main main
Activities

Security By Default

Integrate security into digital innovation and operations.

Objectives

Our Security by Default Working Group is committed to help integrate robust security measures into the core of every digital innovation and business operation.

Spearheaded by our Partners, our mission is to champion the principle of security by default, adopt the highest appropriate level of security and data protection and ensure that it is preconfigured into the design of products, functionalities, processes, technologies, operations, architectures, and business models.

We develop best practices, and provide actionable guidelines to foster a security-first mindset across all sectors.

By leveraging our collective expertise and collaborating with policymakers, businesses, and the wider community, we aim to build a resilient digital ecosystem where cybersecurity is a fundamental priority, not an afterthought.

Our way of working

The principle of “Security by Default” represents one of the ten fundamental principles of the Charter of Trust.

The Principle 3 Task Force, consisting of cybersecurity professionals from the Charter of Trust member companies, have come together and worked on several topics related to security by default.

Our work is structured around the following phases:

Our latest activities

Latest news, publications, events

What we have been up to
Read the Charter's contribution to the European Commission's public consultation on the Digital Omnibus Package
icon Emerging Technologies

Read the Charter's contribution to the European Commission's public consultation on the Digital Omnibus Package

The rapid expansion of EU digital regulation has strengthened security, privacy, and trust, but it has also created overlapping obligations, inconsistent timelines, and administrative complexity. The Digital Omnibus Package provides a timely opportunity to streamline these rules, ensure greater coherence, and enable businesses to focus resources on resilience and innovation rather than redundant compliance tasks.
The Charter of Trust welcomes the Commission’s initiative to harmonize digital regulations across the EU, aiming to reduce administrative burdens while maintaining high standards of security and privacy. Representing the unified views of its Partners, this paper addresses all key legislation within the scope of the Digital Omnibus and offers comprehensive recommendations. It emphasizes the need for a unified incident reporting system, risk-based notification requirements, and fair compliance processes to minimize regulatory overlap. The Charter calls for clearer liability clauses, global recognition of certifications, and stronger supply chain security.
In data regulation, the Charter advocates ensuring alignment between the rules on data intermediation services under the DGA and B2B data sharing under the Data Act and extending exemptions to mid-cap companies, all while safeguarding trade secrets. For artificial intelligence, the paper recommends a phased approach to new requirements, integrated conformity assessments, harmonized compliance templates, and clear definitions, supported by sector-specific guidance and transparent AI categorization. The Charter also encourages the European Commission to ensure that ePrivacy reform is future-proof, fosters innovation, and reflects the needs of both businesses and consumers. Finally, it recommends robust security standards and cross-border recognition for the EU Business Wallet, with industry involvement in technical standards and integration with data access systems.
Collectively, these measures are designed to foster innovation, resilience, and trust in the EU’s digital landscape, allowing businesses to thrive in a coherent and future-ready regulatory environment.
October 20, 2025
Webinar:
icon Security by Default

Webinar: "Security by Default in view of major Cybersecurity Regulations in Asia"

Yesterday, the Charter of Trust hosted a virtual panel discussion titled “Security by Default in View of Major Cybersecurity Regulations in Asia”, moderated by Sudhir Ethiraj from TÜV SÜD. This discussion brought together leading policymakers and industry experts to delve into the evolving landscape of cybersecurity regulations and foster actionable collaboration aimed at strengthening global cyber resilience.

We extend our heartfelt thanks to our distinguished panellists: Veronica Tan from the Cyber Security Agency of Singapore, S.S. Sarma and Ashutosh Bahuguna from CERT-In, Amitava Mukherjee and Didier Ludwig from Siemens, and Ki Hyun Park from Mitsubishi Heavy Industries.

Their insightful contributions covered the development and implementation of various cybersecurity regulations in Asia, sparking a truly engaging and interactive session. With roughly 80 participants, primarily from Asia, the discussion was enriched by thought-provoking questions from the audience, underscoring the urgent need for such dialogues.

The discussion covered a wide array of crucial topics. The panellists explored various regulatory frameworks that govern critical infrastructure in different Asian countries, examining the importance of establishing baseline requirements and adopting a risk-based approach across various industries to enhance cyber resilience.

A consensus emerged that security by default must be ingrained in the culture, while considering the essential role of regional context for effective implementation.

Thank you to everyone who participated! A recording of the webinar can be found at the bottom of this page.
June 11, 2025
Security by Default in view of major Cybersecurity Regulations
icon Security by Default

Security by Default in view of major Cybersecurity Regulations

Navigate the Cybersecurity Regulation Maze with Ease

The Charter of Trust is here to simplify the complexity and guide you through the ever-evolving regulatory landscape.

In today's digitized world, cybersecurity plays a pivotal role in maintaining global stability, economic resilience, and individual privacy. Various regulations have been implemented to safeguard individuals, businesses, and infrastructure from ever-evolving cyber threats. Each regulation, while differing in scope and focus by region, aims to protect against breaches, data leaks, and other malicious activities that could disrupt operations and compromise sensitive information.

At the heart of the Charter of Trust lies a commitment to sharing best practices. Our Security by Default Working Group has meticulously analyzed vast amounts of regulatory texts to provide a clear and concise overview of security by default adoption across key global regions.

Stay Ahead of Cyber Risks with Expert Insights

Our latest report is a vital resource for organizations aiming to effectively manage cybersecurity risks and protect their assets. Covering major regulations from the European Union, India, Japan, People's Republic of China, Singapore, the United Kingdom, and the United States, this report offers valuable insights into compliance requirements worldwide.

The principle of Security by Default, as advocated by the Charter of Trust, provides a universal standard for organizations to meet compliance requirements effectively. By embedding security measures from the outset, organizations can ensure compliance with regulations, foster trust with customers, safeguard their operations, and strengthen their market position. This approach not only helps organizations meet their legal obligations but also enhances their reputation and competitive advantage.

Strengthen Compliance, Build Trust, and Gain a Competitive Edge

By embedding security measures from the outset, businesses can:
- Ensure compliance with international regulations
- Build and maintain trust with customers and stakeholders
- Safeguard operations from cybersecurity threats
- Strengthen their market position with a proactive security approach

The publication shows that regulators worldwide have taken different approaches to pursuing common cybersecurity goals, leading to varied and sometimes conflicting regulatory frameworks. This complexity can make it challenging for organizations to navigate the cybersecurity landscape and ensure compliance with all relevant regulations.

This document serves as a roadmap to better navigate this complex landscape, thereby highlighting the benefits of aligning current cybersecurity regulations worldwide. It supports the Charter of Trust's mission to create a secure digital environment for innovation. By following the guidelines outlined in this document, organizations can effectively manage their cybersecurity risks, protect their assets, and contribute to a more secure digital world.

Don't get lost in the regulatory jungle — get the clarity you need today and download the full report below
February 13, 2025