eu-LISA Industry Roundtable Jun 2025: Software Factories

News Type: Event
Date & Time: 11 June 2025, 13:30 - 12 June 2025, 16:00 Europe/Warsaw

Type: Hybrid
Location: Warsaw & Online

eu-LISA Industry Roundtable on Software Factories, June 2025

On 11-12 June 2025, the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) will host the next edition of the eu-LISA Industry Roundtable in Warsaw, Poland, under the patronage of the Polish Presidency of the Council of the EU. The event will be held in a hybrid format allowing for in-person and online participation.

The next edition of the eu-LISA Industry Roundtable (IR), a biannual event that has been organised since 2014, will focus on the benefits that new technology trends such as the Software Factories – built upon the principles of Agile approaches and DevSecOps methodologies – can bring to public sector organisations (both at MS and EU levels). The event will also feature presentations and discussions on new technological solutions that can help to achieve those benefits while addressing some of the pending challenges.

Practical information

If your company/organisation is interested in presenting an innovative technology, product or service at the event, please sign up to participate:

Call for expression of interest

Background

EU institutions, agencies, and Member States’ authorities are increasingly relying on digital solutions. Many of these solutions serve a very specific purpose, are rather complex and cannot be easily found on the market. This, in combination with the political expectations regarding fast pace of delivery, requires significant investments in IT and software development capabilities by public sector authorities.

The rapid pace of digital transformation across the EU has boosted the adoption of cutting-edge methodologies like Agile, DevSecOps, and Software Factories in public institutions. In addition, technologies such as cloud computing, automation and AI, are being deployed to meet the high expectations of the professionals and citizens relying on them.

Agile methodologies

Agile methodologies provide a structured yet flexible approach to managing complex IT projects, enabling institutions to deliver services and applications faster while adapting to evolving needs. Agile allows public institutions to prioritise user-centric development, iteratively improving systems to meet high standards of accessibility and inclusivity. Furthermore, Agile fosters collaboration across departments, breaking down silos and ensuring that IT projects align with broader organisational goals. For EU institutions managing diverse and cross-border initiatives, this collaborative and adaptive framework is essential for driving cohesion and innovation.

DevSecOps

DevSecOps integrates software development and IT operations and further strengthens security and data protection by design, integrating security and data protection into every phase of the software development lifecycle, a critical need in today’s heightened cybersecurity landscape. As EU public sector institutions handle vast amounts of sensitive data, embedding security and data protection by design, reduces vulnerabilities and enhances compliance with regulations like the General Data Protection Regulation (GDPR), EUDPR, Regulation for Cybersecurity of EU Institutions or the NIS2 Directive.

Software Factories

Coupled with the concept of Software Factories — highly automated environments for rapid and scalable software development — these methodologies provide EU institutions with the ability to respond swiftly to new legislative mandates, security threats, or societal challenges. The Software Factory approach is also a powerful tool that can be used by public institutions to become more independent in their software design and development, and less reliant on outsourcing to external contractors for the fulfilment of IT projects. The increased level of IT self-sufficiency and technical ownership brought by the implementation of Software Factories can be key to improve performance in areas such as:

Improved control over the products and systems offered which, in turn, will result in faster and more economically efficient ways to adapt such services to changing demands and regulations,
Better management and more efficient use of resources (both human and financial),
Lowering of potential risks related to guaranteeing long-term services (e.g., vendor lock-in situations, market discontinuity of products), and
Shorter time-to-market.

Together, Agile, DevSecOps, and Software Factories, combined as well with other innovative IT practices such as cloud computing or AI-based tools, empower public institutions to build secure, efficient, and citizen-focused digital ecosystems while fostering trust and resilience across the Union.

Focus of the event and tentative agenda

There is no doubt that the combination of the principles of Agile, DevSecOps and Software Factories, among other innovative approaches, can bring very significant benefits and improvement to the service that EU public sector organisations focused on IT and security technologies can bring to the citizens. However, the adoption of these new paradigms requires not only organisational changes but also a change in the overall culture and mentality within the organisations in order to be able to surmount some of the inherent challenges of these new approaches:

Scaling Across Teams and Organisations: While these methodologies are effective for small, focused teams, scaling them across large organisations introduces complexity. Coordinating multiple teams, maintaining alignment with organisational goals, and ensuring consistent implementation of practices become increasingly challenging as the scope expands.
Integration with Legacy Systems: Many organisations, particularly in sectors like government or finance, operate with legacy systems that are not easily compatible with the iterative and automated processes of Agile and DevSecOps. These systems often lack the modularity required for rapid development cycles, creating bottlenecks that impede progress in software factories.
Security vs. Speed Balance: While DevSecOps emphasises integrating security throughout the development lifecycle, there is often tension between maintaining robust security measures and meeting tight delivery timelines.
Measuring Success and ROI (Return on Investment): Determining the success of Agile, DevSecOps, and software factories can be challenging due to their emphasis on process improvements and continuous delivery. Organisations often struggle to establish meaningful Key Performance Indicators (KPIs) that reflect the value delivered, especially when outputs are iterative and less tangible than traditional development models.
Compliance and Regulation: For organisations bound by strict regulatory requirements, integrating Agile and DevSecOps can be challenging. Ensuring that iterative and flexible processes remain compliant with governance, audit, and reporting standards demands additional planning and effort.
Over-reliance on automation tools: The success of these methodologies relies heavily on tools for automation, collaboration, and integration. However, an over-reliance on tools without a clear understanding of the underlying principles can lead to inefficiencies. Misconfigured or poorly
integrated tools may even hinder progress instead of enabling it.

As presented above, since the publication of the “Agile Manifesto” in 2001, new ways of developing software more efficiently have continued to emerge and evolve, now being applied to project management and IT operations, and to the overall structure and organisation of industries and public institutions seeking to provide a better service to clients and citizens. This paradigm shift in the way we work reflects on the dynamic interplay of technology, culture, and global trends.

The Industry Roundtable will focus on the benefits that new technology trends such as the Software Factories built upon the principles of Agile approaches and DevSecOps methodologies, can bring to public sector organisations in the EU and on new technological solutions that can help to achieve those benefits while addressing some of the pending challenges.

To address this topic, we are seeking for Industry presentations tackling some of the challenges that these new approaches must overcome, including (but not restricted to):

Software factory platforms to help public institutions become more technologically self-sovereign and less reliant on external contractors for the development of software and delivery of services.
Integration tools with legacy systems.
Solutions for the scaling of the Agile approach in IT development.
Use of new technologies to support IT development: cloud, AI for coding – including their security aspects.
Solutions to implement agile principles: management, software.
Tools for the continuous improvement of IT solutions through monitoring, data analysis and testing.
Solutions for ensuring data privacy and security in Agile and DevSecOps environments.

The IR will provide a common platform to present and discuss the latest innovations in then new way of working in IT development, addressing operational needs, in compliance with the applicable regulations.

The IR will also give the opportunity to debate, exchange ideas and share knowledge, based on practical experiences and good practices, with the ultimate goal of identifying the most suitable IT development solutions that could support the three pillars of the Schengen area: security, freedom and justice.

To this aim, the Industry Roundtable will take place during 1.5 days with 5 sessions: 2 sessions on 11 June (13:30-17:30 CET) and 3 sessions on 12 June (9:00-16:00 CET). Please note that all times specified below are given in the local time zone, which is Central European Time (CET).

DAY 1, 11 June 2025 (13:30-17:30 CET)

Session 1. Adoption of the new way of developing IT Solutions: Challenges and Opportunities from the perspective of MS authorities and EU Institutions

In this session, representatives of different MS and EU Institutions, will provide an overview of their experience with the adoption of Agile, DevSecOps and Software Factory approaches to address practical challenges faced by their organisations, elaborating both on the opportunities provided by the new Agile way of working, the challenges they faced, and the specific challenges pertaining to the compliance with the regulatory framework. Some topics of interest in this session are:

Role of leadership and organizational culture in adopting Agile way of working.
Overcoming common pitfalls in Agile teams.
Implementing Agile in highly regulated environments (e.g., finance, healthcare, government).

Session 2 (Part 1). Agile at scale: scaling Agile in large, multidisciplinary, multicultural organisations

For large organisations, the challenge of maintaining Agile principles across multiple teams, departments, and geographies becomes increasingly complex. This session will explore strategies, frameworks, and best practices for scaling Agile in large software development environments. Industry representatives will share solutions on managing dependencies, aligning cross-functional teams, and maintaining agility while meeting organisations demands for security, compliance, and performance. The main objective is to provide practical knowledge and examples of overcoming common scaling challenges and ensuring Agile remains a driver of innovation and efficiency at scale. Examples of topics to be addressed in this session, for which industry is expected to provide successful (or unsuccessful) practical stories/examples, are:

Frameworks for scaling Agile (e.g., SAFe, LeSS, Nexus, Spotify Model).
Tools for enabling cross-team collaboration and dependencies management.
Schemes for Agile governance and compliance in large organisations.
Practical examples of how to balance agility with security and risk management in large organisations.
Metrics and KPIs for measuring Agile success at scale.
Integrating DevSecOps in large-scale Agile implementations.

DAY 2, 12 June 2025 (9:00-16:00 CET)

Session 2 (Part 2). Agile at scale: scaling Agile in large, multidisciplinary, multicultural organisations

See description of Session 2 above

Session 3. Automation in IT/software development platforms

The increasing complexity of software development demands integrated platforms and automation-driven approaches to enhance agility, security, and efficiency. This session will explore how automation tools can help organisations to embed Agile and DevSecOps principles into modern IT and software development platforms, enabling continuous integration, delivery, and security. Industry will present solutions to enhance the role of automation in accelerating development cycles, reducing vulnerabilities, and ensuring compliance in dynamic organisational environments. The objective is that participants gain insight into real-world cases that illustrate the transformative impact of automation on Agile and DevSecOps adoption. Examples of topics to be addressed in the session are:

Software Development Platforms: Cloud-Native, On-Premises, and Hybrid Approaches.
The Role of automation in Agile and DevSecOps workflows.
Infrastructure as Code (IaC) and automated deployment strategies.
AI and Machine Learning for automated code review and threat detection.
Monitoring, observability, and incident response in Automated environments.
Future Trends: Low-Code/No-Code, AI-driven development, and Autonomous testing.

Session 4. Monitoring and data analysis tools for continuous delivery in Agile software development environments

In Agile software development, continuous delivery (CD) requires real-time insights into system performance, code quality, and security. Effective monitoring and data analysis tools play a critical role in identifying issues early, optimizing deployment pipelines, and ensuring smooth operations in fast-paced development cycles. This session will allow industry to present the latest advancements in observability, automated monitoring, and predictive analytics that empower development teams to make data-driven decisions, enhance reliability, and maintain high deployment velocity. Industry presentations are expected to discuss best practices for integrating monitoring solutions with CI/CD pipelines (Continuous Integration – Continuous Delivery) and leveraging AI-driven analytics for proactive incident management. Examples of topics to be addressed are:

Tools for monitoring in continuous delivery pipelines.
Observability vs. Traditional Monitoring: Key differences and benefits of the latest technological solutions.
Tools for log management and distributed tracing in Agile development platforms.
Real-Time performance metrics and dashboards.
AI-driven predictive analytics for performance assessment and incident prevention.
Security monitoring and compliance in continuous deployment.
Integrating monitoring tools with CI/CD pipelines.
Future Trends: AIOps, self-healing systems, and autonomous monitoring.