This chapter provides an overview of the European Union (EU) policies and legislative measures developed in an attempt to regulate cybersecurity. By invoking a historical perspective, policy developments that have shaped the cybersecurity landscape of the EU are highlighted. More concretely, this contribution investigates how the EU has been delimiting and constructing its cybersecurity policies in relation to different and sometimes opposing objectives, and questions what such choices reveal about (and how they determine) the evolution of the EU's cybersecurity policy and its legal contours. For this purpose, the major steps in the evolution of the EU's agenda on cybersecurity are analysed, ranging from the adoption of the 2013 Cybersecurity Strategy to other numerous norms, initiatives and sectorial frameworks that tackle issues arising from the active use of information systems and networks. The chapter reviews the mobilisation of multiple areas (such as the regulation of electronic communications, critical infrastructures and cybercrime) in the name of cybersecurity imperatives, and explores how the operationalisation of such imperatives surfaced in the EU cybersecurity strategy published in September 2017. The chapter suggests that one of the key challenges of cybersecurity regulation is to impose the right obligations on the right actors, through the right instrument. Reflecting on issues surrounding the current liability framework dating from the 80s, it considers how principles such as data protection by design and default as well as the 'duty of care' have emerged. Finally, the chapter considers how the perception of cybersecurity's relationship with (national) security plays a determinant role in the current EU legislative and policy debates, where fundamental rights considerations, despite being acknowledged in numerous policy documents, are only considered in a limited manner.
The EU and Cybersecurity 2.2 Soft-law Paved the Way for Hard-law Addressing Cybersecurity 2.3 EU Values 2.4 EU Values in External Action 2.5 EU Values in Cybersecurity 2.6 Why do Values Matter? 3 Challenges of Cybersecurity Regulation…………………………………………………………………… 3.1 Ambiguous Use of the 'Cybersecurity' Concept 3.2 Cooperation of Stakeholders 3.2.1 Cooperation of EU Institutions and Agencies Involved in Cybersecurity Protection 3.2.2 Cooperation Between National Authorities Within the Individual Member States, as well as Within the EU 3.3 Securitization of EU Values and Interests 4 Controversies over Cybersecurity Regulation………………………………………………………….. 4.1 Defining Controversies 4.1.1 Fundamental Rights as Drivers for EU Regulation? 4.1.2. Regulation through Individual Risk Identification and Proactive Action 4.1.3. Attribution of Roles to Different Stakeholders 4.1.4. A Number of Individuals' Rights Grows despite the Shortfall in
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.