March 17, 2026
by If the past decade of cybersecurity has been defined by reacting to threats, the next one will be defined by proving resilience. Across Europe and beyond, regulators, technology leaders and enterprises are entering a new era where security, compliance and governance are no longer parallel functions, they are becoming a single operational discipline.
That shift will be front and center when industry leaders gather in Rome from October 5-8, 2026, to examine how organizations can adapt to a regulatory and technological landscape that is evolving faster than ever before.
For those planning to attend, super early bird tickets are now available with $250 off, offering an opportunity to secure a place at one of the year’s most important conversations in cybersecurity and compliance.
But the urgency is not about the discount. It’s about the
moment.
Compliance Is Becoming Continuous
The traditional model of annual audits and static policy frameworks is rapidly disappearing. Regulations such as NIS2, DORA, and the EU AI Act are transforming compliance into a continuous, evidence-based obligation.
Organizations are no longer asked simply whether they comply, they must prove it, continuously.
NIS2 expands cybersecurity obligations across sectors including energy, healthcare, manufacturing and public administration. It introduces stronger risk-management requirements, monitoring and logging obligations, and incident reporting rules that extend accountability all the way to the boardroom.
Meanwhile, the Digital Operational Resilience Act (DORA), in force since January 2025, harmonizes how financial institutions manage ICT risk, test resilience, and oversee critical third-party providers.
The AI Act, which phases in through 2026 and 2027, adds another layer: organizations building or deploying high-risk AI systems must ensure documentation, human oversight and traceability across the lifecycle of those systems.
In practice, this means governance frameworks are evolving.
Many organizations are moving toward unified Governance, Risk and Compliance (GRC) platforms that bring together policies, risk registers, controls, audit evidence and regulatory mapping in a single environment. Frameworks such as NIST CSF 2.0 and ISO standards are increasingly used as structural backbones, creating a consistent audit trail and board-ready reporting.
The EU Is Rewriting the Digital Rulebook
Regulation itself is also evolving.
On November 19, 2025, the European Commission introduced a major Digital Package designed to simplify and modernize the EU’s digital regulatory environment. The initiative includes a digital omnibus aimed at streamlining rules on artificial intelligence, cybersecurity and data governance.
Complementing it are two strategic initiatives: a Data Union Strategy intended to unlock high-quality datasets for AI innovation, and European Business Wallets, which will provide companies with a single digital identity to simplify cross-border operations across EU member states.
Taken together, these changes signal an effort to reduce fragmentation while strengthening oversight, a delicate balance that will shape how companies operate in Europe over the coming decade. Because these developments will have significant implications for organizations navigating the EU regulatory landscape, this topic will be explored in greater depth during our dedicated session on the Digital Omnibus at the upcoming PECB Conference.
AI Is Changing Both the Threat Landscape and the Rules
Artificial intelligence is not only reshaping productivity; it is also transforming cyber risk.
According to data from the World Economic Forum, the number of cyber-attacks per organization has more than doubled in just four years, rising from 818 incidents in 2021 to nearly 2,000 last year. At the same time, entirely new threat vectors are emerging across the AI stack: prompt injection, data leakage, AI-powered scraping bots and increasingly sophisticated deepfakes.
This reflects a broader shift in mindset. Cyber resilience is no longer viewed as a static checklist of controls; it is becoming a continuous learning system that evolves alongside the technologies it protects. These evolving challenges are at the heart of this year’s PECB Conference, where AI and its implications for cybersecurity and compliance will be a central theme.
Compliance Frameworks Are Converging
Another emerging trend is regulatory convergence.
The EU’s Digital Omnibus initiative aims to streamline overlapping obligations across major frameworks, including GDPR, ePrivacy, NIS2, DORA and the AI Act. Among the proposed changes are unified incident reporting procedures, simplified consent rules, browser-level preference signals and clearer rules around AI training data.
A single EU reporting portal is expected to further reduce fragmentation, allowing organizations to report cybersecurity incidents and data breaches through a harmonized gateway rather than navigating multiple parallel regimes.
Supply Chain Security Moves to the Center
Cybersecurity is no longer confined within the boundaries of a single organization.
Under frameworks such as DORA and NIS2, companies must increasingly assess and monitor the security posture of suppliers, partners and technology providers. Third-party vulnerabilities are now treated as part of an organization’s own risk exposure.
As organizations begin to integrate AI into critical systems, the demand for specialized expertise in securing and governing these technologies is accelerating. In response, the conference will also mark the launch of new professional training courses designed to address these emerging challenges, including the Certified AI Security Professional (CAISP) and the Certified EU AI Governance Professional, which will be officially introduced during the PECB Conference taking place in Rome from October 5-8, 2026.