nAs 2023 winds to a close, let’s take a look at some of the topics and eventsnthe ISC2 Advocacy teamncovered to round out the year. From agreements on legislation, fostering newnpartnerships with key stakeholders and hosting and participating in securitynevents, it’s been a busy time.n
nnEuropen
nnOn November 30, the EU Parliament, European Commission, and the Council ofnthe EU (EU Trilogue) reached a provisional agreement on the proposednnEU Cyber Resilience Actnn(CRA).This legislation would impose cybersecuritynrequirements on products with digital elements such as connected homencameras, fridges, TVs and toys and seek to ensure they are safe beforenplaced on the market. The EU CRA is expected to enter into force aroundnMarch 2024. Reporting for incidents and exploited vulnerabilities wouldnlikely begin in January 2026 and all provisions would become mandatory innearly 2027.n
nnThe EU Trilogue reached a provisional agreement on the proposed EU AI Act onnDecember 8. This landmark legislation is the first of its kind globally andnit aims to ensure that AI systems placed on the European market and used innthe EU are safe and respect fundamental rights and EU values. The Actnprohibits certain AI applications deemed harmful and establishes governancenand enforcement structures for AI regulation. The bill is expected to enterninto force April 2026.n
nnISC2 CISO Jon France delivered a keynote speech on behalf of ISC2, a sponsornof the event, atnnECSO’s CISO Meetupnnon November 28/29. Jon discussed the ISC2 CybersecuritynWorkforce Study and highlighted the EU cybersecurity workforce gap andnskills shortage. The event emphasized the growing complexity of the threatnlandscape and the need for robust cybersecurity strategies. Discussionsnincluded navigating new EU regulations, practical breach responsenexperiences, and the importance of personal resilience in cybersecuritynleadership.n
nn
nNorth America
nn
nnBy now, you’ve probably seen some of the data from the most recentnnISC2 Cybersecurity Workforce Studynn. The Advocacy team took to Capitol Hill following the release of this studynto discuss the impacts of the workforce and skills gaps on the UnitednStates. Providing briefings to the White House ONCD, the Homeland SecuritynCommittee Caucuses and the Senate cybersecurity caucuses. Learn more aboutnthennImpacts of Workforce Culture and DEInnon cybersecurity in our Insights post.n
nnnISC2 SECURE Washington DCnnwas held on December 1 in the Nation’s Capital. Cybersecurity expertsnconvened for interactive and informative sessions on topics like risk, cybernresilience and artificial intelligence.n
nnCanada is considering Bill C26 and it is currently being considered by thenStanding Committee on Public Safety and National Security. Advocacy has beennworking with members of parliament, government agencies and othernstakeholders to provide workforce data and valuable insight on the bill.n
nnAdvocacy has been meeting with government and business leaders to discussnCanada’s consideration of The Cybersecurity Maturity Model Certificationn(CMMC), a framework designed to enhance the security practices ofnorganizations working with the Department of Defense.n
]]>