Session Abstract

Today, the regulatory "grace period" for a number of EU regulations and directives is officially over. The digital landscape is no longer governed by isolated rules, but by an interconnected web of enforcement: NIS2 and DORA secure the infrastructure, the EU AI Act governs the algorithms, DSA polices the digital environment and content, and CRA is coming online to lock down the security of the software supply chain. This session moves past the theoretical text of the laws to address the operational reality of multi-framework enforcement. We will map exactly where these directives intersect, and more importantly, we address the risk of compliance theater: proving adherence on paper does not guarantee actual infrastructure security against evolving threats. By the end of this talk, you will learn how to streamline your governance strategy and mitigate legal liability without wasting resources on conflicting compliance exercises, ensuring your organization builds functional resilience rather than simply checking boxes for auditors.

Tudor Damian

With over 20 years in the IT industry, Tudor is a Certified Ethical Hacker and Microsoft MVP who loves everything about technology. As a co-founder of D3 Cyber, he advises organizations on security strategy, AI & Cloud Governance, and EU regulatory compliance (NIS2, DORA, AI Act, CRA). Being a regular presence at local and international events, Tudor combines deep industry experience with a genuine passion for sharing knowledge. After hundreds of talks and training sessions, his goal remains the same: to help IT professionals cut through the noise and build effective strategies dealing with AI-driven threats, Post-Quantum Cryptography challenges, Zero Trust adoption, and an ever-growing EU regulatory landscape.