As the European Union continues to reshape its cybersecurity regulatory landscape, product vendors face a growing need for clarity, alignment, and practical guidance. Corsec is pleased to announce our attendance at the 7th International Conference on the EU Cyber Security and Resilience Acts, taking place March 24–26 in Brussels.

Key Tracks & Sessions Corsec Will Be Following

Throughout the conference, Corsec will be actively engaging across several tracks that are particularly relevant to manufacturers:

• The EU Cybersecurity Agenda 2025–2029: What It Means for Industry
  This track provides a strategic view of the Commission’s priorities for the next legislative cycle, including CRA implementation, NIS 2 enforcement, and the future direction of certification schemes. For vendors, these discussions shape long‑term product and compliance planning.
• From Regulation to Reality: How the EC Is Supporting CRA Implementation Across Europe
  Sessions focused on how the European Commission is supporting harmonized CRA adoption offer insight into what “compliance” will look like in practice—and where flexibility or risk remains for manufacturers preparing today.
• Certification in Practice: From EUCC to CRA Conformity
  These discussions explore how EUCC, EUCS, and other schemes relate to CRA obligations. Understanding this mapping is essential for vendors deciding where certification adds value versus where it introduces unnecessary cost or duplication.
• Designing for Lifecycle Security and Post‑Market Responsibility
  CRA Articles addressing vulnerability reporting, patch delivery, and supply‑chain assurance are a major shift for many organizations. This track highlights what continuous compliance means beyond initial market entry.
• Panel Discussion: AI Act Cybersecurity—Real-World Risks, Requirements, and What Comes Next
  “The EU’s AI Act introduces sweeping new cybersecurity expectations—along with plenty of uncertainty. In this panel discussion, experts will break down how the rules reshape AI deployment, what “compliance” actually requires in practice, and where the biggest technical and organizational challenges lie. Panelists will provide a clear view of the security measures regulators expect, how to implement them without blowing up existing workflows, and what these obligations mean for your company’s risk landscape.”
• The Cost of Compliance: New Realities for Testing, Assessment, and Post-Market Obligations
  As assessment, testing, and post‑market obligations expand, vendors must budget realistically for long‑term compliance. This track addresses the emerging cost structures and tradeoffs organizations will face.
• What Market Surveillance Authorities Expect from Manufacturers under the CRA
  “What manufacturers need to provide under the CRA, information and supporting evidence to enable verification of compliance and assurance of requirements.”
• Too Much Already, Supply Chain Security? A Sensible Approach to Rating True Potential Vulnerabilities Is Needed
  “Threat modeling and product-context analysis to cut through the ~140 daily EUVD CVE filings and distinguish real, exploitable vulnerabilities from inflated worst-case assessments.”
• Vulnerability Management in Consumer IoT: Why No IoT Manufacturer Is Ready for CRA Vulnerability Management (And How to Fix It)
  With increasing scrutiny from Market Surveillance Authorities, manufacturers must be prepared to demonstrate not only secure design, but effective vulnerability monitoring, reporting, and remediation over time.
• Panel Discussion: Navigating Fragmented Global Cyber Regulations
  With overlapping global frameworks—from CRA and EUCC to international standards—this panel addresses whether meaningful harmonization is achievable and what manufacturers can do in the meantime.