Insight

Insight from the people who wrote the policy.

Commentary from our cryptographic and AI governance practitioners on the regulatory, sovereignty, and supply chain conditions shaping critical industries. Organised by theme, not by date.

Themes

Five areas we write in.

Supply chain integrity

Multi-supplier code environments, bespoke signing architecture, the economics of trust at scale.

→

Cryptographic sovereignty

Key custody, jurisdiction, hyperscaler risk. Why the sovereignty conversation is no longer optional.

→

Why NIS2 makes the hyperscaler question board-level

The sovereignty conversation was a technical preference. NIS2 has made it a fiduciary obligation. A short note on what changed.

Analysis · Principal, Cryptography · March 2026

AI governance

ISO/IEC 42001, the EU AI Act, board-level AI risk posture, agent identity frameworks.

→

Post-quantum readiness

Hybrid cryptographic migration, NIST and ETSI guidance, board-defensible timelines.

→

Regulatory landscape

NIS2, Cyber Resilience Act, UNECE WP.29, ISO/SAE 21434. What auditors are actually looking for.

→

Featured

Current position piece.

Supply chain integrity

From vehicle to enterprise. One signing architecture.

Inside the model: how one bespoke signing service absorbed the enterprise cryptographic domain under the same governance framework built for the vehicle side. One team. One policy. One sovereign estate. The pattern we now bring to every new engagement.

Case study 01 · Principal, Cryptography · April 2026

Read the piece →

Editorial illustration

Let's talk

Have a specific question?

Brief our team →

Insight from the people who wrote the policy.

Five areas we write in.

Supply chain integrity

Cryptographic sovereignty

Why NIS2 makes the hyperscaler question board-level

AI governance

Post-quantum readiness

Regulatory landscape

Current position piece.

From vehicle to enterprise. One signing architecture.

Get our quarterly insight briefing.

Have a specific question?