Video: Regulatory Overload? Strategies Navigating NIS2, eIDAS, CRA & More | Duration: 3604s | Summary: Regulatory Overload? Strategies Navigating NIS2, eIDAS, CRA & More | Chapters: Welcome and Housekeeping (18.815s), Regulatory Landscape Overview (80.340004s), Introducing Expert Panelists (153.425s), Global Regulatory Landscape (300.245s), European Regulatory Landscape (458.42502s), Regulatory Landscape Overview (860.855s), Compliance Challenges and Solutions (1526.1951s), Regulatory Compliance Solutions (1927.165s), Outsourcing Email Compliance (2007.305s), Concluding Key Takeaways (2131.025s), Conclusion and Thanks (2285.9602s)

Transcript for "Regulatory Overload? Strategies Navigating NIS2, eIDAS, CRA & More": Welcome to Digistrud's webinar on regulatory overload, strategies to navigate the MIST two EIDAS, cyber resilience, and even more. Before we start, I will quickly share some housekeeping items. Today's webinar will be recorded and we will send will be sent out after the webinar ends. Throughout the webinar, you can ask questions. Please use the q and a feature for it, and we will try to answer as many questions as we can. If we don't get, your question answered during the webinar, we will reach out afterwards to answer your questions. At the end, there will be a live poll, and we will invite you and advise you to join that poll that will help us, further through some, analysis that we are doing. Finally, if you are experiencing any technical issues, please check your Internet connections and refreshing your browser. If the technical issues persist, please send us a message, and we try to help to solve the issue for you. In today's fast evolving digital landscape, businesses and organization face increasingly regulatory challenges. New and updated regulations like NIST two, EIDAS, and even the Cyber Resilience Act, and other compliance requirements are reshaping the way we approach cybersecurity, digital identity, and data governance. In this webinar, we will explore the developments of these regulations, examine the impact on businesses, and discuss practical strategies for navigating this regulatory overload. Today, I will be joined by two experts from Nimbus, Francesca and Arno. They will introduce themselves in a moment and will provide insights from their point of view into how your organization can stay or become compliant, enhance security, and streamline operations in the face in the face of these new and emerging requirements. Join us as we discuss the complexity of each regulation and offer actionable guidelines to help you stay ahead in this regulatory landscape. Thank you for being here, and we look forward to a productive session. I will hand it over to Francesco, Francesca and Arnaud to introduce themselves. Yeah. Thank you, Patrick. Hello. My name is Francisca Gruntz. I'm very happy to be part of today's webinar and talk about, yeah, the interesting topic of, European cyber regulation. I'm a senior project manager at Nimbus for about four years now. And, yeah, a couple of years more ago, I, started to specialize in the topics of, digital identity and trust services. We've been involved in, several different projects, over the years. For example, the showcase program, secure digital identities in Germany. It was a showcase program funded by the ministry of economy. And, yeah, there, of course we also had to deal a lot with, yeah, cyber regulation and regulation regarding digital identities, such as eIDAS. That will be a topic today. And then another big part of my work is, yeah, looking at the market of especially qualified trust service providers and identity providers. And of course, it's a, yeah, once highly regulated market and a lot of regulation is upcoming or changing. So there's kind of the direct, yeah, intervention between the, yeah, regulation and the market perspective. So I think that later on, maybe we can discuss some of these points as well. And, yeah, I think that's it for now. I'm looking forward to the discussion and, yeah, would hand over to Art. Thank you, Francisca. Yeah. My name is Anno Fiedler. I'm really honored to be part of this seminar and hope to give some advice. We work for a lot of organizations like NISA, ZIG Live, the Federal Print in Germany, or maybe Swisscom to give advice about IDAS. Where do we go the knowledge from? Of course, we like to travel and we take active part in many different for us. So, like, see a browser form since fifteen years or Etsy since twenty years, also act as a Etsy vice chair, in the field of electronic signatures and infrastructures. And, of course, we work also with WEN Central, the model law, and the cloud signature console. So So that help us to get a 360 degree, a little bit of overview, not only to be an expert, also be able to get it on a little bit more management level. Thank you. Thank you, Francesca and Arno. Happy to see you in this webinar. A quick introduction of myself. Patrick, I am a digital trust specialist within the DigiCert group. Already eighteen years in the cybersecurity space. I work for a predecessor of DigiCert. We were acquired by DigiCert back in 2019. And back in the days, that was or in time of Provadas, I was working on compliance related topics as well. Also the EIDAS piece in there, and I'm still working together with our compliance and industry standards colleagues to work on the topic that we will discuss today. Let's start to the topic that we want to discuss today. Let's first see that we don't only see a lot of regulations starting in in Europe, but we see a global, existence and pop up of different regulations. Today, of course, we will look more and more on the European area, but as you see on this slide, regulations are not only in Europe, they are across the globe, and we all need to take them into account. If you go a little bit further into, the European, area, and there we see and it's not only Europe, but also the rest of the world, is continuing in its digital transformation. And in that digital transformation, regulations and directives play a critical role in securing the continent's digital infrastructure and promoting trust in digital services, and they do it globally. Recent regulatory developments are reshaping the rules of engagement of businesses across the globe, compelling organizations to prioritize cybersecurity, data protection, and digital identity management. If you look at a couple of those regulations and directives in Europe, those are just a few examples of the evolving regulatory landscape and frameworks, which also includes GDPR and DORA and others as well and each pushing organizations to reinforce the digital defense and adoption to new standards. As regulations multiply organizations must understand not only the letter of the law but also the underlying intent like enhancing security, building trust and ensuring digital sovereignty. The challenge lies in navigating these overlapping requirements while staying innovative and competitive. Today's sessions will provide an overview of these regulations, delve into their specific requirements and offer practical strategies for ensuring compliance. It's essential to understand not just how to meet these standards but how to use them as a foundation for more resilient and future proof business models. First questions to my experts in the webinar. Can you give us an introduction of the European regulatory landscape and the impact of it? Yeah. Of course. It's a pleasure. But but maybe we step a little bit back to the previous slide, when you show it to the next slide. Then, of course, it's very helpful to understand the frameworks, globally. And, of course, we have to deal with this kind of complexity. We have a legal framework within The United States, of course, with the common law. And, of course, in in Europe, of course, we have to deal a lot of more with the civil law. And, of course, it's it's based on the Roman law. So that's one of the reasons for this kind of complexity. So in in Europe, of course, we used to have something like an ex ante regulation. That means before you're allowed to open your business for issuing qualified certificates or seals or even time stamps, of course, you have to have permission from the supervision body. So we have a complete other situation in The United States, of course, with the common law. They, of course, can you start your business in garage nobody cares about? And if something goes wrong, maybe then it's something about liability. Maybe that helps a little bit as an introduction where this complexity does come from. I think, Francisca, was the next slide you can show what is the strategy behind it? Yeah. Thank you, Arno. I think, this is, important to notice, when seeing the next slides, and when we ask ourselves why do we have so much regulation in Europe and, I think is, yeah, important on this slide to see that it can all be put into kind of two big European strategies, which is the EU cybersecurity strategy and the strategy for the single digital market. And, this slide that is created by Iniza, the Iniza plays, yeah, a very important role as we will also learn later on, in this whole cybersecurity landscape. And, we think it just really puts it good into place showing that if we have these two strategies becoming really strong in cybersecurity and having a, yeah, transparent and, yeah, successful single digit to market in Europe, we need regulation in order to, yeah, achieve common standards, harmonize rules, in order to be interoperable and work cross border. And, yeah, of course, we won't be able to talk about all the different types of regulations we have such as GDPR. I think it's established, it's known, serves a little bit also as a role model in the worldwide. We have some, yeah, newer acts, that are coming into place. AI is a big, yeah, topic at the moment, where also kind of Europe is leading the way towards trying to regulate it. And, then we have the specific cybersecurity regulations such as the network and information security directive, such as the EIDAS regulation, such as the Digital Operational Resilience Act that is really kind of tackling different sectors, trying to kind of achieve cross, sectoral, yeah, security. And two main kind of points as well on this slide is supply chain and the role of standards. So of course, yeah, when having transactions across Europe or even globally, it's really important to secure the supply chain, to have a a transparent supply chain, and that a lot of these regulations are kind of helping it, to enhance it. And then the role of standards, which is, very important in Europe and which kind of derives from the regulation. So, Arno mentioned he is the vice chair of at CESI. This is where a lot of important European standards are made, but we also have other organizations such as TEM. So it's really kind of this broad landscape of in the middle, we have the strategies, then we have regulation around it, and then we will have standards that are supporting the regulation and securing that the goals of the regulations are actually, being achieved. So, yeah, I would say it's a very broad landscape, but it has a, yeah, good purpose. Okay. Thank you. One question that that pops up into my mind, if I look at this, this slide, you see now that a lot of specific regulations taking a center stage and impacting industries across, Europe or even EMEA because they become more and more important. What we also see is, let's say, iterations of key regulations and newer versions or newer, yeah, regulations that pop up are more stringent than the one that we had before or even when they didn't exist. What do you see in what's your point of view in those stringent regulations like and directors like NIST two and EIDAS? Yep. Yep. Yeah. I'll I mean, maybe we can both just maybe one remark, of course, especially in the last years. I think we have really noticed the necessity, to become stronger in cyber security. I think kind of extending it to more sectors such as also we have obviously the financial sector has always been very highly regulated of course but on the other hand, the topic of cybersecurity is becoming more important than ever. And I think they're still on this kind of securing the digital infrastructure behind it. We were lacking, actually regulation in the past. So it's really about, realizing that it's always such a big word to say, but everything is connected. Yeah. And so we need to kind of have regulation that is not just focusing on specific, products or on a one specific sector, but that is really kind of cross sector, enabling transactions. I think that's really the game changer. Everything is connected. We lost the perimeter. So of course we have to take care about complete supply change. That's the reason it gets much stricter than the years before. Yeah. Let's say it it becomes a more, let's say, complete ecosystem that that we have to control and to manage. But if you look at all those, directives and that we need to, let's say, put more attention to cyber security, how easy or difficult is it for organizations to comply with all those regulations? Franz Kafka already said, the financial industry is already highly regulated. You could almost say, compliance or regulations are in their DNA. Similar to our organization, we do it, let's say we have 25 plus audits every year, but there are also a lot of companies that are more or less impacted or faced with those regulations which they didn't have to look after before. How do you see those kind of developments? Yeah. I think it's a it's a good development. Of course, it's it's a lot of burden and effort, of course, to deal with all the requirements, but we have to secure the supply chain completely. And that's really game changer that now everything is connected within the supply chain. So that's the reason we have these different approaches. And maybe we can show on the next slide also the the complete picture to get an overview about the different population. Yeah. And maybe one more thing is as well that, is important to mention is, that, of course, it might be confusing. We have a lot of regulation and we have new regulations And there is, maybe important to mention on this slide. It's really just the regulation and directive, but also of course we have the European acts and to really kind of know in their hierarchy, how, yeah, to follow them. And if I am a company that falls under DORA, but also under NIST two, and there's kind of overlapping requirements, DORA will always kind of win because it's a regulation so it's immediate law, it doesn't have to be kind of imposed international law. And I think this can also be helpful when talking about potential, overlaps and help struggles to be compliant. Yeah so So we developed this slide especially for this seminar. And maybe you can see IDAS is mentioned two times, of course, because IDAS for electronic signature digital signatures and trust services, of course, was invented 02/2014, and it was really a good stable foundation for qualified trust service. So we harmonized qualified trust services, and the whole principle, of course, to dealing with with IDAS 02/2014 was protecting private keys because they use PKI and use trust services. And, of course, there's a complete infrastructure developed for securing qualified trust servers. And they're interoperable, and if you use trust service from a trust, b trust, c trust, d trust, it doesn't matter. It's interoperable and really fine security level. But, of course, with IDAS 2,014, we also try to regulate, of course, the national EID systems. That doesn't work very well. So ten years later in 02/2014, we have new IDAS and regulation. And, of course, this regulation is directly valid law in all European member states and even Norway. So, of course, it's a lot of more regulations and and needs. It's it's not only about additional services for additional requirements for trust services, like connecting us to NIST two. It's also about attribute attestations, and there's a new type of service defined for qualified attribute decision. Very interesting market segment. But, of course, there will be also a lot of additional requirements for issues of them. And then we have the concept of the European digital identity wallet. That means every member states in Europe is obliged to issue a national wallet until the end of twenty twenty six, so nearly one and a half years, so a little bit more. And so all European citizen will get European digital identity wallet to store their credentials, but also to sign and to to deal with the same. So it can really help to cut through this different complexities for authentication signatures and attribute attestations. But it's, of course, mainly now that we all include all consumers. So consumer authentication is a very important topic beside us, and we really believe that if we can connect 400,000,000 European citizens with a tool for strong authentication, we can also solve a lot of security problems. But, of course, for trust service providers, it will be additional burden to dealers. If you take a look to NIST two, of course, and, of course, it's NIST one, and now we have NIST two, of course, has developed for critical infrastructures. And to protect this kind of critical infrastructures with NIST one and the former version, it was mainly about power supplies and utilities. Now we have a lot of other additional branches. They have to deal with with, this kind of missed two requirements. So critical infrastructure, for example, is also a kind of trust services, but also supplying change for food and things like that. So it's a broader broader approach, and we think more than 20,000 additional organization will now become, to apply, comply with this two additionally. So there's really a lot of security requirements in that field, but it's good. Because if you want to have this kind of critical infrastructure protection, we have to to deal with the supply chain and, of course, talk about software bill of materials and things like that. And, of course, it's not only for protecting and security. It's also for availability of this kind of services. So that's the main idea behind this too. And we already mentioned for the financial sector, we have Dora. Of course, it's for financial institutions. And the main idea behind is how to deal with third parties. And, of course, banks and financial institutions are also motivated to to mitigate risk with using external suppliers and external service providers And, of course, with Dora, of course, they still be completely responsible for all the things they are doing. So it's for operational resilience. So that's the main principle behind it. And the cyber resilience act, it's quite the newest one in this kind of family, of course. It's about connected products. And, of course, you can say, what is the problem with connected products? But, of course, if you have a bulb maybe in a hospital and it's connected with the wrong device, it can really cause a lot of problems because all this kind of connected device now have to have something like a security label. We have now the CE mark and CE mark for all products imported to Europe across European area will have additionally requirements for, connected products and consumer protection. So they just started to develop the standard and norms with the requirements. So it's an early beginning for the cyberattack. But, of course, it's also important topic. Yes. Of course, especially we have, like, maybe many other parts of the world, problems with, goods are imported from China, where the quality is not as expected and, of course, where the connection to trustworthy devices, of course, can decrease the level of security. We have to take it into account. So we have a lot of regulation, but, of course, you can really see there is a strategy how to use them. But, of course, if you acted in the field of trust services, PKI, everything is covered by every directive or regulation. So it's a little bit complex. Thanks for your explanation and and your insight fuse there. And and if if I listen to your, your comments or your insights, what triggers me is that you see a lot of overlap between those regulations and directives. Sometimes they have different end dates, sometimes they have a different focus area. One is, looking at the infrastructure, one is looking at the, third party, supply chain in there. But use there there is an overlap on those kind of things. And, is do you see any impact, on those overlap things? Francesca already mentioned. If, if you are a company that is, let's say, falls under DORA and NIST two, one or the other will have a preference on on top of it. But I can imagine you also have to deal with different supervisory bodies because that's not all, let's say, implemented in every member state at the at the same way. Yeah. Yeah. Maybe I can and, just for for a first comment on that is, regarding the supervisory bodies. I think it's a very important, yeah, point you're making because indeed they might, differ. And I think it will be a lot up to the member states to really make sure to support the providers by not having, I don't know, three or four different authorities within a member state to report to, for example, or that have to, that are directly supervising you. I think on, on European level we managed quite successfully also to, yeah. Give the EMEA a quite important, role, especially when it comes to incident reporting and kind of, yeah. Overseeing a lot of things. I think, they are on European level and established and, yeah, a good way to, for, for contacting, then in case of any issues, but of course, within the member states, it will be a challenge and every member state has to decide that on their own. And, Germany is doing it at the moment, when it comes also to even the different types of trust services. There were sometimes, different authorities kind of also responsible for it, but to really try to also when it comes to the CRA, to Dora and to NIS, to, yeah, to kind of try to, bundle it. Yeah. So the commission know about the problem and of course the discussion to have is this kind of cross sector supervision bodies but the discussion is still ongoing because it's touching the natural sovereignty of the different states. So that's some complex issue, and there's no simple solution. But, of course, in the case of security emergencies, of course, they collect now the different ways to make reports and things like that, and, hopefully, the Iniza will deliver us a portal to deal with this different application for reporting. So there's a good way forward, but not one solution there today. Thank you. If if you look at the the the companies that are and and organizations, that have to deal with those new regulations or updated regulations, I I know Nimbus is also doing, market research. Do you have any insight on challenges organizations are facing to maintaining those compliance, and also the evolution of those regulations and what they need to do? Yeah. There are many different angles. Yeah. Definitely. I mean, what we do, obviously, when we, do these market analysis is we like to kind of, conduct surveys or have personal intern. And, this gives us the opportunity to really get, like, also an insight of, what the main challenges and hurdles are. And I think there's, like, yeah, three kind of main ones, named. The first one is, of course, the regulation itself. We see it, with the IDAS. We saw it. We saw it with NIST two, that it takes time to actually have the clearance. So with the IDIS, it was also at the beginning, yeah, big question mark. What is it exactly? What are the rules? Now we're still waiting for the implementing expert. They are quite, hopeful that they will come in time so that we can actually follow the timeline. But in other cases like NIS two, for example, the deadline for the member states to implement the regular the directive has already passed. And here, at least in Germany, it was the case that, we tried to, have a national law for NIS two. It failed. And then, of course, the the companies could kind of relieve for a moment because they thought, okay. Now we have maybe a little bit more, time to be compliant. But, actually, it kind of, yeah, causes the confusion. Then the other thing is, big part that we haven't really talked much about today is this audit procedure. So the question mark, how do I get audited, by who? And the auditors ask themselves the same question. How do I get accredited to be able to proceed with the audit, to conduct the audit? So this is something that a lot of the times remains a challenge is a question mark. How does the audit, work? And, then the third big part is really, yeah, management awareness, I would say. That a lot of the times, the yeah. These are, again, remembering the EMEA circle. We have a huge strategy that we are all following, which is cybersecurity and a successful single digital market. And then kind of that's why we have the regulation. And the kind of awareness, I think, is, missing a lot of the times on management level and, obviously, then also linked to maybe a limited amount of resources to deal with the topic. So, yeah, regulation, audit, and management awareness would be my three kind of main challenges that I And and do you also have an idea of, approach as CISO or the people that are responsible for those, to be compliant to those regulations could do to be, let's say, more efficient, more seamless? Because, I think, you can jump free regulation and compliance by itself, or do you need to have a more or less a unified approach? Yeah. I would really recommend to use the existing structure, and I really expect that every organization has an ISMS, information security management system, hopefully, following 27,000. And I would recommend to put all eggs in one basket. That means, of course, collect all the requirements. It can be 300 from IDAS, two hundred from from NIST, and 100 from Dora. Connect all these requirements and integrate it into one large IMSS. Of course, you can have different sectors within, but, of course, just collect it. Don't panic. Just standardize the requirement. And if you collected all of them, you can see that there's a lot of overlapping, and then you can say, okay, requirements three zero five is covered already by five zero one or something like that. So keep calm, standardize and try to collect all this kind of requirements. So it's that's also one idea to do this. Yeah. Another one is Yeah. Go ahead. Go ahead. Go ahead. Yeah. And another one is, of course, if you read this too carefully, there's obligation for training for the management. So even the management is obliged to get annually trainings. It's not in if it's two hours or two days or something like that, but they're obliged to get updates and knowledge about the threat vectors and what happens in the IT security world. So please use this opportunity to educate not only your your staff and your, so let's say, normal, colleagues. Also, tell the management, hello. Look here to this requirement. You are also obliged to get updates. And if they do this kind of trainings, I think the awareness will raise and will support you. And maybe as a certain remark, after ISO and management, support your local auditors. So if you have internal auditors in the in your organization, they have a very difficult job, of course. They always complain about nonconformities and things like that. Really support these local auditors. Do it before external auditors causes serious problems or maybe noncompliance issues. Talk to them and try to support. And that are three topics I would recommend just from the scratch. Yeah. I would, like to underline that and just, really stress the word kind of assessment. I think this is a really important that internal assessment on management level, to really see first what types of regulations, are there and which ones do I really fall under. Because I think this is a really important first step also to avoid maybe doing extra work or, yeah, trying to find answers to, yeah, questions that are not even my problem in the first place, maybe. So I think it's really to invest, in this assessment either by together with your, local or internal auditor together with experts, to have really a good view on what do I need to do and then of course get the proper team to do it. And, I think this is like something that, yeah, we need to keep in mind. Yeah. Thank thank you for your, explanation there and your insights. If if you look and then I will later on, I have a additional question for you. If you look at the, the products and solutions that we provide as DigiCert, and I will, we we have more or less combined them all similar to more or less the unified approach, that you suggested. We have bring them all in one single platform. That means that everything we do is more or less centralized in there. And when you saw a couple of years ago that everyone was, let's say, security by design, we are more or less have now also tried to add an additional thing, and that's called compliance by design. So in all the pieces of software that we provide, we try to build in all those, let's say, regulatory changes in there to to help our customers. And that brings me more or less to the next question because I can also imagine that new and updated regulations will mean new opportunities for companies or even new companies that stand up and and try to provide new trust services. How do you see, that development in there? Yeah. I mean, it's a big thing, I think, to talk about, email compliance as a service, I would say. So the, I would say then the second, step that would follow after you have done the assessment and, you know, kind of, all the regulations that you need to comply with or that you fall under, to consider if you personally also don't have the resources, don't have the means, or just really wanna be on the safe side and trust people who are in this business for a very long time to kind of, outsource it in the sense of that you buy solutions that are compliant, where you can really rely on, that these follow the standards, follow the rules, the regulation. And this might make a lot of things, easier or kind of at least balances out liability questions because it's blocking the issue with being compliant is to really have it settled who is liable for whatever problem maybe happen or for a challenge, x. So it's really just to see, yeah, that this is definitely a trend that we see not only in the trust business, but also I think generally in the cyber security sphere as, requirements are increasing. Yeah. Yeah. And and may I add, of course, it's really good idea to outsource the boring things the standard procedures, of course. So you have more time to take care about the important things. And that's, for example, ability. So it's it's really important to think a bit on management level about the ability of your IT systems, not only to change cryptography because of post quantum, also ability to react and things like that. So I think that's an important topic and try in any way to get more time for thinking about ability. Yeah. Because it it let's say, the the ecosystem becomes bigger and bigger and and more interactions, in all those kind of things. So you cannot do one thing there. That more or less brings us to to the end of the, the the webinar today, and I have more or less one more question for for the Nimbus people. If you look at today's sessions, what would be your one key takeaway for CISOs or the persons that are responsible for implementing or complying to the regulations, in there. Of course, as a fan of standardization, I will say share your burden and, of course, use fora to discuss topics. And, of course, these kind of foras have also solutions like European norms three nineteen four zero one describing a lot of requirements under IDA's and DORA and and NIST two. So, yeah, really try to join for us, take the time for it to discuss the burdens. Mhmm. Yeah. And mine would be maybe to to think of the bigger picture. Two things to that. The first one relates again to the beginning is, that even that there's a greater purpose, so to say, behind all of the regulations and the requirements, which is to secure, for example, at least within Europe and, beyond the supply chain, which is affecting all of us. So even if it means for my company personally, I have to maybe invest a little bit more resources into becoming, secure into being compliant, but it serves kind of the greater, purposes, which is if we all do it, then we all have a safer space and we reduce attacks risks and then that kind of benefits us as well. And the the second one is, of course, to really have the balance between what do I need to do internally and what do I need to do kind of, what can I outsource to other players and to really find a balance so that it's, yeah, at the end ultimately benefits you as a company as well? Because, one important thing maybe that we didn't mention too much today was that it actually also brings of course a market benefit if you are compliant, if you are selling, compliance solutions, if you, yeah, accord with certain standards, it gives you definitely a market advantage and, yeah, to really see the positive points. I know there's pain points as well, but they kind of, yeah. Serve a greater goal, which is, yeah, that Europe definitely is kind of, willing to to lead the way, in cybersecurity. Yeah. Thanks for your insight. So if if I more or less do a little summarize and and and how I look at the market is that, let's say it's that it is important to adopt an integrated and proactive compliance strategy that aligns with business objectives. So don't do it only for, let's say, being compliant, but also make sure that it fits your business objectives, as well. And very important is to create more or less a unified framework and not jump into just every regulation that pops up and and try to figure out how to do it. Because that's also, I think, what Arno was referring to and to get it centralized in that Mhmm. System there. Is that correct? Exactly. Yes. Put all in one basket. Yeah. The the well known, all x in one bucket in in that regard. Because we are at the top of the hour, I would like to, thank you both for your, thoughtful insights in there, and, let's see what, the the future will, bring us there, because I think there is a lot of work to do. I would like to thank you all of attending this webinar, and looking forward to the next steps and follow ups on this part. It was a pleasure. Thank you. Thank you. Thank you very much. Bye bye.