Security, Trust, and Compliance in the Digital Age

In the September issue of dotmagazine, we examine how the digital economy - complex and interconnected - creates opportunities but also demands strategies for security and trust. The challenges of security, trust, and compliance across regulatory environments are increasingly central to the digital ecosystem.

The core challenge: Sovereignty and infrastructure control

A current focus for the industry is regaining control over data and digital infrastructure, which is often centralised and dominated by a small number of providers. Prof. Norbert Pohlmann - eco's Board Member for IT Security and Managing Director of the Institute for Internet Security - along with Ferhan Kesici from Westphalian University of Applied Sciences, examine risks to digital sovereignty in smartphone app ecosystems. Their research showed that even for German apps, more than three-quarters of traffic flows through US-controlled providers, illustrating the extent to which digital services rely on non-European infrastructure.

Ivo Ivanov, CEO at DE-CIX, emphasises that these sovereignty issues must be addressed alongside international cooperation. He highlights Atlantic Convergence 2025, which will tackle cross-continental challenges and strengthen the pan-Atlantic digital ecosystem across Europe, the Americas, and Africa. With hubs like Lisbon emerging as strategic interconnection points, collaboration and interoperable security frameworks are becoming increasingly important.

Localised infrastructure solutions

One proposed response to these sovereignty concerns is localised infrastructure. Thomas Amberg from Ynvolve describes how sovereign clouds, hosted within European jurisdiction, help ensure GDPR compliance and limits exposure to foreign regulations, such as the US CLOUD Act. Additionally, Katrin Ohlmer from DOTZON describes how organisations can increase autonomy by operating their own Top-Level Domain (TLD). By owning a dedicated TLD, organisations gain control over domain and DNS settings, including the ability to specify hosting locations and enforce standards such as HSTS and DMARC.

Advanced technological solutions for trust

Alongside infrastructure, technical innovation is contributing to new approaches to security, particularly in distributed environments. Tim Cappelmann from AirITSystems argues that the main cybersecurity challenge is not zero-day malware, but the complexity of modern IT networks, which can lead to errors and breaches. He notes that automation, including the integration of procedural controls and technology, can help manage security technologies and reduce the attack surface of IT systems.

Building on this complexity challenge, new security models are emerging to address distributed environments. Emma Wehrwein and Oliver Schonschek from eco Association discuss how Zero Trust and Confidential Computing can work together to secure data flows in the Multi-Provider Cloud-Edge Continuum. Zero Trust manages access through continuous, risk-based authentication, while Confidential Computing protects sensitive data during processing by creating encrypted hardware enclaves, helping maintain security in cloud environments.

Extending these principles to artificial intelligence, a feature by Michael Hase and Luzia Langhans at eco Association introduces Confidential AI. This approach applies Confidential Computing methods to protect both the data used to train AI models and the model parameters themselves.

Federated governance and decentralised trust

Some authors highlight solutions that move beyond centralised models by emphasising transparency and user control. Gherardo Varani from Freename describes how Web3 seeks to address consumer distrust in the traditional web through decentralization and blockchain technology.

Europe's TANGO project, described by Lauresha Memeti Toskana and Ladan Raeisian from eco Association, offers a related vision. By creating federated data spaces and privacy-first identity systems, TANGO enables data to remain under the control of its owners while supporting secure and interoperable data exchange across sectors and borders.

Looking ahead

Together, the combination of these strategic, regulatory, and technological developments is shaping approaches to digital security and trust. By prioritising architectural practices, supporting regional infrastructure, and deploying new security concepts, stakeholders are seeking to balance innovation with regulatory and security requirements.

Readers can explore these topics further in dotmagazine's September issue.