Forging the Future of Digital Trust

Insights from Frankfurt’s DigiCert Trust Summit 2025

By Eckhart Mehler for CISOsCISO — a perspective on cybersecurity leadership, governance and the decisions that determine whether organizations retain control.

From a conversation with SSL pioneer Taher Elgamal al to 30 deep-dive topics on CA sovereignty, AI-driven threats, supply-chain integrity, and post-quantum readiness—strategic guidance for CISOs who can’t afford blind spots.

I returned from the "DigiCert Trust Summit" on 13 May in Frankfurt, where I had the privilege of shaking hands with Dr Taher Elgamal—the legendary “Father of SSL.” The conversations on stage and in the hallways, coupled with Dr Elgamal’s insights on the future of cryptography, sparked the ideas that follow.

The summit reminded me how urgently the industry needs strategic, technically rigorous guidance on certificate trust, sovereign-cloud dilemmas, AI-driven threats, and post-quantum readiness. Inspired by that energy, I’ve distilled the sessions, questions, and my several decades of field experience into the topic blocks below. What you’ll read is not marketing copy— it is my professional opinion, informed by hard-won lessons and the fresh perspectives I gathered in Frankfurt. I hope these reflections both honour the summit’s value and ignite deeper discussion across our community:

Global CA Trust & Sovereignty

• Decoupling Trust: Designing Multi-CA Architectures to Mitigate US CLOUD Act Exposure
• BRICS-Based Certificate Authorities: Risk Scenarios and Containment Strategies for Multinationals
• Evaluating DigiCert’s Market Dominance: Concentration Risks and Alternative Trust Models
• Certificate Transparency Logs as a Geopolitical Early-Warning System
• Sovereign-Cloud Key Escrow vs. Bring-Your-Own-Key: Choosing the Lesser Evil

Certificate Lifecycle & Resilience

• Zero-Outage PKI: Automated Renewal Pipelines for 90-Day Certificates
• Beyond CRL & OCSP: Real-Time Revocation Protocols for Edge Environments
• Fail-Open vs. Fail-Secure DNSSEC Strategies to Survive Certificate Expiry
• Telemetry-Driven Certificate Inventory: Leveraging SBOM Data to Prevent Shadow Certs

Compliance & Regulatory Strategy

• Mapping NIS2 & EU Cyber Resilience Act Controls to Enterprise PKI Operations
• GDPR Meets Key Management: Lawful Crypto-Erasure in a TLS Everywhere World
• ISO/IEC 27001:2022 Annex A 8.28—Turning a Control into a Crypto KPI Dashboard
• DORA’s ICT Third-Party Risk: Certificate Outsourcing Contracts Under the Microscope
• FDA Secure Supply Chain Rule: Device Certificates as Evidence, Not Afterthought

Supply Chain Security & DevOps

• GitHub Actions Secrets vs. Hardware HSMs: Where Should Code-Signing Keys Live?
• From SBOM to CBOM: Certificate Bills of Material for Dependency Trust Graphs
• Continuous Deployment, Continuous Signing: Aligning PKI with CI/CD Velocity
• DevSecOps Anti-Patterns: The Hidden Cost of Self-Signed Test Certificates
• Red Teaming Your Software Supply Chain: Adversarial PKI Attacks in Build Servers

AI & Digital Trust

• Trustening AI: Embedding X.509 Provenance into ML Model Artifacts
• Detecting Hallucinated Certificates in Large Language Model Outputs
• Guardrails for Rogue AI Agents: Mutual TLS for Machine-to-Machine Control Channels
• Fake Content at Scale: Leveraging PKI-Backed Watermarks to Combat Deepfakes

Post-Quantum & Cryptographic Future

• Hybrid Certificates Today, PQC Tomorrow: Migrating without Breaking Legacy
• Quantum Readiness Index: A Maturity Model for CISO Dashboards
• Latency & Footprint of PQC Algorithms in IoT TLS Handshakes—Benchmark Insights
• Crypto-Agility Playbooks: Board-Level Exercises for the Post-Quantum Switch

Integrative Governance & Strategy

• From Certificates to Trust Fabric: Building a Unified Digital Trust Office
• Security Debt vs. Trust Capital: Quantifying Certificate Hygiene for the CFO
• Narratives That Move the Board: Storytelling PKI Risks in 15 Slides

Publication Note & Disclaimer
This article was originally published on LinkedIn on May 23, 2025 and may have been edited or updated for publication on this site.

It reflects my personal professional perspective and does not represent the official policy or position of my employer. Drafting and editorial refinement may have been supported by commercially available AI-assisted tools. The analysis, conclusions and final curation are entirely my own.

For information regarding image credits, copyrights, trademarks and other intellectual property rights, please refer to the Imprint.