The 1st University of St. Gallen Grand Challenge ‘The EU AI Act’ – A Grand Success for LegalAIzers

Our former Ph.D. researcher Pier Giorgio Chiara – who defended his thesis on ‘Security and Privacy of resource-constrained devices’ under the supervision of Prof. Cole in March 2023 – together with his team ‘LegalAIzers’ won the 1st University of St. Gallen Grand Challenge on the EU AI Act. The Grand Challenge seeks to clarify how to … Continued

New Publication in Oxford Academic’s Journal of Cybersecurity: Defining the Reporting Threshold for a Cybersecurity Incident under the NIS Directive and the NIS 2 Directive

Our most recent publication is based on the presentation given at BILETA 2022 at the University of Exeter in April 2022. This paper reflects on the final text of the NIS 2 Directive as adopted on 14 December 2022. Following the risk-based approach adopted in the NIS Directive, the NIS 2 Directive enlists as a … Continued

New Publication: EDPB Opinion on the European Commission’s Draft Adequacy Decision regarding the EU-U.S. Data Privacy Framework: Is the Scene Set for Schrems III?

In March 2022, the European Commission and the U.S. government announced the political agreement on a new EU-U.S. Data Privacy Framework to replace the Privacy Shield Framework which had been struck down by the CJEU in the case of Schrems II. The new framework seeks to establish the legal basis for transatlantic data flows to … Continued

The Proposal for an EU Cyber Solidarity Act

On 18 April 2023, the European Commission adopted a Proposal for a Regulation laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents (Proposal for an EU Cyber Solidarity Act) along with a Commission Communication setting up a Cybersecurity Skills Academy. The EU … Continued

New Publication: Refining the Mandatory Cybersecurity Incident Reporting Under the NIS Directive 2.0: Event Types and Reporting Processes

Our second contribution to the Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media outlines the new incident reporting obligations under the NIS 2 Directive as foreseen in the original Commission Proposal for a NIS 2 Directive and further discussed during the trilogue negotiations. The NIS Directive (NISD) and sector-specific cybersecurity regulations … Continued