Understanding the rule of prevalence in the NIS directive: C-ITS as a case study

Ducuing, Charlotte

doi:10.1016/j.clsr.2020.105514

Cited by 8 publications

(2 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition to this, it is worth noting that this decision on ‘at least equivalence’ could be left to a Member State since the NIS 2 Directive proposal requires a national act of implementation. As some authors (see, for example [ 9 ]) suggest, entrusting Member States with the burden of conducting such a balancing exercise between the EU sector-specific requirements and the NIS 2 Directive proposal’s requirements may not be a fair solution when other EU sector-specific legislation is directly and uniformly applicable (such as the MDR) ( id .). Furthermore, leaving it to Member States to decide on a matter of lex specialis and lex generalis could lead to their different interpretation and application, thus ultimately leading to fragmentation issues.…”

Section: Achieving Consistency Within the Eu Cybersecurity Regulatory...mentioning

confidence: 99%

Cybersecurity of medical devices: new challenges arising from the AI Act and NIS 2 Directive proposals

Biasin

Kamenjašević

2022

Int. Cybersecur. Law Rev.

View full text Add to dashboard Cite

Cyberattacks on the IT infrastructure of hospitals, electronic health records or medical devices that have taken place during the COVID-19 pandemic reaffirmed how crucial it is to ensure cybersecurity in the healthcare sector. Medical devices are regulated in the European Union (EU) through vertical product-specific legislation, such as the Medical Device Regulation (MDR), among others. The MDR foresees safety requirements implying cybersecurity obligations for medical device manufacturers. In 2021, the EU legislator put forward the Network and Information Security System Directive reform (NIS 2) and the Artificial Intelligence Act (AIA) proposal, containing additional cybersecurity requirements applicable to medical devices. This article analyses how the new reforms interact with the existing legislation from a cybersecurity perspective. The research finds that parallel provision of analogous cybersecurity requirements (especially on notification requirements) could lead to regulatory overlapping, fragmentation, and uneven levels of protection of individuals in the EU internal market. In the “Recommendations and conclusions”, the article provides policy recommendations to the EU legislator to help mitigate these risks.

show abstract

Section: Achieving Consistency Within the Eu Cybersecurity Regulatory...mentioning

confidence: 99%

Cybersecurity of medical devices: new challenges arising from the AI Act and NIS 2 Directive proposals

Biasin

Kamenjašević

2022

Int. Cybersecur. Law Rev.

View full text Add to dashboard Cite

show abstract

“…We recognise that there already exists EU legislation on cybersecurity through the NIS directive 8 and the Cybersecurity Regulation 9 , the latter focused entirely on EU institutions. While the spirit and the idea behind the NIS directive is admirable, it does not put proper security into hard law, but leaves it for guidance and certifications and other soft law measures, without enforcement regimes worthy of how central and important security is 10 .…”

Section: Introductionmentioning

confidence: 99%

The Opportunity to Regulate Cybersecurity in the EU (and the World): Recommendations for the Cybersecurity Resilience Act

Ludvigsen¹,

Nagaraja²

2022

Preprint

View full text Add to dashboard Cite

Safety is becoming cybersecurity under most circumstances. This should be reflected in the Cybersecurity Resilience Act whenever it is proposed and agreed upon in the European Union. In this paper, we define a range of principles which this future Act should build upon, a structure and argue why it should be as all encompassing as possible. We do this on the basis of what the cybersecurity research community for long have asked for, and on what constitutes clear hard legal rules instead of soft. Important areas such as cybersecurity should be taken seriously, by regulating it in the same way we see other types of critical infrastructure and physical structures, and be uncompromising and logical, to encompass the risks and potential for chaos which its ubiquitous nature entails.We find that principles which regulate cybersecurity systems' life-cycles in detail are needed, as is clearly stating what technology is being used, due to Kirkhoffs principle, and dismissing the idea of technosolutionism. Furthermore, carefully analysing risks is always necessary, but so is understanding when and how the systems manufacturers may fail or almost fail, all of these details must be expected and detailed. We do this through the following principles:Ex ante and Ex post assessment, Safety and Security by Design, Denial of Obscurity, Dismissal of Infallibility, Systems Acknowledgement, Full Transparency, Movement towards a Zero-trust Security Model, Cybersecurity Resilience, Enforced Circular Risk Management, Dependability, Hazard Analysis and mitigation or limitation, liability, A Clear Reporting Regime, Enforcement of Certification and Standards, Mandated Verification of Security and Continuous Servicing.To this, we suggest that the Act employs similar authorities and mechanisms as the GDPR, and create strong national authorities to coordinate inspection and enforcement in each Member State, with ENISA being the top and coordinating organ. 1

show abstract

Autonomous Vehicles and Civil Liability in Belgium

Dheu,

De Bruyne,

Valcke

et al. 2024

Data Science, Machine Intelligence, and Law

View full text Add to dashboard Cite

Understanding the rule of prevalence in the NIS directive: C-ITS as a case study

Cited by 8 publications

References 2 publications

Cybersecurity of medical devices: new challenges arising from the AI Act and NIS 2 Directive proposals

Cybersecurity of medical devices: new challenges arising from the AI Act and NIS 2 Directive proposals

The Opportunity to Regulate Cybersecurity in the EU (and the World): Recommendations for the Cybersecurity Resilience Act

Autonomous Vehicles and Civil Liability in Belgium

Contact Info

Product

Resources

About