The Luxembourg Consumer Protection Association (ULC) has sharply criticised recent remarks by LuxTrust Director Serge Allegrezza, calling his stated personal policy of “not clicking on anything anymore” an alarming admission that undermines public trust in essential digital services.
Allegrezza’s comment, made in a recent interview regarding his own online behaviour, prompted the ULC to question how consumers can be expected to navigate the digital world safely if the heads of key security firms publicly express such distrust.
The association argues that services like online banking and electronic IDs are now compulsory for full societal participation, and thus the risk of cybercrime cannot be treated as a private problem for consumers. It criticised the tendency of banks and service providers to too quickly blame customer “negligence”, especially given the sophistication of modern, AI-powered phishing attacks. The ULC finds it “unacceptable” to imply that total digital abstinence is the only viable protection.
Marking Safer Internet Day 2026, the ULC issued a call for a fundamental overhaul of digital security architecture. Its demands include stricter, compulsory liability rules for banks and security providers, the establishment of safe, standardised communication channels that do not rely on vulnerable email links, real-time alerts for suspicious transactions and quick, straightforward fraud reimbursement processes, as well as greater transparency from LuxTrust and banks regarding their security mechanisms.
The ULC concluded that digital safety must be built on trust and effective design, not fear. If the prevailing advice from experts becomes “don’t click on anything,” the association stated, then the project of digitalisation itself has failed.
