Beyond Compliance: Making Incident and Vulnerability Reporting Work For Everyone

In recent years, the EU has introduced a range of new incident and vulnerability reporting obligations across several frameworks, including the NIS 2 Directive, the Cyber Resilience Act and the Digital Operational Resilience Act. While these requirements have the potential to strengthen situational awareness and collective resilience, covered entities’ difficulties with navigating multiple overlapping frameworks can slow down the sharing of actionable insights. To address this, the Digital Omnibus proposes to streamline reporting through a new Single Entry Point (SEP). This session will examine how incident and vulnerability reporting is set to change in the EU, what this means for critical infrastructure operators and other covered entities and how to ensure these requirements translate into tangible cybersecurity benefits for Europe.

The Cybersecurity Act 2.0, currently under negotiation in EU institutions, would significantly expand ENISA's mandate. If adopted, it would deepen the Agency's role in cyber resilience, reform the EU Cybersecurity Certification Framework and introduce a range of new operational responsibilities. Taken together, these changes would fundamentally reshape how ENISA engages with Member States, EU institutions and industry. This fireside chat brings together ENISA's Associate Director for Cybersecurity Operations Florian Pennings and Intel's Managing Director for EMEA Government Affairs Riccardo Masucci to reflect on how ENISA is preparing for the road ahead and what these changes mean for the future of European cybersecurity.

As global alliances and partnerships evolve, European governments are reflecting on their technology dependencies and seeking to ensure their systems remain resilient and secure. Digital and tech sovereignty have moved to the centre of policy debates, yet there is no shared definition of what these concepts mean in practice, nor consensus on how to act on them. This session will explore how transatlantic and global cyber partnerships are adapting to a changing landscape, what digital sovereignty means in practice and what concrete steps governments and industry can take to strengthen cooperation, enhance resilience and maintain a secure and interoperable cyberspace.

Quantum technologies are approaching practical deployment and are expected to significantly reshape the digital landscape. The EU is positioning itself as a global leader in this space, with its forthcoming Quantum Act poised to boost research and innovation, scale industrial capacity and reinforce supply chain resilience of quantum technologies. Meanwhile, the EU is preparing to defend against quantum-enabled cyber threats. In June 2025, it published its Roadmap for the Transition to Post-Quantum Cryptography, setting out a phased approach with milestones in 2026, 2030 and 2035 to guide Member States through the transition of their cryptographic systems. This session will examine how Europe can translate quantum research into commercial and strategic advantage, while also assessing the continent’s preparedness for quantum-driven cybersecurity risks.

As called for in the landmark Draghi report, the EU is working to enhance the global competitiveness of its businesses by simplifying regulations and unlocking financial support. To enable European cybersecurity firms to compete more effectively, the EU is revising key elements of the digital acquis through initiatives such as the Digital Omnibus, Digital Fitness Check and Cybersecurity Act 2.0; streamlining the implementation of new legislation such as NIS 2 Directive and the Cyber Resilience Act; and advancing new policy initiatives, including a Cloud and AI Development Act. In parallel, EU institutions continue to negotiate the next Multiannual Financial Framework, which will define funding priorities for cybersecurity capabilities and innovation through 2034. This session will examine what the EU and its Member States are doing — and what further steps may be required — to ensure that this broader push effectively strengthens and scales the European cybersecurity industry.