As a wave of new digital regulations from the European Union continues to reshape the technological landscape, industry leaders are grappling with the complex task of implementation. In response, the inaugural Comply.Land 2025 conference was launched this week at the Intercontinental Hotel in Malta, establishing itself as a vital communication platform for all stakeholders involved.

Described by its founders as the first conference of its kind in Europe, Comply.Land focuses specifically on the practical challenges of complying with regulations like the Cyber Resilience Act (CRA), the AI Act, DORA, and the Network Information Security Directive (NIS2).

The event was co-initiated by Jürgen Kreutz, founder of the German cybersecurity firm Security as a Service, and Daniel Thompson-Yvetot, CEO of Crabnebula and a key figure in the open-source software community. In an interview, they explained the critical need for such a forum, highlighting a significant disconnect between regulation and reality.

"There are so many compliance standards pushing in for IT and for the whole information security ecosystem from the European Union," Mr Kreutz states. 

"All the companies are overwhelmed. What's going on there? How do we go forward?"

Mr Thompson-Yvetot framed the upcoming EU Cyber Resilience Act as a fundamental shift in how software is perceived and regulated. 

"Europe has decided that now software is a product," he says. "A product that carries liabilities, you have to certify it or get it certified, you have to declare its conformity, and every mobile app is going to have to comply with this. Every single one. There's going to be a Cambrian opportunity for the development of new products associated with this."

Mr Kreutz, who also works as an IT auditor, pointed to the practical shortcomings of well-intentioned regulations. 

"Many of these regulations are created in a tower in Brussels. They are well-intentioned, but they risk becoming paper tigers - heavy on documentation but light on practical, pragmatic security. We need to bridge that gap."

Comply.land founders Jürgen Kreutz (left) and Daniel Thompson-Yvetot (right)

This vision of creating a true working session was central to the event's design.

"We are bringing the regulators who write the rules into the same room as the engineers who have to implement them," Mr Kreutz says. 

"That honest dialogue is what has been missing."

For Mr Thompson-Yvetot, a technologist with decades of experience, the drive to enter the compliance field is also a personal passion. He compared the complex process to "solving a jigsaw puzzle" and finds excitement in the opportunity to shape the new standards. "I get to be one of those people that helps carve out the final shape of a couple of those puzzle pieces," he says. "And I find that exciting."

The conference structure reflected this goal of fostering dialogue. The first day featured intensive workshops with European experts working to create standards and baselines. The second day opened up to a broader industry audience, featuring panel discussions designed to highlight different, and often conflicting, perspectives.

Mr Kreutz highlighted this as a key exciting outcome: "We put lawyers together with data protection officers and even companies together on the stage and discussing in panels, which will be very interesting because all of them have different views."

The event also attracted significant industry support from major international players like CyberStand and Checkpoint, a strong endorsement for a first-year conference organised in just a few months.

"To have giants like Checkpoint and dedicated organisations like CyberStand join us in our first year is a powerful signal," Mr Kreutz notes. "It tells us that the market is hungry for this kind of practical, collaborative platform."

Beyond the CRA, Comply.Land positions Malta as a potential EU gateway for compliance and cybersecurity. "Malta is uniquely positioned to be the EU's compliance and cybersecurity gateway," Mr Kreutz says, underscoring the strategic choice of location.

Mr Thompson-Yvetot echoes this, noting Malta's English-speaking talent, EU membership, and favourable conditions as key reasons for basing his new venture, Minimum Viable Compliance (MVC), on the island.

The conference served as more than just a talking shop; it was designed as a strategic platform to turn regulatory compliance from a burden into a driver of growth, trust, and market opportunity. For non-EU companies looking to enter the European market and for European firms navigating the new digital rulebook, Comply.Land aims to be where compliance meets innovation.