Shaping Cybersecurity: How Regulation Shapes Operational Cyber Defense
Christiane Kirketerp de Viron, Tim Maurer, Ari Schwartz, Josephine Wolff, Florian Schütz
RSA Conference 2025 · Day 1 · Policy
Cybersecurity regulation has expanded dramatically over the past decade, but the proliferation of jurisdiction-specific rules is creating a compliance burden that may actually impede the security outcomes regulators are trying to achieve. A high-level panel at RSA 2025 — drawing on perspectives from the European Commission, the Swiss National Cybersecurity Centre, industry, and academia — examined the state of global regulatory fragmentation, identified five areas where international coordination would have the most impact, and debated what "good" regulation actually looks like in practice. ---
AI review
A competent, well-structured panel on regulatory fragmentation that actually produces a prioritized list of coordination targets rather than dissolving into 'more cooperation is good' platitudes. The Swiss incident reporting model is the most operationally instructive content here. Schütz saying 'compliance is not equal to security' from inside the regulatory system is worth more than a thousand CISO conference talks saying the same thing.