Publications
2026
Filter by topic

Cyber defence is built before the incident, not enforced after it
2026-07-02 · NIS 2 · DORA · Cyber Resilience Act
ANSSI is navigating four legal regimes and a move from roughly 500 to between 10,000 and 15,000 regulated entities at once. Because enforcement and remediation act only after an incident, real-time cyber defence cannot come from enforcement; it comes from capacity built ahead of need. This is the case for private actors educating, training and tooling ahead of demand, in service of a shared goal rather than a blame game.
Test once, satisfy many: the SWIFT CSCF v2026 7.3A penetration test as a cross-regime exercise
2026-06-24 · SWIFT CSCF · DORA · Penetration testing · PDF · DOI: 10.5281/zenodo.20821217
SWIFT CSCF v2026 sharpens Control 7.3A into a three-scenario, three-year penetration-testing cycle. Designed to a state-of-the-art standard and recorded against a NIST CSF 2.0 spine, one test produces evidence that satisfies DORA, NYDFS Part 500 and OSFI B-13, turning a recurring compliance cost into a reusable resilience evidence asset.
Two regimes, one data estate: governing the EU GDPR and India's DPDP at once
2026-06-06 · GDPR · DPDP · Cross-border data transfer · PDF · DOI: 10.5281/zenodo.20778581
A working GDPR programme already covers roughly seventy per cent of India's DPDP. With the DPDP's substantive duties enforceable from 13 May 2027, about eleven months away, this is a thesis-grade map of the thirty per cent that carries the money and the risk for any organisation subject to both laws.