Publications
DORA

Cyber defence is built before the incident, not enforced after it
2026-07-02 · NIS 2 · DORA · Cyber Resilience Act
ANSSI is navigating four legal regimes and a move from roughly 500 to between 10,000 and 15,000 regulated entities at once. Because enforcement and remediation act only after an incident, real-time cyber defence cannot come from enforcement; it comes from capacity built ahead of need. This is the case for private actors educating, training and tooling ahead of demand, in service of a shared goal rather than a blame game.
Test once, satisfy many: the SWIFT CSCF v2026 7.3A penetration test as a cross-regime exercise
2026-06-24 · SWIFT CSCF · DORA · Penetration testing · PDF · DOI: 10.5281/zenodo.20821217
SWIFT CSCF v2026 sharpens Control 7.3A into a three-scenario, three-year penetration-testing cycle. Designed to a state-of-the-art standard and recorded against a NIST CSF 2.0 spine, one test produces evidence that satisfies DORA, NYDFS Part 500 and OSFI B-13, turning a recurring compliance cost into a reusable resilience evidence asset.