ETSI Security Conference 2026

19-22 October 2026

Sophia Antipolis, France

Free of charge

Register now!

Securing Tomorrow after 20 Years of Progress

Join us for the 20th edition of the ETSI Security Conference, one of ETSI’s flagship events and a unique annual opportunity for the global security community to meet face to face, exchange with an experts’ audience, and explore the most relevant topics in cybersecurity standardisation.

Use #ETSISEC2026 for your social media posts!

 
  • Build Security in the AI Era

    AI is transforming both attack and defence. Join top engineers, researchers, tech leaders & policy makers to discuss Agentic AI, autonomous threats, and next‑gen defence strategies, and get ahead of CRA 2026 with practical guidance.

  • Learn to Secure digital infrastructures

    Today’s infrastructures are more interconnected—and more exposed—than ever. Discover real‑world strategies to protect the full stack using Zero Trust, identity‑centric security, and modern product‑security practices.

  • Prepare for the Quantum Frontier

    Quantum disruption is no longer theoretical. Explore crypto‑agility in action, PQC‑ready architectures, and what boards must decide now to mitigate “harvest‑now, decrypt‑later” risks.

  • From Human Factors to Systemic Risks

    Dive into real‑world lessons from fraud, scams, social engineering tricks, past protocol exploits (e.g. SS7), and other emerging threats. Hear security leaders share what worked, what failed, and much more.

About

Join us for the 20th edition of the ETSI Security Conference, one of ETSI’s flagship events and a unique annual opportunity for the global security community to meet face to face, exchange with an experts’ audience, and explore the most relevant topics in cybersecurity standardisation.

This special anniversary edition will feature an intensive 4‑day programme bringing together speakers and attendees from  government organisations, standards bodies, academia and a wide range of industry sectors.

Programme Highlights

The 2026 agenda will cover a broad spectrum of strategic and technical security topics, including:

  • Global Cybersecurity Landscape
  • Exploration of emerging trends, evolving threats and key regulatory initiatives shaping worldwide cybersecurity.
  • 20 Years of ETSI Security Conference
  • A look back at the evolution of the security threat landscape and the major lessons learned across two decades.
  • AI Security and Resilience
  • Focus on secure and trustworthy AI, including the implications of agentic AI systems.
  • Cryptography and Quantum Readiness
  • Current and Future Security Research
  • Identity and API Security
  • Cloud, SaaS, OT/IoT and Product Security
  • Regulatory Runway & Compliance Operations
  • Covering EU and global frameworks and their operational impacts
  • CRA 2026
  • Education in Standards
  • Networks and Telecom Security
  • Insights on 5G, 6G, Open RAN, core networks and signalling security.
  • Software Security
  • …/…

Subscribe to the ETSI Events mailing list and/or the ETSI Security Events Mailing list to get the latest announcements about this event!

Involved/interested in CRA, subscribe to the ETSI CRA Dissemination mailing list to get the latest news.

Programme

Day 01

09:15

Monday 19 October

Check-in and Welcome Coffee

10:00

Welcome and Opening Session

Session under development. Details coming soon.

10:30

Session D1-1 : Global Cyber Security Landscape 2025 (part 1)

This session will explore the current state of the Global Cyber Security Landscape, including emerging trends and regulatory initiatives.

Session chaired by Alex Leadbeater, ETSI TC Cyber Chair

Session under development. Details coming soon.

12:00

Lunch break, posters and demo visits

13:30

Session D1-2 Global Cyber Security Landscape 2025 (part 2)

This session will explore the current state of the Global Cyber Security Landscape, including emerging trends and regulatory initiatives.

Session under development. Details coming soon.

14:50

Session D1-3 Poster and Demo Teasers Presentations

Short introduction of posters and demos presented throughout the conference.

15:30

Tea / coffee break, posters and demo visits

16:00

Session D1-4: 20 years of ETSI Security Conference: Security threat landscape evolution & lessons learned

Session under development. Details coming soon.

18:00

Networking Event

Day 02

08:15

Tuesday 20 October 2026

Check-in and Welcome Coffee

09:00

Session D2-1: Cloud, SaaS, OT/IoT & product security inc. mobile app security

Cloud, SaaS, OT, and IoT security are converging through cloud-based SaaS platforms that offer visibility, threat intelligence, and automated risk mitigation for interconnected environments. This session will explore secure product design and implementation combining consumer end products and their cloud back-end services.

Comparing the paths to the wallet on the web: threat modelling QR codes, custom schemes, and browser-mediated API

Simone Onofri, W3C.

Re-evaluating human oversight in European digital identity security

Campbell Cowie, IProov.

Verifiable execution environments for Cloud-based mobile services

Kenataro Ogawa, NTT.

Securing Cloud-Connected IoT Products: A layered trust framework with simulation-based risk evaluation

Daniela Mechkarosk, University of Information Science and Technology, "St. Paul The Apostle", Macedonia.

Keeping the security control in outsourced managed services

Silke Holtsmanns, Blue Hour Oy.

Rethinking trust in open silicon: securing the supply chain from chip to sloud

Gil Bernabeu, Global Platform.

10:45

Coffee break, posters and demo visits

11:15

Session D2-2: Women in Cyber

Chaired by Helen L., NCSC

This inaugural Women in Cyber session at the ETSI Security Conference highlights the growing impact and importance of diverse voices in cybersecurity. The session will open with an inspiring keynote highlighting the achievements, challenges, and opportunities for women in cybersecurity, followed by a dynamic panel discussion bringing together perspectives from across the industry. Together, they will explore how to foster inclusivity, strengthen talent pipelines, and shape a more resilient and representative cyber ecosystem.

Session under development. Details coming soon.

12:30

Networking lunch, posters and demos visits

13:45

Session D2-3: AI Security & Resilience - Part 1

Applications of Agentic AI are everywhere in 2026. However, with that increasing reliance on Agentic solutions both attackers and defenders are increasingly leveraging agentic AI. The success of the entire agentic revolution hinges on our ability to create a secure, transparent, and governable ecosystem.
This session will consider the following questions: How do we manage identity for billions of non-human agents? How do we defend against a new generation of AI-driven threats? How can trust be established? And the implications of Agentic AI making a mistake?

Automate the gates, not the trust: defending the supply chain against AI-generated code

Roman Zhukov, Red Hat.

When agents go rogue: a threat model and defense framework for agentic AI systems

Vaishnavi Gudur, Microsoft.

Governing agentic AI at scale: linking AI agent identities to digital identity frameworks

Bo Fjelkner, Ericsson.

EN 304 223 — setting the baseline for addressing agentic AI

Scott Cadzow, C3L (Cadzow Communications Consulting Ltd).

Panel discussion with the session speakersLed by Scott Cadzow

Scott Cadzow, C3L (Cadzow Communications Consulting Ltd). Bo Fjelkner, Ericsson. Vaishnavi Gudur, Microsoft. Roman Zhukov, Red Hat.

15:30

Tea / coffee break, posters and demo visits

16:15

Session D2-4: Regulatory runway & compliance operations (EU & Global)

While Europe arguably leads the world in strong security regulation, the sheer number of overlaps, and even sometimes inconsistent regulations across EU, national and global levels leads to an increasingly complex regulatory landscape to navigate. This session will explore the impacts of regulatory overlap and fragmentation on the ICT and Telecoms industries.

An approach to CRA conformity assessment – from secure-by-design to demonstrable compliance

Eric Vetillard, ENISA.

Compliant by design or buried by compliance? How European SMEs can navigate the data Act–CRA–AI act triangle using ETSI standards

Maurizio Bulgarini, Next G Cloud.

Beyond static audits: Using OSCAL to streamline continuous cybersecurity certification

Iñaki Etxaniz, Tecnalia.

Beyond launch: stakeholder perspectives on the adoption of Japan’s JC-STAR

Katsunari Yoshioka, Yokohama National University .

Defence against weaponised interdependence in Europe’s ICT chain under the proposed Cybersecurity Act 2

Eyup Kun, KU Leuven Center for IT and IP Law.

17:35

Session D2-5: Social engineering – social human hacking

The manipulation of people into compromising their personal and/or organizational security. Its pre-dates the internet and has evolved as technology has advanced. How are we continuing to improve are methods to reduce the risk and chance of successful attacks? And what is required to meet the new challenges of GenAI and agentic agents being used to conduct Social Engineering?

Rethinking social engineering: system-enabled coercive control in consumer IoT environments

Joanne Walker, BT Group.

Digital disguises: neutralising deepfakes and AI social engineering

Galina Pildush, Palo Alto Networks.

18:05

End of Day 2

Day 03

08:15

Wednesday 21 October

Check-in and welcome coffee

09:00

KEYNOTE: Telco Strategies for Consumer Security

Patrick Donegan, HardenStance

09:20

Session D3-1: Networks & telecom security (5G/6G/Open RAN/Core/Signaling)

With 6G standardisation well underway in 3GPP and other international standards venues, this session will focus on the emerging approaches and challenges to standardising secure 6G.
The session will consider aspects including 5G and legacy inter working; Open RAN; core network security evolution; and signalling network security.

3GPP 6G update

3GPP 6G Speaker to be named.

SMS blaster attacks in the Middle East and beyond

Nauman Khan, STC.

Top 5G security vulnerabilities found in real world pentests

El Mehdi Regragui, P1 Security.

Towards autonomous and explainable security in O-RAN with agentic AI

Mohammad Shojafar, 6GIC.

Cyber risk governance for a global community

Bret Jordan, Afero.

10:35

Coffee break, posters and demo visits

11:15

Session D3-2: CRA 2026: Proving secure-by-design at scale

With CRA harmonised standards nearing completion at the time of ETSI Security Conference 2026, this session will explore how the industry is already taking steps to address CRA compliance at market scale and how CRA compliance can bring both opportunities and challenges for companies placing product on the EU single market.

Building cyber resilience through standards: the current European standardisation landscape

Vassiliki Gogou, ENISA.

Governance at Speed: The Cyber Resilience Act in the AI Era

David Backovsky, Bureau Veritas.

CRA compliance and complex products

Evangelos Gazis, Huawei.

Building cyber resilience: inside ETSI’s CRA standardisation effort

Federica Bozzi, ETSI Ambassador for the EU Cybersecurity Ecosystem.

Aligning on machine-readable signals as the foundation for due diligence at scale

Madalin Neag, Linux Foundation.

Falsehoods technologists believe about the CRA

Aki Rose Braun, Expert Zebra.

12:45

Networking lunch, posters and demo visits

14:00

Session D3-4: Software security

Session Chaired by Helen L., NCSC

This session will examine evolving approaches to software security across both policy and practice. It will begin with an overview of international frameworks for software security, explaining how these initiatives are shaping secure development. The speakers will then explore how industry is adapting to address emerging technology disruptors, such as frontier AI, that are challenging traditional security models. The session will conclude with an interactive panel discussion, bringing together the speakers to compare approaches, debate common challenges, and identify practical ways to strengthen the security of software systems in an increasingly complex landscape.

Session under development. Details coming soon.

 

15:15

Tea & Coffee break, posters and demos visits

15:45

Session D3-5: Cryptography & quantum readiness - Part 1

Session chaired by Colin Whorlow, NCSC

We rely on cryptography and other cyber technologies every day to protect our data and secure our digital infrastructures. As progress toward a cryptographically relevant quantum computer advances, we are running out of time to protect our systems from the quantum threat.
What are the latest developments in quantum-safe technologies, and do we have everything we need to migrate to quantum-safe infrastructure?

 

ETSI QSC Overview

Matthew Campagna, Chair of ETSI TC Cyber Working Group for Quantum-Safe Cryptography (ETSI TC Cyber QSC), Amazon Web Services.

ETSI ISG QKD Status

Martin Ward, Chair of ETSI ISG Quantum Key Distribution (ETSI ISG QKD), Toshiba Europe.

ETSI TC QT Status

Mark Pecen, EigenQ, Inc..

Challenges and approaches in PQC transition in trustworthy long term archiving

Armin Lunkeit, Procilon.

From standardisation to production: lessons learned from the PQC transition at Google

Guillaume Endignoux, Google.

Post-quantum PKI migration: the next critical challenge after TLS key exchange

Alexander Truskovsky, Eigen Q.

17:00

Comfort Break

17:15

Session D3-5: Cryptography & quantum readiness - Part 2

Session chaired by Matt Campagna, ETSI QSC Chair, AWS

Implementation and impact assessment of quantum safe hybrid signature in V2X communications

Ines Ben Jeema, IRT-SystemX .

Tackling PQC and 47‑day certificates in parallel

Tim Callan, Sectigo.

Are Merkle tree certificates the quantum-safe PKI solution?

Shane Kelly, DigiCert.

IETF PQ migration progress of IPsec/IKEv2

Giulin Wang, Huawei.

18:15

End of day 3

Day 04

08:15

Thursday 22 October

Check-in and welcome coffee

09:00

KEYNOTE: Education in Standards

Claire d'Esclercs, ETSI

09:20

Session D4-1: AI Security & Resilience – Part 2: Implications of agentic AI – attack and defence?

Applications of Agentic AI are everywhere in 2026. However, with that increasing reliance on Agentic solutions both attackers and defenders are increasingly leveraging agentic AI. The success of the entire agentic revolution hinges on our ability to create a secure, transparent, and governable ecosystem.
This session will consider the following questions: How do we manage identity for billions of non-human agents? How do we defend against a new generation of AI-driven threats? How can trust be established? And the implications of Agentic AI making a mistake?

The invisible weak link: inside modern software supply chain attacks

Ankit Kumar Honey, GitHub (Microsoft).

Adapting threat modeling for AI-driven threats

Terézia Mézešová, ESET.

Evaluating Agentic AI: where attack and defence live in the trace

Christian Horchert, CrabNebula.

Before the Backdoor: data-integrity evidence across the AI lifecycle

Hans Christiaan de Raad, OpenNovations.

Vulnerability management in the AI era

Francois Ambrosini, Huawei.

10:35

Coffee break, posters and demos visits

11:00

Session D4-2: EUSR – CRA

Session under development. Details coming soon.

11:45

Session D4-3: EUSR CRA Panel Session: Successes and Challenges of CRA compliance

Session under development. Details coming soon.

12:45

Networking lunch, posters and demos visits

14:00

Session D4-4: Panel Certifying the future: A live research debate on security certification

Panel moderated by Björn Fanta, Fabasoft

Session under development. Details coming soon.

 

15:00

Session D4-5: Reflection: The Next Frontier After 20 Years of Progress

Envisioning the future of cybersecurity standards and the role of European Standardisation Organisations in the global ecosystems, and priorities for ETSI.

15:45

ETSI Security Conference 2026 Wrap Up and Close

Programme Committee

ETSI sincerely thanks the Security Conference 2026 Programme Committee Members for their engagement in putting together another thought provoking conference!

Posters

The following posters will complement the conference programme. Attendees will have the opportunity to visit them during the conference breaks. 

Poster

ETSI Security Conference 2026

TELEMETRY project

Telecom Italia

Read more
TELEMETRY project

Demos

The following demos will complement the conference programme. Attendees will have the opportunity to visit them during the conference breaks. 

Location

The ETSI Security Conference will take place in ETSI premises, Sophia Antipolis, France:

Venue:
ETSI
650 Route des Lucioles
06560 Valbonne – Sophia Antipolis
FRANCE

Tel.: +33 4 92 94 42 00 (Reception)

Information on how to get to ETSI, travel, visa, local accommodation and local transports is available here.

Contact us