As cybersecurity becomes a defining factor in business resilience, legal professionals play an increasingly vital role in shaping how organizations manage digital risk. In this interview, Dr. Milena Nikolić, Cybersecurity Contract Manager at Siemens Energy, discusses the evolving relationship between law and technology, the contractual challenges of securing global supply chains, and the importance of collaboration between legal and technical teams. Drawing on her experience in corporate and public sectors, Dr. Nikolić offers a thoughtful perspective on how cybersecurity compliance is transforming from a regulatory obligation into a shared commitment to trust and integrity.

1. With your extensive legal background and current role managing cybersecurity contracts at Siemens Energy, where you are responsible for the contractual relationship with suppliers from a cybersecurity perspective, how do you navigate the complex intersection between legal requirements and technical cybersecurity measures?

I wouldn’t call it an intersection — lawyers and technical experts are not on opposite sides; they share the same goal: protecting the organization from cyber incidents. Collaboration and mutual understanding are key. The real challenge is to speak a common language and ensure that everyone—from legal to engineering—understands both the legal “why” and the technical “how.”
Working closely with technical experts has allowed me to continuously refine and strengthen our cybersecurity requirements towards third parties. That cooperation is, in my view, the essence of modern cyber risk management.

2. Given the increasing importance of cybersecurity in energy infrastructure, what are the key contractual challenges companies face when managing cybersecurity risks with vendors and partners?

The global challenge lies in explaining complex requirements designed to protect everyone in the supply chain. Cybersecurity clauses are not just legal formality—they are shared protection mechanisms.
The biggest difficulty is ensuring that obligations flow down to subcontractors and fourth parties. Because a breach in your supply chain is a breach in your business. That’s why I believe prevention is always stronger than reaction.

3. How has your experience in corporate affairs and public sector roles influenced your approach to compliance and risk management in the private sector, particularly in cybersecurity?

Coming from a criminal law background in a law firm, working in the energy sector, and as someone who holds a PhD in Law, I was trained to question everything. In cybersecurity, that mindset is essential—constant doubt is what drives protection.
I’ve always been detail-oriented and focused on precision, which aligns perfectly with cybersecurity’s layered defense logic: assume nothing, verify everything, and build protection on multiple levels.

4. With your academic focus on international law, how do you see evolving global legal frameworks impacting corporate cybersecurity strategies?

My PhD in Public International Law focused on the fragmentation of international law—a topic that feels more relevant than ever. In cybersecurity, we face a diversity of overlapping laws and regulations, often applied within a single supply chain that spans multiple jurisdictions.
This legal complexity fascinates me, and I’m curious to see how global harmonization will evolve. One thing is certain: regulation in this field is no longer optional. It has become essential to every aspect of modern life and business.

Still, I sincerely hope that efforts will move beyond mere formal alignment with complex regulations. Form without substance is one of the most dangerous illusions—not only in law, but in life itself. True compliance is not a checkbox exercise; it’s an act of responsibility and integrity.

5. What advice would you give to legal professionals looking to specialize in cybersecurity contracts and compliance, especially in highly regulated industries like cybersecurity?

I would truly love to see more lawyers in this domain, which has become critical to the survival of any business—and deeply relevant to private life as well.
My advice is simple: keep an open mind and learn the basics of cybersecurity. The industry needs lawyers who understand technology, not to replace engineers, but to stand beside them. Legal minds are vital here—because the future of cybersecurity will be written not only in code, but also in contracts.