EU Cyber Acts Conference 2026
Don’t miss Sylvain Guilley, CTO and Co-Founder of Secure-IC, speaking on Wednesday, March 25 at 3:20 PM on “Strategy of a Security Technology Provider to Comply with European Cyber Regulations.”
ABSTRACT:
In the current context of multiple regulations aiming at increasing the security of digital devices (RED, EU CRA) and infrastructures (NIS2, DORA), the question of preparation of technology providers is open. Of course, technology providers are already subject to several requirements, concerning their processes (e.g., MSSR, ISO 2700x) and products (e.g., compliance to PP, IEC 62443, etc.). In this talk, the speakers give the example of the transformative changes that allow a technology provider to connect the two worlds, i.e., be individually compliant and act as a liable link in an EU-regulated supply chain. the speakers will detail how the speakers leverage EU CC for ensuring products security-by-design and their assurance continuity, and the speakers back the speakers’ analyses by an EBIOS risk assessment, conducted at company and at product levels.
In addition, the speakers will highlight practical takeaways for technology providers, including:
– a high-level compliance checklist addressing cyber risk management and vulnerabilities identification and management,
– a set of minimum “must-do” action items such as embedding development and infrastructural security practices directly linked to supply chain security, and
– a discussion on EUCC and CRA synergy from both product and process perspectives.
This talk emphasizes not only security assurance but also operational readiness and resilience across the European digital ecosystem.
Also join Ritu-Ranjan Shrivastwa, Thought Leadership Director and Chief Information Security Officer at Secure-IC, on Thursday, March 26 at 2:30 PM for “Converging Vulnerability Management and Risk Governance Under the EU CRA.”
ABSTRACT:
The introduction of the EU Cyber Resilience Act (CRA) marks a regulatory inflection point in how vulnerability management is defined, implemented, and maintained across digital product lifecycles. Rather than a voluntary good practice, vulnerability management is now positioned as a regulatory obligation that demands structured processes and distributed responsibilities among manufacturers, evaluators, and market-surveillance authorities. This talk draws parallels between the EU CRA, UNECE R.155, and ISO/SAE 21434, highlighting how the automotive sector has already operationalized mature risk-based frameworks that could serve as blueprints for other domains. By synthesizing these requirements into a regulatory baseline, the discussion outlines how vulnerability monitoring, coordinated disclosure, patch management, and certification maintenance can be unified under a coherent risk-management activity. Using RACI/RASIC-based responsibility models, the talk demonstrates how roles can be systematically allocated across the ecosystem: developers, ITSEFs, and regulatory bodies, enhancing transparency, accountability, and post-market traceability. Attendees will gain a comparative understanding of how ISO/SAE 21434 practices, UNECE R.155, and the EU CRA can converge toward a harmonized vulnerability management framework, reinforcing risk-driven governance and certification continuity across the European cybersecurity landscape.