You will get DORA & NIS2 Readiness Call — Is Your Architecture Actually Compliant?


Project details
Most DORA and NIS2 compliance projects fail not because the regulation is complex, but because the consultant treated it as a documentation exercise instead of an architecture problem.
I read both regulations at source level: not summaries, not templates. I find the structural gaps that checklist-based approaches miss, the ones that hold up under audit and the ones that do not.
Recent work: DORA-aligned security architecture for Investitionsbank Schleswig-Holstein, developed ahead of German market consensus. ISO 27001 readiness for an global organisation delivered in four months against an industry standard of twelve to eighteen. NBB audit remediation at a regulated insurer: delivered in seven weeks after a Big Four firm spent twelve months without completing it.
Three tiers available depending on where you are in the process: a focused quick scan to identify your highest-priority gaps, a full gap register with risk-ranked findings and remediation roadmap, or a dual-regulation assessment covering both DORA and NIS2 with an architectural analysis and board-ready report.
I work in English, Dutch, German, and Polish. If your compliance needs to hold up under audit, not just on paper
I read both regulations at source level: not summaries, not templates. I find the structural gaps that checklist-based approaches miss, the ones that hold up under audit and the ones that do not.
Recent work: DORA-aligned security architecture for Investitionsbank Schleswig-Holstein, developed ahead of German market consensus. ISO 27001 readiness for an global organisation delivered in four months against an industry standard of twelve to eighteen. NBB audit remediation at a regulated insurer: delivered in seven weeks after a Big Four firm spent twelve months without completing it.
Three tiers available depending on where you are in the process: a focused quick scan to identify your highest-priority gaps, a full gap register with risk-ranked findings and remediation roadmap, or a dual-regulation assessment covering both DORA and NIS2 with an architectural analysis and board-ready report.
I work in English, Dutch, German, and Polish. If your compliance needs to hold up under audit, not just on paper
What's included
| Service Tiers |
Starter
$750
|
Standard
$2,000
|
Advanced
$4,000
|
|---|---|---|---|
| Delivery Time | 5 days | 10 days | 21 days |
Number of Revisions | 0 | 0 | 0 |
Optional add-ons
You can add these on the next page.
Fast Delivery
+$250 - $2,000
usiness Impact Analysis — What Non-Compliance Actually Costs
+$200
Audit Narrative
(+ 1 Day)
+$300
1 review
(1)
(0)
(0)
(0)
(0)
This project doesn't have any reviews.
EZ
Eyar Z.
Nov 5, 2024
CISO Needed for GRC Startup Idea Validation
Lukas provided invaluable insights during our product validation session, bringing a wealth of experience in GRC and TPRM from an in-house perspective. Their feedback was clear, relevant, and highlighted critical areas for us to consider. Highly professional and insightful.
About Lukas
DORA, NIS2, 27k, EU AI Act Architect: Security & Compliance that Works
Berlin, Germany - 10:16 pm local time
I specialise in identifying the structural root cause and delivering solutions that hold up under regulatory scrutiny, not just at filing, but when the auditor comes back.
30 years across financial services, aviation, critical infrastructure, and the public sector. Six European markets. Four languages. Clients include ING Bank, Lufthansa Group, SAP, Federale Insurance, Elsevier, and Investitionsbank Schleswig-Holstein, alongside national rail,
pension funds, law firms, and a Dutch ISP I supported during an active ransomware attack.
What makes the work different: I read regulatory texts at source, not summaries, not third-party interpretations. From DORA to NIS2, ISO 27001, BSI IT-Grundschutz, BaFIN, and the EU AI Act, I find the architectural implications that compliance-focused readers miss. The goal is always the
same: systems that meet requirements by design, not by documentation.
Selected engagements:
- Federale Insurance (Brussels): A Big Four firm deployed eight consultants for twelve months on an NBB audit remediation. The deliverable was incomplete. I identified the structural root cause and delivered the Data Anonymization Governance Framework in 7 weeks.
- Elsevier (Frankfurt): ISO 27001:2022 audit readiness for a global AI publishing platform of 8,600 staff. Delivered in 4 months. Industry standard: 12–18 months.
- Investitionsbank Schleswig-Holstein (Kiel): DORA-aligned security architecture developed ahead of German market consensus, integrating BSI IT-Grundschutz and BaFIN requirements from primary source.
- Dutch ISP (NDA) (Amsterdam): Active ransomware response. 92% data recovery
across VMware and Proxmox environments. Organisation remained operational
throughout. Infrastructure hardened during recovery, not after.
Beyond compliance practice:
I am currently conducting original research into the structural limitations of AI systems that prevent reliable deployment in regulated and safety-critical environments. This work (spanning classical, GPU, and quantum-compatible architectures) is in PCT patent filing across multiple independent invention families. It is the architectural answer to questions thirty years of compliance work raised that no existing technology could answer. For clients navigating EU AI Act obligations, I bring both the governance framework knowledge and the architectural understanding of what
demonstrable accuracy actually requires at the system level.
What I can do for you:
— Regulatory gap assessments (DORA, NIS2, ISO 27001, EU AI Act)
— Security and compliance architecture
— Audit readiness programmes
— Incident response advisory
— AI governance and risk frameworks
— AI systems assessment for regulated industry deployment
— AI adoption consulting: workflow automation, business process optimisation, and secure AI integration for organisations building their first AI capability
I work in English, Dutch, German, and Polish (which matters when navigating regulatory landscapes across multiple European jurisdictions).
My working hours are flexible across time zones. I have served clients in the US, Australia, Asia, and across Africa and Europe.
If you have a clear problem (regulatory, architectural, or AI-related) let's talk. I will find the root cause and solve it correctly.
Steps for completing your project
After purchasing the project, send requirements so Lukas can start the project.
Delivery time starts when Lukas receives requirements from you.
Lukas works on your project following the steps below.
Revisions may occur after the delivery date.
Pre Intake (NDA)
Both parties confirm confidentiality terms. Standard NDA provided; client may substitute their own.
Intake
Client shares documentation and completes scoping questionnaire