and ISO 27001.
https://drive.google.com/file/d/1AbxzhStSVd912Q2qLr_Ub9pD4zqbv6Gk/view
The full white paper is available at: www.kieparis.fr
Legal Disclaimer
The opinions expressed in this article are those of the author and do not necessarily reflect the views or positions of Issuewire.com or its partners. This content is provided for informational purposes only and should not be construed as legal, financial, or professional advice. Issuewire.com makes no representations as to the accuracy, completeness, correctness, suitability, or validity of any information in this article and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.
Media Contact
Kelly SMith info@SchipholUniversity.com +33745516320 https://www.universityofschiphol.com/
