Staff perspective: Key takeaways from InCyber Forum 2026 in Lille, France
Kista Science City’s Sakarias Strand attended InCyber Forum 2026 in Lille as part of a Swedish delegation. In this firsthand account, he reports on what the conference revealed about Europe’s approach to digital sovereignty — and what Sweden stands to gain from being in that conversation.
Lille, late March. Twenty thousand people, three days and one question that ran through almost every session: who controls the infrastructure your organisation depends on?
Sweden was in that conversation this year. Thirty-eight participants attended InCyber Forum 2026, most likely the largest Nordic delegation in the forum’s history. A year earlier, by Cybernoden’s own account, there were almost none from Sweden. The delegation came together through months of coordination between Kista Science City, Cybernoden Sverige and Business France’s Nordic team — reaching Swedish organisations, working the Top Buyers Programme and making the case to CISOs that the trip was worth their time.
What the programme revealed
AI was everywhere on the agenda, but the more interesting debates happened around the edges of the obvious. Traceability ran through multiple sessions. Who made this content, and can you prove it? Adobe, Microsoft and others are pushing standardisation efforts to establish a common baseline for how AI-generated content gets marked and verified. The most convincing synthetic content comes not from closed commercial systems but from open source models, where watermarking is either optional or absent by design. The policy conversation about AI content is, in practice, about a gap that is structurally very hard to close, and the room wasn’t pretending otherwise.
That gap showed up in concrete form mid-conference. On March 31st, a packaging error in Anthropic’s npm release exposed approximately 512,000 lines of internal source code across roughly 1,900 files. The company characterised it as human error rather than a security breach, but the response was substantial: more than 8,000 copyright takedown requests filed on GitHub within a day. For a room full of people discussing AI accountability and content provenance, it was an instructive coincidence.
Roberto De Paolis presented on implementing AI security at scale. As Head of Digital Security and Security Operations at Leonardo, the Italian aerospace and defence group with 60,000 employees, and chair of NATO’s working group on Zero Trust architecture for federated environments, he brought a perspective grounded in the specific challenge of doing this in a defence context. Less philosophy, more architecture.
Johan Turell from the Swedish Civil Contingencies Agency (MSB) appeared in the intergovernmental track, alongside a broader conversation about cyber strategies and managed interdependence. Ukraine’s growing cyber capacity came up repeatedly as a development worth following.
When dependencies become vulnerabilities
The mood on European digital dependencies was less alarmist than the topic might suggest. There was a broad acknowledgement that these are the systems and supply chains that built the prosperity now being defended — dismantling them in a panic serves no one. What that leaves, though, is a harder set of questions about what comes next. France arrived in Lille with more concrete answers to those questions than most.
France is not waiting. By January 2026, the government had already announced a full transition away from Microsoft Teams and Zoom across all ministries, with a French-built replacement set to be standard by 2027.
The warning about Europe becoming a digital colony if it fails to invest in its own technology base has been said in Lille before. This year it landed differently. When the context around a dependency shifts, something that felt like a reasonable trade-off starts to look like something else. That is an uncomfortable thought when you are sitting in Lille working on Teams.
Being in the room
What 38 people carry back from a trip like this is harder to measure than conference notes. Contacts with HEXATRUST members, counterparts from Estonia, Belgium and the Netherlands, and conversations with French industry don’t materialise without the physical presence.
One of those contacts was Marine Martinez, Global Program Lead at Thales Digital Factory and the driving force behind Thales’ open innovation programme Trust My Tech. The programme connects startups, scale-ups and SMEs with Thales’s expertise, infrastructure and customer network across AI, cyber and quantum. Kista Science City is engaged as the Swedish hub — a collaboration already visible at TechArena in Stockholm earlier this year, where Trust My Tech and KSC ran back-to-back discussions on defence capabilities and strategic partnerships. Meeting Marine in Lille was a chance to build on it, and a reminder that what is taking shape between Sweden and the French tech-defence ecosystem has practical substance behind it.
Walking through the exhibition halls, you notice which countries have planted a flag — a national pavilion, a gathering point, a visible presence that says we are here as a community, not just as individuals. Sweden is not there — yet.
Text: Sakarias Strand, Programme Manager, Cybersecurity & Defence
Related news
-
Cybersecurity -
Cybersecurity, Defence technology -
Cybersecurity, Defence technology