The societal effects of cybersecurity are widely discussed, but it remains less clear how software security regulations specifically contribute to building a resilient society, particularly in relation to Sustainable Development Goals 5 (Gender Equality), 10 (Reduced Inequalities), and 16 (Peace, Justice and Strong Institutions). This study investigates this connection by examining key EU and U.S. strategies through comparative legal analysis, software development (SDLC) case studies, and a normative–sociological lens. Our findings reveal that major regulations—such as the EU’s Cyber Resilience Act and the U.S. SBOM rules—are not merely reactive, but proactively embed resilience as a fundamental mode of operation. This approach structurally reallocates digital risks from users to manufacturers, reframing software security from a matter of compliance to one of social fairness and institutional trust. We conclude that integrating ‘resilience by design’ into technology rules is more than a technical fix; it is a mechanism that makes digital access fairer and better protects vulnerable populations, enabling technology and society to advance cohesively.

This study provides a structured comparative analysis of how democratic and authoritarian regimes integrate cybersecurity into their national security architectures, with particular attention to the severely under-researched Central-Eastern European EU member states (Hungary and Slovakia). Using a most-different-systems design, the article contrasts the multi-stakeholder, cooperative model of a major rule-of-law democracy (United States) with the centralized, digital-sovereignty-driven approaches of three major authoritarian powers (China, Russia, Iran) and two smaller EU members. In addition to institutional structures and oversight mechanisms, the analysis explicitly incorporates public trust dynamics as a critical variable of cybersecurity resilience. Findings show that democratic systems generate higher legitimacy but slower operational tempo, whereas authoritarian models achieve rapid capability integration at the expense of societal trust and private-sector autonomy. In the Central-Eastern European cases, the interplay of NIS2 obligations and pronounced centralizing tendencies produces distinctive governance patterns that deviate from both the classic “cooperating cyberfare state” and the “smart total-control” archetypes. The study demonstrates that sustained public trust—fostered through transparent communication, accountable institutions and meaningful societal inclusion—acts as a force multiplier for cybersecurity resilience across all regime types. By filling three identified gaps (small EU member states, cross-regime empirical depth, and public-trust integration), the article advances both the comparative politics of cybersecurity governance and practical policy recommendations for strengthening transatlantic and intra-EU cyber resilience.