Paris, France – January 26, 2026 – Addressing regulatory overlap for European financial institutions with a structured approach to unified compliance

Kieran Upadrasta, CISSP, CISM, CRISC, CCSP—a cybersecurity strategist with 27 years in the industry—has published a whitepaper called “Harmonizing DORA and NIS2: How to Stop Duplicating Controls and Build a Single Resilience Framework for European FinServ.” The paper presents the Unified Resilience Framework, created to help financial institutions manage overlapping regulatory demands.

The whitepaper tackles a well-documented issue for European financial services firms. As the Digital Operational Resilience Act (DORA) takes full effect on January 17, 2025, and enforcement actions have started against 23 Member States, financial institutions are dealing with simultaneous compliance requirements that heavily overlap.

Research on 47 European financial institutions shows 75-95% control overlap between DORA and NIS2 rules. The analysis finds that using a unified framework can cut unique control instances by 83%—from 1,847 to 312 controls in recorded case studies.

“European financial institutions are spending millions to duplicate controls across two overlapping regulations, but a single unified framework could provide better resilience at 30-40% less cost,” says Kieran Upadrasta. “Institutions that see this opportunity will turn regulatory pressure into an operational edge.”

The Unified Resilience Framework

The whitepaper outlines a six-domain framework covering governance and strategy, ICT risk management, resilience testing, incident management, third-party risk management, and people and technology controls. The framework is built around a quarterly assurance cycle that allows single evidence stores to meet multiple regulatory needs.

Key elements include control mapping analysis showing which DORA provisions take precedence over NIS2 equivalents under the lex specialis principle, unified evidence assets that meet both regulatory paths, and implementation plans with written cost-benefit analysis.

Regulatory and Technical Coverage

It offers guidance on DORA’s five pillars, such as ICT risk management framework requirements, incident reporting timelines that demand classification within four hours, digital operational resilience testing programs, third-party risk management (including the Register of Information deadline of April 30, 2025), and information sharing agreements.

Extra coverage deals with NIS2 gap controls where DORA has no rules, like HR security requirements, multi-factor authentication mandates, and encryption policy details.

About Kieran Upadrasta

Kieran Upadrasta has professional certifications including CISSP, CISM, CRISC, CCSP, MBA, and BEng. His career includes work at Big 4 consulting firms (Deloitte, PwC, EY, KPMG) and 21 years of focused experience in financial services and banking.

He currently serves in Cybersecurity, AI, and Quantum Computing at Schiphol University and is an Honorary Senior Lecturer at Imperials and Researcher at University College London. His professional memberships include Platinum Member of the ISACA London Chapter, Gold Member of the ISC2 London Chapter, Lead Auditor at ISF Auditors and Control, and Cyber Security Programme Lead at PRMIA.

His regulatory knowledge covers OCC, SOX, GLBA, HIPAA, ISO 27001, NIST, PCI DSS, SAS70, DORA, and NIS2 frameworks. He has dual British and Irish/EU citizenship.

Professional awards include the Excellence in Education Award (EMEA) for 2015-16, Top Teacher Award for 2013-14, Circle of Excellence Award (KPMG), High Flyers Award (EY), and Super Coach Award (PwC France).

Availability

The whitepaper can be found at

https://www.universityofschiphol.com/post/cybersecurity-expert-professor-kieran-upadrasta-releases-framework-for-harmonizing-dora-and-nis2-com

www.kieranupadrasta.com.

Primary Keywords: DORA compliance, NIS2 directive, unified resilience framework, European financial services, regulatory compliance

Secondary Keywords: ICT risk management, cybersecurity governance, digital operational resilience, third-party risk, board reporting

Long-tail Keywords: DORA NIS2 harmonization, financial services cybersecurity, regulatory compliance framework

Legal Disclaimer

The opinions in this article are the author’s and not necessarily those of Issuewire.com or its partners. This content is for informational purposes only and shouldn’t be taken as legal, financial, or professional advice. Issuewire.com doesn’t guarantee the accuracy, completeness, correctness, suitability, or validity of any information here and won’t be liable for errors, omissions, delays, or any losses, injuries, or damages from using or displaying this information. All information is provided as-is.