Artificial intelligence has become a critical component of modern industrial processes, cybersecurity operations, and digital infrastructure. As companies increasingly build and integrate their own AI capabilities, the need for secure, trustworthy, and compliant digital environments has never been more pressing.

In this paper, our AI Working Group provides a clear framework for organisations to navigate this landscape, marked by concentrated provider ecosystems, fragmented global regulations, and geopolitical supply chain risks, alongside the internal requirements necessary to build AI responsibly.

A key aspect is helping organisations prepare for the EU AI Act, based on the overarching principle that compliance cannot be treated as a simple checklist exercise, and should instead drive strategic transformation. Organisations are encouraged to ensure visibility over all AI systems in use, promoting alignment across technical, legal, and business functions. Strengthening governance is equally critical. Executive level oversight, supported by operational teams, should lead to consistent, iterative risk assessment throughout the AI lifecycle, ensuring that performance, ethical, legal, and operational risks are identified and addressed early.

Companies must also balance compliance investments against the financial and reputational risks of non compliance. The penalties under the AI Act are substantial. However, proactive preparation not only reduces exposure, it can also create a competitive advantage by enabling faster innovation, strengthening customer relationships and regulator trust, and reducing uncertainty in product development.

Looking ahead, organisations should treat AI governance as a long term, adaptive discipline. Regulation and technology will continue evolving, and resilience depends on flexible policies, modular system architectures, and scalable governance processes.

Continuous monitoring of regulatory developments, active participation in standards setting activities, and sustained investment in skills are essential to fostering a responsible AI culture centred around a holistic understanding of compliance.

Please download the full report below.

The Charter of Trust is taking decisive steps to secure our digital future in the quantum era. As quantum computing advances, the risks to today’s cryptographic systems grow ever more urgent. Our dedicated working group is leading the way in raising awareness, promoting standards-based migration, and fostering collaboration across industries, governments, and academia. Together, we are committed to a proactive, well-coordinated, and risk-driven transition to post-quantum cryptography—ensuring digital trust and resilience for generations to come. Discover our vision and join us as we shape a secure digital world for the quantum age.

Join us for a timely and dynamic edition focused on “Digital Omnibus & Trust: What It Means for Business in Europe” kindly hosted by the Representation of the Free State of Bavaria to the EU on November 20, 2025 at 11:00 AM (Central European Time) for a lunch event filled with insightful discussions on cybersecurity and trust in the digital age.

With the European Commission unveiling its landmark Digital Omnibus Package just one day before, this event is your exclusive opportunity to be among the first to explore its real-world impact on business and the digital economy across Europe.

What to Expect:
Opening remarks by:
Dr. Armin Hartmuth, Director, Representation of the Free State of Bavaria to the European Union
Dr. Sumit Chanda, COO, Atos Group Security & Business Lines CISO, and Co-Chair of the Charter of Trust.

Keynote Address:
Despina Spanou, Deputy Director General for Cybersecurity and Trust, European Commission (DG CNECT), will share first-hand insights into the objectives and expected impact of the Digital Omnibus Package.

Expert Panel Discussion featuring:Moderated by Sudhir Ethiraj, Global Head of Cybersecurity Office, CEO Business Unit Cybersecurity Services, TÜV SÜD.

Despina Spanou, Deputy Director General for Cybersecurity and Trust, European Commission (DG CNECT)
Kia Slæbæk Jensen, Cyber Advisor, Permanent Representation of Denmark to the EU
Suzanne Button, Field CTO EMEA, Elastic
Tomas Jakimavicius, Director European Government Affairs, Microsoft
Yana Humen, AI and Cybersecurity Policy Manager, Government and Regulatory Affairs, IBM

Interactive Q&A: Bring your questions and join the conversation on regulatory coherence, innovation, and the future of digital governance in Europe.

Closing remarks by Maria del Pino Gonzalez-Junco, Director of the Charter of Trust

Networking Lunch: Connect with peers, policymakers, and industry leaders in an informal setting.

Why attend?
Gain first-hand insights into the EU’s Digital Omnibus Package—straight from the policymakers and experts shaping it.
Understand the immediate implications for your business and how to navigate upcoming changes.
Be part of a strategic dialogue that could influence the future of digital regulation in Europe.

The rapid expansion of EU digital regulation has strengthened security, privacy, and trust, but it has also created overlapping obligations, inconsistent timelines, and administrative complexity. The Digital Omnibus Package provides a timely opportunity to streamline these rules, ensure greater coherence, and enable businesses to focus resources on resilience and innovation rather than redundant compliance tasks.
The Charter of Trust welcomes the Commission’s initiative to harmonize digital regulations across the EU, aiming to reduce administrative burdens while maintaining high standards of security and privacy. Representing the unified views of its Partners, this paper addresses all key legislation within the scope of the Digital Omnibus and offers comprehensive recommendations. It emphasizes the need for a unified incident reporting system, risk-based notification requirements, and fair compliance processes to minimize regulatory overlap. The Charter calls for clearer liability clauses, global recognition of certifications, and stronger supply chain security.
In data regulation, the Charter advocates ensuring alignment between the rules on data intermediation services under the DGA and B2B data sharing under the Data Act and extending exemptions to mid-cap companies, all while safeguarding trade secrets. For artificial intelligence, the paper recommends a phased approach to new requirements, integrated conformity assessments, harmonized compliance templates, and clear definitions, supported by sector-specific guidance and transparent AI categorization. The Charter also encourages the European Commission to ensure that ePrivacy reform is future-proof, fosters innovation, and reflects the needs of both businesses and consumers. Finally, it recommends robust security standards and cross-border recognition for the EU Business Wallet, with industry involvement in technical standards and integration with data access systems.
Collectively, these measures are designed to foster innovation, resilience, and trust in the EU’s digital landscape, allowing businesses to thrive in a coherent and future-ready regulatory environment.

By Julian Meyrick, IBM Managing Partner and Vice President, Security Strategy Risk & Compliance, Security Transformation Services and Lars Reger, NXP Executive Vice President and Chief Technology Officer

After six years of careful analysis, NIST has announced the first cryptographic algorithms that will allow us to maintain the highest levels of security in a post-quantum world – what we also refer to as ‘quantum-safe cryptography’. And while first quantum-safe products are already here – there is still much to be done. The selected algorithms won’t immediately lend themselves to existing resource-constrained platforms. Within organizations like the Charter of Trust, we can find the necessary experts working together to resolve these issues and support the industry with the pending cryptography transition, which should begin now – even though quantum computers of today are not yet able to break modern encryption.

Wolfgang Steinbauer, Head of Crypto & Security, NXP Semiconductors, explains how quantum computing has the potential to play a significant role in advancing our scientific knowledge and society in the coming decades, yet challenges the mechanisms we use today to secure information. This is why Charter of Trust Partners NXP, Infineon, and IBM are working on product solutions for a post-quantum future with long-term security.

By Vinod Vasudevan, Global CTO MDR & Deputy Global CTO – Cybersecurity Services, Atos

By Zachary Thoreson, Cybersecurity Threat Intelligence Analyst, Global Cyber Security Team, AES

The ethical development of AI components and systems is essential. Read how NXP, a Partner of the Charter of Trust, has built its comprehensive framework for AI ethics principles that are rooted in its corporate values, ethical guidelines, and a long tradition of building some of the world's most sophisticated secure devices.

The annual IBM X-Force® Threat Intelligence Index sheds light on the biggest cyber risks that organizations face today, with data and insights collected over the past year.