Encryption backdoor debates rage across the planet, promising a difficult 2025 for CISOs

The encryption backdoor global compliance situation in 2025 will be “a big three-dimensional hot steamy mess, and it’s a joke. It’s also going to be, to a certain degree, futile,” Paxson said. “The feasibility for the countries in the EU to come together is unrealistic. And fragmented laws don’t have a lot of teeth.”

For enterprise CISOs, this issue will be tricky. These compliance regulations will not have direct jurisdiction over enterprises, but they will have a potentially massive secondary effect. The rules will directly apply to the vendors that enterprises contract with for everything from messaging apps to cloud environments, mobile devices, VPNs, SaaS platforms, and potentially even IoT and IIoT devices. Anything that can transmit data may be caught in the regulatory maze by at least some of these geographies.

The CISOs need to protect all manner of sensitive and restricted data, especially in highly-regulated verticals such as healthcare and finance, along with aerospace and others who might have government or military contracts requiring security clearances.