As the industry has shifted from mainly mechanical to increasingly digital solutions, the need to constantly monitor and assess risks has become crucial.

“This means not only meeting mandatory regulations but also voluntarily adopting international standards such as ISO 27001, which protects data and systems through a structured and independently audited framework,” explains Kelly Gill.

To raise the bar for cyber security across Europe EU has introduced the Network and Information Security Directive 2 (NIS2) and the Cyber Resilience Act (CRA).

The new regulations

NIS2 is reshaping cyber security expectations by setting higher standards to reduce risk, improve transparency, and protect data and services. Alongside it, the CRA introduces mandatory requirements for products with digital components. This makes “secure by design,” regular updates, and compliance checks essential before products can enter the EU market.

“For companies in our industry, responsibilities now extend well beyond internal systems,” Gill notes. “Organisations must also ensure that suppliers and service providers comply, with regular risk assessments forming a central part of the process. The consequences of falling short are severe – from significant fines and audits to the potential withdrawal of products from the market.”

For customers, the message is clear: security must be built in from the start.

Competitive advantage

Gill is eager to stress that compliance is not just about meeting regulations — it is also a competitive advantage.

“At Assa Abloy Opening Solutions EMEIA, security is part of our DNA,” she says. “We embed these standards into everything we do, giving customers solutions they can trust to be compliant and resilient.”

The rise of AI

AI is transforming the digital security landscape. It cannot be separated from the regulatory framework shaping the industry. With AI advancing rapidly and new regulations coming into force, Kelly Gill is convinced that Assa Abloy has established a digital compliance framework to stay ahead of the curve and use AI as an enabler to improve security and achieve compliance.

“AI brings powerful benefits, including more intelligent monitoring, faster anomaly detection, and smarter tools for operational efficiency,” Gill explains. “These capabilities directly support NIS2 and the CRA, particularly in proactive risk management and incident response.”

“On the other hand, AI introduces new risks. The attack surface is expanding, and threats such as deepfakes and smarter phishing create serious challenges that regulators are determined to address. Both NIS2 and the CRA emphasise continuous monitoring, transparency and accountability — principles that must now also guide the responsible use of AI.”

According to Gill, Assa Abloy Opening Solutions EMEIA sees AI not just as a risk to mitigate, but as a capability to strengthen resilience and trust.

“That’s why we are embedding strong governance practices around AI and building cyber security standards into every stage of product development,” she says. “By doing so, we help our customers align with new regulations while ensuring AI serves as a tool for greater security and confidence.”

Trust and compliance

Gill emphasises that Assa Abloy Opening Solutions EMEIA is taking NIS2, the CRA and the rise of cyber threats seriously — ensuring compliance and enhancing trust with all customers.

“We have reinforced supplier oversight, streamlined incident reporting, and embedded cyber security into every stage of product development and lifecycle management,” she explains. “Our teams also conduct ongoing risk assessments and post-incident reviews to ensure lessons are learned and improvements made.”

By taking these steps, Assa Abloy Opening Solutions not only meets regulatory requirements but also strengthens the resilience of its supply chain — and the trust customers place in the company.

Another key commitment is supporting customers on their compliance journey. Recent initiatives include the newly released whitepaper ”Enhancing Cyber– Physical Resilience with Digital Access Solutions” and a detailed NIS2 whitepaper from last year, both providing clear and practical guidance.

“By showing what these regulations mean in practice and how intelligent access solutions can directly support compliance, we aim to make the path forward less complex and more achievable for our customers,” Gill says.

Looking ahead

The days when security threats to businesses and products were purely physical are long gone. Today, the digital realm poses even greater and constantly evolving challenges.

“It’s crucial that, as an industry, we take the necessary steps to meet the directives of NIS2 and the CRA and continually monitor the rise of AI.Only by doing so can we protect our customers, preserve our reputations, and build the trust that defines true leadership in security,” Gill concludes.