it-sa Expo&Congress 2025 has once again impressively confirmed its role as Europe’s leading meeting place for IT security. From 22 to 24 October, 28,267 trade visitors from 64 countries flocked to the halls of the Exhibition Centre Nuremberg – an increase of over nine per cent compared to the previous year. At the same time, 993 exhibiting companies presented their latest solutions, representing an increase of more than ten per cent. ‘it-sa is further expanding its role as a central meeting place for personal exchange among IT security experts in Europe,’ emphasised Thimo Holst, event manager of the trade fair. With its growing international relevance, it-sa is not only becoming a platform for technology presentations, but also a central forum for political and strategic discussions on cyber security.
In 2025, the trade fair benefited from increased international participation, which rose by over 22 per cent compared to the previous year. The conceptual sponsors and partners include the Federal Office for Information Security (BSI), Bitkom e.V. and the German Federal Association for IT Security (TeleTrusT). The presence of the European Union Agency for Cybersecurity (ENISA), which organised a working meeting together with the BSI, was particularly noteworthy. The European Cyber Security Organisation (ECSO) also supported the event, underscoring the increasing international networking. Highlights included political statements such as the announcement by BSI President Claudia Plattner that the BSI will act as the notifying and market surveillance authority for the Cyber Resilience Act. High-ranking representatives from politics, authorities and supranational institutions used the trade fair for exchange and networking, complemented by joint stands from Israel, the Netherlands, Austria, Czechia and the US state of Virginia. In a ceremony, Bavaria’s Minister of the Interior Joachim Herrmann emphasised the strategic importance of IT security for the economy and the state.
Strategic partnerships and international cooperation
it-sa 2025 used its reach to further strengthen international cooperation. A letter of intent was signed between NürnbergMesse and ECSO to deepen strategic cooperation. In addition, an event partnership with Swiss Cyber Security Days was announced to intensify the exchange between Germany and Switzerland. Such collaborations underscore the trade fair’s role as a central hub for European cybersecurity networks and enable practical knowledge transfer across national borders.
ATHENE Startup Award UP25@it-sa – Innovation from the start-up scene
A special highlight of the trade fair was the live pitch for the ATHENE Startup Award UP25@it-sa, where young companies presented their innovative solutions. First place went to Infrafon from Freiburg with a smart access control solution: credit card-sized smart badges with ePaper displays offer secure access and access controls, combined with precise sensor technology and location functions. Second place went to Onekey from Düsseldorf, whose platform automatically analyses networked devices for vulnerabilities, creates software bills of materials and supports compliance. Third place went to Nenna.ai from Berlin, which presented a data protection-compliant AI infrastructure that enables the secure and efficient use of AI applications. The award highlights the relevance of innovative technologies for the security industry and shows how start-ups can deliver practical solutions for critical infrastructures.
Congress@it-sa – knowledge transfer for decision-makers and experts
Parallel to the trade fair, Congress@it-sa offered over 70 sessions and workshops providing in-depth insights into current IT security challenges. The main topics were governance, risk management and compliance, as well as the annual conference of IT security officers from federal states and local authorities. Practical workshops offered concrete solutions for decision-makers, while panels and discussion rounds promoted exchange between industry, politics and research. In particular, the new CIO Match format specifically connected C-level executives with exhibitors in an exclusive setting. More than 400 specialist forums also contributed to imparting practical knowledge and strengthening networks.
Exhibitors and innovations: 20 innovations for IT security
it-sa Expo&Congress 2025 once again offered a comprehensive overview of current developments and innovations in the field of IT security. From up-and-coming start-ups to international tech corporations, exhibitors presented their latest solutions and concepts addressing the protection of critical infrastructures, the secure use of AI and cloud technologies, and the optimisation of identity and access management. The 20 most important innovations at the trade fair are presented in detail below:
Infrafon from Freiburg presented a smart access control solution for highly sensitive environments. The credit card-sized smart badges with ePaper displays not only enable secure access control, but also offer integrated sensor technology and location functions. Hospitals and regulated institutions in particular benefit from the combination of security and user-friendliness. Infrafon received first place in the ATHENE Startup Award UP25@it-sa and prize money of €7,500 for this innovative solution. The technology shows how digital access controls can be implemented precisely, securely and efficiently in the future.
Onekey from Düsseldorf presented a platform for automated security analysis of networked devices. By integrating vulnerability detection and the creation of software bills of materials (SBOMs), the solution creates transparency in complex software supply chains. This enables companies to efficiently manage their product lifecycles in terms of cybersecurity and compliance. Onekey took second place in the ATHENE Startup Award UP25@it-sa and received €5,000. The platform demonstrates how automation can significantly reduce the effort required for security checks.
Nenna.ai from Berlin focused on a data protection-compliant AI infrastructure. The solution enables companies and public authorities to use AI applications efficiently without violating data protection regulations. This offers significant added value, particularly for data-sensitive industries such as healthcare and finance. Nenna.ai took third place in the ATHENE Startup Award UP25@it-sa and received prize money of €2,500. The company demonstrates how AI use and data protection can be reconciled.
Hewlett Packard Enterprise (HPE) presented an AI-supported zero-trust network that continuously checks every access to company resources. No device or user is automatically trusted, which significantly reduces security risks. The AI continuously analyses behaviour patterns and detects threats in real time. HPE thus demonstrates how zero-trust principles combined with AI can lead to a proactive defence strategy. This solution is aimed at both large companies and critical infrastructures that require the highest security standards.
OPSWAT focused on the protection of operational technology (OT) and critical infrastructures. The solutions enable continuous monitoring of industrial systems and proactive defence against cyber attacks. This significantly increases operational safety, particularly in manufacturing and energy supply. OPSWAT demonstrated practical application scenarios and real-time monitoring solutions at the trade fair. The company emphasises the growing importance of OT security in an increasingly networked industrial environment.
SVA System Vertrieb Alexander GmbH presented cyber resilience concepts that ensure the operability of IT infrastructures even under cyber attacks. These include attack detection strategies, emergency plans and recovery concepts. The solutions combine technical measures with organisational processes. SVA showed concrete examples from customer projects to illustrate the effectiveness of its concepts. The company thus provides practical approaches that keep organisations capable of acting in critical situations.
Nevis presented a cloud platform for digital identities that enables passwordless authentication. The solution increases security by replacing traditional access data with modern, biometric or device-based methods. At the same time, it improves user-friendliness by making login processes significantly faster and more intuitive. Nevis demonstrated various integration scenarios for companies and public authorities. The platform shows how identity and access management can be implemented efficiently and in a user-friendly manner.
CS VISOR, together with Trend Micro, presented AI-supported security solutions that proactively detect and defend against threats. The AI continuously analyses networks and endpoints, detects anomalies and automatically initiates countermeasures. This significantly reduces the response time to cyber attacks. CS VISOR also showcased dashboard solutions for real-time monitoring and reporting. The combination of AI and practical visualisation supports companies in the continuous improvement of their security strategy.
SwissSign demonstrated solutions for digital signatures and certificates. These enable legally compliant electronic communication and secure document management. Such solutions are essential, especially for companies with international business processes. SwissSign showed practical application examples for contract conclusions and digital workflows. The platform illustrates how digital signatures make processes more efficient and at the same time more secure.
Bitkom offered a comprehensive workshop and specialist programme that addressed current topics such as AI in cybersecurity and data protection. The sessions were aimed at both specialists and managers. The association presented best practice examples and provided guidance on the implementation of regulatory requirements. Bitkom also offered networking opportunities and interactive discussion panels. In this way, the association supports the IT security community in knowledge transfer and the implementation of new technologies.
Check Point Software Technologies presented next-generation firewalls and cloud security solutions that detect threats at an early stage. In particular, the integration of AI analysis and real-time monitoring enables a proactive security strategy. Check Point demonstrated application scenarios for companies of all sizes. The solutions also offer high scalability for hybrid IT landscapes. In this way, the company is addressing the growing demands on network and cloud security.
Palo Alto Networks showcased advanced security platforms for hybrid IT landscapes. The solutions integrate AI-powered threat detection, firewall, endpoint protection and cloud security into a single framework. This allows security processes to be centrally controlled and monitored. Palo Alto presented specific use cases for international companies. The platform supports a consistent security strategy across different locations.
Microsoft Security presented integrated security architectures for the cloud, end devices and identities. The focus is on zero-trust principles, AI-supported analyses and automated security policies. Microsoft demonstrated practical solutions for hybrid and multi-cloud environments. Companies with complex IT structures in particular benefit from centralised management and high transparency. The platform facilitates the implementation of compliance and security requirements.
IBM Security presented solutions for threat intelligence, SIEM and cloud security management. Automated threat analyses help companies identify risks early on and respond accordingly. IBM showcased dashboard solutions and integration options for existing IT landscapes. Public authorities and large companies in particular benefit from the combination of AI, data analysis and proactive security management. IBM thus provides practical, implementable security concepts for complex infrastructures.
Darktrace presented its self-learning AI for cyber defence, which detects anomalies in real time and automatically initiates countermeasures. The adaptive AI continuously adapts to new threats and learns from network behaviour. Practical demonstrations of application scenarios in industry, finance and critical infrastructures were given. Darktrace emphasised the importance of combining AI with human expertise. The solution helps companies respond proactively and automatically to cyber attacks.
F-Secure presented comprehensive endpoint protection and cybersecurity services for small and medium-sized businesses. The solutions integrate threat intelligence, malware protection and central management functions. F-Secure demonstrated practical scenarios for remote and on-premise environments. The services offer efficient protection, especially for companies with limited IT resources. The platform enables a holistic security strategy without high administration costs.
T-Systems focused on managed security services and secure connectivity. The solutions combine network security, monitoring and incident response. T-Systems demonstrated how international companies and critical infrastructures benefit from a central security operations centre. Hybrid IT environments in particular can thus be protected efficiently. The services ensure that security and business continuity go hand in hand.
Cisco Systems presented network and security solutions with a focus on zero trust, cloud security and AI-supported threat defence. The solutions enable a holistic view of IT infrastructures and automated security processes. Cisco demonstrated practical implementations for large companies. The integration of cloud and network security in particular increases the ability to respond to attacks. Cisco thus supports organisations in future-proofing their security architecture.
Atos showcased innovative identity and access management solutions as well as advanced threat protection. The platforms offer centralised control of permissions, access monitoring and real-time analysis of security events. Atos presented practical examples for public authorities and companies. The solutions help to minimise internal security risks. In this way, Atos supports the implementation of a comprehensive, proactive security strategy.
Trend Micro rounded off the trade fair offering with comprehensive security solutions for the cloud, servers and end devices. AI-based analyses detect anomalies at an early stage and automate threat defence. Trend Micro presented specific use cases from corporate IT and critical infrastructures. The solutions can be integrated into existing security architectures in a scalable manner. This provides companies with a robust defence strategy against modern cyber threats.
it-sa 365 and it-sa@home – hybrid formats for maximum reach
The digital platform it-sa 365 supported both on-site visitors and trade visitors who joined remotely. Over 16,350 users took advantage of the digital offerings, including live streams, expert interviews and forum contributions. The interactive hall plan, matchmaking tools and digital guide made it easier to find your way around and network. Content remains available as a knowledge repository even after the trade fair, creating lasting added value. it-sa@home broadcast the trade fair experience live and digitally, allowing international participants to be directly involved in the panels, workshops and networking sessions.
Conclusion and outlook
it-sa Expo&Congress 2025 has once again proven that it is much more than a platform for product presentations: it is an international hub for cybersecurity, a driver of innovation for start-ups and a knowledge hub for specialists and executives. New strategic partnerships, international participation, a comprehensive congress programme and hybrid formats secure the trade fair’s pioneering role in Europe. The next it-sa Expo&Congress will take place from 27 to 29 October 2026 at the Exhibition Centre Nuremberg, supplemented by the digital trade fair recap on 27 November 2025 on it-sa 365.
With this mix of international cooperation, practical solutions and innovative technologies, it-sa sets standards for the future of IT security and remains an indispensable forum for the cybersecurity community.
