Special Focus Day Agenda 2026

Presenting Sponsor

New for 2026, EU Cyber Policy Day is a high-level forum bringing together industry leaders for in-depth dialogue on the most pressing cybersecurity policy issues shaping Europe’s digital future. This high-level forum will spotlight the strategic, legislative, and geopolitical dimensions of cybersecurity—from the Cyber Resilience Act and NIS 2 implementation, to cloud sovereignty, cyber defense, and transatlantic security coordination. For industry decision-makers, legal and policy experts, and influential voices, participants will gain unparalleled insights into evolving EU frameworks, upcoming legislative priorities, and global implications of sovereignty initiatives.

Ballroom C

09:00 The EU Cybersecurity Agenda 2025–29: What It Means for Industry (U00a) Jakub Dysarz, Cyber Attaché Digital Affairs Unit, Permanent Representation of the Republic of Poland to the EU
A strategic overview of the Commission’s cybersecurity priorities under the next legislative cycle—Cyber Resilience Act implementation, NIS 2 enforcement, and the evolution of the Cybersecurity Act and certification schemes.

09:30 The Cyber Resilience Act: A Compliance Roadmap for ICT Manufacturers (U00b) Alex Leadbeater, Technical Security Director, GSMA, United Kingdom
How CE-marking under CRA reshapes product development. Understanding essential requirements, harmonised standards, and the intersection with NIS 2 and CRA.

10:00 Certification in Practice: From EUCC to CRA Conformity (U00c) David Nosibor, VP of Sales, Red Alert Labs, France
Mapping the relationship between the CRA schemes (EUCC, EUCS, EUIoT) and CRA compliance for connected products.

10:30 Designing for Lifecycle Security and Post-Market Responsibility (U00d) Sébastien Colle, Head of Security, Infineon Technologies, Germany
Preparing for continuous compliance—vulnerability reporting, patch delivery, and supply-chain assurance under CRA Articles 10 and 11. Emphasize: Broader supply chain security, incident reporting, vulnerability reporting.

Foyer/Library

Ballroom C

11:30 Panel Discussion: AI Act Cybersecurity—Real-World Risks, Requirements, and What Comes Next (U01a) Leader: Dr. Jörg Hladjk, Partner, Cybersecurity, Privacy and Data Protection, Jones Day, Belgium Panelists: Chris Gow, Senior Director, EU Public Policy, Government Affairs at Cisco, Belgium; Yana Humen, Manager, AI and Cybersecurity Policy, Government and Regulatory Affairs, IBM, Belgium; Luca Massarelli, Technology Specialist at EU AI Office – Seconded National Expert, European Commission, Belgium; Marco Moragón, Senior Public Policy Manager, Workday, Belgium [60 MIN]

The EU’s AI Act introduces sweeping new cybersecurity expectations—along with plenty of uncertainty. In this panel discussion, experts will break down how the rules reshape AI deployment, what “compliance” actually requires in practice, and where the biggest technical and organizational challenges lie. Panelists will provide a clear view of the security measures regulators expect, how to implement them without blowing up existing workflows, and what these obligations mean for your company’s risk landscape.

Foyer/Library

Ballroom C

13:30 Post-Quantum Cryptography and the Next Cyber Resilience Frontier (U02a) John Mattsson, Expert, Cryptographic Algorithms and Security Protocols, Ericsson, Sweden
What the post-quantum transition means for future regulatory mandates.

14:00 Substantial Evaluation, Certification. Notification: The Hard Problems to Solve (U02b) Wouter Slegers, CEO, TrustCB, Netherlands
From the experience of the development and operation of dozens of schemes, this talk will cover the hard problems (and of course the solutions) at play in the low to mid range assurance such as CSA Substantial.

14:30 EU Cyber Policy and Trade Issues (U02c) Mitchell Rutledge, Cybersecurity Manager, Computer & Communications Industry Association (CCIA) Europe, Belgium
How evolving cyber regulations are influencing cross-border commerce, vendor requirements, and the ICT supply chain. What shifting EU policy means for global market strategy and compliance.

15:00 Conformity Assessment in Small States: Policy Challenges and Trade-Offs from the Estonian Experience (U02d) Kristjan Krips, PhD, Security Engineer, Cybernetica AS, Estonia
Practical lessons from Estonia’s efforts to build a conformity assessment ecosystem.

Foyer/Library

Ballroom C

16:00 Panel Discussion: Policy Priorities for the Next Legislative Cycle (U03a) Leader: Antoaneta Roussi, Cyber and Intelligence Reporter, Politico, Belgium Panelists: Raluca Stefanuc, Deputy Head of Cybersecurity and Digital Privacy Policy, European Commission, Belgium; Luca Tagliaretti, Executive Director, European Cybersecurity Competence Centre (ECCC), European Commission, Romania; Roberto Cascella, CTO, European Cyber Security Organisation (ECSO); Jakub Dysarz, Cyber Attaché Digital Affairs Unit, Permanent Representation of the Republic of Poland to the EU; Sid Hollman, Policy Manager for Cybersecurity & Mobility, DIGITALEUROPE, Belgium [60 MIN]

An interactive policy roundtable identifying key priorities for the EU and industry to address between 2025 and 2029: emerging technologies, SME support, AI cyber risk, and standards coordination for a secure digital economy.

Presenting Sponsor

IoT Cyber Compliance Day is an optional special-focus event which will help industry professionals prepare now for the requirements of the EU Cyber Resilience Act (CRA), an emerging regulatory framework that requires manufacturers to implement and maintain security standards throughout a product’s lifecycle. IoT Cyber Compliance Day will cover key questions for professionals affected by these fast-developing global frameworks, showcase real world examples of product developers preparing for rollout, present approaches to overlapping global standards (including Cyber Trust Mark in the United States), and lay out the pros and cons of certification.

Ballroom A

09:00 Mastering the Cyber Resilience Act (CRA): A Manufacturer’s Strategic Roadmap (R00a) Marko Wolf, Chief Expert Product Cybersecurity Governance, Bosch, Germany
A high-level roadmapping session outlining how large manufacturers are structuring end-to-end CRA compliance programs.

09:30 From Regulation to Reality: How the EC Is Supporting CRA Implementation Across Europe (R00b) Camille Dornier, Legal Officer, European Commission, Commission
An update on the EC’s evolving role in enabling practical, harmonized CRA adoption and market preparedness.

10:00 Designing Secure-by-Default IoT Products: What Will Actually Change Under the CRA (R00c) Carlos Serratos, Cybersecurity/IoT Certification Expert, GlobalPlatform, Netherlands
A practical review of design, documentation, and testing practices that must evolve as CRA obligations come into force.

10:30 Results of CRA-AI Market Scan of EU SMEs Who Are in Scope for Cyber Resilience Act (R00d) Patricia Shields, CEO & CoFounder, Cyber Cert Labs, Ireland
This talk shares EU-funded CRA-AI benchmark data on SME readiness—drawn from a 30-minute CRA assessment—to show how prepared SMEs are across key areas like risk assessment, SBOM, and vulnerability management.

Foyer/Library

Ballroom A

11:30 Panel Discussion: Secure by Design—Navigating the EU Cyber Resilience Act (R01a) Leader: Gil Bernabeu, Chief Technology Officer, GlobalPlatform, United States Panelists: Eric Vetillard, Lead Certification Expert, European Union Agency for Cybersecurity (ENISA), Greece; Alex Leadbeater, Technical Security Director, GSMA, United Kingdom, United Kingdom; Joe Lomako, Cyber Lead TUV SUD, United Kingdom; Olivier Van Nieuwenhuyze, Security Lobbying & Standardization Senior Manager, STMicroelectronics [60 MIN]
As the CRA deadlines approach, IoT manufacturers must align every component-from chips to software-with new security requirements. This panel, led by GlobalPlatform, will discuss real-world strategies for achieving secure-by-design compliance. Attendees will learn how collaborative, standards-based approaches using frameworks such as SESIP and PSA Certified can streamline conformity, mitigate risk, and strengthen the European IoT ecosystem.

Foyer/Library

Ballroom A

13:30 The Cost of Compliance: New Realities for Testing, Assessment, and Post-Market Obligations (R02a) Antonio David Vizcaino Gomez, Cybersecurity Technical Sales, DEKRA
An examination of the emerging cost structures, assessment burdens, and long-term responsibilities manufacturers must budget for.

14:00 What Market Surveillance Authorities Expect from Manufacturers under the CRA (R02b) Dr. Georgios Selimis, Coordinating Specialist Advisor | Cybersecurity, Rijksinspectie Digitale Infrastructuur, Netherlands
What manufacturers need to provide under the CRA, information and supporting evidence to enable verification of compliance and assurance of requirements.

14:30 Too Much Already, Supply Chain Security? a Sensible Approach to Rating True Potential Vulnerabilities Is Needed. (R02c) Dietmar Rosenthal, Consultant, Lead Expert Source Code Analysis, TuV Informationstechnik GmbH, Germany
Threat modelling and product-context analysis to cut through the ~140 daily EUVD CVE filings and distinguish real, exploitable vulnerabilities from inflated worst-case assessments.

15:00 Vulnerability Management in Consumer IoT: Why No IoT Manufacturer Is Ready for CRA Vulnerability Management (And How to Fix It) (R02d) Rayna Stamboliyska, CEO, RS Strategy, France
A practitioner-level overview of vulnerability monitoring, incident reporting, and handling obligations under Article 14.

Foyer/Library

Ballroom A

16:00 Panel Discussion: Navigating Fragmented Global Cyber Regulations—Is Harmonization Possible? (R03a) Leader: Carlos Serratos, IoT Certification Expert, NXP Semiconductors, Netherlands Panelists: Joshua Brickman,  Senior Director, Security Evaluations, Oracle, United States; Daniel O’Loughlin, Vice President Engineering, Qualcomm; Cristina Vanberghen, Member of AI Alliance, European Commission, Belgium [60 MIN]
A candid discussion of overlapping schemes (CRA, EUCC, NLF, Cyber Trust Mark, ISO/IEC standards) and the industry pressure for cross-recognition.