At the Munich Security Conference 2019, the 16 global partners of the Charter of Trust look back on a successful first year and set ambitious goals for 2019.
The 16 global partners of the Charter of Trust
At the Munich Security Conference in February 2018, nine organizations signed the world’s first joint charter for greater cybersecurity. A year on, the Charter of Trust has grown to 16 members. In addition to Siemens and the Munich Security Conference, the signatories include AES, Airbus, Allianz, Atos, Cisco, Daimler, Dell Technologies, Deutsche Telekom, Enel, IBM, NXP, SGS, Total and TÜV Süd. Now, the Charter of Trust welcomes two government authorities to its ranks as associate members for the very first time: the BSI German Federal Office for Information Security, which is one of the most relevant institutions for cybersecurity experts and the CCN National Cryptologic Center of Spain. CCN is an agency of the Spanish State annexed to the National Intelligence Center. In addition, the Graz University of Technology in Austria will be joining the charter as an associate member. The team there focuses on cybersecurity research and for instance was one of the teams that discovered the IT vulnerabilities “Meltdown” and “Spectre”. The associate partner is a new format, through which the Charter opens up for important government representatives, universities and think tanks for cooperation. A benefit to such organizations is that they can cooperate on specific projects without having to become full members with all rights and duties.
“In the age of the internet of things, the cybersecurity is a crucial task. Our Charter of Trust initiative is a very important first step,” said Joe Kaeser, CEO of Siemens. “We’re open to many more partners. Cybersecurity is the key enabler for successful digital businesses as well as protecting critical infrastructure. We hope that this initiative will lead to a lively public awareness and, ultimately, to binding rules and standards.”
An area of early and intense focus has been security of supply chains. Third party risks in supply chains, are becoming a more prevalent issue and are the source of 60 percent of cyberattacks, according to Accenture Strategy. Charter of Trust member companies have worked out baseline requirements and propose their implementation for making cybersecurity an absolute necessity throughout all digital supply chains. These requirements address all aspects of cybersecurity – including people, process and technology. Examples of these requirements include:
- Data shall be protected from unauthorized access throughout the data lifecycle.
- Appropriate level of identity and access control and monitoring, including third parties, shall be in place and enforced.
- A process shall be in place to ensure that products and services are authentic and identifiable.
- A minimum level of security education and training for employees shall be regularly deployed.
Charter of Trust members are establishing a risk-based methodology for implementing these requirements in their own supply chains, involving supply chain partners in the process.
In 2018 Charter of Trust round tables worldwide enabled an in-depth exchange between policy makers and the Charter partners. Governments and industry are aligning at the global, regional and national levels in the pursuit of common security goals. The “Paris Peace Call for Trust & Security in Cyberspace” presented in November 2018 by French President Emmanuel Macron is a clear commitment to form and achieve stability in cyberspace and confirms the willingness to work together to define and implement international cybersecurity principles. Content wise, the Paris Peace Call shares key tenets with the Charter of Trust principles and the partners look forward to seeing them reinforced further at the forthcoming G7 summit. Also, the new EU Cybersecurity Act was an important step towards strengthening cyber institutions and providing a framework to develop cyber certifications. The Charter of Trust members look forward to bringing their expertise to bear in the development of the certifications as implementation gets underway in 2019.
The Charter of Trust has set ambitious goals for 2019. Besides deepening and expanding the policy dialog, members plan to advance two topics: “Cybersecurity by Default” and “Education” – meaning predictive cybersecurity settings embedded in products and other environments, and global continuing training efforts both inside and outside companies. According to the Center for Strategic and International Studies, threats to cybersecurity in 2018 caused 500 billion euros in losses worldwide. And threats to cybersecurity are constantly on the rise as the world digitalizes further: according to Gartner, 8.4 billion networked devices were in use in 2017 – 31 percent more than in 2016. The figure is expected to rise to 20.4 billion by 2020.
Download
PREVIOUS POST
Cybersecurity Awareness Month
NEXT POST
Contribution to the EU Commission Public Consultation on the revision of the Cybersecurity Act
You may also like
External Engagement
Contribution to the EU Commission Public Consultation on the revision of the Cybersecurity Act
The Charter of Trust welcomes the opportunity to participate in the European Commission’s public consultation on the revision of the Cybersecurity Act. As a coalition united by the goal of strengthening digital trust, we are pleased to share our consolidated response and recommendations.
We support Policy Option 2, which focuses on targeted regulatory measures that address key challenges without creating unnecessary complexity. In this context, we emphasize the need to enhance the role and resources of ENISA, to ensure effective implementation of both current legislation and the European Cybersecurity Certification Framework (ECCF).
Our recommendations aim to improve transparency, collaboration, and efficiency across the EU’s cybersecurity landscape. These include:
- Introducing clear timelines for the development of certification schemes.
- Enhancing stakeholder engagement throughout the process.
- Establishing more structured communication channels between ENISA, the Stakeholder Cybersecurity Certification Group (SCCG), and sectoral ISACs (Information Sharing and Analysis Centers).
We call for a stronger ECCF, one that is transparent, inclusive, and aligned with international standards to foster global interoperability and ease compliance for organizations across borders. Equally critical is the harmonization of certification practices across EU member states and the mutual recognition of certifications to minimize regulatory fragmentation.
The Charter of Trust advocates for technically robust, standards-based certification schemes, with well-defined roles and responsibilities. We also stress the need for clarity on the interplay between voluntary and mandatory certifications, particularly in relation to the upcoming Cyber Resilience Act (CRA).
To streamline compliance and reduce administrative burden, we propose a unified, risk-based incident reporting regime that consolidates requirements under regulations such as NIS2, CRA, GDPR, and DORA. This would not only simplify reporting for organizations but also enhance the EU’s overall cyber resilience. In addition, we recommend incorporating liability protections and grace periods for incident disclosure.
Finally, we urge the Commission to strengthen supply chain security by adopting a risk-based classification approach and establishing baseline cybersecurity requirements for ICT suppliers.
The Charter of Trust remains fully committed to supporting the European Commission in shaping a secure, resilient, and trusted digital future for Europe. We look forward to continued collaboration in building a cybersecurity framework that meets the needs of all stakeholders, today and in the years to come.
We support Policy Option 2, which focuses on targeted regulatory measures that address key challenges without creating unnecessary complexity. In this context, we emphasize the need to enhance the role and resources of ENISA, to ensure effective implementation of both current legislation and the European Cybersecurity Certification Framework (ECCF).
Our recommendations aim to improve transparency, collaboration, and efficiency across the EU’s cybersecurity landscape. These include:
- Introducing clear timelines for the development of certification schemes.
- Enhancing stakeholder engagement throughout the process.
- Establishing more structured communication channels between ENISA, the Stakeholder Cybersecurity Certification Group (SCCG), and sectoral ISACs (Information Sharing and Analysis Centers).
We call for a stronger ECCF, one that is transparent, inclusive, and aligned with international standards to foster global interoperability and ease compliance for organizations across borders. Equally critical is the harmonization of certification practices across EU member states and the mutual recognition of certifications to minimize regulatory fragmentation.
The Charter of Trust advocates for technically robust, standards-based certification schemes, with well-defined roles and responsibilities. We also stress the need for clarity on the interplay between voluntary and mandatory certifications, particularly in relation to the upcoming Cyber Resilience Act (CRA).
To streamline compliance and reduce administrative burden, we propose a unified, risk-based incident reporting regime that consolidates requirements under regulations such as NIS2, CRA, GDPR, and DORA. This would not only simplify reporting for organizations but also enhance the EU’s overall cyber resilience. In addition, we recommend incorporating liability protections and grace periods for incident disclosure.
Finally, we urge the Commission to strengthen supply chain security by adopting a risk-based classification approach and establishing baseline cybersecurity requirements for ICT suppliers.
The Charter of Trust remains fully committed to supporting the European Commission in shaping a secure, resilient, and trusted digital future for Europe. We look forward to continued collaboration in building a cybersecurity framework that meets the needs of all stakeholders, today and in the years to come.
Read more
June 19, 2025
•
External Engagement
Advancing Regulatory Alignment at RSA Conference 2025
In the face of rising global cyber threats, over 50 CISOs have called for greater international alignment of cybersecurity regulations to strengthen defenses and reduce fragmentation. This message was echoed at RSAC 2025, where experts from the OECD, European Commission, academia, and industry emphasized the need for principle-based collaboration. The Charter of Trust, a long-time advocate for regulatory harmonization, continues to support coordinated, effective approaches that prioritize clarity over complexity.
Read more
May 01, 2025
•
External Engagement
Richards Skalt takes over the Advocacy Workstream
We are delighted to welcome Richard Skalt, Advocacy Manager at TÜV SÜD, as the new Leader of the Advocacy Workstream at the Charter of Trust. Richard steps into the role following María del Pino González-Junco, who recently assumed the position of Chair of the Global External Engagement Working Group.
With a strong background in advocacy and a forward-looking vision, Richard brings renewed energy to our mission of shaping a secure digital future. As he puts it:
“My motivation is to preserve and build upon the strong foundation of advocacy activities we’ve developed over the past years. At the same time, I’m committed to ensuring we’re in a position to shape the policies that will define how our business model and operations evolve in the future – including the cybersecurity of products and systems, the use, deployment, and distribution of robust AI solutions, as well as cloud security and secure datacenters.”
In a world defined by accelerating digital transformation and increasingly complex regulatory challenges, principled leadership and effective collaboration are more vital than ever. Under Richard’s leadership, the Advocacy Workstream will continue to engage policymakers, raise public awareness, and strengthen education around key issues such as cybersecurity, AI governance, and secure digital infrastructures.
With a strong background in advocacy and a forward-looking vision, Richard brings renewed energy to our mission of shaping a secure digital future. As he puts it:
“My motivation is to preserve and build upon the strong foundation of advocacy activities we’ve developed over the past years. At the same time, I’m committed to ensuring we’re in a position to shape the policies that will define how our business model and operations evolve in the future – including the cybersecurity of products and systems, the use, deployment, and distribution of robust AI solutions, as well as cloud security and secure datacenters.”
In a world defined by accelerating digital transformation and increasingly complex regulatory challenges, principled leadership and effective collaboration are more vital than ever. Under Richard’s leadership, the Advocacy Workstream will continue to engage policymakers, raise public awareness, and strengthen education around key issues such as cybersecurity, AI governance, and secure digital infrastructures.
Read more
April 29, 2025
•
