The rapid expansion of EU digital regulation has strengthened security, privacy, and trust, but it has also created overlapping obligations, inconsistent timelines, and administrative complexity. The Digital Omnibus Package provides a timely opportunity to streamline these rules, ensure greater coherence, and enable businesses to focus resources on resilience and innovation rather than redundant compliance tasks.
The Charter of Trust welcomes the Commission’s initiative to harmonize digital regulations across the EU, aiming to reduce administrative burdens while maintaining high standards of security and privacy. Representing the unified views of its Partners, this paper addresses all key legislation within the scope of the Digital Omnibus and offers comprehensive recommendations. It emphasizes the need for a unified incident reporting system, risk-based notification requirements, and fair compliance processes to minimize regulatory overlap. The Charter calls for clearer liability clauses, global recognition of certifications, and stronger supply chain security.
In data regulation, the Charter advocates ensuring alignment between the rules on data intermediation services under the DGA and B2B data sharing under the Data Act and extending exemptions to mid-cap companies, all while safeguarding trade secrets. For artificial intelligence, the paper recommends a phased approach to new requirements, integrated conformity assessments, harmonized compliance templates, and clear definitions, supported by sector-specific guidance and transparent AI categorization. The Charter also encourages the European Commission to ensure that ePrivacy reform is future-proof, fosters innovation, and reflects the needs of both businesses and consumers. Finally, it recommends robust security standards and cross-border recognition for the EU Business Wallet, with industry involvement in technical standards and integration with data access systems.
Collectively, these measures are designed to foster innovation, resilience, and trust in the EU’s digital landscape, allowing businesses to thrive in a coherent and future-ready regulatory environment.

Want to learn more the principle of "Security by Default"?

👉 Read the full interview with Sudhir Ethiraj, Global Head of Cybersecurity Office at TÜVSÜD and Taskforce Lead, Security by Default at the Charter of Trust: http://spkl.io/60444ahb0

3 key takeaways:
💡 Charter of Trust introduced the principle “Security by default” recognizing that securing the product alone is not sufficient.
💡 The biggest challenge: Outdated devices and existing systems are still functional and have significant financial investments associated with them. However, they were not designed with security in mind.
💡 The Charter of Trust taskforce worked on establishing a common set of guidelines for Security by default that can be used across different industries and domains.

Thank you Siemens for including this topic in your Cybersecurity and Charter of Trust Innovation series. Looking forward to the further exchange this week with MSC 2024 ahead.

As 2023 marks the fifth anniversary of the Charter of Trust, we are publishing a “Secure Development Lifecycle: step-by-by step guidelines", our latest guiding document in line with the Charter's Principle 3, Security By Default.

"Security By Default for Cloud Environments" is the key topic that high-level speakers from IBM, Allianz, TÜV SÜD and Atos discussed during the Principle 3 “Security by Default” taskforce’s webinar, on 18 October 2022.

By John Collins, Security Marketing Leader, IBM

A little over a year ago, President Joe Biden signed Executive Order 14028 on “Improving the Nation's Cybersecurity”, thereby making a significant commitment to address persistent and growing cyber threat. One year on, the Charter of Trust reflects on the improvements, challenges and possible ways forward.

“Why is identity and access management key to ensure the security of the default configuration settings of assets?" This is the issue that high-level speakers from IBM, NXP, TÜV SÜD and ATOS discussed during the Principle 3 “Security by Default” taskforce’s webinar, on 16 February 2022.

14th October 2021
10:00-11:00 am CET

By Julian Meyrick, Managing Partner & Vice President, Security Strategy Risk & Compliance, Security Transformation Services, IBM Security

By Sudhir Ethiraj, Global Head of Cybersecurity Office, TÜV SÜD and
Dr. Angelika Steinacker, CTO Identity & Access Management, IBM Security Services EMEA

Looking at the current regulatory landscape regarding cybersecurity in the Internet of Things, we see a global evolution on policies and regulation related to cybersecurity and privacy.

To increase the overall level of security, security should be “built in” and considered from the very beginning. Therefore, the Charter of Trust defined “Security by Default” as one of its ten key principles.