The suitcases have already been unpacked, and our voices are still hoarse—it-sa 2025 is now history. Rather than simply looking back, we’d like to analyze the defining trends of the year and hear from our experts.
Overall, we experienced a strong event. it-sa has been growing steadily in the post-COVID era; with new record figures—993 exhibiting companies and 28,267 trade visitors—it has impressively cemented its position as Europe’s undisputed leading trade fair for IT security. The range of topics was vast, and the numerous forums were well attended from morning to night. The topics of AI, NIS-2, data sovereignty, and managed services were omnipresent.
The event has evolved from a purely technical trade fair into a strategic summit. A decisive moment was likely the official designation of the Federal Office for Information Security (BSI) as the notifying and market-monitoring authority for the implementation of the Cyber Resilience Act—an announcement of significant political importance.
Also during it-sa, the BSI and the Bavarian State Office for Information Security (LSI) signed a cooperation agreement. The collaboration focuses on the exchange of experience and expertise in the fields of artificial intelligence (AI) and cloud computing. The goal is to improve the protection of government IT systems, support municipalities and operators of critical infrastructure, and thereby enhance cybersecurity throughout Germany.
This strategic realignment is further underscored by the presence of key players such as the EU agency ENISA and the signing of new international cooperation agreements, for example with the European Cyber Security Organisation (ECSO). it-sa is no longer merely a marketplace for products, but the central forum where European cyber strategy and policy are shaped.
Discussions in the forums and at the exhibition booths were dominated by four key thematic areas. These reflect not only technological developments but also the changing economic and geopolitical landscape.
Regulatory requirements such as NIS-2, DORA, and the Cyber Resilience Act (CRA) have become key drivers of investment. This pressure is fueling demand for integrated GRC (Governance, Risk & Compliance) platforms that enable efficient management of frameworks such as NIS-2 or ISO 27001.
Our colleague Michael Baumgart summarizes his impressions of the trade show as follows:
“Due to changes in the global security landscape and the associated regulations, there is growing demand for Business Continuity Management (BCM) in particular. The scope and quality of implementation are also coming into focus. It is becoming clear that a mere facade of documents cannot withstand increasingly rigorous audits. It is no longer just about ticking off compliance checklists. The era of theory is over, and real crises are showing what true resilience means.”
Compliance pressure is thus also becoming a driver of efficiency. The demands on KRITIS operators and others are immense. This pressure is forcing companies to rethink outdated processes and become smarter through automation.
Artificial intelligence (AI) has moved beyond being merely a marketing buzzword. The discussions reflected a significantly more mature engagement with the technology—both as a powerful defensive tool and as a highly dangerous weapon for attackers. However, many manufacturers are struggling to integrate AI into their products in a way that delivers tangible added value.
Our colleague Piotr Nürnberg was particularly struck by the discussions surrounding the practical benefits of AI:
“Many CISOs and information security experts are currently asking themselves: What must AI deliver to offer real added value in the planning and implementation of management systems? Many vendors advertise AI features that they have integrated with varying degrees of success. The fact that we here at Akarion are on the right track and that our Smart Content AI delivers significantly more than other providers naturally makes us very proud. Unlike other solutions, the GRC Cloud with Smart Content AI generates processes, processing activities, risks, and measures tailored to your company’s context. This was recognized by the experts and is a unique selling point in the market.”
In line with this, our colleague Michael Baumgart gave a fantastic and very well-attended presentation on Wednesday titled “ISMS and Generative AI – Can We Win the Arms Race?”, which generated even more interest at our booth. Anyone interested is welcome to contact Michael directly; he’s more than happy to discuss potential use cases in one-on-one conversations.
Exhibitors are not shy about using superlatives when it comes to AI. They promise smart AI features and implementations in record time. But it’s worth taking a closer look: A poorly implemented language model is not an added value, but a security risk. So-called express implementations do not do justice to the seriousness of information security and BCM. If certification is pursued solely under pressure, without actually living the processes within the company, increased resilience cannot be expected—and this is not a question of company size.
We also recommend taking a closer look at our Smart Content AI, which, unlike many other solutions, generates and links content intelligently and logically. This sets us apart significantly from our competitors, who often do not go beyond a chatbot. Furthermore, all data processed by our AI is handled exclusively in Europe.
AI is no longer just a trend, but a tool that must be used correctly. The conversation is no longer about “if,” but about “how.” Companies are specifically seeking AI solutions that provide meaningful and sustainable support in their day-to-day operations.
See for yourself what we do better than the rest! Click here for a free demo:
The protection of critical infrastructure (KRITIS) and industrial production environments (OT) has become a central area of focus. The solutions presented at the trade show demonstrate increasing specialization within the OT security market. It is no longer a matter of making makeshift adjustments to IT security solutions, but rather of addressing the fundamental differences between IT and OT with customized hardware and software solutions. And here, the topic of GRC management plays a decisive role. Whether ISMS, BCMS, or DSMS: companies are looking for scalable and modern solutions that take work off their hands and provide a clear overview.
One of the consistent messages at it-sa 2025 was clear: despite all the technology, people remain the decisive factor. The best AI and automation solutions are not designed to replace CISOs and security experts, but to support them. The goal is to free them from the burden of repetitive analyses and tasks so they can use their valuable time for strategic assignments.
Instead of drafting yet another policy that sounds similar to the last, experts can focus on the truly important content that has been pre-formulated by AI. Instead of working through compliance checklists, they can design the overarching security architecture. The technology becomes a lever that enables the security team to evolve from a reactive “fire brigade” into proactive architects of corporate resilience. The best discussions centered precisely on this: empowering human experts, not rendering them obsolete.
Our personal takeaway: The enormous turnout at our booth demonstrates the need for efficient and smart software solutions in the area of governance, risk, and compliance.
The positive feedback during the presentations, as well as the feedback from our customers and partners, confirms the hard work of the past few years. Intuitive operation, efficient modeling, and truly smart AI facilitate the implementation and sustainable operation of an integrated management system.
See for yourself! Meet us at numerous events next year, or schedule a live demo anytime!
Pauline Mitifiot : Mar 24, 2026 9:09:56 AM
In today’s increasingly digital world, utilities are a cornerstone of everyday life. Protecting sensitive data and critical infrastructure is...
Erik Rusek : Mar 24, 2026 9:23:00 AM
While implementation of the NIS Directive is underway in the European Union, German lawmakers have been working on the next challenge for operators...
Astrid Meyer-Krumenacker : Mar 24, 2026 9:22:58 AM
Whether it’s Snowden, Julian Assange, or most recently the Wirecard scandal, whistleblowing is on everyone’s lips. In reality, however, this highly...
Viljem Pitako