Artificial Intelligence (AI) is rapidly becoming a cornerstone of economic competitiveness, public service delivery, and national security. At the same time, it introduces new systemic risks to cybersecurity, privacy, and societal trust. This paper, developed under the Charter of Trust’s Principle 3 “Security by Default”, addresses this dual challenge: securing AI systems throughout their lifecycle while responsibly leveraging AI to strengthen cybersecurity.

Aligned with the Charter of Trust’s overarching goals—to protect data, prevent harm to people and infrastructure, and establish a reliable foundation for trust in a digital world—the paper outlines how Security by Default can operationalize Trustworthy AI. It positions security not as a reactive compliance exercise, but as an inherent, continuously enforced design principle that enables innovation while safeguarding resilience, transparency, and accountability.

Against a backdrop of increasing geopolitical competition, fragmented regulatory regimes, and accelerating AI adoption, the paper highlights the strategic importance of trust as a differentiator for organizations and societies alike. It examines key governance, technical, and regulatory risks surrounding AI, and underscores the need for coherent governance models that integrate cybersecurity, privacy, and ethical considerations from design through deployment and operation.

Building on the Charter of Trust’s prior work, the paper provides a high-level framework for embedding Security by Default across the AI lifecycle, aligned with emerging global regulations such as the European Union (EU) AI Act. It also demonstrates how AI, when securely designed and governed, can serve as a powerful enabler of cybersecurity—enhancing threat detection, incident response, and risk management.
Ultimately, the paper reinforces the Charter of Trust’s conviction that trust, security, and innovation must advance together. By embedding Security by Default and Trustworthy AI principles at the core of AI development and use, organizations can strengthen digital trust, improve resilience, and contribute to a safer and more reliable digital future.

Please download the full report below.

On Tuesday, the Charter of Trust convened a timely virtual panel discussion on 'Security by Default in View of Major Cybersecurity Regulations in North America'. With more than 100 participants joining from around the world, the discussion underscored just how urgent, and global, the cybersecurity challenge has become.

A huge thank you to our outstanding panellists for their invaluable insights and for sharing their experiences with us: Linda Strick (Cloud Security Alliance), Kyle McMillan (Siemens), Lauren Zabierek (CAS Strategies), Rob Spiger (Microsoft), Sam Curry (Zscaler), and great moderation from Sudhir Ethiraj (TÜV SÜD).

The CoT expert panel:
- discussed fragmented cybersecurity regulations in North America and the need for more resilient infrastructure and security-by-default practices ​
- emphasized the need to embed security early in product architecture rather than addressing it post-incident ​
- highlighted the importance of structured collection of security signals and incident reporting to improve software safety​
- discussed about software as critical infrastructure affecting national security, economy, and public health, requiring robust safety measures

Thank you to everyone who participated! A recording of the webinar can be found at the bottom of this page.

Join us for a timely and dynamic edition focused on “Digital Omnibus & Trust: What It Means for Business in Europe” kindly hosted by the Representation of the Free State of Bavaria to the EU on November 20, 2025 at 11:00 AM (Central European Time) for a lunch event filled with insightful discussions on cybersecurity and trust in the digital age.

With the European Commission unveiling its landmark Digital Omnibus Package just one day before, this event is your exclusive opportunity to be among the first to explore its real-world impact on business and the digital economy across Europe.

What to Expect:
Opening remarks by:
Dr. Armin Hartmuth, Director, Representation of the Free State of Bavaria to the European Union
Dr. Sumit Chanda, COO, Atos Group Security & Business Lines CISO, and Co-Chair of the Charter of Trust.

Keynote Address:
Despina Spanou, Deputy Director General for Cybersecurity and Trust, European Commission (DG CNECT), will share first-hand insights into the objectives and expected impact of the Digital Omnibus Package.

Expert Panel Discussion featuring:Moderated by Sudhir Ethiraj, Global Head of Cybersecurity Office, CEO Business Unit Cybersecurity Services, TÜV SÜD.

Despina Spanou, Deputy Director General for Cybersecurity and Trust, European Commission (DG CNECT)
Kia Slæbæk Jensen, Cyber Advisor, Permanent Representation of Denmark to the EU
Suzanne Button, Field CTO EMEA, Elastic
Tomas Jakimavicius, Director European Government Affairs, Microsoft
Yana Humen, AI and Cybersecurity Policy Manager, Government and Regulatory Affairs, IBM

Interactive Q&A: Bring your questions and join the conversation on regulatory coherence, innovation, and the future of digital governance in Europe.

Closing remarks by Maria del Pino Gonzalez-Junco, Director of the Charter of Trust

Networking Lunch: Connect with peers, policymakers, and industry leaders in an informal setting.

Why attend?
Gain first-hand insights into the EU’s Digital Omnibus Package—straight from the policymakers and experts shaping it.
Understand the immediate implications for your business and how to navigate upcoming changes.
Be part of a strategic dialogue that could influence the future of digital regulation in Europe.