At this year’s ALERT 2025 conference, a standout moment came during the Regulatory Block, where industry experts gathered to tackle one of today’s most pressing questions: Are cybersecurity regulations like DORA and NIS2 propelling the industry forward—or just piling on red tape?

The panel, moderated by Martina Dragicevic (A1 Hrvatska d.o.o.), brought together key voices from the finance, regulatory, and tech sectors. Representing diverse corners of the cybersecurity ecosystem, our panelists offered candid, cross-sectoral insights into the evolving regulatory landscape:

• Igor Grzalja, ASEE
• Milan Parat, Croatian Banking Association
• Mario Kozina, Croatian National Bank
• Roshan Sherifudeen, Regional Card Processing Centre

Igor Grzalja, ASEE

🔑 Key Takeaways from the Panel:

• Compliance ≠ Security: Following the rules isn’t enough—true cybersecurity must be embedded in system design and embraced by every stakeholder.
• Frameworks Create Focus: Without structured regulations like DORA—particularly provisions like Article 9—organizations wouldn’t be operating with the same level of awareness, preparedness, and accountability.
• DORA Isn’t Perfect—But It’s a Start: The directive still has gaps, but its primary strength lies in promoting the implementation of robust, operational security strategies.

Why It Matters

As cybersecurity becomes a cornerstone of digital resilience, regulations are no longer optional—they are foundational. But the real challenge lies in translating policy into practice. This panel underscored the importance of collaborative interpretation and thoughtful implementation of regulatory mandates to ensure they serve as enablers, not barriers.

Events like ALERT 2025 play a crucial role in connecting policymakers, practitioners, and innovators—turning rulebooks into roadmaps for progress.