Canadian manufacturing organizations face a growing compliance gap: existing regulations are either too broad to be actionable or too narrow to cover OT environments. This panel examines Canadian cyber regulation, lessons from CMMC and NIS2 enforcement, and what meaningful manufacturing-sector regulation should look like.

In this insightful discussion, the panelists discuss:

• Why compliance and security are not the same thing, and how self-assessed regulatory checklists create a false sense of protection while leaving OT systems exposed;
• How CMMC, NIS2 and IEC 62443 offer models for enforceable, specific requirements, and why Canadian manufacturers serving global customers already face flow-down compliance obligations they may not fully understand;
• How to manage legacy OT systems that cannot be patched within regulatory timelines, and why board-level accountability - not just IT and OT teams - is essential for regulation to have real impact.