The CyberNext Brussels 2025 conference on Wednesday brought together policymakers, industry leaders, and cybersecurity experts to discuss pressing issues surrounding Europe’s digital security. With a focus on regulatory harmonization, critical infrastructure protection, and geopolitical cybersecurity concerns, the event featured high-profile speakers and exclusive insights into the challenges shaping the future of EU cybersecurity.
The conference kicked off with opening remarks from Ari Schwartz, setting the stage for a day of discussions on Europe’s evolving cybersecurity landscape and the strategic priorities for the coming years. Despina Spanou, head of the European Commission’s cyber and digital policy unit, outlined the key cybersecurity priorities for the Commission’s new mandate, she emphasized the importance of strengthening regulatory frameworks while balancing innovation and security needs across the bloc.
The Future of the Cybersecurity Act & EU Certifications
A panel featuring Adam Dobell, Despina Spanou, Hans de Vries, Morten Løkkegaard, and Nikolas Ott discussed the future of the EU Cybersecurity Act and certification schemes. Speakers explored the challenge of avoiding regulatory fragmentation while ensuring robust security standards. Ott, representing Microsoft, reinforced the importance of industry collaboration, while de Vries emphasized the need for a holistic approach to cybersecurity governance.
Harmonizing Cybersecurity Regulations in the EU Single Market
In a session on regulatory harmonization, Alex Botting, Titilayo Shodiya, Dan Cimpean, Bernard Montel, and Eloïse Ryon examined the complexities of cybersecurity regulations across EU member states. Cimpean, director of Romania’s National Cyber Security Directorate, warned that frameworks that are too complicated may make adoption and enforcement more difficult. Resource limitations and worries about regulatory cannibalization—the practice of businesses stealing cybersecurity experts from one another—were also brought up in the conversation.
Later, speaking with Brussels Morning Newspaper, Cimpean elaborated on Romania’s biggest cybersecurity challenges. He emphasized the difficulty of keeping regulations in step with rapid technological advancements, as laws at both the national and EU levels often lag behind innovation. He also highlighted the inconsistencies in how EU directives are implemented across member states, leading to misalignment that places unnecessary pressure on businesses and hampers information exchange and cooperation.
Fireside Chat: A Quantum Shift in Cybersecurity
Bart Groothuis, Member of the European Parliament, joined Ari Schwartz for a discussion on quantum computing’s impact on cybersecurity. Groothuis argued that Europe needs a Quantum Act to ensure leadership in post-quantum cryptography. He also criticized the slow pace of legislative implementation, warning that delays could jeopardize Europe’s digital sovereignty.
The Path Forward for Ukrainian Cyber Defence
Heli Tiirmaa-Klaar addressed through a video message, emphasizing how crucial cybersecurity is to Ukraine’s defence strategy, pointing to initiatives like the Telling Mechanism, which helps protect civilian infrastructure. It also stressed the need for ongoing financial and technical support to strengthen Ukraine’s cyber defenses.
Cyber Defence: Protecting Critical Infrastructure & Supporting Strategic Partnerships
Moderated by Michael Daniel, this session featured Tanel Sepp, Raj Samani, and Irina Michalowitz, focusing on Europe’s efforts to protect critical infrastructure. Samani, a cybersecurity expert at Rapid7, warned that cybercriminals are now as sophisticated as nation-state actors, exploiting vulnerabilities faster than ever.
Speaking later with Brussels Morning Newspaper, Samani discussed the unintended consequences of EU regulations, particularly the impact of GDPR on cybercrime investigations. He noted that restrictions on domain registration data have made it harder for cybersecurity teams to track malicious actors. He also called for closer collaboration between policymakers and cybersecurity professionals to strike a better balance between privacy and security.
Stemming the Proliferation and Irresponsible Use of Commercial Cyber Intrusion Capabilities
In a session on commercial cyber intrusion capabilities, Eric Wenger, Elizabeth Davies, Léonard Rolland, Jen Ellis, and Silvia Lorenzo Perez debated the need for stricter oversight of commercial spyware. Ellis highlighted the growing role of private contractors and exploit brokers, while Rolland detailed France’s efforts to regulate intrusion tools within the EU framework.
The event concluded with closing remarks from Michael Daniel, who underscored the importance of cross-border cooperation and industry-government partnerships in strengthening Europe’s cybersecurity landscape. CyberNext Brussels 2025 highlighted the growing need for stronger cybersecurity policies, better cooperation between governments and industries, and improved defense strategies. The discussions made it clear that cybersecurity is not just a technical challenge but a major political and economic priority for the EU moving forward.
