In 2025, the cybersecurity ecosystem became more complex than ever with new threats, emerging technologies, and shifting regulations. In response, we’ve seen governments around the world begin to rethink critical policy frameworks. Nonetheless, the Center for Cybersecurity Policy and Law (CCPL) has remained steadfast in its mission to strengthen global cybersecurity through policy, collaboration, and education. 

This year, we expanded our reach across the globe — including North America, Latin America, Europe, Australia, and Asia — to convene experts for critical policy discussions, research, and partnerships through our diverse initiatives. We have continued advancing efforts from digital identity, to global cyber standards, strengthening our commitment to supporting policies that improve the security ecosystem as a whole. 

This blog outlines some of the key moments and accomplishments that shaped our year.

Strengthening Security Through Global Engagements 

CCPL’s engagements in 2025 showcased our ongoing efforts to increase cybersecurity cooperation and shape policy discussions in key regions spanning the globe. We hosted conversations with policymakers and published more than 25 whitepapers and filings that helped encourage more consistent, foundational approaches to cybersecurity risk management across sectors and geographies. For example: 

• The Cybersecurity Coalition’s EU Working Group led several major efforts, including six filings that influenced Europe’s approach to the NIS 2 Implementing Guidance, the Cyber Resilience Act, and the EU roadmap for post-quantum cryptography.
• The Coalition to Reduce Cyber Risk (CR2) played a similar role across the Asia-Pacific region, the EU and the UK, engaging more than 40 government officials. CR2 submitted feedback to the European Commission and the Australian Government, helping to shape early thinking on incident reporting and broader cybersecurity strategy. 
• In Latin America and the Caribbean, the DigiAmericas Alliance helped strengthen regional collaboration by sharing insights from its published reports and supporting conversations around AI governance, digital sovereignty, and threat trends in the financial sector. These discussions gave regional leaders clearer visibility into shared challenges and contributed to more informed policymaking, especially in areas where resources and expertise vary widely across countries.

Together, the global engagements this year reflect CCPL’s longstanding belief that cybersecurity improves when stakeholders work together and have a shared understanding of risks and responsibilities. 

Strengthening U.S. Cyber Governance

Since its founding, the Center has worked to cut through the confusion of cybersecurity policy for decision makers, helping translate complex technical issues into real world strategies — and 2025 was no exception. This year, CCPL remained a trusted voice for federal and state governments in the U.S. working to strengthen cybersecurity frameworks. 

• The Better Identity Coalition submitted comments to the Department of the Treasury, the Federal Reserve, the OCC, and the FDIC, calling for improved authentication standards and stronger digital identity infrastructure. These submissions helped federal agencies understand how weak identity practices contribute to fraud and why stronger, more consistent authentication requirements are necessary. 

The Coalition also provided expert testimony before the Pennsylvania House of Representatives on the deployment of mobile driver’s licenses (mDLs), giving state leaders clearer guidance on how to modernize identity systems while protecting privacy and security.

• The Hacking Policy Council (HPC) advanced critical discussions on responsible cybersecurity research through filings to U.S. policymakers, including recommended updates to FedRAMP’s Continuous Vulnerability Management Standard and comments on NIST’s foundational IoT cybersecurity activities. 

HPC also urged New York State to adopt a 72-hour incident reporting timeline — bringing state requirements in line with federal standards to improve accuracy, reduce confusion, and support faster response coordination. 

Through our U.S. engagements, CCPL initiatives encouraged research practices that ultimately strengthened U.S. national cybersecurity. By ensuring that emerging policies reflect technical realities, the Center helped federal and state leaders craft smarter, more workable cybersecurity rules.

Bringing Stakeholders Together

In addition to engaging with policymakers, CCPL’s initiatives hosted a variety of events this year, convening leaders across industry sectors to discuss strategy and standards on emerging cybersecurity issues. 

• The Cybersecurity Coalition hosted the annual conferences, CyberNext Brussels and CyberNext DC, both of which featured keynotes, panels, and discussions exploring challenges such as AI-driven threats, regulatory shifts, and the security needs of critical infrastructure.
  
  
• The Better Identity Coalition also held its annual Identity, Authentication and the Road Ahead Policy Forum, gathering companies and experts to discuss identity proofing, mobile driver’s licenses, digital credentialing, and more.
  
  
• The Hacking Policy Council helped lead the AI Cybersecurity Code of Practice Workshop and the EdProtect Symposium, where students and researchers uncovered more than 30 vulnerabilities in an effort that highlighted the value of practical testing in strengthening real-world security.
  
  
• Internationally, the DigiAmericas Alliance hosted 9 regional events, including the LATAM CISO Summit in Rio de Janeiro, a USA–Mexico cybersecurity exchange, and a UNGA side event focused on AI and workforce development. 

These gatherings expanded dialogue across borders, strengthened relationships with policymakers and industry partners, and helped support more consistent approaches to cybersecurity across the region.

Research That Informed Policy

Producing accessible, technically grounded research has always been a key part of CCPL’s mission, and this year’s work reflected that ongoing commitment. Our critical research projects played a major role in shaping cybersecurity conversations in 2025, giving policymakers and industry leaders clearer insight into emerging risks and practical solutions. 

• The Digi Americas Alliance released 4 major reports, each addressing a different regional priority: government data center resilience, AI governance, cybersecurity threats in the financial sector, and the role of ISACs in improving information sharing. Together, these reports helped governments and private-sector partners better understand regional gaps, strengthen national strategies, and plan for long-term digital resilience.
  
  
• CR2 published its influential whitepaper “Mandated Insecurity: Regulatory Requirements that Weaken Enterprise Cybersecurity,” examining how certain policies can unintentionally increase risk if they are too prescriptive or misaligned with real-world practices.
  
  
• The Hacking Policy Council added 7+ policy papers and filings on topics ranging from AI security testing and vulnerability disclosure to IoT best practices and updates to federal cybersecurity frameworks. 

Together, these publications helped governments and private-sector partners understand regional gaps, strengthen national strategies, and make more informed, technically grounded decisions about long-term cybersecurity resilience.

Turning Collaboration into Impact

Across all initiatives, publications, and events, CCPL’s work this year helped advance policy conversations that matter most for cybersecurity resilience. Together, these efforts show how CCPL’s consensus-driven, risk-based approach continues to transform complex policy challenges into practical guidance that benefits government, industry, and civil society.

Our mission has always been to bring common sense, common ground, and common good to cybersecurity policy, and that commitment will continue to shape our efforts in 2026.

As we look ahead, CCPL will remain steadfast in building on the momentum created across our initiatives this year. Our work in identity, cybersecurity policy, vulnerability disclosure, and regional cooperation has highlighted how essential collaboration is to navigating an environment defined by rapid technological and policy change. Over the next year, we will deepen this collaborative approach.

With new challenges on the horizon, we look forward to working with our partners, supporters, and communities to help build a more resilient and secure digital world.