The opening panel gathers leading European CIOs, CISOs and regulators to explore how accelerated AI adoption, looming post-quantum risks and new EU mandates are reshaping digital value creation. Together they will define a shared playbook for balancing velocity with verifiable trust.

• Mapping the 2026 risk–opportunity landscape: GenAI, PQC, 6G, and sovereign cloud
• Aligning IT modernisation roadmaps with NIS2, DORA and the EU AI Act
• Bridging the talent and culture gap between security and transformation teams
• Metrics the board actually wants: resilience, ESG impact, and business enablement

Solution Spotlight #1

Solution Spotlight #2

Solution Spotlight #3

Solution Spotlight #4

Edge AI and 6G will explode the number of identities and data flows outside traditional perimeters. Learn how Zero Trust principles are evolving to continuous verification, real-time policy decisioning and AI-assisted enforcement.

• Extending identity fabric to machines, agents and micro-services
• Inline risk scoring with context-aware policy engines
• Tying together SDP, SASE and adaptive MFA for frictionless user journeys
• Threat-informed validation: using purple-team telemetry to prove efficacy

As post-quantum cryptography (PQC) standards reach maturity and regulatory attention intensifies, CISOs must lead a measured yet proactive response. The threat posed by “harvest now, decrypt later” attacks is no longer theoretical—and for security leaders, the question is not if but how and when to prepare. This session outlines a roadmap for initiating a sustainable and risk-informed PQC transition that aligns with business resilience goals and technology renewal cycles.

• Identifying and prioritising cryptographic assets at highest exposure to long-term decryption risk
• Phasing in hybrid key-establishment techniques to balance protection and performance
• Refreshing HSM and key infrastructure with future-proofed, standards-aligned solutions
• Engaging boards and stakeholders with clear narratives on PQC investment as continuity insurance
• Laying the groundwork for crypto-agility as a long-term strategic capability

As AI adoption accelerates across business and IT functions, so does the risk of exploitation. CISOs must proactively identify and mitigate vulnerabilities unique to AI models, pipelines, and logic layers. This session focuses on practical approaches to stress-testing intelligent systems before attackers do.

• Establishing AI-specific threat models and red-teaming frameworks
• Detecting prompt injection, model inversion, and data leakage vectors
• Integrating adversarial testing into MLOps lifecycles
• Sharing validated findings with vendors and internal teams securely
• Ensuring ethical boundaries are maintained during offensive simulations

With new EU and UK regulations converging on operational resilience, security leaders face mounting complexity. This round table explores how to embed compliance into workflows—without creating friction or audit fatigue.

• Automating evidence collection across cloud, hybrid and legacy systems
• Designing controls once, reporting many times: compliance-as-code in practice
• Bridging security and risk functions through shared assurance models
• Aligning internal reporting with regulator expectations
• Building compliance dashboards that support both operations and the board

High-profile attacks have shown the fragility of the software ecosystem. CISOs must now treat software components as critical assets—requiring real-time visibility, traceability, and response capabilities.

• Leveraging SBOMs and VEX to drive meaningful risk prioritisation
• Automating third-party software governance in CI/CD pipelines
• Mitigating risks from open-source, shadow IT, and unmanaged dependencies
• Creating escalation workflows for known-exploited components
• Engaging procurement and legal in enforcing supplier accountability

As critical infrastructure modernises, the OT/IT divide is disappearing—but so are historical security boundaries. This session focuses on strategies to protect physical environments from increasingly sophisticated cyber threats.

• Extending Zero Trust and network segmentation into industrial systems
• Bridging the knowledge gap between IT security and OT operations
• Aligning with sector-specific guidance (e.g., NCSC CAF, NIS2 Annex)
• Ensuring business continuity during threat response in operational settings
• Rethinking risk ownership across physical and digital domains