Five Takeaways from Francis Cepero’s ASIS Europe 2026 Keynote

In February 2026, snow shut down Munich Airport. Scheduled flights could no longer take off, but no buses arrived to take passengers back to the terminals. The drivers had already finished their shift, and no system had detected the connection. 600 passengers were forced to spend the night on the planes.

In October 2024, the DANA floods hit Valencia. Every warning system worked. More than 220 people died because no system turned those warnings into a coordinated response. 

Two events. The same structural failure. And the same gap that exists wherever access control, workforce management, and IT security each operate in isolation. 

That pattern was the central argument of the ASIS Europe 2026 keynote by Primion CEO Francis Cepero. NIS2 will test exactly this gap. Not whether your systems comply individually, but whether they work together under pressure. 

Here are five takeaways for security leaders rethinking their architecture. 

1. The failure point is always structural, never technological 

Neither Valencia nor Munich airport lacked technology. Both had every system they needed. Sensors worked. Alerts fired. Scheduling ran. Access control held. Each system did its job, but none could trigger a response in another. 

That pattern shows up wherever systems operate independently. Corporate campuses. Hospitals. Logistics hubs. Critical infrastructure. Wherever access control, video surveillance, and workforce management each report to different dashboards, the structural gap is the same. 

How confident are you that your systems would behave differently? 

2. Crises compress decision cycles from weeks to hours 

The Cynefin framework, developed by Dave Snowden, maps how situations transition from complicated to complex to chaotic. In a crisis, these transitions compress into hours. Each phase demands a different response. And each response demands real-time visibility across access control, workforce scheduling, and IT security that siloed systems cannot provide. 

Most security architectures were designed for the complicated domain. Clear cause-and-effect. Documented procedures. Escalation paths. They were not designed for the moment a situation turns chaotic and access control, workforce scheduling, and IT security escalate simultaneously. That moment is where the architecture either holds or breaks. 

3. Your dashboard shows data. A crisis demands coordination. 

Dashboards aggregate data, but they do not orchestrate action. You may see an access breach in one system and a workforce anomaly in another. Whether your organisation can connect those signals and act on them in minutes depends on whether your systems share a common identity and data layer. 

Four capabilities determine whether your architecture holds under pressure. Real-time workforce visibility, so you know who is on site. A unified identity layer that covers employees, contractors, visitors, and machines. Converged security across IT, OT, and physical environments. And threat detection that feeds directly into compliance reporting. 

If you already operate a SIEM or a security operations centre, you likely have visibility across access control, workforce, and IT security under normal conditions. But does that visibility hold when all three escalate at once and your team needs to act on information the SIEM was never designed to query? 

4. This is not a concept. It runs in production at enterprise scale. 

Theory is easy. Proof is harder. Frankfurt Airport provides it. An 18-year partnership with Fraport covers 4,302 access control readers across 178 gates, 800 departments, and 81,000 managed identities from 70 nations, each with physical and digital access rights. A second reference, a European infrastructure operator with 250,000 employees, confirms the pattern at a different scale and in a different sector. 

These are not pilot projects. They are production environments where converged operations have been tested under real operational pressure, repeatedly, for years. 

5. NIS2 will test coordination, not compliance 

Most NIS2 preparation treats access management, incident reporting, and risk assessments as separate workstreams. Each is necessary, but none is sufficient on its own. NIS2 Article 21 requires organisations to demonstrate that their security measures function as a system, not just that each measure exists. 

In practice, auditors will not only check whether you have access control. They will ask what happens when a confirmed identity breach requires a response across physical access, IT systems, and workforce scheduling within a defined timeframe. If your answer involves manual handoffs between separate platforms, you have a gap that NIS2 was designed to expose. 

Keynote:
From Access Control to Workforce Advantage: Redesigning Security for the Human Era

Download Presentation

Download Whitepaper

Test your own architecture 

Three questions worth asking before your next tabletop exercise.

1. Can your access control system revoke identities across physical, IT, and OT environments within 15 minutes of a confirmed breach?
2. Does your workforce management system feed real-time presence data into your security operations, or does someone check a spreadsheet?
3. During your last crisis simulation, did your systems respond automatically, or did your team resort to phone calls and email? 

If you answered no to any of these, your systems have capability. What they lack is the connection between them. That gap is where the next crisis, or the next NIS2 audit, will find you.

Frequently Asked Questions

What is converged security?

Converged security brings access control, workforce management, IT security, and physical security into one system. Instead of separate platforms that each handle one domain, converged security operates on a shared identity and data layer, so that a change in one domain triggers the appropriate response across all others. 

What does NIS2 require for security coordination? 

NIS2 Article 21 requires organisations to implement security measures that function as an integrated system. This includes incident response across physical and digital environments, identity management, and access control that works together with IT and OT security. 

How does converged security differ from a SIEM? 

A SIEM aggregates log data and alerts across systems, giving your team visibility across access control, workforce, and IT security under normal conditions. Converged security goes further. It operates on a shared identity and data layer so that a confirmed breach in one domain triggers an automated response across physical access, IT systems, and workforce scheduling. The difference surfaces during a crisis, when your SIEM shows the problem but cannot orchestrate the response.