The Charter of Trust welcomes the opportunity to participate in the European Commission’s public consultation on the revision of the Cybersecurity Act. As a coalition united by the goal of strengthening digital trust, we are pleased to share our consolidated response and recommendations.

We support Policy Option 2, which focuses on targeted regulatory measures that address key challenges without creating unnecessary complexity. In this context, we emphasize the need to enhance the role and resources of ENISA, to ensure effective implementation of both current legislation and the European Cybersecurity Certification Framework (ECCF).

Our recommendations aim to improve transparency, collaboration, and efficiency across the EU’s cybersecurity landscape. These include:

- Introducing clear timelines for the development of certification schemes.

- Enhancing stakeholder engagement throughout the process.

- Establishing more structured communication channels between ENISA, the Stakeholder Cybersecurity Certification Group (SCCG), and sectoral ISACs (Information Sharing and Analysis Centers).

We call for a stronger ECCF, one that is transparent, inclusive, and aligned with international standards to foster global interoperability and ease compliance for organizations across borders. Equally critical is the harmonization of certification practices across EU member states and the mutual recognition of certifications to minimize regulatory fragmentation.

The Charter of Trust advocates for technically robust, standards-based certification schemes, with well-defined roles and responsibilities. We also stress the need for clarity on the interplay between voluntary and mandatory certifications, particularly in relation to the upcoming Cyber Resilience Act (CRA).

To streamline compliance and reduce administrative burden, we propose a unified, risk-based incident reporting regime that consolidates requirements under regulations such as NIS2, CRA, GDPR, and DORA. This would not only simplify reporting for organizations but also enhance the EU’s overall cyber resilience. In addition, we recommend incorporating liability protections and grace periods for incident disclosure.

Finally, we urge the Commission to strengthen supply chain security by adopting a risk-based classification approach and establishing baseline cybersecurity requirements for ICT suppliers.

The Charter of Trust remains fully committed to supporting the European Commission in shaping a secure, resilient, and trusted digital future for Europe. We look forward to continued collaboration in building a cybersecurity framework that meets the needs of all stakeholders, today and in the years to come.

On June 5th, the Charter of Trust convened a high-level workshop dedicated to one of the most pressing challenges in cybersecurity: how to train, attract, and retain the next generation of cyber professionals.

Bringing together representatives from Charter of Trust Partners and external organizations, the session focused on enhancing the Cyber Talent Academy, a growing initiative that is already demonstrating real impact. The workshop was a space for deep exchange, shared purpose, and forward-looking collaboration between cybersecurity and HR professionals.

One key theme ran through every conversation: the cyber skills gap continues to widen, and traditional recruitment methods are no longer enough. To meet growing demand, we must fundamentally rethink how we discover, train, and support talent.

A New Approach to Cyber Talent

The Cyber Talent Academy is emerging as a powerful model for change. By offering alternative pathways into cybersecurity, beyond conventional educational and career tracks, it opens opportunities to individuals from a range of academic, cultural, and professional backgrounds. Participants agreed that the programme holds strong potential for expanding the talent pipeline, increasing diversity, and making cybersecurity more inclusive and resilient.

The workshop discussions underlined several critical insights:

- Relying solely on established recruitment channels will not close the cyber talent gap.
- Tapping into overlooked talent pools, through inclusive outreach, training, and mentoring, creates real business value and aligns with corporate social responsibility goals.
- Stronger collaboration between cybersecurity and HR teams is essential, particularly when it comes to structuring mentorship, supporting life-long learning, and designing modern career pathways.
- Initiatives like the Cyber Talent Academy are already showing higher retention and greater team innovation in participating organizations.

“Attracting, retaining, and developing cybersecurity talent is a challenge faced by nearly every organization today,” says Dr. Sumit Chanda, Co-Chair of the Charter of Trust and COO Group Security & Business Lines CISO at Atos. “The Charter of Trust Cyber Talent Academy offers a bold and innovative response to this challenge.” Dr. Chanda further emphasizes the power of collaboration, between businesses, educators, and governments, as essential to closing the cyber skills gap. He adds, “Expanding access to cybersecurity training, especially for underrepresented communities, isn’t just the right thing to do, it’s smart business. Diverse perspectives are vital to building resilient and secure systems.”

Looking Ahead

This workshop was just the beginning. The energy, expertise, and ideas shared on June 5th are shaping the next phase of the Cyber Talent Academy, and informing how we support our partners in building stronger, more inclusive cybersecurity teams. We’re excited to continue this journey and will be sharing updates on upcoming developments.

Stay tuned. The future of cybersecurity talent is collaborative, diverse, and full of potential.

Yesterday, the Charter of Trust hosted a virtual panel discussion titled “Security by Default in View of Major Cybersecurity Regulations in Asia”, moderated by Sudhir Ethiraj from TÜV SÜD. This discussion brought together leading policymakers and industry experts to delve into the evolving landscape of cybersecurity regulations and foster actionable collaboration aimed at strengthening global cyber resilience.

We extend our heartfelt thanks to our distinguished panellists: Veronica Tan from the Cyber Security Agency of Singapore, S.S. Sarma and Ashutosh Bahuguna from CERT-In, Amitava Mukherjee and Didier Ludwig from Siemens, and Ki Hyun Park from Mitsubishi Heavy Industries.

Their insightful contributions covered the development and implementation of various cybersecurity regulations in Asia, sparking a truly engaging and interactive session. With roughly 80 participants, primarily from Asia, the discussion was enriched by thought-provoking questions from the audience, underscoring the urgent need for such dialogues.

The discussion covered a wide array of crucial topics. The panellists explored various regulatory frameworks that govern critical infrastructure in different Asian countries, examining the importance of establishing baseline requirements and adopting a risk-based approach across various industries to enhance cyber resilience.

A consensus emerged that security by default must be ingrained in the culture, while considering the essential role of regional context for effective implementation.

Thank you to everyone who participated! A recording of the webinar can be found at the bottom of this page.

In the face of rising global cyber threats, over 50 CISOs have called for greater international alignment of cybersecurity regulations to strengthen defenses and reduce fragmentation. This message was echoed at RSAC 2025, where experts from the OECD, European Commission, academia, and industry emphasized the need for principle-based collaboration. The Charter of Trust, a long-time advocate for regulatory harmonization, continues to support coordinated, effective approaches that prioritize clarity over complexity.

We are delighted to welcome Richard Skalt, Advocacy Manager at TÜV SÜD, as the new Leader of the Advocacy Workstream at the Charter of Trust. Richard steps into the role following María del Pino González-Junco, who recently assumed the position of Chair of the Global External Engagement Working Group.

With a strong background in advocacy and a forward-looking vision, Richard brings renewed energy to our mission of shaping a secure digital future. As he puts it:

“My motivation is to preserve and build upon the strong foundation of advocacy activities we’ve developed over the past years. At the same time, I’m committed to ensuring we’re in a position to shape the policies that will define how our business model and operations evolve in the future – including the cybersecurity of products and systems, the use, deployment, and distribution of robust AI solutions, as well as cloud security and secure datacenters.”

In a world defined by accelerating digital transformation and increasingly complex regulatory challenges, principled leadership and effective collaboration are more vital than ever. Under Richard’s leadership, the Advocacy Workstream will continue to engage policymakers, raise public awareness, and strengthen education around key issues such as cybersecurity, AI governance, and secure digital infrastructures.

The Charter of Trust is proud to announce María del Pino González-Junco, Cybersecurity Alliances Manager at Siemens, as the new Chairwoman of the Global External Engagement Working Group. Her appointment marks a significant step forward in our shared mission to advance cybersecurity through strong international collaboration.

Pino’s election follows a dynamic Collaboration Week in Denmark, where Charter of Trust partners from around the world came together to align on strategy, strengthen partnerships, and reaffirm our commitment to a secure digital future. As a longstanding leader within the advocacy workstream, Pino has been instrumental in fostering open dialogue with key external stakeholders and promoting cybersecurity awareness across industries and institutions.

“A reliable digital world can only thrive if public and private institutions build trust and cyber-resilience together, share their expertise, and support society in this digital journey. Those are our goals at the Charter of Trust,” says Pino.

She takes over the role from Sumit Chanda, COO/CISO at Atos, who has guided the working group with vision and energy. We are pleased to share that Dr Chanda has since been elected Co-Chair of the Charter of Trust by the Board of Directors in February—ensuring his continued impact on the initiative’s strategic direction.

We extend our sincere thanks to Sumit for his outstanding leadership and warmly congratulate Pino on her new role.

Collaboration Week 2025: Strengthening Bonds, Shaping the Future

Charter of Trust partners unite in Denmark for a three-day deep dive into cybersecurity collaboration.

Collaboration Week 2025 brought together representatives from all Charter of Trust member organizations for an intensive three-day summit hosted in Denmark. This event serves as a cornerstone of our alliance—an opportunity to connect, align, and advance our shared mission of building a safer digital world.

This year’s agenda was designed to elevate our collective efforts in tackling today’s most urgent cybersecurity challenges. From artificial intelligence and emerging technologies to supply chain security, harmonized regulations, security-by-default practices, and future-focused education and advocacy, the sessions sparked meaningful dialogue and strategic alignment across working groups.

What emerged from these discussions was a powerful reminder: coordinated, purpose-driven collaboration is essential to building and sustaining digital trust. The impact of our joint efforts continues to grow as we share expertise, synchronize our actions, and lead by example.

A heartfelt thank you to Danfoss for hosting this year's event and offering an inspiring behind-the-scenes tour of their data centre. Their hospitality and commitment to innovation set the perfect tone for our discussions.

Strengthening Global Cybersecurity: Charter of Trust’s Thematic Dinner at MSC
At this year’s Munich Security Conference, the Charter of Trust hosted its annual Thematic Dinner, focusing on the theme: “From Cyber Fences to Defences: Reversing Cyber Policy Fragmentation.”

With cybersecurity at the forefront of global security discussions, the event brought together high-ranking representatives from NATO, the European Union Agency for Cybersecurity (ENISA), the European External Action Service, national cybersecurity authorities, military leaders, and parliamentary officials. Their expertise contributed to a series of insightful discussions on strengthening international cyber resilience.

Key Takeaways from the Discussion

The increasing threat of cyber-attacks and disinformation poses a significant risk to economies and democracies. There is an urgent need for a coordinated and robust global response to mitigate these threats and establish clear consequences for malicious cyber activities.

Public-private cooperation plays a crucial role in cyber defence. The private sector possesses essential technological capabilities that must be leveraged to enhance the security of information systems, economic infrastructure, and democratic institutions.

Artificial intelligence is emerging as a critical battleground in cybersecurity. Protecting critical infrastructure with quantum-cryptographic security will be essential to counter evolving cyber threats effectively.

This event marked the conclusion of an exceptionally productive month for the Charter of Trust, which included:

This dinner was the perfect end for a very successful month in which the Charter of Trust held its Board of Directors meeting electing new co-chairs, the Security by Default working group published its sixth report (available on our website) and held a high-level panel discussion at Hashtag#MCSC, and several CISOs and CSOs from the Charter of Trust Partners published a playbook talking about cybersecurity and hybrid threats.

Cyber Resilience Took Center Stage at Munich Cyber Security Conference 2025

The Charter of Trust is proud to have organized a panel discussion on cyber resilience at this year's edition of the MCSC, bringing together some of the brightest minds in cybersecurity for a high-impact panel discussion: "A Practitioner’s Guide to Resilient Infrastructure Today & Tomorrow."

A Power-Packed Session

The session kicked off at 10 AM with Dr. Sumit Chanda, Group CISO at Eviden and Co-Chair of the Charter of Trust, introducing the alliance and setting the stage for an insightful discussion.

Next, the Charter’s latest report, "Security by Default in View of Major Cybersecurity Regulations," was presented by Sudhir Ethiraj, Global CSO & CEO Business Unit Cybersecurity Services (CSS) at TÜV SÜD. This report provides critical insights into aligning security practices with evolving regulatory landscapes.

One of the highlights of the session was a keynote from Mikko Hyppönen, Chief Research Officer at WithSecure and a global leader in the fight against cybercrime. With decades of experience at the frontlines of cybersecurity and IoT security, Mikko offered a compelling perspective on the rising threats we face today.

Joining him on the expert panel were:

- Lars König, Technical SOC Lead at Allianz

- Natalia Oropeza, Chief Cybersecurity Officer at Siemens

- Sudhir Ethiraj, Global Head of Cyber, TÜV SÜD

The panel, moderated by Dr. Ralf Schneider, Senior Fellow and Head of Cybersecurity & NextGenIT Think Tank at Allianz and Co-Chair of the Charter of Trust, explored the evolving cyber threat landscape and strategies for building resilient digital infrastructure.

Key Takeaways from the Experts

🔹 Mikko Hyppönen: "Cyber attacks aren’t just bad luck; they target vulnerabilities. Ransomware gangs have grown into cybercrime unicorns, while nation-state attackers focus on espionage and sabotage—with North Korea being the only country using cybercrime for financial gain. In today's world, data is the most valuable asset, and if data is the new oil, AI is the new refinery."

🔹 Sudhir Ethiraj: "Security by Default is more than just products—it’s about processes and organizational strategy. The Charter of Trust has set baseline cybersecurity requirements aligned with global regulations and OECD standards. Our biggest challenge? The explosion of overlapping cybersecurity regulations worldwide, none of them harmonized. We work together to bridge this gap."

🔹 Natalia Oropeza: "You cannot protect everything equally. Identify your most critical infrastructure—factories, IT applications, and business-driving processes—and prioritize their defense. Assume breaches will happen and prepare for infrastructure disruptions."

🔹 Lars König: "Understanding an adversary’s intent is crucial. Cyber threats range from espionage to financial attacks and pure disruption—each requiring a different response. The good news? We have more infrastructure and visibility than our adversaries. Our NetWatch community deploys attack sensors worldwide, tracking attackers in real time to take proactive action."

A Call to Action

This discussion made one thing clear: cyber resilience is a collective effort. To stay ahead of threats, organizations must collaborate, innovate, and implement proactive defense strategies.

With over 60 industry leaders in attendance, this session was a milestone in strengthening the global external engagement of the Charter of Trust, which remains committed to leading the charge in securing the digital future.

We are honoured to announce that Dr. Ralf Schneider, Senior Fellow and Head of Cybersecurity and NextGenIT Think Tank at Allianz and Dr. Sumit Chanda, Chief Operating Officer at Atos Group Security have been elected as new co-chairs of the Charter of Trust during our last Board of Directors meeting in Munich.

The Partners and Associated Partners thanked Natalia Oropeza, Global Chief Cybersecurity Officer at Siemens, for her engagement and steady leadership during her term as Chairwoman. In her tenure, the Charter of Trust underwent important internal and external changes. What first stands out is the smooth integration of the four working groups, which made the Charter of Trust more agile, leaner and more efficient. It is also safe to say that the alliance has never had such a high level of exposure externally, due to the Charter of Trust partners continuous dedication to the mission of the alliance.

In the spirit of industry collaboration, Natalia Oropeza expressed her support to our new Co-Chairs and said how “incredibly proud of what we have achieved together, welcoming new partners, strengthening our structure, and elevating the Charter of Trust's impact on the global cybersecurity landscape. Collaboration has been at the heart of our success, and I am confident that Dr. Sumit Chanda and Dr. Ralf Schneider as Co-Chairs, the Charter will continue to drive meaningful progress towards a more secure digital world."

For the first time in its history, the Charter of Trust will be co-chaired. Dr. Ralf Schneider from Allianz and Dr. Sumit Chanda from Atos who have decades of experience in the world of cybersecurity and have been active within the alliance for several years now. Both unite an intrinsic motivation to foster inter- and intra-sector collaboration as well as the continuous sharing of knowledge between the Partners and Associated Partners of the Charter of Trust.

For the next year the co-chairs aim to amplify the number of Partners and Associated Partners. This growth, however, should still preserve the unique features of the Charter of Trust as a large practitioner organization with member from all over the world. Expanding into new sectors and new countries is a key target for the new leadership team, so that the Alliance can continue to engage with stakeholders at the highest level.

Dr. Sumit Chanda underlined that “The Charter of Trust’s role is to promote a safe and trusted digital work.  Its unique partnership blend of large organisations, working across 190 countries, and across several sectors, has enabled it to make significant progress under the leadership of Mrs. Natalia Oropeza.  I would like to thank her for these great achievements.  Along with Dr. Ralf Schneider from Allianz, we welcome the opportunity to build on her work as the Co-Chairs of Charter of Trust.”

Ralf Schneider added that “In dynamic times with more risks, more uncertainty, and more unknowns, we as the Charter of Trust step up – to provide stability, promote reliability, and foster trust. This is our mission today and tomorrow.”.

Navigating Cybersecurity in an Era of Hybrid Threats

As hybrid threats continue to evolve, cybersecurity has never been more critical. The latest Charter of Trust report, launched at the Munich Security Conference, presents exclusive insights from leading CISOs and CSOs across our Partner network. This report provides a comprehensive analysis of the shifting threat landscape and the strategic actions necessary to enhance global resilience.

Key Insights from the Report

- The Growing Threat Landscape: Cyber adversaries are emerging across the globe, leveraging increasingly sophisticated tactics. Advanced threat detection and multi-layered defense strategies are no longer optional but essential.

- Breaking Down Security Silos: Cyber threats are constantly evolving—organizations cannot afford to wait. A proactive, collaborative approach is critical, fostering open dialogue across industries and sectors.

- Leadership in Collective Defense: Multinational corporations have a unique responsibility to lead in both technical defense and talent development, while also advancing zero trust architectures to mitigate risks effectively.

Collaboration as the Foundation of Cyber Resilience

The experiences of Charter of Trust partners highlight the importance of collective action in addressing the complexities of hybrid threats. Operating in high-stakes environments, these organizations provide valuable lessons for improving industry-wide preparedness.

A Call for Unified Action

Hybrid threats do not recognize national or industry boundaries—our response must be equally interconnected. As both prime targets and key defenders, multinational corporations are uniquely positioned to drive unified, strategic action. Initiatives like the Charter of Trust serve as a model for global collaboration, strengthening the cybersecurity ecosystem and paving the way for a more secure future.

We extend our gratitude to the CISOs and CSOs who contributed their expertise to this publication, including: Kyle Oetken (AES), Haydn Griffiths (Allianz), Paul Bayle (Atos), Christoph Peylo (Bosch), Morten Pors Simonsen (Danfoss), Koos Lodewijkx (IBM), Raphael Otto (Infineon), Natalia Oropeza (Siemens), Norbert Vetter (TÜV SÜD)

Navigate the Cybersecurity Regulation Maze with Ease

The Charter of Trust is here to simplify the complexity and guide you through the ever-evolving regulatory landscape.

In today's digitized world, cybersecurity plays a pivotal role in maintaining global stability, economic resilience, and individual privacy. Various regulations have been implemented to safeguard individuals, businesses, and infrastructure from ever-evolving cyber threats. Each regulation, while differing in scope and focus by region, aims to protect against breaches, data leaks, and other malicious activities that could disrupt operations and compromise sensitive information.

At the heart of the Charter of Trust lies a commitment to sharing best practices. Our Security by Default Working Group has meticulously analyzed vast amounts of regulatory texts to provide a clear and concise overview of security by default adoption across key global regions.

Stay Ahead of Cyber Risks with Expert Insights

Our latest report is a vital resource for organizations aiming to effectively manage cybersecurity risks and protect their assets. Covering major regulations from the European Union, India, Japan, People's Republic of China, Singapore, the United Kingdom, and the United States, this report offers valuable insights into compliance requirements worldwide.

The principle of Security by Default, as advocated by the Charter of Trust, provides a universal standard for organizations to meet compliance requirements effectively. By embedding security measures from the outset, organizations can ensure compliance with regulations, foster trust with customers, safeguard their operations, and strengthen their market position. This approach not only helps organizations meet their legal obligations but also enhances their reputation and competitive advantage.

Strengthen Compliance, Build Trust, and Gain a Competitive Edge

By embedding security measures from the outset, businesses can:
- Ensure compliance with international regulations
- Build and maintain trust with customers and stakeholders
- Safeguard operations from cybersecurity threats
- Strengthen their market position with a proactive security approach

The publication shows that regulators worldwide have taken different approaches to pursuing common cybersecurity goals, leading to varied and sometimes conflicting regulatory frameworks. This complexity can make it challenging for organizations to navigate the cybersecurity landscape and ensure compliance with all relevant regulations.

This document serves as a roadmap to better navigate this complex landscape, thereby highlighting the benefits of aligning current cybersecurity regulations worldwide. It supports the Charter of Trust's mission to create a secure digital environment for innovation. By following the guidelines outlined in this document, organizations can effectively manage their cybersecurity risks, protect their assets, and contribute to a more secure digital world.

Don't get lost in the regulatory jungle — get the clarity you need today and download the full report below