For our second special episode of the Distilling Cyber Policy podcast, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by three Center for Cybersecurity Policy & Law experts to try and predict the future of cyber policy in the coming year, while reflecting on some of their previous predictions. Our experts include Caitlin Clarke, Jeremy Grant and Heather West, as well as thoughts from prior guests such as MEP Bart Groothius, Irfan Hemani and Katharina Sommers. 

Together, they explore where cyber policy conversations appear to be gaining traction, where momentum has stalled, and what may define the cybersecurity policy agenda in 2026.

Some of their predictions include:

• A hope that momentum around quantum policy discussions continues to grow 

• A growing shift away from prescriptive, checklist-style regulation toward more outcomes-based cyber policy.
  
  
• Increased attention to legal protections for cybersecurity researchers in the EU. 

• Rising expectations that service providers take greater responsibility for cybersecurity outcomes.

• Continued emphasis on secure-by-design and secure-by-default software development practices.

• Greater scrutiny of vendor trust and supply chain security.
  
  
• New and evolving security challenges posed by AI agents and increasingly autonomous systems.

• A growing appetite in the United States for a broader, more coordinated conversation around trusted digital infrastructure in the financial sector – with less focus on the White House or traditional cyber channels, and more engagement from Treasury and financial regulators exploring innovative approaches.
  
  
• Continued interest in the EU’s work on digital identity wallets, with lessons that may inform future policy discussions in other countries. 

As always, you can find our latest episode on Spotify and Apple. 

‍