Board-level accountability, risk appetite architecture, and governance for regulated enterprises under NIS2 and DORA.