Ready to see the difference for yourself?
Apply for a free trial, and we'll walk you through Certiligent with your own certificate setup.
TLS certificates are the digital "ID cards" of websites. They enable data to travel securely across the internet, whether you're logging into online banking or entering a password on a web form.
The reduction of TLS certificate validity to just 47 days by 2029 will bring significant changes for organizations managing large numbers of digital services. What might look like a routine technical adjustment is, in practice, a serious operational and financial challenge. Companies will need to manage hundreds of certificate renewals every year to ensure their systems keep running without interruption.
Marijana Mišić Mikulić, Product Manager at ASEE, addressed how organizations can prepare for these upcoming changes at the Cyber Security conference.
Mišić Mikulić warned that an expired TLS certificate can have severe business consequences, citing several well-known global incidents. One example was the multi-hour outage of Microsoft Teams in February 2020. An expired authentication certificate left more than 20 million users unable to access the service.
She also highlighted the Starlink incident from April 2023. An expired certificate at a ground station caused a multi-hour global internet outage affecting millions of users. These cases demonstrate how a single oversight in certificate management can trigger major operational disruptions, financial losses, and erosion of user trust.
"These are large companies, which shows us better than anything that cybersecurity comes from processes, not from company size." — Marijana Mišić Mikulić
The ASEE expert noted that 80% of organizations experience at least one certificate-related outage per year. With an average recovery time of more than four hours, the cost is $5,500 per minute of downtime.
"The rules are changing, and this is mandatory. We're going from one renewal per year to eight by 2029. Today, certificates are valid for 200 days, meaning two renewals a year. From 2029, validity will be 47 days. What has until now been an annual administrative task becomes a continuous operational challenge. If an organization has around a hundred certificates, this is no longer something you can handle on the side. It practically requires a dedicated employee." — Marijana Mišić Mikulić
The topic of regulatory requirements was picked up by Jakov Kiš from the National CERT at CARNET. He walked attendees through the obligations around reporting cybersecurity incidents under an increasingly strict legislative framework. While organizations invest heavily in prevention and risk management, knowing how to respond when an incident does occur, and understanding legal reporting obligations to the relevant authorities, is equally important
Kiš emphasized that effective cybersecurity is impossible without cooperation and timely information sharing between stakeholders. He presented the obligations arising from the Cybersecurity Act and Regulation for categorized entities, and explained the role of the PiXi platform as the central tool for reporting and handling security incidents. The goal, he stressed, is to give organizations a simple, secure, and standardized reporting process, while also building a community that strengthens collective resilience against increasingly complex cyber threats through information sharing.
"Reporting incidents is a sign of system maturity, responsibility, and resilience. Concealing an incident is the worst possible choice. It constitutes a legal violation, leaves security vulnerabilities open, and increases the risk of repeated attacks with even more serious consequences in the future. By reporting an incident, organizations stop facing attackers alone and become part of a coordinated national protection system that provides them with technical and analytical support." — Jakov Kiš
This article is adapted from the original published on Poslovni.hr.
Apply for a free trial, and we'll walk you through Certiligent with your own certificate setup.
