February 2024
·
1 Read
·
4 Citations
What is this page?
This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.
Publications (6)
January 2023
·
33 Reads
·
4 Citations
SSRN Electronic Journal
March 2022
·
23 Reads
In this chapter, we review how the EU cybersecurity regulatory framework impacts providers of cloud computing services. We examine the evolving regulatory treatment of cloud services as an enabler of the EU's digital economy and question whether all cloud services should be treated as critical infrastructure. Further, we look at how the safeguarding and incident notification obligations under the General Data Protection Regulation ('GDPR') and the Network and Information Systems Directive ('NISD') apply to cloud providers. We also consider the proposed revision of the NISD and look at newly developed voluntary assurance mechanisms for cloud providers, including codes of conduct and certification schemes. We conclude that, since cloud providers are typically subject to both NISD and GDPR and to the jurisdiction of multiple regulators, they face divergent regulatory approaches, which can lead to unintended outcomes and high compliance costs.
June 2021
·
92 Reads
·
3 Citations
International Cybersecurity Law Review
This article looks at how Brexit will impact the cybersecurity regulatory framework in the United Kingdom (UK). The authors argue that substantive divergence is likely to differ per area. On the one hand, the approach to data protection law is likely to remain fairly uniform, given the UK’s need to maintain adequacy. On the other hand, approaches to regulation of the telecoms sector may diverge, as the UK has already started to take unilateral initiatives. Brexit will also impact the institutional framework, including by subjecting UK businesses to the jurisdiction of multiple national regulators and by placing the UK outside of European Union cybersecurity bodies.
April 2021
·
44 Reads
·
3 Citations
This chapter addresses the emerging regulatory framework for cybersecurity and considers its implications for the provision and use of cloud services. It focuses on cybersecurity measures that target service providers on whom large numbers of consumers and businesses depend, rather than measures triggered by the nature of the data being processed. The chapter first reviews the main elements of the Network and Information Systems (NIS) Directive, one of the principal cybersecurity instruments in the EU. It then examines how cloud providers are regulated as Digital Service Providers (DSPs) under the NIS Directive. Cloud providers are also indirectly regulated by the NIS Directive, when they form part of the supply chain of a regulated operator of essential services (OES), the primary target of the measure. The chapter also looks at other EU legal instruments that impose cybersecurity requirements in relation to specific sectors and activities. Finally, it considers concerns that this new regulatory framework may lead to only incremental improvements in the cybersecurity of Europe's critical infrastructure and digital services, while generating substantial compliance activity, aimed at placating regulators and reassuring the general public.
January 2021
·
2 Reads
·
1 Citation
SSRN Electronic Journal
Citations (4)
... Publications Assurance Ellul et al. (2023) Cloud computing Walden and Michels (2024) Deception and camouflage Wysocki (2024) Digital twins Coppolino et al. (2024) Energy and smart grids Zero trust Bobbert and Timmermans (2024) situational awareness is also a suitable overall theme for characterizing a mixture of distinct publications dealing with information sharing and associated infrastructures. The information sharing and situational awareness context involves ambitious projects trying to combine several layers of European critical infrastructures, including everything from industrial control and SCADA systems to video surveillance, drones, and digital twins to improve cross-country and cross-sectoral risk analysis and incident management (Giunta et al., 2025). ...
- Citing Chapter
February 2024
... Mit diesem «Sovereign Cloud Stack» sollen die Anwendenden im Bedarfsfall relativ einfach den Anbieter wechseln können, denn die Herstellerabhängigkeit lässt sich durch die Verwendung von interoperablen Cloud Services vermeiden. Verwenden die in der Public Cloud betriebenen Applikationen standardisierte Schnittstellen, können die Anbieter der IT-Infrastruktur bei Bedarf mit wenig Aufwand gewechselt werden (Michels, Millard and Walden, 2023). Damit besteht nur noch eine Abhängigkeit zu den eingesetzten Open Source Produkten, jedoch nicht mehr zu den jeweiligen Herstellern und Betreibern der Public Cloud Infrastruktur. ...
- Citing Article
January 2023
SSRN Electronic Journal
... Como mencionamos en el capítulo anterior respecto a la localización de datos, cada estado puede establecer excepciones a estas normas. Autores comoWuermeling & Oldani (2021) también estudian la aplicación del Reglamento General de Protección de Datos (GDPR) a los servicios de nube, mientras queMichels & Walden (2021) analizan cómo la 'Directiva acerca de la seguridad de la red y los sistemas de información' (NIS Directive) establece obligaciones para empresas de nube en la categoría de 'Proveedores de Servicios Digitales' y de 'Operadores de Servicios Esenciales'. Estas dos últimas normativas -si bien pertenecen a la Unión Europea y no pertenecen a tratados internacionales de Argentina, Chile o Uruguay-son relevantes para Latinoamérica por su alcance extraterritorial y por su promoción de valores(Gstrein & Zwitter 2021) que influyen sobre la actividad de hiperescaladores en nuestra región. ...
- Citing Chapter
April 2021
... Although there is a qualitative difference in relation to pre-Brexit cooperation (namely in terms of participation in decision-making), the panoply of instruments available for future UK-EU cybersecurity cooperation is in general indicative of continued engagement and is very much in line with the path dependence that has been developed since the 90 s. The UK's decision to keep EU cybersecurity-related measures as part of its domestic legislation (namely the Network and Information Security Directive and GDPR) is also indicative of this path dependence and of the UK's willingness to stay aligned with the EU (Walden and Michels 2021). The key importance of this relationship is also reiterated in the Draft Council Conclusions of the 9th of March, which mention UK-EU cybersecurity cooperation ahead of EU-NATO and EU-UN cooperation (Council of the European Union 2021). ...
- Citing Article
- Publisher preview available
June 2021
International Cybersecurity Law Review