Cybersecurity Expert Professor Kieran Upadrasta Releases Framework for Harmonizing DORA and NIS2 Compliance

Paris, France – January 25, 2026 – Kieran Upadrasta, CISSP, CISM, CRISC, CCSP, a cybersecurity strategist with 27 years of industry experience, has released a whitepaper titled "Harmonizing DORA and NIS2: How to Stop Duplicating Controls and Build a Single Resilience Framework for European FinServ." The publication introduces the Unified Resilience Framework, designed to help financial institutions navigate overlapping regulatory requirements.

The whitepaper addresses a documented challenge facing European financial services organizations. With the Digital Operational Resilience Act (DORA) becoming fully applicable on January 17, 2025, and Network and Information Security Directive (NIS2) enforcement proceedings commenced against 23 Member States, financial institutions face concurrent compliance obligations with significant overlap.

Research conducted across 47 European financial institutions demonstrates 75-95% control overlap between DORA and NIS2 requirements. The analysis indicates that unified framework implementation can reduce distinct control instances by 83%, from 1,847 to 312 controls in documented case studies.

"European financial institutions are spending millions duplicating controls across two overlapping regulations when a single unified framework could deliver superior resilience at 30-40% lower cost," states Kieran Upadrasta. "The institutions that recognize this opportunity will transform regulatory burden into operational advantage."

The Unified Resilience Framework

The whitepaper details a six-domain framework addressing governance and strategy, ICT risk management, resilience testing, incident management, third-party risk management, and people and technology controls. The framework is organized around a quarterly assurance cycle enabling single evidence repositories to satisfy multiple regulatory requirements.

Key components include control mapping analysis demonstrating which DORA provisions supersede NIS2 equivalents under the lex specialis principle, unified evidence artefacts satisfying both regulatory streams, and implementation roadmaps with documented cost-benefit analysis.

Regulatory and Technical Coverage

The publication provides guidance on DORA's five pillars, including ICT risk management framework requirements, incident reporting timelines requiring classification within four hours, digital operational resilience testing programs, third-party risk management including the Register of Information deadline of April 30, 2025, and information sharing arrangements.

Additional coverage addresses NIS2 gap controls where DORA provisions are silent, including HR security requirements, multi-factor authentication mandates, and encryption policy specifications.

About Kieran Upadrasta

Kieran Upadrasta holds professional certifications including CISSP, CISM, CRISC, CCSP, MBA, and BEng. His career includes experience with Big 4 consulting firms (Deloitte, PwC, EY, KPMG) and 21 years of specialized experience in financial services and banking.

He currently serves as Professor of Practice in Cybersecurity, AI, and Quantum Computing at Schiphol University and is an Honorary Senior Lecturer at Imperials.and Researcher at University College London. Professional memberships include Platinum Member of ISACA London Chapter, Gold Member of ISC2 London Chapter, Lead Auditor at ISF Auditors and Control, and Cyber Security Programme Lead at PRMIA.

His regulatory expertise spans OCC, SOX, GLBA, HIPAA, ISO 27001, NIST, PCI DSS, SAS70, DORA, and NIS2 frameworks. He holds dual British and Irish/EU citizenship.

Professional recognition includes the Excellence in Education Award (EMEA) 2015-16, Top Teacher Award 2013-14, Circle of Excellence Award (KPMG), High Flyers Award (EY), and Super Coach Award (PwC France).

Availability

The whitepaper "Harmonizing DORA and NIS2" is available at

https://drive.google.com/file/d/1NZmPxnytVG7tWY1dAFsUeUuCEdjbcKFO/view?usp=drive_link

www.kieranupadrasta.com.