The Charter of Trust is a non-profit alliance of global companies that are thought leaders and pioneer practitioners in cybersecurity and digital trust.
Activities
Strengthening cyber resilience
Key Initiatives in Security by Default, Supply Chain Security, Emerging Technologies, Education, and External Engagement
Security by Default
Help integrate robust security measures into the core of every digital innovation and business operation.
Supply Chain Security
Develop best practices on effectively ensuring the resilience of our respective supply chains against cyber threats.
Emerging Technologies
Address and provide guidance to businesses on how to manage the complexities triggered by AI and Post Quantum Cryptography.
Education
Raise awareness about cyber threats, promote best practices, and provide comprehensive training opportunities to individuals, students and organizations across the world.
External Engagement
Foster public-private dialogue, prioritise greater alignment and reciprocity of cyber regulations internationally and advise regulators on practical implementation.
News and publications
Latest updates
Important milestones towards more cybersecurity
External Engagement
Contribution to the EU Commission Public Consultation on the revision of the Cybersecurity Act
The Charter of Trust welcomes the opportunity to participate in the European Commission’s public consultation on the revision of the Cybersecurity Act. As a coalition united by the goal of strengthening digital trust, we are pleased to share our consolidated response and recommendations.
We support Policy Option 2, which focuses on targeted regulatory measures that address key challenges without creating unnecessary complexity. In this context, we emphasize the need to enhance the role and resources of ENISA, to ensure effective implementation of both current legislation and the European Cybersecurity Certification Framework (ECCF).
Our recommendations aim to improve transparency, collaboration, and efficiency across the EU’s cybersecurity landscape. These include:
- Introducing clear timelines for the development of certification schemes.
- Enhancing stakeholder engagement throughout the process.
- Establishing more structured communication channels between ENISA, the Stakeholder Cybersecurity Certification Group (SCCG), and sectoral ISACs (Information Sharing and Analysis Centers).
We call for a stronger ECCF, one that is transparent, inclusive, and aligned with international standards to foster global interoperability and ease compliance for organizations across borders. Equally critical is the harmonization of certification practices across EU member states and the mutual recognition of certifications to minimize regulatory fragmentation.
The Charter of Trust advocates for technically robust, standards-based certification schemes, with well-defined roles and responsibilities. We also stress the need for clarity on the interplay between voluntary and mandatory certifications, particularly in relation to the upcoming Cyber Resilience Act (CRA).
To streamline compliance and reduce administrative burden, we propose a unified, risk-based incident reporting regime that consolidates requirements under regulations such as NIS2, CRA, GDPR, and DORA. This would not only simplify reporting for organizations but also enhance the EU’s overall cyber resilience. In addition, we recommend incorporating liability protections and grace periods for incident disclosure.
Finally, we urge the Commission to strengthen supply chain security by adopting a risk-based classification approach and establishing baseline cybersecurity requirements for ICT suppliers.
The Charter of Trust remains fully committed to supporting the European Commission in shaping a secure, resilient, and trusted digital future for Europe. We look forward to continued collaboration in building a cybersecurity framework that meets the needs of all stakeholders, today and in the years to come.
We support Policy Option 2, which focuses on targeted regulatory measures that address key challenges without creating unnecessary complexity. In this context, we emphasize the need to enhance the role and resources of ENISA, to ensure effective implementation of both current legislation and the European Cybersecurity Certification Framework (ECCF).
Our recommendations aim to improve transparency, collaboration, and efficiency across the EU’s cybersecurity landscape. These include:
- Introducing clear timelines for the development of certification schemes.
- Enhancing stakeholder engagement throughout the process.
- Establishing more structured communication channels between ENISA, the Stakeholder Cybersecurity Certification Group (SCCG), and sectoral ISACs (Information Sharing and Analysis Centers).
We call for a stronger ECCF, one that is transparent, inclusive, and aligned with international standards to foster global interoperability and ease compliance for organizations across borders. Equally critical is the harmonization of certification practices across EU member states and the mutual recognition of certifications to minimize regulatory fragmentation.
The Charter of Trust advocates for technically robust, standards-based certification schemes, with well-defined roles and responsibilities. We also stress the need for clarity on the interplay between voluntary and mandatory certifications, particularly in relation to the upcoming Cyber Resilience Act (CRA).
To streamline compliance and reduce administrative burden, we propose a unified, risk-based incident reporting regime that consolidates requirements under regulations such as NIS2, CRA, GDPR, and DORA. This would not only simplify reporting for organizations but also enhance the EU’s overall cyber resilience. In addition, we recommend incorporating liability protections and grace periods for incident disclosure.
Finally, we urge the Commission to strengthen supply chain security by adopting a risk-based classification approach and establishing baseline cybersecurity requirements for ICT suppliers.
The Charter of Trust remains fully committed to supporting the European Commission in shaping a secure, resilient, and trusted digital future for Europe. We look forward to continued collaboration in building a cybersecurity framework that meets the needs of all stakeholders, today and in the years to come.
Read more
June 20, 2025
Education
Cyber Talent Academy Workshop: Shaping the Future of Cybersecurity Talent
On June 5th, the Charter of Trust convened a high-level workshop dedicated to one of the most pressing challenges in cybersecurity: how to train, attract, and retain the next generation of cyber professionals.
Bringing together representatives from Charter of Trust Partners and external organizations, the session focused on enhancing the Cyber Talent Academy, a growing initiative that is already demonstrating real impact. The workshop was a space for deep exchange, shared purpose, and forward-looking collaboration between cybersecurity and HR professionals.
One key theme ran through every conversation: the cyber skills gap continues to widen, and traditional recruitment methods are no longer enough. To meet growing demand, we must fundamentally rethink how we discover, train, and support talent.
A New Approach to Cyber Talent
The Cyber Talent Academy is emerging as a powerful model for change. By offering alternative pathways into cybersecurity, beyond conventional educational and career tracks, it opens opportunities to individuals from a range of academic, cultural, and professional backgrounds. Participants agreed that the programme holds strong potential for expanding the talent pipeline, increasing diversity, and making cybersecurity more inclusive and resilient.
The workshop discussions underlined several critical insights:
- Relying solely on established recruitment channels will not close the cyber talent gap.
- Tapping into overlooked talent pools, through inclusive outreach, training, and mentoring, creates real business value and aligns with corporate social responsibility goals.
- Stronger collaboration between cybersecurity and HR teams is essential, particularly when it comes to structuring mentorship, supporting life-long learning, and designing modern career pathways.
- Initiatives like the Cyber Talent Academy are already showing higher retention and greater team innovation in participating organizations.
“Attracting, retaining, and developing cybersecurity talent is a challenge faced by nearly every organization today,” says Dr. Sumit Chanda, Co-Chair of the Charter of Trust and COO Group Security & Business Lines CISO at Atos. “The Charter of Trust Cyber Talent Academy offers a bold and innovative response to this challenge.” Dr. Chanda further emphasizes the power of collaboration, between businesses, educators, and governments, as essential to closing the cyber skills gap. He adds, “Expanding access to cybersecurity training, especially for underrepresented communities, isn’t just the right thing to do, it’s smart business. Diverse perspectives are vital to building resilient and secure systems.”
Looking Ahead
This workshop was just the beginning. The energy, expertise, and ideas shared on June 5th are shaping the next phase of the Cyber Talent Academy, and informing how we support our partners in building stronger, more inclusive cybersecurity teams. We’re excited to continue this journey and will be sharing updates on upcoming developments.
Stay tuned. The future of cybersecurity talent is collaborative, diverse, and full of potential.
Bringing together representatives from Charter of Trust Partners and external organizations, the session focused on enhancing the Cyber Talent Academy, a growing initiative that is already demonstrating real impact. The workshop was a space for deep exchange, shared purpose, and forward-looking collaboration between cybersecurity and HR professionals.
One key theme ran through every conversation: the cyber skills gap continues to widen, and traditional recruitment methods are no longer enough. To meet growing demand, we must fundamentally rethink how we discover, train, and support talent.
A New Approach to Cyber Talent
The Cyber Talent Academy is emerging as a powerful model for change. By offering alternative pathways into cybersecurity, beyond conventional educational and career tracks, it opens opportunities to individuals from a range of academic, cultural, and professional backgrounds. Participants agreed that the programme holds strong potential for expanding the talent pipeline, increasing diversity, and making cybersecurity more inclusive and resilient.
The workshop discussions underlined several critical insights:
- Relying solely on established recruitment channels will not close the cyber talent gap.
- Tapping into overlooked talent pools, through inclusive outreach, training, and mentoring, creates real business value and aligns with corporate social responsibility goals.
- Stronger collaboration between cybersecurity and HR teams is essential, particularly when it comes to structuring mentorship, supporting life-long learning, and designing modern career pathways.
- Initiatives like the Cyber Talent Academy are already showing higher retention and greater team innovation in participating organizations.
“Attracting, retaining, and developing cybersecurity talent is a challenge faced by nearly every organization today,” says Dr. Sumit Chanda, Co-Chair of the Charter of Trust and COO Group Security & Business Lines CISO at Atos. “The Charter of Trust Cyber Talent Academy offers a bold and innovative response to this challenge.” Dr. Chanda further emphasizes the power of collaboration, between businesses, educators, and governments, as essential to closing the cyber skills gap. He adds, “Expanding access to cybersecurity training, especially for underrepresented communities, isn’t just the right thing to do, it’s smart business. Diverse perspectives are vital to building resilient and secure systems.”
Looking Ahead
This workshop was just the beginning. The energy, expertise, and ideas shared on June 5th are shaping the next phase of the Cyber Talent Academy, and informing how we support our partners in building stronger, more inclusive cybersecurity teams. We’re excited to continue this journey and will be sharing updates on upcoming developments.
Stay tuned. The future of cybersecurity talent is collaborative, diverse, and full of potential.
Read more
June 12, 2025
Security by Default
Webinar: "Security by Default in view of major Cybersecurity Regulations in Asia"
Yesterday, the Charter of Trust hosted a virtual panel discussion titled “Security by Default in View of Major Cybersecurity Regulations in Asia”, moderated by Sudhir Ethiraj from TÜV SÜD. This discussion brought together leading policymakers and industry experts to delve into the evolving landscape of cybersecurity regulations and foster actionable collaboration aimed at strengthening global cyber resilience.
We extend our heartfelt thanks to our distinguished panellists: Veronica Tan from the Cyber Security Agency of Singapore, S.S. Sarma and Ashutosh Bahuguna from CERT-In, Amitava Mukherjee and Didier Ludwig from Siemens, and Ki Hyun Park from Mitsubishi Heavy Industries.
Their insightful contributions covered the development and implementation of various cybersecurity regulations in Asia, sparking a truly engaging and interactive session. With roughly 80 participants, primarily from Asia, the discussion was enriched by thought-provoking questions from the audience, underscoring the urgent need for such dialogues.
The discussion covered a wide array of crucial topics. The panellists explored various regulatory frameworks that govern critical infrastructure in different Asian countries, examining the importance of establishing baseline requirements and adopting a risk-based approach across various industries to enhance cyber resilience.
A consensus emerged that security by default must be ingrained in the culture, while considering the essential role of regional context for effective implementation.
Thank you to everyone who participated! A recording of the webinar can be found at the bottom of this page.
We extend our heartfelt thanks to our distinguished panellists: Veronica Tan from the Cyber Security Agency of Singapore, S.S. Sarma and Ashutosh Bahuguna from CERT-In, Amitava Mukherjee and Didier Ludwig from Siemens, and Ki Hyun Park from Mitsubishi Heavy Industries.
Their insightful contributions covered the development and implementation of various cybersecurity regulations in Asia, sparking a truly engaging and interactive session. With roughly 80 participants, primarily from Asia, the discussion was enriched by thought-provoking questions from the audience, underscoring the urgent need for such dialogues.
The discussion covered a wide array of crucial topics. The panellists explored various regulatory frameworks that govern critical infrastructure in different Asian countries, examining the importance of establishing baseline requirements and adopting a risk-based approach across various industries to enhance cyber resilience.
A consensus emerged that security by default must be ingrained in the culture, while considering the essential role of regional context for effective implementation.
Thank you to everyone who participated! A recording of the webinar can be found at the bottom of this page.
Read more
June 11, 2025
-->-->
