-
Continue reading →: The Speed of Trust: Why Europe’s Defenders Need Faster Collaboration, Not Just Faster Rules
Authors: Ali Khalil, Ayman Khalil A recent companion analysis on this publication argued that artificial intelligence did not create the buried flaws in the world’s software; it simply made them cheap to dig up. That observation reframes the entire defensive challenge. For most of the history of product security, the…
-
Continue reading →: Cybersecurity Must Not Become a Tool of Industrial Protectionism: Reassessing the European Debate Around Foreign Solar InvertersIntroduction Today, Europe has never produced so much solar energy. In the first quarter of 2025, solar electricity production across the European continent increased by 32% compared to the same period in 2024, reaching nearly 68 terawatt-hours. Over the full year 2025, solar accounted for a record 13% of the…
-
Continue reading →: DORA’s Legislative Breakthrough: How TLPT and Advanced Testing Are Redefining Financial Sector ResilienceAuthor: Romain Muguet 1. Introduction: A Regulation Born from Necessity The financial sector remains a high-value target for cybercriminals, hacktivists and state-aligned actors, with attacks growing in both sophistication and frequency. Data from ENISA’s 2025 Threat Landscape Report, released in October 2025, underscores the sector’s persistent exposure: out of 4,875…
-
Continue reading →: SBOM Is Not Enough: Supply Chain Transparency in the Age of AI-Driven ExploitationAuthor: Paul Gedeon Supply chain security has become a question of visibility before it is a question of control. Modern organizations rarely buy a single product from a single supplier. They buy systems assembled by integrators, built on third-party libraries, cloud services, firmware, subcontracted components, and open-source projects maintained by…
-
Continue reading →: As a European Security Expert, I Am More Concerned About Politicized Procurement Than About Vendor NationalityI work in security, so I understand why people are nervous about critical infrastructure. Energy systems are not ordinary commercial assets. If something goes wrong, the consequences are not limited to a delayed software release or a bad quarterly report. They can affect hospitals, transport, industry, households, public services, and…
-
Continue reading →: Certification Is Not the Finish Line: What Happens After a Product Gets Approved?Authors: Ayman Khalil & Romain Muguet Why EUCC certification increasingly depends on what happens after the certification ends European cybersecurity certification is shifting toward operational concerns. Previously, discussions centered on frameworks, recognition, and regulatory alignment. While this initial certification is now well-established, attention is increasingly focused on the subsequent phase:…
-
Continue reading →: AI Vulnerability Discovery Just Changed the Clock Speed of Product SecurityAuthor: Paul Gedeon Anthropic’s Project Glasswing should not be read as another impressive AI demo. It should be read as a warning about time. According to Anthropic and reporting from TechCrunch, Claude Mythos Preview, a restricted frontier model used by a small group of partner organizations, identified thousands of zero-day…
-
Continue reading →: Insights and Recommendations on Comparing and Enabling Mutual Recognition of Cybersecurity Labels Between Japan and EuropeAuthors: Roland Atoui & Isaac Dangana Introduction The photovoltaic (PV) sector is rapidly becoming “digital infrastructure,” not just power electronics. Modern PV and storage deployments increasingly rely on networked inverters, gateways, and cloud-connected monitoring/control functions, which expands both the attack surface and the potential impact of a successful compromise. The…
-
Continue reading →: MWC26: Where Cybersecurity, Legislation, and AI MeetAuthor: Arantxa Herranz The comparison between the technology sector and the automotive industry is not new. Indeed, there have been many occasions when the similarities and differences between the two have been put on the table to discuss various issues. Once again, at the Huawei European Cybersecurity Workshop, some speakers…
-
Continue reading →: Commission preliminarily finds TikTok’s addictive design in breach of the Digital Services ActToday,Feburary 2, the European Commission preliminarily found TikTok in breach of the Digital Services Act for its addictive design. This includes features such as infinite scroll, autoplay, push notifications, and its highly personalised recommender system. (source: https://ec.europa.eu/commission/presscorner/detail/en/ip_26_312) Risk assessment The Commission’s investigation preliminarily indicates that TikTok did not adequately assess…
