As 2023 winds to a close, let’s take a look at some of the topics and events the ISC2 Advocacy team covered to round out the year. From agreements on legislation, fostering new partnerships with key stakeholders and hosting and participating in security events, it’s been a busy time.


On November 30, the EU Parliament, European Commission, and the Council of the EU (EU Trilogue) reached a provisional agreement on the proposed EU Cyber Resilience Act (CRA).This legislation would impose cybersecurity requirements on products with digital elements such as connected home cameras, fridges, TVs and toys and seek to ensure they are safe before placed on the market. The EU CRA is expected to enter into force around March 2024. Reporting for incidents and exploited vulnerabilities would likely begin in January 2026 and all provisions would become mandatory in early 2027.

The EU Trilogue reached a provisional agreement on the proposed EU AI Act on December 8. This landmark legislation is the first of its kind globally and it aims to ensure that AI systems placed on the European market and used in the EU are safe and respect fundamental rights and EU values. The Act prohibits certain AI applications deemed harmful and establishes governance and enforcement structures for AI regulation. The bill is expected to enter into force April 2026.

ISC2 CISO Jon France delivered a keynote speech on behalf of ISC2, a sponsor of the event, at ECSO’s CISO Meetup on November 28/29. Jon discussed the ISC2 Cybersecurity Workforce Study and highlighted the EU cybersecurity workforce gap and skills shortage. The event emphasized the growing complexity of the threat landscape and the need for robust cybersecurity strategies. Discussions included navigating new EU regulations, practical breach response experiences, and the importance of personal resilience in cybersecurity leadership.

North America

By now, you’ve probably seen some of the data from the most recent ISC2 Cybersecurity Workforce Study . The Advocacy team took to Capitol Hill following the release of this study to discuss the impacts of the workforce and skills gaps on the United States. Providing briefings to the White House ONCD, the Homeland Security Committee Caucuses and the Senate cybersecurity caucuses. Learn more about the Impacts of Workforce Culture and DEI on cybersecurity in our Insights post.

ISC2 SECURE Washington DC was held on December 1 in the Nation’s Capital. Cybersecurity experts convened for interactive and informative sessions on topics like risk, cyber resilience and artificial intelligence.

Canada is considering Bill C26 and it is currently being considered by the Standing Committee on Public Safety and National Security. Advocacy has been working with members of parliament, government agencies and other stakeholders to provide workforce data and valuable insight on the bill.

Advocacy has been meeting with government and business leaders to discuss Canada’s consideration of The Cybersecurity Maturity Model Certification (CMMC), a framework designed to enhance the security practices of organizations working with the Department of Defense.