Program - Spring ITAPA 2026
REGISTRATION
Following the European debate, the focus turns to Slovakia’s reality. Do we have a plan to be a creator in AI, or will we remain merely a consumer?
Europe is preparing a major revision of the Cybersecurity Act. CSA 2 is no longer just about technical standards and certification. Non-technical risks, supply chain security, a stronger role for ENISA, and the question of whether certain technologies or countries will be considered a strategic risk are also coming into play. Where does security protection end and the new geopolitics of technology begin? A discussion on what the new rules will bring to the state, companies, and the market, and who in Europe will gain greater control over digital trust.
A modern state must be capable of more than just cyber defence. It must protect its data, securely operate critical digital services, manage crisis situations, and respond to emerging forms of crime. This discussion will outline what it means today to build a truly resilient nation in an era of increasing digital threats and the growing dependence of the state on technology.
AI agents are emerging as a new class of "digital workers"—tireless, scalable, and increasingly empowered to act without direct human intervention. However, this very autonomy fundamentally reshapes organizational security models and introduces entirely new classes of risk. Beyond legitimate use, agentic AI is becoming a potent tool for adversaries, enabling the automation of reconnaissance, social engineering, attack generation, and the bypassing of security mechanisms at unprecedented scale and speed. A featured case study will demonstrate how a beneficial tool can transform into an active threat vector the moment autonomy outpaces control mechanisms. This session will focus on emerging threats associated with AI agent deployment, their exploitation in offensive scenarios, and strategies for managing these risks—from permission mapping and oversight to implementing security frameworks for agentic systems.
Both European and Slovak regulators are responding to mounting cyber threats through a dynamic expansion of legislation. Alongside the NIS2 Directive, the AI Act is entering into force with the potential for significant penalties; the first deadlines under the Cyber Resilience Act (CRA) are beginning to lapse, and a revision of the Cybersecurity Act (CSA) is underway. Simultaneously, indirect interventions into the NIS2 framework are occurring. This session will provide an overview of the European and Slovak cybersecurity legislative structure, explain its context and internal logic, and identify the primary impacts on compliance management. It will also focus on expected developments and the practical challenges organizations will face in the near future.
Growing regulatory requirements are placing increasing demands on organizations, many of which lack sufficient financial and human resources. According to surveys, only a small fraction of organizations consider their preparedness for new obligations to be adequate, with regulations becoming a significant source of pressure on IT and security management. This session will focus on identifying the minimum viable measures needed to meet legislative requirements and practical approaches to effective implementation—even within a limited budget. It will present risk prioritization and pragmatic strategies for leveraging existing resources.
Current cybersecurity legislation has generated a significant demand for professional capacity - estimates suggest a need for more than 10,000 cybersecurity managers. However, the actual number of experts is currently only in the hundreds. Consequently, cybersecurity in many organizations is managed either formally or insufficiently. This session will address the root causes of this misalignment between regulation and real-world capacity, its impact on organizations, and potential solutions. It will present approaches to effective security management amidst expert shortages, including options for shared capacity, outsourcing, and internal competency development. The discussion will also explore systemic measures required to address this situation at both the market and public policy levels.
The year 2026 marks a pivotal milestone in the field of cybersecurity. Post-quantum cryptography (PQC) is progressively moving from academic theory into practical application, as the anticipated arrival of quantum computers (the so-called "Q-Day") pressures organizations to protect sensitive data well in advance. This session will focus on the practical implications of this transformation—specifically the need for crypto-agility: the ability of organizations to flexibly change and update cryptographic mechanisms without major disruptions to their infrastructure. It will present the current state of standardization, migration strategies to PQC, and demonstrate why preparedness for these changes is becoming not only a security necessity but also a significant competitive advantage.
Stanislav Schubert, Ministry of Finance of the Slovak Republic
Ladislav Šnapko, Ministry of Investment, Regional Development and Informatization of the Slovak Republic
