Christina Cacioppo’s Post

Europe has some of the most stringent data protection regulations in the world alongside a large cultural emphasis on privacy. So it’s no surprise that our European customers tend to be ahead of the curve when it comes to securing the internet and protecting consumer data. That was on full display at VantaCon UK last week. I spent a lot of time talking to CISOs and security leaders (both on stage and off) about emerging AI regulations, the potential for AI to drastically change the way we approach TPRM, and the complexities of adopting new frameworks like DORA and ISO 42001 while maintaining existing compliance certifications. European companies are all in on investing in trust, using automation to manage the compliance load, and thinking about other ways to optimize security practices to support continuous compliance. Europe may be a bellwether for the US, and I think we can all learn from companies like: * Synthesia, an early adopter of ISO 42001 * Klarna, as they integrate AI and continuous compliance without disrupting engineering workflows * Pigment, as they think of security like a product feature to meet customer demands * Okta, as they experiment with LLM-powered malware detection * Multiverse, with a careful risk assessment framework * Engine by Starling, adding frameworks as business needs emerge in a scalable way * BVNK, using automation to support nascent-but-important regulation If you’re curious to hear more about what’s top of mind for leaders in the UK, the article below (link in comments) provides a nice summary of the main themes that resonated with our speakers and attendees.