Advanced search
Publication Cover
International Review of Law, Computers & Technology Volume 36, 2022 - Issue 2
Submit an article Journal homepage
5,910
Views
3
CrossRef citations to date
0
Altmetric
BILETA Special Edition

The IoT and the new EU cybersecurity regulatory landscape

Pier Giorgio Chiaraa Department of Law, University of Luxembourg, Luxembourg, Luxembourg;b Department of Law, University of Bologna, Bologna, ItalyCorrespondence[email protected]
View further author information
Pages 118-137 | Received 18 Oct 2021, Accepted 21 Dec 2021, Published online: 07 May 2022

References

  • AIOTI. 2021. “AIOTI Feedback to the Public Consultation on the Revised Draft NIS Directive (NIS2)”.
  • Anglmayer, I. 2021. Briefing Implementation Appraisal – Machinery Directive Revision of Directive 2006/42/EC (2021), EPRS, European Parliament, 11.
  • Banasinski, C., and M. Rojszczak. 2021. “Cybersecurity of Consumer Products against the Background of the EU Model of Cyberspace Protection.” Journal of Cybersecurity 7 (1): 1–15.
  • BDI. 2021b. “Position Paper on NIS 2-Directive”.
  • BDI. Position on ITRE-Amendments to NIS 2-Directive German industry’s position on the ITRE Committee’s amendments to the Commission proposal for a Directive on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148.
  • BDI, DIN and DKE. 2021. “EU-wide Cybersecurity Requirements – Introduction of Horizontal Cybersecurity Requirements Based on the New Legislative Framework and Bridge to the EU Cybersecurity Act” Position Paper.
  • Blythe, J. M., S. D. Johnson, and M. Manning. 2020. “What Is Security Worth to Consumers? Investigating Willingness to Pay for Secure Internet of Things Devices.” Crime Science 9: 1.
  • Bormann, C., M. Ersue, and A. Keranen. 2014. “Terminology for Constrained-Node Networks”. Internet Engineering Task Force (IETF – 7228).
  • Brighi, R., and P. G. Chiara. 2021. “La Cybersecurity Come Bene Pubblico: Alcune Riflessioni Normative a Partire Dai Recenti Sviluppi Nel Diritto Dell’Unione Europea.” Federalismi.it, 21, 18.
  • Cheruvu, S., A. Kumar, N. Smith, and D. Wheeler. 2020. Demystifying Internet of Things Security: Successful IoT Device/Edge and Platform Security Deployment. Berkeley, CA: Apress Open.
  • Chiara, P. G. 2021. “The Balance Between Security, Privacy and Data Protection in IoT Data Sharing: A Critique to Traditional “Security&Privacy” Surveys.” European Data Protection Law Review 7: 18–30.
  • Cole, M. D., and S. Schmitz. 2020. “The Interplay Between the NIS Directive and the GDPR in a Cybersecurity Threat Landscape.” University of Luxembourg Law Working Paper No. 2019-017.
  • Council of the European Union. 2020. “Council Conclusions on the Cybersecurity of Connected Devices” 13629/20.
  • CSES. 2020a. “Executive Summary – Impact Assessment on Increased Protection of Internet-Connected Radio Equipment and Wearable Radio Equipment”.
  • CSES. 2020b. “Final Report – Impact Assessment on Increased Protection of Internet-Connected Radio Equipment and Wearable Radio Equipment”.
  • Denardis, L. 2020. The Internet in Everything – Freedom and Security in a World with No Off Switch. New Haven: Yale University Press.
  • DIGITALEUROPE. 2021a. “DIGITALEUROPE Position on the NIS2 Directive”.
  • DIGITALEUROPE. 2021b. “Setting the Standard: How to Secure the Internet of Things”.
  • Directive 2006/42/EC of the European Parliament and of the Council of 17 May 2006 on machinery.
  • Directive 2014/53/EU of the European Parliament and of the Council of 16 April 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of radio equipment and repealing Directive 1999/5/EC Text with EEA relevance.
  • Ducuing, C. 2019. “Towards an Obligation to Secure Connected and Automated Vehicles “by Design”?” In Security and Law: Legal and Ethical Aspects of Public Security, Cyber Security and Critical Infrastructure Security, edited by A. Vedder, J. Schroers, C. Ducuing, and P. Valcke, 183–214. Cambridge: Intersentia.
  • Ducuing, C. 2021. “Understanding the Rule of Prevalence in the NIS Directive: C-ITS as a Case Study.” Computer Law and Security Review 40: 105514.
  • Durante, M. 2021. Computational Power: The Impact of ICT on Law, Society and Knowledge. Abingdon: Routledge.
  • ECSO. 2020. “European Cyber Security Certification – Challenges Ahead for the Roll-Out of the Cybersecurity”.
  • ENISA. 2017. Incident Notification for DSPs in the Context of the NIS Directive – A Comprehensive Guideline on How to Implement Incident Notification for Digital Service Providers, in the Context of the NIS Directive.
  • ENISA. 2019a. “Good Practices for Security of IoT Secure Software Development Lifecycle”.
  • ENISA. 2019b. “IoT Security Standards Gap Analysis: Mapping of Existing Standards against Requirements on Security and Privacy in the Area of IoT”.
  • ENISA. 2020a. “EUCS – CLOUD SERVICES SCHEME: EUCS, a Candidate Cybersecurity Certification Scheme for Cloud Services”.
  • ENISA. 2020b. “Guidelines for Securing the Internet of Things – Secure Supply Chain for IoT”.
  • ENISA. 2020c. “The Year in Review: ENISA Threat Landscape”.
  • ENISA. 2021a. “Cybersecurity Certification: Candidate EUCC Scheme V1.1.1”.
  • ENISA. 2021b. “Public Consultation on the Draft Candidate EUCC Scheme”.
  • ENISA Stakeholder Cybersecurity Certification Group. 2021. “Consultation Report on Draft URWP”.
  • European Commission. 2013. “Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace JOIN(2013) 1 Final”.
  • European Commission. 2017. “Joint Communication to the European Parliament and the Council Resilience, Deterrence and Defence: Building Strong Cybersecurity for the EU”.
  • European Commission. 2019. “Rolling Plan for ICT Standardisation 2019”.
  • European Commission. 2020. “An SME Strategy for a Sustainable and Digital Europe” COM(2020) 103 final.
  • European Commission. 2021. “Rolling Plan for ICT Standardisation 2021”.
  • European Commission and the High Representative of the Union for Foreign Affairs and Security Policy. 2020. “Joint Communication to the European Parliament and the Council: The EU’s Cybersecurity Strategy for the Digital Decade”.
  • European Data Protection Supervisor. 2021. “Opinion 5/2021 on the Cybersecurity Strategy and the NIS 2.0 Directive”.
  • European Union Agency for Fundamental Rights. 2018. Manuale sul diritto europeo in materia di protezione dei dati. Lussemburgo: EU Publishing Office.
  • Finck, M. 2021. “Cobwebs of Control: The Two Imaginations of the Data Controller in EU Law.” International Data Privacy Law 11: 333–347.
  • Finck, M., and F. Pallas. 2020. “They Who Must Not Be Identified—Distinguishing Personal from Non-personal Data Under the GDPR.” International Data Privacy Law 10: 11–36.
  • Finnish Transport and Communications Agency. 2020. “Finnish Cybersecurity Label.” https://tietoturvamerkki.fi/files/cybersecurity_label_presentation-280920.pdf.
  • Fosch-Villaronga, E., and T. Mahler. 2021. “Cybersecurity, Safety and Robots: Strengthening the Link Between Cybersecurity and Safety in the Context of Care Robots.” Computer Law & Security Review 41: 105528.
  • Fuster, G. G., and L. Jasmontaite. 2020. “Cybersecurity Regulation in the European Union: The Digital, the Critical and Fundamental Rights.” In The Ethics of Cybersecurity. Vol. 21, edited by M. Christen, B. Gordijn, and M. Loi, 97–115. Cham: Springer.
  • Giovanni, C., and F. Silva. 2018. “Cybersecurity for Connected Products” (2018) ANEC and BEUC position paper, ANEC-DIGITAL-2018-G-001final – BEUC-X-2018-017 07/03/2018.
  • Gorywoda, L. 2009. “The New European Legislative Framework for the Marketing of Goods.” Columbia Journal of European Law 16: 161.
  • Hessel, S., and A. Rebmann. 2020. “Regulation of Internet-of-Things Cybersecurity in Europe and Germany as Exemplified by Devices for Children.” International Cybersecurity Law Review 1: 27–37.
  • Hofmann, H. C. H. 2016. “European Regulatory Union? The Role of Agencies and Standards.” In Research Handbook on the EU’s Internal Market, edited by P. Koutrakos, and J. Snell, 460–478. Cheltenham: Elgar Publishing.
  • Kamara, I. 2021. “Misaligned Union Laws? A Comparative Analysis of Certification in the Cybersecurity Act and the General Data Protection Regulation.” In Data Protection and Privacy: Data Protection and Artificial Intelligence, edited by D. Hallinan, R. Leenes, and P. De Hert, 83–110. London: Hart Publishing.
  • Klimas, T., and J. Vaiciukaite. 2008. “The Law of Recitals in European Community Legislation.” ILSA Journal of International & Comparative Law 15: 1.
  • Kokx, B. 2021. “European Standardization Organisations” ENISA Cybersecurity Standardization Conference, Panel 2: Radio Equipment Directive – Setting Up the Scene and Future Wo Cybersecurity and Radio Equipment Directive – Implementing Measures.
  • Kopp, E., L. Kaffenberger, and C. Wilson. 2017. “Cyber Risk, Market Failures, and Financial Stability.” International Monetary Fund Working Paper.
  • Mantelero, A., G. Vaciago, M. S. Esposito, and N. Monte. 2021. “The Common EU Approach to Personal Data and Cybersecurity Regulation.” International Journal of Law and Information Technology 28 (4): 297–328.
  • Markopoulou, D., V. Papakonstantinou, and P. De Hert. 2019. “The new EU Cybersecurity Framework: The NIS Directive, ENISA’s Role and the General Data Protection Regulation.” Computer Law & Security Review 35 (6): 105336.
  • NIST. 2021. “Workshop Summary Report for “Building the Federal Profile for IoT Device Cybersecurity” Virtual Workshop – NISTIR 8322”.
  • Orgalim. 2020. “Proposal for a Horizontal Legislation on Cybersecurity for Networkable Products within the New Legislative Framework.” Position Paper.
  • Pagallo, U., P. Casanovas, and R. Madelin. 2019. “The Middle-out Approach: Assessing Models of Legal Governance in Data Protection, Artificial Intelligence, and the Web of Data.” Theory and Practice of Legislation 7 (1): 1–25.
  • Pagallo, U., M. Durante, and S. Monteleone. 2017. “What Is New with the Internet of Things in Privacy and Data Protection? Four Legal Challenges on Sharing and Control in IoT.” In Data Protection and Privacy: (in) Visibilities and Infrastructures, edited by Ronald Leenes, Rosamunde van Brakel, Serge Gutwirth, and Paul De Hert, 59–78. Cham: Springer.
  • Rayes, A., and S. Salam. 2019. Internet of Things: From Hype to Reality. Cham: Springer.
  • Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on Information and Communications Technology Cybersecurity Certification and Repealing Regulation (EU) No 526/2013 (Cybersecurity Act).
  • Schellekens, M. 2016. “Car Hacking: Navigating the Regulatory Landscape.” Computer Law and Security Review 32: 307–315.
  • Schmitz-Berndt, S., and F. Anheier. 2021. “Synergies in Cybersecurity Incident Reporting – The NIS Cooperation Group Publication 04/20 in Context.” European Data Protection Law Review 7: 101–107.
  • Schmitz-Berndt, S., and S. Schiffner. 2021. “Don’t Tell Them Now (Or at All) – Responsible Disclosure of Security Incidents Under NIS Directive and GDPR.” International Review of Law, Computers & Technology 35: 101–115.
  • Sievers, T. 2021. “Proposal for a NIS Directive 2.0: Companies Covered by the Extended Scope of Application and Their Obligations.” International Cybersecurity Law Review 2: 223–231.
  • Spagnuelo, D., A. Ferreira, and G. Lenzini. 2019. “Accomplishing Transparency within the General Data Protection Regulation.” In Proceedings of the 5th International Conference on Information Systems Security and Privacy (ICISSP 2019).
  • Stahl, K., and R. Strausz. 2017. “Certification and Market Transparency.” Review of Economic Studies 84: 1842.
  • Stapko, T. 2008. Practical Embedded Security: Building Secure Resource-Constrained Systems . Burlington, MA: Newnes.
  • Taddeo, M. 2019. “Is Cybersecurity a Public Good?” Minds and Machines 29: 349–354.
  • Vedder, A. 2019. “Safety, Security and Ethics.” In Security and Law: Legal and Ethical Aspects of Public Security, Cyber Security and Critical Infrastructure Security, edited by A. Vedder, J. Schroers, C. Ducuing, and P. Valcke, 11–26. Cambridge: Intersentia.
  • Wavestone – CEPS – CARSA – ICF. 2021. “Study on the Need of Cybersecurity Requirements for ICT Products - No. 2020-0715: Final Study Report”.
  • Weber, R. H., and E. Studer. 2016. “Cybersecurity in the Internet of Things: Legal Aspects.” Computer Law & Security Review 32: 715–728.
  • Wegener, D. 2021. “Proposal for a realistic way to implement a ‘Cybersecurity regulation in Europe’” ENISA Cybersecurity Standardization Conference, panel 1: Cybersecurity and Radio Equipment Directive – setting up the scene and future work.
  • Wolf, M., and D. Serpanos. 2020. Safe and Secure Cyber-Physical Systems and Internet-of-Things Systems. Cham: Springer.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.