Cyber Resilience Act: Why Digital Regulation Is Becoming a Management Priority
The Cyber Resilience Act is already in force – yet many companies still underestimate its impact. It marks a broader shift: cybersecurity, AI and digital regulation can no longer be treated in isolation. At the Cyber AI / Expo, Mareike Gehrmann of Taylor Wessing will explain what companies need to focus on now.
Although the Cyber Resilience Act has been in force since the end of 2024, with final deadlines running until December 2027, many businesses are still not fully aware of its implications. The regulation applies wherever products include digital elements — from software and connected devices to embedded modules and features such as remote access, updates and app control.
The principle is simple: security must be built in from the start. Not after an incident, but throughout the entire product lifecycle — from design and market entry to ongoing operation. For companies, this signals a fundamental change: cybersecurity is no longer just an IT issue. It has become a business, compliance and liability concern.
This is exactly where Mareike Gehrmann comes in. A specialist in IT law at Taylor Wessing, she is among Germany’s leading experts in data protection and digital regulation. At the Cyber AI / Expo, she will outline what this new regulatory landscape means in practice.
Companies are now navigating a complex framework that also includes the GDPR, the AI Act, NIS2, the Data Act — and, in the financial sector, DORA. Each brings its own requirements, timelines and responsibilities. The real challenge lies in how they interact: Who owns what internally? Which products are affected? What needs to be reported — and when? And how can companies avoid duplication, liability risks and unnecessary complexity?
For many companies, especially SMEs and internationally operating businesses, the pressure is mounting. The priority now is clarity.
Many companies already have established data protection or compliance structures. Rather than building new structures for each regulation, companies should build on what already exists. Integrated governance models, cross-functional teams and a clear understanding of priorities are becoming essential.
Artificial intelligence adds another layer of complexity. While companies are already using AI productively — from chatbots and data analytics to recruiting — new legal and security-related challenges are emerging at the same time. Businesses must not only recognise the opportunities, but also address transparency requirements, data protection, cyber risks and liability. And where AI becomes part of a product, multiple regulatory regimes often apply at once.
The Cyber Resilience Act is therefore more than just another regulation. It reflects a broader shift: security, AI and compliance are becoming core management responsibilities. The question is no longer whether companies need to act — but how prepared they are.
Keynote at Cyber / AI Expo MAIN STAGE
Mareike Gehrmann, Partner, Specialist Lawyer IT, Taylor Wessing
“Challenges and Regulation in the Digital Age: The Cyber Resilience Act and Its Impact on Businesses”