Charter of Trust

Digitalization has transformed nearly every aspect of modern life. Today, billions of devices are connected through the Internet of Things. While this creates great opportunities, it harbours even greater risks if we are unprepared. Founded in 2018 at the Munich Security Conference, the Charter of Trust was initiated by Siemens because of increasing daily life exposure to malicious cyber-attacks. Today, its members have transformed it into a unique initiative of leading global companies and organizations working together to make the digital world of tomorrow safer.

That’s why together with strong partners we have signed a “Charter of Trust” – aiming at three important objectives

Protect the data of individuals and companies

Prevent damage to people, companies and infrastructures

Create a reliable foundation on which confidence in a networked, digital world can take root and grow

Our 10 Principles

Cybersecurity concerns all of us

Cybersecurity is and has to be more than a seatbelt or an airbag here; it's a factor that's crucial to the success of the digital economy. People and organizations need to trust that their digital technologies are safe and secure; otherwise they won't embrace the digital transformation. That's why we are signing together a Charter of Trust bearing the principles that are fundamental to a secure digital world.

1.Ownership for cyber and IT security

Anchor the responsibility for cybersecurity at the highest governmental and business levels by designating specific ministries and CISOs. Establish clear measures and targets as well as the right mindset throughout organizations – “It is everyone’s task”.

2.Responsibility throughout the digital supply chain

Companies – and if necessary – governments must establish risk-based rules that ensure adequate protection across all IoT layers with clearly defined and mandatory requirements. Ensure confidentiality, authenticity, integrity, and availability by setting baseline standards, such as

Identity and access management: Connected devices must have secure identities and safeguarding measures that only allow authorized users and devices to use them.

Encryption: Connected devices must ensure confidentiality for data storage and transmission purposes, wherever appropriate.

Continuous protection: Companies must offer updates, upgrades, and patches throughout a reasonable lifecycle for their products, systems, and services via a secure update mechanism.

3.Security by default

Adopt the highest appropriate level of security and data protection and ensure that it is preconfigured into the design of products, functionalities, processes, technologies, operations, architectures, and business models.

4.User-centricity

Serve as a trusted partner throughout a reasonable lifecycle, providing products, systems, and services as well as guidance based on the customer’s cybersecurity needs, impacts, and risks.

5. Innovation and co-creation

Combine domain know-how and deepen a joint understanding between firms and policymakers of cybersecurity requirements and rules in order to continuously innovate and adapt cybersecurity measures to new threats; drive and encourage i.a. contractual Public Private Partnerships.

6. Education

Include dedicated cybersecurity courses in school curricula – as degree courses in universities, professional education, and trainings – in order to lead the transformation of skills and job profiles needed for the future.

7.Certification for critical infrastructure and solutions

Companies – and if necessary – governments establish mandatory independent third-party certifications (based on future-proof definitions, where life and limb is at risk in particular) for critical infrastructure as well as critical IoT solutions.

8. Transparency and response

Participate in an industrial cybersecurity network in order to share new insights, information on incidents et al.; report incidents beyond today’s practice which is focusing on critical infrastructure.

9. Regulatory framework

Promote multilateral collaborations in regulation and standardization to set a level playing field matching the global reach of WTO; inclusion of rules for cybersecurity into Free Trade Agreements (FTAs).

10. Joint initiatives

Drive joint initiatives including all relevant stakeholders in order to implement the above principles in the various parts of the digital world without undue delay.

Partners

Together we will shape Cybersecurity

In order to keep pace with continuous advances in the market as well as threats from the criminal world, businesses and governments need to coordinate their actions in a targeted manner. We are therefore joining forces to protect our democratic and economic values against cyber and hybrid threats. In this charter, the signing partners outline the key principles we consider essential for establishing a new charter of trust between society, politics, business partners, and customers.

Learn more Learn more

Learn more Learn more

Learn more Learn more

To the Partner To the Partner

Learn more Learn more

To the Partner To the Partner

Learn more Learn more

Associated Partners

A strong network supporting our mission

The Associated Partner Forum (APF) brings together regulators, research institutes, universities, and think tanks with the Charter of Trust’s industry partners. Together, we build a trusted network committed to creating a strong digital security environment across the global economy. The APF provides an effective setting to discuss best practices for implementing the Charter’s 10 Principles, to assess cyber trends and developments, and to work together on specific Charter of Trust projects.